X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fregister.php;h=7e569ff21752b155cc1253f78658ab0ee0d41e1f;hp=d32a8b869d1140dc145180632adba2f192b05d9a;hb=f55dbd7a08908c0443b5ed9d20c2dc74bb8b1026;hpb=1c3c341f53ce5de7e9d4bcc63e43a925faec3f48
diff --git a/include/register.php b/include/register.php
index d32a8b8..7e569ff 100644
--- a/include/register.php
+++ b/include/register.php
@@ -1,4 +1,23 @@
+ *
+ * This file is part of e-DoKo.
+ *
+ * e-DoKo is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * e-DoKo is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with e-DoKo. If not, see .
+ *
+ */
+
/* make sure that we are not called from outside the scripts,
* use a variable defined in config.php to check this
*/
@@ -6,32 +25,106 @@ if(!isset($HOST))
exit;
/* new user wants to register */
-if(myisset("Rfullname","Remail","Rpassword","Rtimezone") )
+if(myisset("Rfullname","Remail","Rtimezone") )
{
global $HOST,$INDEX;
/* is this name already in use/ */
$ok=1;
- if(DB_get_userid('name',$_REQUEST["Rfullname"]))
+ if(DB_get_userid('name',$_REQUEST['Rfullname']))
{
echo "please chose another name ";
$ok=0;
}
/* check if email address is already used */
- if(DB_get_userid('email',$_REQUEST["Remail"]))
+ if(DB_get_userid('email',$_REQUEST['Remail']))
{
echo "this email address is already used ?! ";
$ok=0;
}
+ /* need either openid or password */
+ if(!myisset('Rpassword') && !myisset('Ropenid'))
+ {
+ echo "I need either a Password or an Openid url. ";
+ $ok=0;
+ }
+ /* check for password length */
+ if(myisset('Rpassword') && strlen(trim($_REQUEST['Rpassword']))==0 )
+ {
+ echo "Password can't be empty! ";
+ $ok=0;
+ }
+ /* check against robots */
+ $robots=0; /* at least one anti-robot question needs to be answered */
+ if(myisset('Robotproof0'))
+ {
+ if($_REQUEST['Robotproof0']!=42)
+ $ok=0;
+ else
+ $robot=1;
+ }
+ else if(myisset('Robotproof1'))
+ {
+ if($_REQUEST['Robotproof1']!=35)
+ $ok=0;
+ else
+ $robot=1;
+ }
+ else if(myisset('Robotproof2'))
+ {
+ if($_REQUEST['Robotproof2']!=28)
+ $ok=0;
+ else
+ $robot=1;
+ }
+ else if(myisset('Robotproof3'))
+ {
+ if($_REQUEST['Robotproof3']!=21)
+ $ok=0;
+ else
+ $robot=1;
+ }
+ else if(myisset('Robotproof4'))
+ {
+ if($_REQUEST['Robotproof4']!=14)
+ $ok=0;
+ else
+ $robot=1;
+ }
+ if($robot==0)
+ {
+ echo "You answered the math question wrong. \n";
+ $ok=0;
+ }
/* everything ok, go ahead and create user */
if($ok)
{
- $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
- ",".DB_quote_smart($_REQUEST["Remail"]).
- ",".DB_quote_smart(md5($_REQUEST["Rpassword"])).
- ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
-
+ if(myisset('Rpassword'))
+ {
+ $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
+ ",".DB_quote_smart($_REQUEST["Remail"]).
+ ",".DB_quote_smart(md5($_REQUEST["Rpassword"])).
+ ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
+ }
+ else if(myisset('Ropenid'))
+ {
+ $password = $_REQUEST["Rfullname"].preg_replace('/([ ])/e', 'chr(rand(33,122))', ' ');
+ $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
+ ",".DB_quote_smart($_REQUEST["Remail"]).
+ ",".DB_quote_smart(md5($password)).
+ ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
+ if($r)
+ {
+ include_once('openid.php');
+ $myid = DB_get_userid('email',$_REQUEST['Remail']);
+ DB_AttachOpenID($_REQUEST['Ropenid'], $myid);
+ }
+ }
+ else
+ {
+ echo 'Error during registration, please contact '.$ADMIN_NAME.' at '.$ADMIN_EMAIL;
+ }
if($r)
{
/* Set session, so that new user doesn't need to log in */
@@ -44,37 +137,13 @@ if(myisset("Rfullname","Remail","Rpassword","Rtimezone") )
else
echo " something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
}
+ else
+ {
+ echo "Couldn't register you. Please try again! \n";
+ }
+ }
+else
+ {
+ echo "Test test test... hmm, this page shouldn't really be here, should it? Go back here :) \n";
}
- else
- {
- /* No information for new user given, ouput a page for registration */
- echo "IMPORTANT: passwords are going over the net as clear text, so pick an easy password. No need to pick anything complicated here ;)