fixed language selection for end-of-game summary email.
[e-DoKo.git] / include / register.php
index 797e60563e431c9b41f6f81ed74c89a458dfcf8f..e295df95a9f4077b9f934d6c9ee509926d9a7d77 100644 (file)
@@ -1,4 +1,23 @@
 <?php
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud <arun@nubati.net>
+ *
+ *   This file is part of e-DoKo.
+ *
+ *   e-DoKo is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   e-DoKo is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with e-DoKo.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
 /* make sure that we are not called from outside the scripts,
  * use a variable defined in config.php to check this
  */
@@ -6,78 +25,136 @@ if(!isset($HOST))
   exit;
 
 /* new user wants to register */
-if(myisset("Rfullname","Remail","Rpassword","Rtimezone") )
+if(myisset('Rfullname','Remail','Rtimezone') )
   {
     global $HOST,$INDEX;
 
     /* is this name already in use/ */
     $ok=1;
-    if(DB_get_userid('name',$_REQUEST["Rfullname"]))
+    if(DB_get_userid('name',$_REQUEST['Rfullname']))
       {
-       echo "please chose another name<br />";
+       echo _('Please chose another name').'<br />';
        $ok=0;
       }
     /* check if email address is already used */
-    if(DB_get_userid('email',$_REQUEST["Remail"]))
+    if(DB_get_userid('email',$_REQUEST['Remail']))
+      {
+       echo _('This email address is already used?!').'<br />';
+       $ok=0;
+      }
+    /* need either openid or password */
+    if(!myisset('Rpassword')  &&  !myisset('Ropenid'))
       {
-       echo "this email address is already used ?!<br />";
+       echo _('I need either a Password or an Openid url.').'<br />';
+       $ok=0;
+      }
+    /* check for password length */
+    if(myisset('Rpassword') && strlen(trim($_REQUEST['Rpassword']))==0 )
+      {
+       echo _('Password cannot be empty!').'<br />';
        $ok=0;
       }
 
+    /* check against robots */
+    $robots=0; /* at least one anti-robot question needs to be answered */
+    if(myisset('Robotproof0'))
+      {
+       if($_REQUEST['Robotproof0']!=42)
+         $ok=0;
+       else
+         $robot=1;
+      }
+    else if(myisset('Robotproof1'))
+      {
+       if($_REQUEST['Robotproof1']!=35)
+         $ok=0;
+       else
+         $robot=1;
+      }
+    else if(myisset('Robotproof2'))
+      {
+       if($_REQUEST['Robotproof2']!=28)
+         $ok=0;
+       else
+         $robot=1;
+      }
+    else if(myisset('Robotproof3'))
+      {
+       if($_REQUEST['Robotproof3']!=21)
+         $ok=0;
+       else
+         $robot=1;
+      }
+    else if(myisset('Robotproof4'))
+      {
+       if($_REQUEST['Robotproof4']!=14)
+         $ok=0;
+       else
+         $robot=1;
+      }
+    if($robot==0)
+      {
+       echo _('You answered the math question wrong.').' <br />'."\n";
+       $ok=0;
+      }
     /* everything ok, go ahead and create user */
     if($ok)
       {
-       $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
-                   ",".DB_quote_smart($_REQUEST["Remail"]).
-                   ",".DB_quote_smart(md5($_REQUEST["Rpassword"])).
-                   ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
+       if(myisset('Rpassword'))
+         {
+           // create a password hash using the crypt function, need php 5.3 for this
+           // create a random salt
+           $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+           // hash incoming password using 12 rounds of blowfish
+           $hash = crypt($_REQUEST['Rpassword'], '$2y$12$' . $salt);
 
+           if(strlen($hash)>13)
+             {
+               $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
+                           ','.DB_quote_smart($_REQUEST['Remail']).
+                           ','.DB_quote_smart($hash).
+                           ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
+             }
+           else /* hash function didn't work */
+             $r=0;
+         }
+       else if(myisset('Ropenid'))
+         {
+           $password = $_REQUEST['Rfullname'].preg_replace('/([ ])/e', 'chr(rand(33,122))', '               ');
+           $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
+                       ','.DB_quote_smart($_REQUEST['Remail']).
+                       ','.DB_quote_smart(md5($password)).
+                       ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
+           if($r)
+             {
+               include_once('openid.php');
+               $myid = DB_get_userid('email',$_REQUEST['Remail']);
+               DB_AttachOpenID($_REQUEST['Ropenid'], $myid);
+             }
+         }
+       else
+         {
+           echo 'Error during registration, please contact '.$ADMIN_NAME.' at '.$ADMIN_EMAIL;
+         }
        if($r)
          {
            /* Set session, so that new user doesn't need to log in */
            $myname = DB_get_name('email',$_REQUEST['Remail']);
-           $_SESSION["name"] = $myname;
+           $_SESSION['name'] = $myname;
 
-           echo " Welcome to e-DoKo, you are now registered, please visit the".
-             " <a href=\"".$HOST.$INDEX."\">homepage</a> to continue.";
+           echo ' Welcome to e-DoKo, you are now registered, please visit the'.
+             ' <a href="'.$HOST.$INDEX.'">homepage</a> to continue.';
          }
        else
-         echo " something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
+         echo " Something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
+      }
+    else
+      {
+       echo '<br />Could not register you. Please <a href="index.php">try again</a>! </br />'."\n";
       }
   }
- else
-   {
-     /* No information for new user given, ouput a page for registration */
-     echo "<p><br /><strong> IMPORTANT: passwords are going over the net as clear text, so pick an easy password. ".
-       "No need to pick anything complicated here ;)<br />";
-     echo "N.B. Your email address will be exposed to other players whom you play games with. ";
-     echo "<br /><br /></strong></p>";
-     ?>
-        <form action="index.php?action=register" method="post">
-          <fieldset>
-            <legend>Register</legend>
-             <table>
-              <tr>
-               <td><label for="Rfullname">Full name:</label></td>
-              <td><input type="text" id="Rfullname" name="Rfullname" size="20" maxsize="30" /> </td>
-              </tr><tr>
-               <td><label for="Remail">Email:</label></td>
-              <td><input type="text" id="Remail" name="Remail" size="20" maxsize="30" /></td>
-              </tr><tr>
-              <td><label for="Rpassword">Password(will be displayed in cleartext on the next page):</label></td>
-               <td><input type="password" id="Rpassword" name="Rpassword" size="20" maxsize="30" /></td>
-              </tr><tr>
-              <td><label for="Rtimezone">Timezone:</label></td>
-               <td>
-<?php
-               output_select_timezone("Rtimezone");
-?>
-              </td>
-              </tr><tr>
-               <td colspan="2"> <input type="submit" value="register" /></td>
-             </table>
-          </fieldset>
-        </form>
-<?php
-   }
+else
+  {
+    echo "Test test test... hmm, this page shouldn't really be here, should it? <a href=\"index.php\">Go back here :)</a> </br />\n";
+  }
 ?>
\ No newline at end of file