diff options
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/dfrn_notify.php | 2 | ||||
| -rw-r--r-- | mod/notifications.php | 2 | ||||
| -rw-r--r-- | mod/ping.php | 4 | ||||
| -rw-r--r-- | mod/register.php | 11 |
4 files changed, 15 insertions, 4 deletions
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index e4aabba5a..49356d358 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -363,7 +363,7 @@ function dfrn_notify_post(&$a) { '$username' => $importer['username'], '$email' => $importer['email'], '$from' => $from, - '$display' => $a->get_baseurl() . '/display/' . $r, + '$display' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $r, '$body' => strip_tags(bbcode(stripslashes($datarray['body']))) )); diff --git a/mod/notifications.php b/mod/notifications.php index c425d092e..ef7202363 100644 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -126,7 +126,7 @@ function notifications_content(&$a) { else notice( t('No notifications.') . EOL); - if ($a->config['register_policy'] = REGISTER_APPROVE && + if ($a->config['register_policy'] == REGISTER_APPROVE && $a->config['admin_email'] === $a->user['email']){ $o .= load_view_file('view/registrations-top.tpl'); diff --git a/mod/ping.php b/mod/ping.php index 00c4a3105..cb067f3fe 100644 --- a/mod/ping.php +++ b/mod/ping.php @@ -25,8 +25,8 @@ function ping_init(&$a) { ); $intro = $r[0]['total']; - if ($a->config['register_policy'] = REGISTER_APPROVE && - $a->config['admin_email'] = $a->user['email']){ + if ($a->config['register_policy'] == REGISTER_APPROVE && + $a->config['admin_email'] === $a->user['email']){ $r = q("SELECT COUNT(*) AS `total` FROM `register`"); $register = $r[0]['total']; } else { diff --git a/mod/register.php b/mod/register.php index 68c7297c9..fcc9ebcab 100644 --- a/mod/register.php +++ b/mod/register.php @@ -37,8 +37,13 @@ function register_post(&$a) { $openid_url = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : ''); $photo = ((x($_POST,'photo')) ? notags(trim($_POST['photo'])) : ''); + $tmp_str = $openid_url; if((! x($username)) || (! x($email)) || (! x($nickname))) { if($openid_url) { + if(! validate_url($tmp_str)) { + notice( t('Invalid OpenID url') . EOL); + return; + } $_SESSION['register'] = 1; $_SESSION['openid'] = $openid_url; require_once('library/openid.php'); @@ -82,6 +87,12 @@ function register_post(&$a) { if((! valid_email($email)) || (! validate_email($email))) $err .= t('Not a valid email address.') . EOL; + // Disallow somebody creating an account using openid that uses the admin email address, + // since openid bypasses email verification. + + if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) + $err .= t('Cannot use that email.') . EOL; + $nickname = $_POST['nickname'] = strtolower($nickname); if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname)) |