* * This file is part of e-DoKo. * * e-DoKo is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * e-DoKo is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with e-DoKo. If not, see . * */ /* make sure that we are not called from outside the scripts, * use a variable defined in config.php to check this */ if(!isset($HOST)) exit; /* new user wants to register */ if(myisset('Rfullname','Remail','Rtimezone') ) { global $HOST,$INDEX; /* is this name already in use/ */ $ok=1; if(DB_get_userid('name',$_REQUEST['Rfullname'])) { echo _('Please chose another name').'
'; $ok=0; } /* check if email address is already used */ if(DB_get_userid('email',$_REQUEST['Remail'])) { echo _('This email address is already used?!').'
'; $ok=0; } /* need either openid or password */ if(!myisset('Rpassword') && !myisset('Ropenid')) { echo _('I need either a Password or an Openid url.').'
'; $ok=0; } /* check for password length */ if(myisset('Rpassword') && strlen(trim($_REQUEST['Rpassword']))==0 ) { echo _('Password cannot be empty!').'
'; $ok=0; } /* check against robots */ $robots=0; /* at least one anti-robot question needs to be answered */ if(myisset('Robotproof0')) { if($_REQUEST['Robotproof0']!=42) $ok=0; else $robot=1; } else if(myisset('Robotproof1')) { if($_REQUEST['Robotproof1']!=35) $ok=0; else $robot=1; } else if(myisset('Robotproof2')) { if($_REQUEST['Robotproof2']!=28) $ok=0; else $robot=1; } else if(myisset('Robotproof3')) { if($_REQUEST['Robotproof3']!=21) $ok=0; else $robot=1; } else if(myisset('Robotproof4')) { if($_REQUEST['Robotproof4']!=14) $ok=0; else $robot=1; } if($robot==0) { echo _('You answered the math question wrong.').'
'."\n"; $ok=0; } /* everything ok, go ahead and create user */ if($ok) { if(myisset('Rpassword')) { // create a password hash using the crypt function, need php 5.3 for this // create a random salt $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22); // hash incoming password using 12 rounds of blowfish $hash = crypt($_REQUEST['Rpassword'], '$2y$12$' . $salt); if(strlen($hash)>13) { $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']). ','.DB_quote_smart($_REQUEST['Remail']). ','.DB_quote_smart($hash). ','.DB_quote_smart($_REQUEST['Rtimezone']).',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP)'); } else /* hash function didn't work */ $r=0; } else if(myisset('Ropenid')) { $password = $_REQUEST['Rfullname'].preg_replace('/([ ])/e', 'chr(rand(33,122))', ' '); $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']). ','.DB_quote_smart($_REQUEST['Remail']). ','.DB_quote_smart(md5($password)). ','.DB_quote_smart($_REQUEST['Rtimezone']).',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP)'); if($r) { include_once('openid.php'); $myid = DB_get_userid('email',$_REQUEST['Remail']); DB_AttachOpenID($_REQUEST['Ropenid'], $myid); } } else { echo 'Error during registration, please contact '.$ADMIN_NAME.' at '.$ADMIN_EMAIL; } if($r) { /* Set session, so that new user doesn't need to log in */ $myname = DB_get_name('email',$_REQUEST['Remail']); $_SESSION['name'] = $myname; echo ' Welcome to e-DoKo, you are now registered, please visit the'. ' homepage to continue.'; } else echo " Something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL."; } else { echo '
Could not register you. Please try again!
'."\n"; } } else { echo "Test test test... hmm, this page shouldn't really be here, should it? Go back here :)
\n"; } ?>