diff options
author | Mario <mario@mariovavti.com> | 2021-04-09 19:06:36 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2021-04-09 19:06:36 +0000 |
commit | df6f2abfbe283a25cdfe3c8fae848abda35cedaf (patch) | |
tree | 720fbf79f88a96b1bba96f422f8b2c46323e5198 /Zotlabs/Module/Register.php | |
parent | 684245f24df8d0f25638170a5c8c0739df80b45a (diff) | |
download | volse-hubzilla-df6f2abfbe283a25cdfe3c8fae848abda35cedaf.tar.gz volse-hubzilla-df6f2abfbe283a25cdfe3c8fae848abda35cedaf.tar.bz2 volse-hubzilla-df6f2abfbe283a25cdfe3c8fae848abda35cedaf.zip |
register: if auto create is configured do some more tests against the provided name and nick so it will not fail later in create_identity();
Diffstat (limited to 'Zotlabs/Module/Register.php')
-rw-r--r-- | Zotlabs/Module/Register.php | 99 |
1 files changed, 55 insertions, 44 deletions
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 4eece60b3..e9d313bb5 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -6,6 +6,8 @@ use App; use Zotlabs\Web\Controller; require_once('include/security.php'); +require_once('include/channel.php'); + class Register extends Controller { @@ -59,66 +61,76 @@ class Register extends Controller { */ - $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; - $duty = zar_register_dutystate(); - $is247 = false; - $ip = $_SERVER['REMOTE_ADDR']; - $sameip = intval(get_config('system','register_sameip')); - - $arr = $_POST; - $invite_code = ( (x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); - $email = ( (x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); - $password = ( (x($arr,'password')) ? trim($arr['password']) : ''); - $password2 = ( (x($arr,'password2')) ? trim($arr['password2']) : ''); - - $reonar = array(); - + $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; + $duty = zar_register_dutystate(); + $is247 = false; + $ip = $_SERVER['REMOTE_ADDR']; + $sameip = intval(get_config('system','register_sameip')); + $arr = $_POST; + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $name = ''; + $nick = ''; + $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); + $password = ((x($arr,'password')) ? trim($arr['password']) : ''); + $password2 = ((x($arr,'password2')) ? trim($arr['password2']) : ''); + $reonar = []; + $auto_create = get_config('system','auto_channel_create', 1); - // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) - if ($email && $invite_code) { - if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { - $is247 = true; - } + if($auto_create) { + $name = escape_tags(trim($arr['name'])); + if(!$name) { + notice(t('Name is required.')); + return; } - } - -/* - // assume someone tries to validate (dId2 C/D/E), because only field email entered - if ( $email && ( ! $invite_code ) && ( ! $password ) && ( ! $_POST['password2'] ) ) { - // dId2 logic - - if ( preg_match('/^\@{1,1}.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - // dId2 C channel - ffu + $name_error = validate_channelname($name); + if($name_error) { + notice($name_error . EOL); + return $ret; } - if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - // dId2 E email - goaway(z_root() . '/regate/' . bin2hex($email) . 'e' ); + $nick = mb_strtolower(escape_tags(trim($arr['nickname']))); + if(!$nick) { + notice(t('Nickname is required.')); + return; } - if ( preg_match('/^d{1,1}[0-9]{5,10}$/', $email ) ) { - // dId2 A artifical & anonymous - goaway(z_root() . '/regate/' . bin2hex($email) . 'a' ); + if($nick === 'sys') { + notice(t('Reserved nickname. Please choose another.') . EOL); + return; } + if(check_webbie([$nick]) !== $nick) { + notice(t('Nickname has unsupported characters or is already being used on this site.') . EOL); + return; + } } -*/ - $email_verify = get_config('system','verify_email'); - if ($email_verify && ! $email) { + + $email_verify = get_config('system', 'verify_email'); + if ($email_verify && !$email) { notice(t('Email address required') . EOL); return; } if ($email) { - if ( ! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_POST['email'] ) ) { + if (! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email)) { // msg! notice(t('Not a valid email address') . EOL); return; } } + // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) + if ($email && $invite_code) { + if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { + if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { + $is247 = true; + } + } + } + if ($act > 0 && !$is247 && !$duty['isduty']) { // normally (except very 1st timr after install), that should never arrive here (ie js hack or sth like) // log suitable for f2b also @@ -178,7 +190,6 @@ class Register extends Controller { $policy = get_config('system','register_policy'); $invonly = get_config('system','invitation_only'); $invalso = get_config('system','invitation_also'); - $auto_create = get_config('system','auto_channel_create', 1); switch($policy) { @@ -224,8 +235,8 @@ class Register extends Controller { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { if ($auto_create) { - $reonar['chan.name'] = notags(trim($arr['name'])); - $reonar['chan.did1'] = notags(trim($arr['nickname'])); + $reonar['chan.name'] = $name; + $reonar['chan.did1'] = $nick; } q("UPDATE register set reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", @@ -372,8 +383,8 @@ class Register extends Controller { } if ( $auto_create ) { - $reonar['chan.name'] = notags(trim($arr['name'])); - $reonar['chan.did1'] = notags(trim($arr['nickname'])); + $reonar['chan.name'] = $name; + $reonar['chan.did1'] = $nick; } $reg = q("INSERT INTO register (" |