From df6f2abfbe283a25cdfe3c8fae848abda35cedaf Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 9 Apr 2021 19:06:36 +0000 Subject: register: if auto create is configured do some more tests against the provided name and nick so it will not fail later in create_identity(); --- Zotlabs/Module/Admin/Site.php | 3 +- Zotlabs/Module/Regate.php | 4 +- Zotlabs/Module/Register.php | 99 ++++++++++++++++++++++++------------------- 3 files changed, 58 insertions(+), 48 deletions(-) diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 73c24897f..8a7bb1180 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -469,8 +469,7 @@ class Site { . t('From-To ranges are joined with `-`') . '. ' . t('ie') . ' `1-5:0900-1200,1300-1700 6:900-1230` ' . t('or') .' `1-2,4-5:800-1800` ' . EOL . ' ' . t('Parse and test your input') . ''. EOL - . t('If left empty, defaults to 24h closed everyday the week.') . ' ' - . t('To open 24h everyday the week, short is `-:-`.') . ' ' + . t('If left empty, defaults to 24h open everyday the week (-:-).') . ' ' . t('Note, ranges are specified as open-close pairs and in case of') . ' 0900-1200 ' . t('results to: opens 9h and closes 12h. If meant open 9h to 12h exactly, say `0900-1201`'), diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 9a3be1e1c..4c7c96284 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -147,9 +147,9 @@ class Regate extends \Zotlabs\Web\Controller { if ($cra['success']) { q("COMMIT"); - $msg = 'ZAR1238I ' . t('Account successfull created'); + $msg = t('Account successfull created'); // zar_log($msg . ':' . print_r($cra, true)); - zar_log($msg . ' ' . $cra['account']['account_email'] + zar_log('ZAR1238I ' . $msg . ' ' . $cra['account']['account_email'] . ' ' . $cra['account']['account_language']); $nextpage = 'new_channel'; diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 4eece60b3..e9d313bb5 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -6,6 +6,8 @@ use App; use Zotlabs\Web\Controller; require_once('include/security.php'); +require_once('include/channel.php'); + class Register extends Controller { @@ -59,66 +61,76 @@ class Register extends Controller { */ - $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; - $duty = zar_register_dutystate(); - $is247 = false; - $ip = $_SERVER['REMOTE_ADDR']; - $sameip = intval(get_config('system','register_sameip')); - - $arr = $_POST; - $invite_code = ( (x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); - $email = ( (x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); - $password = ( (x($arr,'password')) ? trim($arr['password']) : ''); - $password2 = ( (x($arr,'password2')) ? trim($arr['password2']) : ''); - - $reonar = array(); - + $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; + $duty = zar_register_dutystate(); + $is247 = false; + $ip = $_SERVER['REMOTE_ADDR']; + $sameip = intval(get_config('system','register_sameip')); + $arr = $_POST; + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $name = ''; + $nick = ''; + $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); + $password = ((x($arr,'password')) ? trim($arr['password']) : ''); + $password2 = ((x($arr,'password2')) ? trim($arr['password2']) : ''); + $reonar = []; + $auto_create = get_config('system','auto_channel_create', 1); - // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) - if ($email && $invite_code) { - if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { - $is247 = true; - } + if($auto_create) { + $name = escape_tags(trim($arr['name'])); + if(!$name) { + notice(t('Name is required.')); + return; } - } - -/* - // assume someone tries to validate (dId2 C/D/E), because only field email entered - if ( $email && ( ! $invite_code ) && ( ! $password ) && ( ! $_POST['password2'] ) ) { - // dId2 logic - - if ( preg_match('/^\@{1,1}.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - // dId2 C channel - ffu + $name_error = validate_channelname($name); + if($name_error) { + notice($name_error . EOL); + return $ret; } - if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - // dId2 E email - goaway(z_root() . '/regate/' . bin2hex($email) . 'e' ); + $nick = mb_strtolower(escape_tags(trim($arr['nickname']))); + if(!$nick) { + notice(t('Nickname is required.')); + return; } - if ( preg_match('/^d{1,1}[0-9]{5,10}$/', $email ) ) { - // dId2 A artifical & anonymous - goaway(z_root() . '/regate/' . bin2hex($email) . 'a' ); + if($nick === 'sys') { + notice(t('Reserved nickname. Please choose another.') . EOL); + return; } + if(check_webbie([$nick]) !== $nick) { + notice(t('Nickname has unsupported characters or is already being used on this site.') . EOL); + return; + } } -*/ - $email_verify = get_config('system','verify_email'); - if ($email_verify && ! $email) { + + $email_verify = get_config('system', 'verify_email'); + if ($email_verify && !$email) { notice(t('Email address required') . EOL); return; } if ($email) { - if ( ! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_POST['email'] ) ) { + if (! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email)) { // msg! notice(t('Not a valid email address') . EOL); return; } } + // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) + if ($email && $invite_code) { + if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { + if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { + $is247 = true; + } + } + } + if ($act > 0 && !$is247 && !$duty['isduty']) { // normally (except very 1st timr after install), that should never arrive here (ie js hack or sth like) // log suitable for f2b also @@ -178,7 +190,6 @@ class Register extends Controller { $policy = get_config('system','register_policy'); $invonly = get_config('system','invitation_only'); $invalso = get_config('system','invitation_also'); - $auto_create = get_config('system','auto_channel_create', 1); switch($policy) { @@ -224,8 +235,8 @@ class Register extends Controller { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { if ($auto_create) { - $reonar['chan.name'] = notags(trim($arr['name'])); - $reonar['chan.did1'] = notags(trim($arr['nickname'])); + $reonar['chan.name'] = $name; + $reonar['chan.did1'] = $nick; } q("UPDATE register set reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", @@ -372,8 +383,8 @@ class Register extends Controller { } if ( $auto_create ) { - $reonar['chan.name'] = notags(trim($arr['name'])); - $reonar['chan.did1'] = notags(trim($arr['nickname'])); + $reonar['chan.name'] = $name; + $reonar['chan.did1'] = $nick; } $reg = q("INSERT INTO register (" -- cgit v1.2.3