register.php File Reference

Go to the source code of this file.

Functions
	register_valid ()
Variables
&	nbsp

---

Function Documentation

register_valid (   )

Definition at line 34 of file register.php. References $confirm_hash, $G_USER, $GLOBALS, $message, $result, account_emailvalid(), account_namevalid(), account_pwvalid(), db_error(), db_insertid(), db_numrows(), db_query(), exit_error(), form_check(), form_clean(), and sendmail_mail(). { global $G_USER; #### Check for duplicates if (!form_check($_POST['form_id'])) { return 0; } ##### Make sure every parameters are given if (!$_POST['form_loginname']) { fb(_("You must supply a username."),1); return 0; } if (!$_POST['form_pw']) { fb(_("You must supply a password."),1); return 0; } if (!$_POST['form_email']) { fb(_("You must supply a valid email address."),1); return 0; } if (!$_POST['form_realname']) { fb(_("You must supply a non-empty real name."),1); return 0; } # Remove quotes from the realname, we do not want to allow that but # it is not a blocker issue. $GLOBALS['form_realname'] = strtr($_POST['form_realname'], "\'\"\,", " "); if ($GLOBALS['sys_use_pamauth'] != "yes" && $_POST['form_usepam'] !=1) { # Only do password sanity checks if user does not want # to authenticate via PAM if (!$_POST['form_pw']) { fb(_("You must supply a password."),1); return 0; } if ($_POST['form_pw'] != $_POST['form_pw2']) { fb(_("Passwords do not match."),1); return 0; } if (!account_pwvalid($_POST['form_pw'])) { # feedback included by the check function return 0; } } if (!account_namevalid($_POST['form_loginname'])) { # feedback included by the check function return 0; } if (!account_emailvalid($_POST['form_email'])) { # feedback included by the check function return 0; } ##### Avoid duplicates if (db_numrows(db_query("SELECT user_id FROM user WHERE " . "user_name LIKE '".addslashes($_POST[form_loginname])."'")) > 0) { fb(_("That username already exists."),1); return 0; } if (db_numrows(db_query("SELECT group_list_id FROM mail_group_list WHERE " . "list_name LIKE '".addslashes($_POST[form_loginname])."'")) > 0) { fb(_("That username is blocked to avoid conflict with mailing-list addresses."),1); return 0; } #### if ($GLOBALS['sys_use_krb5'] == "yes") { $krb5ret = krb5_login($_POST['form_loginname'], $_POST['form_pw']); if($krb5ret == -1) { # KRB5_NOTOK fb(_("phpkrb5 module failure"),1); return 0; } elseif($krb5ret == 1) { # KRB5_BAD_PASSWORD fb(sprintf(_("User is a kerberos principal but password do not match. Please use your kerberos password for the first login and then change your %s password. This is necessary to prevent someone from stealing your account name."),$GLOBALS['sys_name']),1); return 0; } elseif ($krb5ret == "2") { # KRB5_BAD_USER /* FIXME : this is broken and seems to be due to the kerberos module. we did not changed anything about that and we get 2 as return for any name. if($_POST['form_loginname']."@".$GLOBALS['sys_lists_domain']) { $GLOBALS['register_error'] = sprintf(_("User %s is a known mail alias and cannot be used. If you own this alias (%s@%s) please create a another user (for instance xx%s) and ask %s@%s to rename it to %s."), $_POST['form_loginname'], $_POST['form_loginname'], $GLOBALS['sys_lists_domain'], $_POST['form_loginname'], $GLOBALS['sys_admin_list'], $GLOBALS['sys_lists_domain'], $_POST['form_loginname']); return 0; } */ } } # if we got this far, it must be good if ($GLOBALS['sys_use_pamauth'] == "yes" && $_POST['form_usepam']==1) { # if user chose PAM based authentication, set his encrypted # password to the specified string $passwd='PAM'; } else { $passwd=md5($_POST[form_pw]); } $confirm_hash = substr(md5($session_hash . $passwd . time()),0,16); $result=db_query("INSERT INTO user (user_name,user_pw,realname,email,add_date," . "status,confirm_hash) " . "VALUES ('" . addslashes(strtolower($_POST[form_loginname]))."','" . addslashes($passwd)."','" . addslashes($GLOBALS[form_realname])."','" . addslashes($GLOBALS[form_email])."'," . time()."," . "'P','" # status . $confirm_hash."')"); if (!$result) { exit_error('error',db_error()); } else { $GLOBALS['newuserid'] = db_insertid($result); # clean id form_clean($form_id); # send mail $message = sprintf(_("Thank you for registering on the %s web site."),$GLOBALS['sys_name'])."\n" .sprintf(_("Your login is: %s"), addslashes(strtolower($_POST[form_loginname])))."\n\n" ._("In order to complete your registration, visit the following URL:\n\n") . $GLOBALS['sys_https_url'] . $GLOBALS['sys_home'] . "account/verify.php?confirm_hash=$confirm_hash\n\n" ._("Enjoy the site").".\n\n" . sprintf(_("-- the %s team.")."\n",$GLOBALS['sys_name']); if ($krb5ret == KRB5_OK) { $message .= sprintf(_("P.S. Your kerberos password is now stored in encrypted form\nin the %s database."),$GLOBALS['sys_name']); $message .= sprintf(_("For better security we advise you\nto change your %s password as soon as possible.\n"),$GLOBALS['sys_name']); } sendmail_mail($GLOBALS['sys_replyto']."@".$GLOBALS['sys_lists_domain'], $GLOBALS['form_email'], $GLOBALS['sys_name']." "._("Account Registration"), $message); return 1; } }

---

Variable Documentation

& nbsp

Definition at line 250 of file register.php. Referenced by conf_form(), format_item_attached_files(), graphs_build(), html_select_typedir_box(), maintab_separator(), my_incoming_assigned_item_list(), my_incoming_unassigned_item_list(), my_item_list(), news_show_latest(), people_show_category_list(), search_box(), sendmail_form_message(), show_item_history(), show_item_list(), show_item_list_sober(), show_newest_projects(), show_sitestats(), show_submessages(), show_thread(), show_votes(), specific_showinput(), specific_showinput_inverted(), subtab_separator(), subtab_start(), trackers_data_show_notification_settings(), and utils_unconvert_htmlspecialchars().

---