2 /* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2016 Arun Persaud <arun@nubati.net>
4 * This file is part of e-DoKo.
6 * e-DoKo is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * e-DoKo is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with e-DoKo. If not, see <http://www.gnu.org/licenses/>.
21 /* make sure that we are not called from outside the scripts,
22 * use a variable defined in config.php to check this
27 /* new user wants to register */
28 if(myisset('Rfullname','Remail','Rtimezone') )
32 /* is this name already in use/ */
34 if(DB_get_userid('name',$_REQUEST['Rfullname']))
36 echo _('Please chose another name').'<br />';
39 /* check if email address is already used */
40 if(DB_get_userid('email',$_REQUEST['Remail']))
42 echo _('This email address is already used?!').'<br />';
45 /* need either openid or password */
46 if(!myisset('Rpassword') && !myisset('Ropenid'))
48 echo _('I need either a Password or an Openid url.').'<br />';
51 /* check for password length */
52 if(myisset('Rpassword') && strlen(trim($_REQUEST['Rpassword']))==0 )
54 echo _('Password cannot be empty!').'<br />';
58 /* check against robots */
59 $robots=0; /* at least one anti-robot question needs to be answered */
60 if(myisset('Robotproof0'))
62 if($_REQUEST['Robotproof0']!=42)
67 else if(myisset('Robotproof1'))
69 if($_REQUEST['Robotproof1']!=35)
74 else if(myisset('Robotproof2'))
76 if($_REQUEST['Robotproof2']!=28)
81 else if(myisset('Robotproof3'))
83 if($_REQUEST['Robotproof3']!=21)
88 else if(myisset('Robotproof4'))
90 if($_REQUEST['Robotproof4']!=14)
97 echo _('You answered the math question wrong.').' <br />'."\n";
100 /* everything ok, go ahead and create user */
103 if(myisset('Rpassword'))
105 // create a password hash using the crypt function, need php 5.3 for this
106 // create a random salt
107 $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
108 // hash incoming password using 12 rounds of blowfish
109 $hash = crypt($_REQUEST['Rpassword'], '$2y$12$' . $salt);
113 $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
114 ','.DB_quote_smart($_REQUEST['Remail']).
115 ','.DB_quote_smart($hash).
116 ','.DB_quote_smart($_REQUEST['Rtimezone']).',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP)');
118 else /* hash function didn't work */
121 else if(myisset('Ropenid'))
123 $password = $_REQUEST['Rfullname'].preg_replace('/([ ])/e', 'chr(rand(33,122))', ' ');
124 $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
125 ','.DB_quote_smart($_REQUEST['Remail']).
126 ','.DB_quote_smart(md5($password)).
127 ','.DB_quote_smart($_REQUEST['Rtimezone']).',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP)');
130 include_once('openid.php');
131 $myid = DB_get_userid('email',$_REQUEST['Remail']);
132 DB_AttachOpenID($_REQUEST['Ropenid'], $myid);
137 echo 'Error during registration, please contact '.$ADMIN_NAME.' at '.$ADMIN_EMAIL;
141 /* Set session, so that new user doesn't need to log in */
142 $myname = DB_get_name('email',$_REQUEST['Remail']);
143 $_SESSION['name'] = $myname;
145 echo ' Welcome to e-DoKo, you are now registered, please visit the'.
146 ' <a href="'.$HOST.$INDEX.'">homepage</a> to continue.';
149 echo " Something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
153 echo '<br />Could not register you. Please <a href="index.php">try again</a>! </br />'."\n";
158 echo "Test test test... hmm, this page shouldn't really be here, should it? <a href=\"index.php\">Go back here :)</a> </br />\n";