diff options
-rw-r--r-- | Zotlabs/Module/Admin/Site.php | 22 | ||||
-rw-r--r-- | Zotlabs/Module/Regate.php | 5 | ||||
-rw-r--r-- | Zotlabs/Module/Register.php | 68 | ||||
-rw-r--r-- | include/account.php | 5 | ||||
-rw-r--r-- | view/tpl/admin_site.tpl | 2 |
5 files changed, 72 insertions, 30 deletions
diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 18408043c..530eb272a 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -43,6 +43,7 @@ class Site { $maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0); $register_policy = ((x($_POST,'register_policy')) ? intval(trim($_POST['register_policy'])) : 0); + $register_wo_email = ((x($_POST,'register_wo_email')) ? intval(trim($_POST['register_wo_email'])) : 0); $minimum_age = ((x($_POST,'minimum_age')) ? intval(trim($_POST['minimum_age'])) : 13); $access_policy = ((x($_POST,'access_policy')) ? intval(trim($_POST['access_policy'])) : 0); $reg_autochannel = ((x($_POST,'auto_channel_create')) ? True : False); @@ -194,6 +195,7 @@ class Site { set_config('system','maximagesize', $maximagesize); set_config('system','register_policy', $register_policy); + set_config('system','register_wo_email', $register_wo_email); set_config('system','minimum_age', $minimum_age); set_config('system','auto_channel_create', $reg_autochannel); set_config('system',self::ivo, $invitation_only); @@ -359,6 +361,7 @@ class Site { 'm' => t('Month(s)') , 'y' => t('Year(s)') ); + $regdelay_n = $regdelay_u = false; $regdelay = get_config('system','register_delay'); if ($regdelay) list($regdelay_n, $regdelay_u) = array(substr($regdelay,0,-1),substr($regdelay,-1)); @@ -372,15 +375,16 @@ class Site { 'field' => array( 'name' => 'delay', 'title' => t('duration up from now'), - 'value' => ($regdelay_n === false ? 90 : $regdelay_n), + 'value' => ($regdelay_n === false ? 0 : $regdelay_n), 'min' => '0', 'max' => '99', 'size' => '2', - 'default' => ($regdelay_u ? $regdelay_u : 'i') + 'default' => ($regdelay_u === false ? 'i' : $regdelay_u) ), 'rabot' => $reg_rabots ) ); + $regexpire_n = $regexpire_u = false; $regexpire = get_config('system','register_expire'); if ($regexpire) list($regexpire_n, $regexpire_u) = array(substr($regexpire,0,-1),substr($regexpire,-1)); @@ -394,11 +398,11 @@ class Site { 'field' => array( 'name' => 'expire', 'title' => t('duration up from now'), - 'value' => ($regexpire_n === false ? 2 : $regexpire_n), + 'value' => ($regexpire_n === false ? 99 : $regexpire_n), 'min' => '0', 'max' => '99', 'size' => '2', - 'default' => ($regexpire_u ? $regexpire_u : 'i') + 'default' => ($regexpire_u === false ? 'y' : $regexpire_u) ), 'rabot' => $reg_rabots ) @@ -449,6 +453,12 @@ class Site { "", $register_choices, 'ZAR0820C'), + '$register_wo_email' => array('register_wo_email', + t("Registration is also possible without having to enter an email address."), + get_config('system','register_wo_email'), + t("Registration is also supported without requiring an email address from the applicant. Instead of the email address an artificial identification is generated, which has to be confirmed in a separate dialog. The default value is (Off) and corresponds to the registration procedure up to version 5.4.x."), + "", "", 'ZAR0824C'), + '$register_duty' => array('register_duty', t('Registration office on duty'), $this->register_duty = get_config('system', 'register_duty'), @@ -458,9 +468,9 @@ class Site { . t('Several values or ranges are to split by comma') . '. ' . t('From-To ranges are joined with `-`') . '. ' . t('ie') . ' `1-5:0900-1200,1300-1700 6:900-1230` ' . t('or') .' `1-2,4-5:800-1800` ' - . ' <a id="zar083a" href="javascript:;">' . t('Parse and test your input') . '</a>'. EOL + . EOL . ' <a id="zar083a" class="zuia btn">' . t('Parse and test your input') . '</a>'. EOL . t('If left empty, defaults to 24h closed everyday the week.') . ' ' - . t('To keep open 24h everyday the week, short is `-:-`.') . ' ' + . t('To open 24h everyday the week, short is `-:-`.') . ' ' . t('Note, ranges are specified as open-close pairs and in case of') . ' 0900-1200 ' . t('results to: opens 9h and closes 12h. If meant open 9h to 12h exactly, say `0900-1201`'), diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 077e5fd54..0d430d68c 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -61,14 +61,13 @@ class Regate extends \Zotlabs\Web\Controller { // do we have a valid dId2 ? if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) - || ($didx == 'e') ) { + || ($didx == 'e') || ($didx == 'i')) { // check startup and expiration via [=[register $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ", dbesc($did2) ); if ( $r && count($r) == 1 ) { $r = $r[0]; // check timeframe if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) { - if ( isset($_POST['resend']) && $didx == 'e' ) { $re = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = 'e' AND reg_did2 = '%s' ", dbesc($r['reg_did2']) ); if ( $re && count($re) == 1 ) { @@ -91,6 +90,8 @@ class Regate extends \Zotlabs\Web\Controller { $acpin = (preg_match('/^[0-9]{6,6}$/', $_POST['acpin']) ? $_POST['acpin'] : false); elseif ( $didx == 'e' ) $acpin = (preg_match('/^[0-9a-f]{24,24}$/', $_POST['acpin']) ? $_POST['acpin'] : false); + elseif ( $didx == 'i' ) + $acpin = $r['reg_hash']; else $acpin = false; if ( $acpin && ($r['reg_hash'] == $acpin )) { diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index c25475550..d865b7b49 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -2,6 +2,7 @@ namespace Zotlabs\Module; +use App; use Zotlabs\Web\Controller; require_once('include/security.php'); @@ -216,7 +217,15 @@ class Register extends Controller { // transit ? // update reg vital 0 off - $icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", + //$icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", + //intval($reg['reg_id']) + //); + + // update DB flags, password + // TODO: what else? + q("UPDATE register set reg_flags = %d, reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", + intval($flags), + dbesc(bin2hex($password)), intval($reg['reg_id']) ); @@ -225,8 +234,15 @@ class Register extends Controller { // msg! info($msg . EOL); - $well = true; + // the invitecode has verified us and we have all the info we need + // take the shortcut. + $mod = new Regate(); + $_REQUEST['form_security_token'] = get_form_security_token("regate"); + App::$argc = 2; + App::$argv[0] = 'regate'; + App::$argv[1] = bin2hex($reg['reg_did2']) . 'i'; + return $mod->post(); } else { // msg! @@ -309,7 +325,7 @@ class Register extends Controller { $regexpire = (($reg_expires) ? datetime_convert(date_default_timezone_get(), 'UTC', $reg_expires['due']) : datetime_convert('UTC', 'UTC', 'now + 99 years')); // handle an email request that will be verified or an ivitation associated with an email address - if ( $email > '' && ($email_verify || $icdone) ) { + if ($email > '' && $email_verify) { // enforce in case of icdone $flags |= ACCOUNT_UNVERIFIED; $empin = $pass2 = random_string(24); @@ -353,28 +369,40 @@ class Register extends Controller { $reonar['chan.did1'] = notags(trim($arr['nickname'])); } + if($password_result['error']) { + $msg = $password_result['message']; + notice($msg); + zar_log($msg . ' ' . $did2); + goaway('register'); + } + + $salt = random_string(32); + $password = $salt . ',' . hash('whirlpool', $salt . $password); + $reg = q("INSERT INTO register (" - . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," - . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" - . " VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", - intval($flags), - dbesc($didx), - dbesc($did2), - dbesc($pass2), - dbesc($now), - dbesc($regdelay), - dbesc($regexpire), - dbesc($email), - dbesc(bin2hex($password)), - dbesc(substr(get_best_language(),0,2)), - dbesc($ip), - dbesc(json_encode( $reonar )) - ); + . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," + . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" + . " VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", + intval($flags), + dbesc($didx), + dbesc($did2), + dbesc($pass2), + dbesc($now), + dbesc($regdelay), + dbesc($regexpire), + dbesc($email), + dbesc($password), + dbesc(substr(get_best_language(),0,2)), + dbesc($ip), + dbesc(json_encode( $reonar )) + ); if ($didx == 'a') { $lid = q("SELECT reg_id FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' AND reg_pass = '%s' ", - dbesc($did2), dbesc(bin2hex($password)) ); + dbesc($did2), + dbesc($password) + ); if ($lid && count($lid) == 1 ) { diff --git a/include/account.php b/include/account.php index c3c7d26b7..858c915e0 100644 --- a/include/account.php +++ b/include/account.php @@ -327,8 +327,9 @@ function create_account_from_register($arr) { $roles = ACCOUNT_ROLE_ADMIN; } - $salt = random_string(32); - $password_encoded = hash('whirlpool', $salt . (hex2bin($register[0]['reg_pass']))); + $password_parts = explode(',', $register[0]['reg_pass']); + $salt = $password_parts[0]; + $password_encoded = $password_parts[1]; $ri = q( "INSERT INTO account (" diff --git a/view/tpl/admin_site.tpl b/view/tpl/admin_site.tpl index 6af867e8c..0fff7029a 100644 --- a/view/tpl/admin_site.tpl +++ b/view/tpl/admin_site.tpl @@ -33,6 +33,7 @@ {{include file="field_input.tpl" field=$register_text}} {{include file="field_select_grouped.tpl" field=$role}} {{include file="field_select.tpl" field=$register_policy}} + {{include file="field_checkbox.tpl" field=$register_wo_email}} {{include file="register_duty.tpl" field=$register_duty}} {{include file="field_input.tpl" field=$register_perday}} {{include file="field_input.tpl" field=$register_sameip}} @@ -131,6 +132,7 @@ '<style> '+ ' .zuiqmid { font-weight: normal; font-family: monospace; }'+ ' .zui_n { width: 5em; text-align: center; }'+ + ' .zuia { cursor: pointer; font-weight: bold; }'+ '</style>'); // <-hilmar] </script> |