<?php
-/* Copyright 2006, 2007, 2008, 2009, 2010 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2016 Arun Persaud <arun@nubati.net>
*
* This file is part of e-DoKo.
*
exit;
/* new user wants to register */
-if(myisset("Rfullname","Remail","Rtimezone") )
+if(myisset('Rfullname','Remail','Rtimezone') )
{
global $HOST,$INDEX;
$ok=1;
if(DB_get_userid('name',$_REQUEST['Rfullname']))
{
- echo "please chose another name<br />";
+ echo _('Please chose another name').'<br />';
$ok=0;
}
/* check if email address is already used */
if(DB_get_userid('email',$_REQUEST['Remail']))
{
- echo "this email address is already used ?!<br />";
+ echo _('This email address is already used?!').'<br />';
$ok=0;
}
/* need either openid or password */
if(!myisset('Rpassword') && !myisset('Ropenid'))
{
- echo "I need either a Password or an Openid url.<br />";
+ echo _('I need either a Password or an Openid url.').'<br />';
+ $ok=0;
+ }
+ /* check for password length */
+ if(myisset('Rpassword') && strlen(trim($_REQUEST['Rpassword']))==0 )
+ {
+ echo _('Password cannot be empty!').'<br />';
$ok=0;
}
}
if($robot==0)
{
- echo "You answered the math question wrong. <br />\n";
+ echo _('You answered the math question wrong.').' <br />'."\n";
$ok=0;
}
/* everything ok, go ahead and create user */
{
if(myisset('Rpassword'))
{
- $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
- ",".DB_quote_smart($_REQUEST["Remail"]).
- ",".DB_quote_smart(md5($_REQUEST["Rpassword"])).
- ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
+ // create a password hash using the crypt function, need php 5.3 for this
+ // create a random salt
+ $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+ // hash incoming password using 12 rounds of blowfish
+ $hash = crypt($_REQUEST['Rpassword'], '$2y$12$' . $salt);
+
+ if(strlen($hash)>13)
+ {
+ $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
+ ','.DB_quote_smart($_REQUEST['Remail']).
+ ','.DB_quote_smart($hash).
+ ','.DB_quote_smart($_REQUEST['Rtimezone']).',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP)');
+ }
+ else /* hash function didn't work */
+ $r=0;
}
else if(myisset('Ropenid'))
{
- $password = $_REQUEST["Rfullname"].preg_replace('/([ ])/e', 'chr(rand(33,122))', ' ');
- $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
- ",".DB_quote_smart($_REQUEST["Remail"]).
- ",".DB_quote_smart(md5($password)).
- ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
+ $password = $_REQUEST['Rfullname'].preg_replace('/([ ])/e', 'chr(rand(33,122))', ' ');
+ $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
+ ','.DB_quote_smart($_REQUEST['Remail']).
+ ','.DB_quote_smart(md5($password)).
+ ','.DB_quote_smart($_REQUEST['Rtimezone']).',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP)');
if($r)
{
include_once('openid.php');
{
/* Set session, so that new user doesn't need to log in */
$myname = DB_get_name('email',$_REQUEST['Remail']);
- $_SESSION["name"] = $myname;
+ $_SESSION['name'] = $myname;
- echo " Welcome to e-DoKo, you are now registered, please visit the".
- " <a href=\"".$HOST.$INDEX."\">homepage</a> to continue.";
+ echo ' Welcome to e-DoKo, you are now registered, please visit the'.
+ ' <a href="'.$HOST.$INDEX.'">homepage</a> to continue.';
}
else
- echo " something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
+ echo " Something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
}
else
{
- echo "Couldn't register you. Please <a href=\"index.php?action=register\">try again</a>! </br />\n";
+ echo '<br />Could not register you. Please <a href="index.php">try again</a>! </br />'."\n";
}
}
- else
- {
- /* No information for new user given, ouput a page for registration */
-
- /* check for openid information */
- $openid_url = '';
- $name = '';
- $email = '';
- if(myisset('openid_url'))
- $openid_url = $_REQUEST['openid_url'];
- if(myisset('openidname'))
- $name = $_REQUEST['openidname'];
- if(myisset('openidemail'))
- $email = $_REQUEST['openidemail'];
-
- if($openid_url=='')
- echo "<p><br /><strong> IMPORTANT: passwords are going over the net as clear text, so pick an easy password. ".
- "No need to pick anything complicated here ;)<br />";
- echo "N.B. Your email address will be exposed to other players whom you play games with. ";
- echo "<br /><br /></strong></p>";
- echo ' <form action="index.php?action=register" method="post">';
- echo ' <fieldset>';
- echo ' <legend>Register</legend>';
- echo ' <table>';
- echo ' <tr>';
- echo ' <td><label for="Rfullname">Full name:</label></td>';
- echo " <td><input type=\"text\" id=\"Rfullname\" name=\"Rfullname\" size=\"20\" maxlength=\"30\" value=\"$name\" /> </td>";
- echo ' </tr><tr>';
- echo ' <td><label for="Remail">Email:</label></td>';
- echo " <td><input type=\"text\" id=\"Remail\" name=\"Remail\" size=\"20\" maxlength=\"30\" value=\"$email\" /></td>";
- echo ' </tr><tr>';
- if($openid_url=='')
- {
- echo ' <td><label for="Rpassword">Password(will be displayed in cleartext on the next page):</label></td>';
- echo ' <td><input type="password" id="Rpassword" name="Rpassword" size="20" maxlength="30" /></td>';
- echo ' </tr><tr>';
- }
- else
- {
- echo ' <td><label for="Ropenid">OpenId:</label></td>';
- echo ' <td><input type="text" id="Ropenid" name="Ropenid" size="20" maxlength="50" value="'.htmlentities($openid_url).'" /></td>';
- echo ' </tr><tr>';
- }
- echo ' <td><label for="Rtimezone">Timezone:</label></td>';
- echo ' <td>';
-
- output_select_timezone("Rtimezone");
-?>
- </td>
- </tr><tr>
- </tr><tr>
-<?php
- /* random number to select robotproof question */
- $rand_number = mt_rand(0,3); /* to get numbers between 0 and 4 */
- $Robotproof = "Robotproof".$rand_number;
-?>
- <td><label for="Robotproof">Please answer this question: <?php echo output_robotproof($rand_number); ?></label></td>
-<?php
- echo "<td><input type=\"text\" id=\"$Robotproof\" name=\"$Robotproof\" size=\"20\" maxlength=\"30\" /></td>\n";
-?>
- </tr><tr>
- <td colspan="2"> <input type="submit" value="register" /></td>
- </tr>
- </table>
- </fieldset>
- </form>
-<?php
- }
+else
+ {
+ echo "Test test test... hmm, this page shouldn't really be here, should it? <a href=\"index.php\">Go back here :)</a> </br />\n";
+ }
?>
\ No newline at end of file