aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-04-09 19:06:36 +0000
committerMario <mario@mariovavti.com>2021-04-09 19:06:36 +0000
commitdf6f2abfbe283a25cdfe3c8fae848abda35cedaf (patch)
tree720fbf79f88a96b1bba96f422f8b2c46323e5198 /Zotlabs/Module
parent684245f24df8d0f25638170a5c8c0739df80b45a (diff)
downloadvolse-hubzilla-df6f2abfbe283a25cdfe3c8fae848abda35cedaf.tar.gz
volse-hubzilla-df6f2abfbe283a25cdfe3c8fae848abda35cedaf.tar.bz2
volse-hubzilla-df6f2abfbe283a25cdfe3c8fae848abda35cedaf.zip
register: if auto create is configured do some more tests against the provided name and nick so it will not fail later in create_identity();
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Admin/Site.php3
-rw-r--r--Zotlabs/Module/Regate.php4
-rw-r--r--Zotlabs/Module/Register.php99
3 files changed, 58 insertions, 48 deletions
diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php
index 73c24897f..8a7bb1180 100644
--- a/Zotlabs/Module/Admin/Site.php
+++ b/Zotlabs/Module/Admin/Site.php
@@ -469,8 +469,7 @@ class Site {
. t('From-To ranges are joined with `-`') . '. '
. t('ie') . ' `1-5:0900-1200,1300-1700 6:900-1230` ' . t('or') .' `1-2,4-5:800-1800` '
. EOL . ' <a id="zar083a" class="zuia btn">' . t('Parse and test your input') . '</a>'. EOL
- . t('If left empty, defaults to 24h closed everyday the week.') . ' '
- . t('To open 24h everyday the week, short is `-:-`.') . ' '
+ . t('If left empty, defaults to 24h open everyday the week (-:-).') . ' '
. t('Note, ranges are specified as open-close pairs and in case of')
. ' 0900-1200 '
. t('results to: opens 9h and closes 12h. If meant open 9h to 12h exactly, say `0900-1201`'),
diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php
index 9a3be1e1c..4c7c96284 100644
--- a/Zotlabs/Module/Regate.php
+++ b/Zotlabs/Module/Regate.php
@@ -147,9 +147,9 @@ class Regate extends \Zotlabs\Web\Controller {
if ($cra['success']) {
q("COMMIT");
- $msg = 'ZAR1238I ' . t('Account successfull created');
+ $msg = t('Account successfull created');
// zar_log($msg . ':' . print_r($cra, true));
- zar_log($msg . ' ' . $cra['account']['account_email']
+ zar_log('ZAR1238I ' . $msg . ' ' . $cra['account']['account_email']
. ' ' . $cra['account']['account_language']);
$nextpage = 'new_channel';
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php
index 4eece60b3..e9d313bb5 100644
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -6,6 +6,8 @@ use App;
use Zotlabs\Web\Controller;
require_once('include/security.php');
+require_once('include/channel.php');
+
class Register extends Controller {
@@ -59,66 +61,76 @@ class Register extends Controller {
*/
- $act = q("SELECT COUNT(*) AS act FROM account")[0]['act'];
- $duty = zar_register_dutystate();
- $is247 = false;
- $ip = $_SERVER['REMOTE_ADDR'];
- $sameip = intval(get_config('system','register_sameip'));
-
- $arr = $_POST;
- $invite_code = ( (x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : '');
- $email = ( (x($arr,'email')) ? notags(punify(trim($arr['email']))) : '');
- $password = ( (x($arr,'password')) ? trim($arr['password']) : '');
- $password2 = ( (x($arr,'password2')) ? trim($arr['password2']) : '');
-
- $reonar = array();
-
+ $act = q("SELECT COUNT(*) AS act FROM account")[0]['act'];
+ $duty = zar_register_dutystate();
+ $is247 = false;
+ $ip = $_SERVER['REMOTE_ADDR'];
+ $sameip = intval(get_config('system','register_sameip'));
+ $arr = $_POST;
+ $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : '');
+ $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : '');
+ $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : '');
+ $name = '';
+ $nick = '';
+ $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : '');
+ $password = ((x($arr,'password')) ? trim($arr['password']) : '');
+ $password2 = ((x($arr,'password2')) ? trim($arr['password2']) : '');
+ $reonar = [];
+ $auto_create = get_config('system','auto_channel_create', 1);
- // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto)
- if ($email && $invite_code) {
- if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) {
- if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) {
- $is247 = true;
- }
+ if($auto_create) {
+ $name = escape_tags(trim($arr['name']));
+ if(!$name) {
+ notice(t('Name is required.'));
+ return;
}
- }
-
-/*
- // assume someone tries to validate (dId2 C/D/E), because only field email entered
- if ( $email && ( ! $invite_code ) && ( ! $password ) && ( ! $_POST['password2'] ) ) {
- // dId2 logic
-
- if ( preg_match('/^\@{1,1}.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) {
- // dId2 C channel - ffu
+ $name_error = validate_channelname($name);
+ if($name_error) {
+ notice($name_error . EOL);
+ return $ret;
}
- if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) {
- // dId2 E email
- goaway(z_root() . '/regate/' . bin2hex($email) . 'e' );
+ $nick = mb_strtolower(escape_tags(trim($arr['nickname'])));
+ if(!$nick) {
+ notice(t('Nickname is required.'));
+ return;
}
- if ( preg_match('/^d{1,1}[0-9]{5,10}$/', $email ) ) {
- // dId2 A artifical & anonymous
- goaway(z_root() . '/regate/' . bin2hex($email) . 'a' );
+ if($nick === 'sys') {
+ notice(t('Reserved nickname. Please choose another.') . EOL);
+ return;
}
+ if(check_webbie([$nick]) !== $nick) {
+ notice(t('Nickname has unsupported characters or is already being used on this site.') . EOL);
+ return;
+ }
}
-*/
- $email_verify = get_config('system','verify_email');
- if ($email_verify && ! $email) {
+
+ $email_verify = get_config('system', 'verify_email');
+ if ($email_verify && !$email) {
notice(t('Email address required') . EOL);
return;
}
if ($email) {
- if ( ! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_POST['email'] ) ) {
+ if (! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email)) {
// msg!
notice(t('Not a valid email address') . EOL);
return;
}
}
+ // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto)
+ if ($email && $invite_code) {
+ if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) {
+ if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) {
+ $is247 = true;
+ }
+ }
+ }
+
if ($act > 0 && !$is247 && !$duty['isduty']) {
// normally (except very 1st timr after install), that should never arrive here (ie js hack or sth like)
// log suitable for f2b also
@@ -178,7 +190,6 @@ class Register extends Controller {
$policy = get_config('system','register_policy');
$invonly = get_config('system','invitation_only');
$invalso = get_config('system','invitation_also');
- $auto_create = get_config('system','auto_channel_create', 1);
switch($policy) {
@@ -224,8 +235,8 @@ class Register extends Controller {
if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) {
if ($auto_create) {
- $reonar['chan.name'] = notags(trim($arr['name']));
- $reonar['chan.did1'] = notags(trim($arr['nickname']));
+ $reonar['chan.name'] = $name;
+ $reonar['chan.did1'] = $nick;
}
q("UPDATE register set reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'",
@@ -372,8 +383,8 @@ class Register extends Controller {
}
if ( $auto_create ) {
- $reonar['chan.name'] = notags(trim($arr['name']));
- $reonar['chan.did1'] = notags(trim($arr['nickname']));
+ $reonar['chan.name'] = $name;
+ $reonar['chan.did1'] = $nick;
}
$reg = q("INSERT INTO register ("