We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

register.php 6.1 KB
Newer Older
mattl's avatar
mattl committed
1 2
<?php

3
/* GNU FM -- a free network service for sharing your music listening habits
mattl's avatar
mattl committed
4

5
   Copyright (C) 2009 Free Software Foundation, Inc
mattl's avatar
mattl committed
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.

   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.

*/

22
require_once('database.php');
elleo's avatar
elleo committed
23 24
require_once('templating.php');
require_once('utils/EmailAddressValidator.php');
jurgbohn's avatar
jurgbohn committed
25

26
if($logged_in == true){
elleo's avatar
elleo committed
27
	header('Location: index.php');
28 29
} else {

jurgbohn's avatar
jurgbohn committed
30 31
// Moving to open alpha
/*$authcode = $_GET["authcode"];
elleo's avatar
elleo committed
32

33 34
$res = $adodb->GetRow('SELECT inviter FROM Invitations WHERE code = ' . $adodb->qstr($authcode));
if(!$res) {
elleo's avatar
elleo committed
35 36 37
	$invalid_authcode = true;
} else {
	$invalid_authcode = false;
jurgbohn's avatar
jurgbohn committed
38
}*/
jurgbohn's avatar
jurgbohn committed
39 40 41 42 43 44 45
function sendEmail($text, $email) {
        $headers = 'From: Libre.fm Account Activation <account@libre.fm>';
	$subject = 'Libre.fm Account Activation - Action needed!';
	mail($email, $subject, $text, $headers);
}
if(isset($_GET['auth'])) {
	$authcode = $_GET['auth'];
clint's avatar
clint committed
46 47 48 49 50
	$adodb->SetFetchMode(ADODB_FETCH_ASSOC);
	try {
	$row = $adodb->GetRow('SELECT * FROM AccountActivation WHERE authcode = ' . $adodb->qstr($authcode));
	}
	catch (exception $e) {
elleo's avatar
elleo committed
51
		$errors = 'Unknown activationcode.';
jurgbohn's avatar
jurgbohn committed
52 53 54 55 56
		$smarty->assign('errors', $errors);
		$smarty->display('error.tpl');
		die();
	}

57 58
	$sql_update = 'UPDATE Users SET active = 1 WHERE username = ' . $adodb->qstr($row['username']);
	$sql_delete = 'DELETE FROM AccountActivation WHERE authcode = ' . $adodb->qstr($authcode);
clint's avatar
clint committed
59
	try {
60 61
		$res = $adodb->Execute($sql_update);
		$res = $adodb->Execute($sql_delete);
clint's avatar
clint committed
62 63
	}
	catch (exception $e) {
64 65 66 67 68 69
		$errors = 'An error occurred.';
		$details =  $e->getMessage();
		$smarty->assign('error', $errors);
		$smarty->assign('details', $details);
		$smarty->display('error.tpl');
	    	die();
jurgbohn's avatar
jurgbohn committed
70
	}
jurgbohn's avatar
jurgbohn committed
71 72
	$smarty->assign('activated', true);
}
elleo's avatar
elleo committed
73 74 75

if(isset($_POST['register'])) {

elleo's avatar
elleo committed
76
	$errors = '';
elleo's avatar
elleo committed
77 78 79 80 81 82 83 84 85 86
	$username = $_POST['username'];
	$password = $_POST['password'];
	$passwordrepeat = $_POST['password-repeat'];
	$fullname = $_POST['fullname'];
	$email = $_POST['email'];
	$location = $_POST['location'];
	$bio = $_POST['bio'];


	//Basic validation
87 88
	if(!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9_]{1,14}[a-zA-Z0-9]$/', $username)) {
		$errors .= 'Your username must be at least 3 characters in length (max 16) and only consist of <i>a-z, A-Z, 0-9</i> and _ (underscore), and may not begin or end with an underscore.<br />';
elleo's avatar
elleo committed
89 90
	}
	if(empty($password)) {
elleo's avatar
elleo committed
91
		$errors .= 'You must enter a password.<br />';
elleo's avatar
elleo committed
92 93
	}
	if($password != $passwordrepeat) {
elleo's avatar
elleo committed
94
		$errors .= 'Your passwords do not match.<br />';
elleo's avatar
elleo committed
95 96
	}
	if(empty($email)) {
elleo's avatar
elleo committed
97
		$errors .= 'You must enter an e-mail address.<br />';
jurgbohn's avatar
jurgbohn committed
98 99 100
	} else {
	    $validator = new EmailAddressValidator();
	    if (!$validator->check_email_address($email)) {
elleo's avatar
elleo committed
101
		$errors .= 'You must provide a valid email address!<br />';
jurgbohn's avatar
jurgbohn committed
102
	    }
elleo's avatar
elleo committed
103 104 105
	}

	//Check this username is available
clint's avatar
clint committed
106 107 108 109 110 111 112
	try {
		$res = $adodb->GetOne('SELECT username FROM Users WHERE lower(username) = ' . $adodb->qstr(strtolower($username)));
	}
	catch (exception $e) {
		$errors .= 'Database error.<br />';
	}
	if($res) {
elleo's avatar
elleo committed
113
		$errors .= 'Sorry, that username is already registered.<br />';
elleo's avatar
elleo committed
114 115
	}

jurgbohn's avatar
jurgbohn committed
116
	if(empty($errors)) {
elleo's avatar
elleo committed
117
		// Create the user
Jørgen Bøhnsdalen's avatar
Jørgen Bøhnsdalen committed
118
		$sql = 'INSERT INTO Users (username, password, email, fullname, bio, location, created, active) VALUES ('
clint's avatar
clint committed
119 120 121 122 123
			. $adodb->qstr($username) . ', '
			. $adodb->qstr(md5($password)) . ', '
			. $adodb->qstr($email) . ', '
			. $adodb->qstr($fullname) . ', '
			. $adodb->qstr($bio) . ', '
Jørgen Bøhnsdalen's avatar
Jørgen Bøhnsdalen committed
124 125
			. $adodb->qstr($location) . ', ' 
			. time() . ', 0)';
clint's avatar
clint committed
126 127 128 129 130
		try {
		$insert = $adodb->Execute($sql);
		}
		catch (exception $e) {
		    reportError('Create user, insert, register.php', $e->getMessage());
131 132 133 134
		    $errors .= 'An error occurred.'; 
		    $details = $e->getMessage();
		    $smarty->assign('error', $errors);
		    $smarty->assign('details', $details);
jurgbohn's avatar
jurgbohn committed
135 136 137
		    $smarty->display('error.tpl');
		    die();
		}
jurgbohn's avatar
jurgbohn committed
138 139

		$code = md5($username . time());
140
		$sql = 'INSERT INTO AccountActivation (username, authcode, expires) VALUES('
clint's avatar
clint committed
141
			. $adodb->qstr($username) . ', '
142 143
			. $adodb->qstr($code) . ', '
			. (time()+(86400*2)) . ')';
clint's avatar
clint committed
144
		try {
145
			$res = $adodb->Execute($sql);
clint's avatar
clint committed
146 147 148
		}
		catch (exception $e) {
		    reportError('AccountActivation, insert, register.php', $e->getMessage());
elleo's avatar
elleo committed
149
		    $errors .= 'An error occurred.';
150 151 152
		    $details = $e->getMessage();
		    $smarty->assign('error', $errors);
		    $smarty->assign('details', $details);
jurgbohn's avatar
jurgbohn committed
153 154 155 156
		    $smarty->display('error.tpl');
		    die();
		}

elleo's avatar
elleo committed
157
		$url = $base_url . '/register.php?auth=' . $code;
158
		$content = "Hi!\n\nSomeone registered an account "
elleo's avatar
elleo committed
159
		    . "at http://alpha.libre.fm. If this was you, please visit the webpage specified below to activate "
160 161 162
		    . "your account within 48 hours, after which time all information provided by you and "
		    . "your activation code will be permanently deleted from our database. If you do not want to activate your account, "
		    . "please disregard this email.\n\n" . $url . "\n\n- The Libre.fm Team";
jurgbohn's avatar
jurgbohn committed
163 164
		sendEmail($content, $email);

elleo's avatar
elleo committed
165
		// Remove auth code and set their username as the invitee
166 167 168
		//$adodb->Execute("UPDATE Invitations SET code = NULL, invitee = " . $adodb->qstr($username) . " WHERE code = " . $adodb->qstr($authcode));
		//$removesql = "DELETE FROM Invitation_Request WHERE email=" . $adodb->qstr($email);
		//$adodb->Execute($removesql);
elleo's avatar
elleo committed
169
		$smarty->assign('registered', true);
elleo's avatar
elleo committed
170
	} else {
elleo's avatar
elleo committed
171 172 173 174 175 176
		$smarty->assign('username', $username);
		$smarty->assign('fullname', $fullname);
		$smarty->assign('email', $email);
		$smarty->assign('location', $location);
		$smarty->assign('bio', $bio);
		$smarty->assign('errors', $errors);
elleo's avatar
elleo committed
177 178
	}
}
jurgbohn's avatar
jurgbohn committed
179 180
//$smarty->assign("invalid_authcode", $invalid_authcode);
//$smarty->assign("authcode", $authcode);
elleo's avatar
elleo committed
181

elleo's avatar
elleo committed
182
$smarty->display('register.tpl');
183
}
elleo's avatar
elleo committed
184
?>