X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fregister.php;h=e295df95a9f4077b9f934d6c9ee509926d9a7d77;hp=3cf97b3e2bcce1de14401236480428c25ef68ec3;hb=d0d40e3329fdb97e082636b49b459c4301d35f15;hpb=f47ddae6b4d00d950c3a29d6b7536ce1ae9ac813

diff --git a/include/register.php b/include/register.php
index 3cf97b3..e295df9 100644
--- a/include/register.php
+++ b/include/register.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright 2006, 2007, 2008, 2009, 2010 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud <arun@nubati.net>
  *
  *   This file is part of e-DoKo.
  *
@@ -25,7 +25,7 @@ if(!isset($HOST))
   exit;
 
 /* new user wants to register */
-if(myisset("Rfullname","Remail","Rtimezone") )
+if(myisset('Rfullname','Remail','Rtimezone') )
   {
     global $HOST,$INDEX;
 
@@ -33,19 +33,25 @@ if(myisset("Rfullname","Remail","Rtimezone") )
     $ok=1;
     if(DB_get_userid('name',$_REQUEST['Rfullname']))
       {
-	echo "please chose another name<br />";
+	echo _('Please chose another name').'<br />';
 	$ok=0;
       }
     /* check if email address is already used */
     if(DB_get_userid('email',$_REQUEST['Remail']))
       {
-	echo "this email address is already used ?!<br />";
+	echo _('This email address is already used?!').'<br />';
 	$ok=0;
       }
     /* need either openid or password */
     if(!myisset('Rpassword')  &&  !myisset('Ropenid'))
       {
-	echo "I need either a Password or an Openid url.<br />";
+	echo _('I need either a Password or an Openid url.').'<br />';
+	$ok=0;
+      }
+    /* check for password length */
+    if(myisset('Rpassword') && strlen(trim($_REQUEST['Rpassword']))==0 )
+      {
+	echo _('Password cannot be empty!').'<br />';
 	$ok=0;
       }
 
@@ -88,7 +94,7 @@ if(myisset("Rfullname","Remail","Rtimezone") )
       }
     if($robot==0)
       {
-	echo "You answered the math question wrong. <br />\n";
+	echo _('You answered the math question wrong.').' <br />'."\n";
 	$ok=0;
       }
     /* everything ok, go ahead and create user */
@@ -96,18 +102,29 @@ if(myisset("Rfullname","Remail","Rtimezone") )
       {
 	if(myisset('Rpassword'))
 	  {
-	    $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
-			",".DB_quote_smart($_REQUEST["Remail"]).
-			",".DB_quote_smart(md5($_REQUEST["Rpassword"])).
-			",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
+	    // create a password hash using the crypt function, need php 5.3 for this
+	    // create a random salt
+	    $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+	    // hash incoming password using 12 rounds of blowfish
+	    $hash = crypt($_REQUEST['Rpassword'], '$2y$12$' . $salt);
+
+	    if(strlen($hash)>13)
+	      {
+		$r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
+			    ','.DB_quote_smart($_REQUEST['Remail']).
+			    ','.DB_quote_smart($hash).
+			    ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
+	      }
+	    else /* hash function didn't work */
+	      $r=0;
 	  }
 	else if(myisset('Ropenid'))
 	  {
-	    $password = $_REQUEST["Rfullname"].preg_replace('/([ ])/e', 'chr(rand(33,122))', '               ');
-	    $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
-			",".DB_quote_smart($_REQUEST["Remail"]).
-			",".DB_quote_smart(md5($password)).
-			",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
+	    $password = $_REQUEST['Rfullname'].preg_replace('/([ ])/e', 'chr(rand(33,122))', '               ');
+	    $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
+			','.DB_quote_smart($_REQUEST['Remail']).
+			','.DB_quote_smart(md5($password)).
+			','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
 	    if($r)
 	      {
 		include_once('openid.php');
@@ -123,85 +140,21 @@ if(myisset("Rfullname","Remail","Rtimezone") )
 	  {
 	    /* Set session, so that new user doesn't need to log in */
 	    $myname = DB_get_name('email',$_REQUEST['Remail']);
-	    $_SESSION["name"] = $myname;
+	    $_SESSION['name'] = $myname;
 
-	    echo " Welcome to e-DoKo, you are now registered, please visit the".
-	      " <a href=\"".$HOST.$INDEX."\">homepage</a> to continue.";
+	    echo ' Welcome to e-DoKo, you are now registered, please visit the'.
+	      ' <a href="'.$HOST.$INDEX.'">homepage</a> to continue.';
 	  }
 	else
-	  echo " something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
+	  echo " Something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
       }
     else
       {
-	echo "Couldn't register you. Please <a href=\"index.php?action=register\">try again</a>! </br />\n";
+	echo '<br />Could not register you. Please <a href="index.php">try again</a>! </br />'."\n";
       }
   }
- else
-   {
-     /* No information for new user given, ouput a page for registration */
-
-     /* check for openid information */
-     $openid_url = '';
-     $name	 = '';
-     $email	 = '';
-     if(myisset('openid_url'))
-       $openid_url = $_REQUEST['openid_url'];
-     if(myisset('openidname'))
-       $name       = $_REQUEST['openidname'];
-     if(myisset('openidemail'))
-       $email      = $_REQUEST['openidemail'];
-
-     if($openid_url=='')
-       echo "<p><br /><strong> IMPORTANT: passwords are going over the net as clear text, so pick an easy password. ".
-	 "No need to pick anything complicated here ;)<br />";
-     echo "N.B. Your email address will be exposed to other players whom you play games with. ";
-     echo "<br /><br /></strong></p>";
-     echo '        <form action="index.php?action=register" method="post">';
-     echo '          <fieldset>';
-     echo '            <legend>Register</legend>';
-     echo '             <table>';
-     echo '              <tr>';
-     echo '               <td><label for="Rfullname">Full name:</label></td>';
-     echo "	       <td><input type=\"text\" id=\"Rfullname\" name=\"Rfullname\" size=\"20\" maxlength=\"30\" value=\"$name\" /> </td>";
-     echo '              </tr><tr>';
-     echo '               <td><label for="Remail">Email:</label></td>';
-     echo "	       <td><input type=\"text\" id=\"Remail\" name=\"Remail\" size=\"20\" maxlength=\"30\" value=\"$email\" /></td>";
-     echo '              </tr><tr>';
-     if($openid_url=='')
-       {
-	 echo '	       <td><label for="Rpassword">Password(will be displayed in cleartext on the next page):</label></td>';
-	 echo '               <td><input type="password" id="Rpassword" name="Rpassword" size="20" maxlength="30" /></td>';
-	 echo '              </tr><tr>';
-       }
-     else
-       {
-	 echo '	       <td><label for="Ropenid">OpenId:</label></td>';
-	 echo '               <td><input type="text" id="Ropenid" name="Ropenid" size="20" maxlength="50" value="'.htmlentities($openid_url).'" /></td>';
-	 echo '              </tr><tr>';
-       }
-     echo '	       <td><label for="Rtimezone">Timezone:</label></td>';
-     echo '               <td>';
-
-     output_select_timezone("Rtimezone");
-?>
-	       </td>
-              </tr><tr>
-              </tr><tr>
-<?php
-              /* random number to select robotproof question */
-	      $rand_number = mt_rand(0,3); /* to get numbers between 0 and 4  */
-              $Robotproof = "Robotproof".$rand_number;
-?>
-		<td><label for="Robotproof">Please answer this question: <?php echo output_robotproof($rand_number); ?></label></td>
-<?php
-	 echo "<td><input type=\"text\" id=\"$Robotproof\" name=\"$Robotproof\" size=\"20\" maxlength=\"30\" /></td>\n";
-?>
-              </tr><tr>
-               <td colspan="2"> <input type="submit" value="register" /></td>
-              </tr>
-             </table>
-          </fieldset>
-        </form>
-<?php
-   }
+else
+  {
+    echo "Test test test... hmm, this page shouldn't really be here, should it? <a href=\"index.php\">Go back here :)</a> </br />\n";
+  }
 ?>
\ No newline at end of file