<?php
-/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud <arun@nubati.net>
*
* This file is part of e-DoKo.
*
$ok=1;
if(DB_get_userid('name',$_REQUEST['Rfullname']))
{
- echo 'please chose another name<br />';
+ echo _('Please chose another name').'<br />';
$ok=0;
}
/* check if email address is already used */
if(DB_get_userid('email',$_REQUEST['Remail']))
{
- echo 'this email address is already used ?!<br />';
+ echo _('This email address is already used?!').'<br />';
$ok=0;
}
/* need either openid or password */
if(!myisset('Rpassword') && !myisset('Ropenid'))
{
- echo 'I need either a Password or an Openid url.<br />';
+ echo _('I need either a Password or an Openid url.').'<br />';
$ok=0;
}
/* check for password length */
if(myisset('Rpassword') && strlen(trim($_REQUEST['Rpassword']))==0 )
{
- echo 'Password cannot be empty!<br />';
+ echo _('Password cannot be empty!').'<br />';
$ok=0;
}
}
if($robot==0)
{
- echo 'You answered the math question wrong. <br />\n';
+ echo _('You answered the math question wrong.').' <br />'."\n";
$ok=0;
}
/* everything ok, go ahead and create user */
{
if(myisset('Rpassword'))
{
- $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
- ','.DB_quote_smart($_REQUEST['Remail']).
- ','.DB_quote_smart(md5($_REQUEST['Rpassword'])).
- ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
+ // create a password hash using the crypt function, need php 5.3 for this
+ // create a random salt
+ $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+ // hash incoming password using 12 rounds of blowfish
+ $hash = crypt($_REQUEST['Rpassword'], '$2y$12$' . $salt);
+
+ if(strlen($hash)>13)
+ {
+ $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
+ ','.DB_quote_smart($_REQUEST['Remail']).
+ ','.DB_quote_smart($hash).
+ ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
+ }
+ else /* hash function didn't work */
+ $r=0;
}
else if(myisset('Ropenid'))
{
$r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
','.DB_quote_smart($_REQUEST['Remail']).
','.DB_quote_smart(md5($password)).
- ','.DB_quote_smart($_REQUEST['Rtimezone').',NULL,NULL)');
+ ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
if($r)
{
include_once('openid.php');
' <a href="'.$HOST.$INDEX.'">homepage</a> to continue.';
}
else
- echo " something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
+ echo " Something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
}
else
{
- echo 'Could not register you. Please <a href="index.php">try again</a>! </br />\n';
+ echo '<br />Could not register you. Please <a href="index.php">try again</a>! </br />'."\n";
}
}
else