blob: 9f33e8b221f4015ef218adb05af214f71285121a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
<?php
function init_register(&$S) {
if (isset($S['user'])) {
header('Location: '.url());
return 'welcome';
}
if (isset($_REQUEST['token']) && strlen($_REQUEST['token']) == 30 && ctype_alnum($_REQUEST['token'])) {
$r=query('SELECT * FROM `registrationtokens` WHERE `id`="'.$_REQUEST['token'].'" AND `expire` > '.time());
if ($r->rowCount()) {
$S['register.token']=new sql_registrationtoken($r->fetch(PDO::FETCH_ASSOC));
if (isset($_REQUEST['password'])) {
$S['register.fail']='';
if (!isset($_REQUEST['name']) || !Validate::username($_REQUEST['name']))
$S['register.fail'].=print_warning('The username you entered is invalid. Names must be at least two characters long and may contain alphanumeric characters, period, space, underscore, and dash.');
if (!isset($_REQUEST['password']) || strlen($_REQUEST['password']) <= 4)
$S['register.fail'].=print_warning('Please enter a password at least five characters long.');
if ($S['register.fail']=='') {
$S['user']=new sql_user(null, $S['register.token']->email, $_REQUEST['name'], sha1($_REQUEST['password']), '');
$S['user']->write();
$S['register.token']->delete();
unset($S['register.token']);
sql_session::create();
}
}
}
} elseif (!$S['conf']['registration']) return '404';
return array('title' => 'Register');
}
function body_register(&$S) {
if (isset($S['user']))
echo print_success('Account creation complete.');
elseif (isset($_REQUEST['email'])) {
if (!Validate::email($_REQUEST['email']))
echo print_warning('The email address you entered is invalid.').'<a href="javascript:history.go(-1)">Back</a>';
// 5.3.0 - goto print form
else {
if (query('SELECT COUNT(*) FROM `users` WHERE `email`='.$S['pdo']->quote($_REQUEST['email']))->fetch(PDO::FETCH_COLUMN))
echo print_warning('An account already exists with this email address.').'<a href="'.url('login').'">Login</a>';
else {
if ($token=query('SELECT * FROM `registrationtokens` WHERE `expire` > '.time().' AND `email`='.$S['pdo']->quote($_REQUEST['email']))->fetch(PDO::FETCH_ASSOC)) {
echo print_warning('A confirmation email has already been sent to this email address... sending another email.');
$token=new sql_registrationtoken($token);
} else {
$token=sql_registrationtoken::create();
$token->email=$_REQUEST['email'];
}
$token->expire=time()+24*3600; // 24 Hours before expiration (not implemented)
$token->write();
xhtmlemail($_REQUEST['email'], null, $S['conf']['title'].' account creation', 'To complete your account registration, click this link: <a href="'.url('register/'.$token->id).'">'.url('register/'.$token->id).'</a>.');
echo print_success('You will receive an email soon at '.htmlentities($_REQUEST['email']).' with instructions to finish creating your account.');
}
}
} elseif (isset($S['register.token'])) {
if (isset($S['register.fail']))
echo $S['register.fail'];
echo '<h3>Register</h3><form action="'.url('register').'" method="post"><input type="hidden" name="token" value="'.$_REQUEST['token'].'" />Display name: <input name="name" /><br/>Password: <input type="password" name="password" /><br/><input type="submit" value="Create Account" /></form>';
} else
echo '<h3>Register</h3><form action="'.url('register').'" method="post">
E-mail: <input name="email" /><br/>
<input type="submit" value="Create Account" />
</form>';
}
?>
|