X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fregister.php;h=e295df95a9f4077b9f934d6c9ee509926d9a7d77;hp=75ec309e98664158c52abca1332ddf87c7278283;hb=d0d40e3329fdb97e082636b49b459c4301d35f15;hpb=a57cfa3be6ee0fbce336dc98e2862ac39f2b1add;ds=sidebyside
diff --git a/include/register.php b/include/register.php
index 75ec309..e295df9 100644
--- a/include/register.php
+++ b/include/register.php
@@ -1,4 +1,23 @@
+ *
+ * This file is part of e-DoKo.
+ *
+ * e-DoKo is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * e-DoKo is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with e-DoKo. If not, see
";
+ echo _('Please chose another name').'
';
$ok=0;
}
/* check if email address is already used */
if(DB_get_userid('email',$_REQUEST['Remail']))
{
- echo "this email address is already used ?!
";
+ echo _('This email address is already used?!').'
';
$ok=0;
}
/* need either openid or password */
if(!myisset('Rpassword') && !myisset('Ropenid'))
{
- echo "I need either a Password or an Openid url.
";
+ echo _('I need either a Password or an Openid url.').'
';
+ $ok=0;
+ }
+ /* check for password length */
+ if(myisset('Rpassword') && strlen(trim($_REQUEST['Rpassword']))==0 )
+ {
+ echo _('Password cannot be empty!').'
';
$ok=0;
}
@@ -69,7 +94,7 @@ if(myisset("Rfullname","Remail","Rtimezone") )
}
if($robot==0)
{
- echo "You answered the math question wrong.
\n";
+ echo _('You answered the math question wrong.').'
'."\n";
$ok=0;
}
/* everything ok, go ahead and create user */
@@ -77,18 +102,29 @@ if(myisset("Rfullname","Remail","Rtimezone") )
{
if(myisset('Rpassword'))
{
- $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
- ",".DB_quote_smart($_REQUEST["Remail"]).
- ",".DB_quote_smart(md5($_REQUEST["Rpassword"])).
- ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
+ // create a password hash using the crypt function, need php 5.3 for this
+ // create a random salt
+ $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+ // hash incoming password using 12 rounds of blowfish
+ $hash = crypt($_REQUEST['Rpassword'], '$2y$12$' . $salt);
+
+ if(strlen($hash)>13)
+ {
+ $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
+ ','.DB_quote_smart($_REQUEST['Remail']).
+ ','.DB_quote_smart($hash).
+ ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
+ }
+ else /* hash function didn't work */
+ $r=0;
}
else if(myisset('Ropenid'))
{
- $password = $_REQUEST["Rfullname"].preg_replace('/([ ])/e', 'chr(rand(33,122))', ' ');
- $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
- ",".DB_quote_smart($_REQUEST["Remail"]).
- ",".DB_quote_smart(md5($password)).
- ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
+ $password = $_REQUEST['Rfullname'].preg_replace('/([ ])/e', 'chr(rand(33,122))', ' ');
+ $r=DB_query('INSERT INTO User VALUES(NULL,'.DB_quote_smart($_REQUEST['Rfullname']).
+ ','.DB_quote_smart($_REQUEST['Remail']).
+ ','.DB_quote_smart(md5($password)).
+ ','.DB_quote_smart($_REQUEST['Rtimezone']).',NULL,NULL)');
if($r)
{
include_once('openid.php');
@@ -104,85 +140,21 @@ if(myisset("Rfullname","Remail","Rtimezone") )
{
/* Set session, so that new user doesn't need to log in */
$myname = DB_get_name('email',$_REQUEST['Remail']);
- $_SESSION["name"] = $myname;
+ $_SESSION['name'] = $myname;
- echo " Welcome to e-DoKo, you are now registered, please visit the".
- " homepage to continue.";
+ echo ' Welcome to e-DoKo, you are now registered, please visit the'.
+ ' homepage to continue.';
}
else
- echo " something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
+ echo " Something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
}
else
{
- echo "Couldn't register you. Please try again! \n";
+ echo '
Could not register you. Please try again! '."\n";
}
}
- else
- {
- /* No information for new user given, ouput a page for registration */
-
- /* check for openid information */
- $openid_url = '';
- $name = '';
- $email = '';
- if(myisset('openid_url'))
- $openid_url = $_REQUEST['openid_url'];
- if(myisset('openidname'))
- $name = $_REQUEST['openidname'];
- if(myisset('openidemail'))
- $email = $_REQUEST['openidemail'];
-
- if($openid_url=='')
- echo "
IMPORTANT: passwords are going over the net as clear text, so pick an easy password. ".
- "No need to pick anything complicated here ;)
";
- echo "N.B. Your email address will be exposed to other players whom you play games with. ";
- echo "