BUGFIX: fix mysql insert statements (null values for timestamps didn't work anymore)
[e-DoKo.git] / include / register.php
1 <?php
2 /* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Arun Persaud <arun@nubati.net>
3  *
4  *   This file is part of e-DoKo.
5  *
6  *   e-DoKo is free software: you can redistribute it and/or modify
7  *   it under the terms of the GNU General Public License as published by
8  *   the Free Software Foundation, either version 3 of the License, or
9  *   (at your option) any later version.
10  *
11  *   e-DoKo is distributed in the hope that it will be useful,
12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *   GNU General Public License for more details.
15  *
16  *   You should have received a copy of the GNU General Public License
17  *   along with e-DoKo.  If not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20
21 /* make sure that we are not called from outside the scripts,
22  * use a variable defined in config.php to check this
23  */
24 if(!isset($HOST))
25   exit;
26
27 /* new user wants to register */
28 if(myisset('Rfullname','Remail','Rtimezone') )
29   {
30     global $HOST,$INDEX;
31
32     /* is this name already in use/ */
33     $ok=1;
34     if(DB_get_userid('name',$_REQUEST['Rfullname']))
35       {
36         echo _('Please chose another name').'<br />';
37         $ok=0;
38       }
39     /* check if email address is already used */
40     if(DB_get_userid('email',$_REQUEST['Remail']))
41       {
42         echo _('This email address is already used?!').'<br />';
43         $ok=0;
44       }
45     /* need either openid or password */
46     if(!myisset('Rpassword')  &&  !myisset('Ropenid'))
47       {
48         echo _('I need either a Password or an Openid url.').'<br />';
49         $ok=0;
50       }
51     /* check for password length */
52     if(myisset('Rpassword') && strlen(trim($_REQUEST['Rpassword']))==0 )
53       {
54         echo _('Password cannot be empty!').'<br />';
55         $ok=0;
56       }
57
58     /* check against robots */
59     $robots=0; /* at least one anti-robot question needs to be answered */
60     if(myisset('Robotproof0'))
61       {
62         if($_REQUEST['Robotproof0']!=42)
63           $ok=0;
64         else
65           $robot=1;
66       }
67     else if(myisset('Robotproof1'))
68       {
69         if($_REQUEST['Robotproof1']!=35)
70           $ok=0;
71         else
72           $robot=1;
73       }
74     else if(myisset('Robotproof2'))
75       {
76         if($_REQUEST['Robotproof2']!=28)
77           $ok=0;
78         else
79           $robot=1;
80       }
81     else if(myisset('Robotproof3'))
82       {
83         if($_REQUEST['Robotproof3']!=21)
84           $ok=0;
85         else
86           $robot=1;
87       }
88     else if(myisset('Robotproof4'))
89       {
90         if($_REQUEST['Robotproof4']!=14)
91           $ok=0;
92         else
93           $robot=1;
94       }
95     if($robot==0)
96       {
97         echo _('You answered the math question wrong.').' <br />'."\n";
98         $ok=0;
99       }
100     /* everything ok, go ahead and create user */
101     if($ok)
102       {
103         if(myisset('Rpassword'))
104           {
105             // create a password hash using the crypt function, need php 5.3 for this
106             // create a random salt
107             $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
108             // hash incoming password using 12 rounds of blowfish
109             $hash = crypt($_REQUEST['Rpassword'], '$2y$12$' . $salt);
110
111             if(strlen($hash)>13)
112               {
113                 $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
114                             ','.DB_quote_smart($_REQUEST['Remail']).
115                             ','.DB_quote_smart($hash).
116                             ','.DB_quote_smart($_REQUEST['Rtimezone']).',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP)');
117               }
118             else /* hash function didn't work */
119               $r=0;
120           }
121         else if(myisset('Ropenid'))
122           {
123             $password = $_REQUEST['Rfullname'].preg_replace('/([ ])/e', 'chr(rand(33,122))', '               ');
124             $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
125                         ','.DB_quote_smart($_REQUEST['Remail']).
126                         ','.DB_quote_smart(md5($password)).
127                         ','.DB_quote_smart($_REQUEST['Rtimezone']).',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP)');
128             if($r)
129               {
130                 include_once('openid.php');
131                 $myid = DB_get_userid('email',$_REQUEST['Remail']);
132                 DB_AttachOpenID($_REQUEST['Ropenid'], $myid);
133               }
134           }
135         else
136           {
137             echo 'Error during registration, please contact '.$ADMIN_NAME.' at '.$ADMIN_EMAIL;
138           }
139         if($r)
140           {
141             /* Set session, so that new user doesn't need to log in */
142             $myname = DB_get_name('email',$_REQUEST['Remail']);
143             $_SESSION['name'] = $myname;
144
145             echo ' Welcome to e-DoKo, you are now registered, please visit the'.
146               ' <a href="'.$HOST.$INDEX.'">homepage</a> to continue.';
147           }
148         else
149           echo " Something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
150       }
151     else
152       {
153         echo '<br />Could not register you. Please <a href="index.php">try again</a>! </br />'."\n";
154       }
155   }
156 else
157   {
158     echo "Test test test... hmm, this page shouldn't really be here, should it? <a href=\"index.php\">Go back here :)</a> </br />\n";
159   }
160 ?>