X-Git-Url: https://projects.mako.cc/source/scuttle/blobdiff_plain/c7f63c8b9b12efd7b3c10b9f80cda06eaf32068f..a52e94e7d37efbd5356bb8a5b65f577e8500aed5:/register.php

diff --git a/register.php b/register.php
index 62128db..8f95ed6 100644
--- a/register.php
+++ b/register.php
@@ -1,7 +1,6 @@
 <?php
 /***************************************************************************
 Copyright (c) 2004 - 2010 Marcus Campbell
-http://sourceforge.net/projects/scuttle/
 http://scuttle.org/
 
 This program is free software; you can redistribute it and/or modify
@@ -20,44 +19,83 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 ***************************************************************************/
 
 require_once 'header.inc.php';
-$userservice      =& ServiceFactory::getServiceInstance('UserService');
-$templateservice  =& ServiceFactory::getServiceInstance('TemplateService');
+$userservice     =& ServiceFactory::getServiceInstance('UserService');
+$templateservice =& ServiceFactory::getServiceInstance('TemplateService');
 
-$tplVars = array();
+$tplVars   = array();
+$completed = FALSE;
 
 if ($_POST['submitted']) {
+  if (!$completed) {  
     $posteduser = trim(utf8_strtolower($_POST['username']));
+    $postedpass = trim($_POST['password']);
+    $postedconf = trim($_POST['passconf']);
+
+    // Check token
+    if (!isset($_SESSION['token']) || $_POST['token'] != $_SESSION['token']) {
+      $tplVars['error'] = T_('Form could not be authenticated. Please try again.');
+    }
 
     // Check if form is incomplete
-    if (!($posteduser) || !($_POST['password']) || !($_POST['email'])) {
-        $tplVars['error'] = T_('You <em>must</em> enter a username, password and e-mail address.');
+    elseif (!$posteduser || !$postedpass || !($_POST['email'])) {
+      $tplVars['error'] = T_('You <em>must</em> enter a username, password and e-mail address.');
+    }
 
     // Check if username is reserved
-    } elseif ($userservice->isReserved($posteduser)) {
-        $tplVars['error'] = T_('This username has been reserved, please make another choice.');
+    elseif ($userservice->isReserved($posteduser)) {
+      $tplVars['error'] = T_('This username has been reserved, please make another choice.');
+    }
 
     // Check if username already exists
-    } elseif ($userservice->getUserByUsername($posteduser)) {
-        $tplVars['error'] = T_('This username already exists, please make another choice.');
+    elseif ($userservice->getUserByUsername($posteduser)) {
+      $tplVars['error'] = T_('This username already exists, please make another choice.');
+    }
     
+    // Check that password is long enough
+    elseif ($postedpass != '' && strlen($postedpass) < 6) {
+      $tplVars['error'] = T_('Password must be at least 6 characters long.');       
+    }
+
+    // Check if password matches confirmation
+    elseif ($postedpass != $postedconf) {
+      $tplVars['error'] = T_('Password and confirmation do not match.');
+    }
+
+    // Check if e-mail address is blocked
+    elseif ($userservice->isBlockedEmail($_POST['email'])) {
+      $tplVars['error'] = T_('This e-mail address is not permitted.');
+    }
+
     // Check if e-mail address is valid
-    } elseif (!$userservice->isValidEmail($_POST['email'])) {
-        $tplVars['error'] = T_('E-mail address is not valid. Please try again.');
+    elseif (!$userservice->isValidEmail($_POST['email'])) {
+      $tplVars['error'] = T_('E-mail address is not valid. Please try again.');
+    }
 
     // Register details
-    } elseif ($userservice->addUser($posteduser, $_POST['password'], $_POST['email'])) {
-        // Log in with new username
-        $login = $userservice->login($posteduser, $_POST['password']);
-        if ($login) {
-            header('Location: '. createURL('bookmarks', $posteduser));
-        }
-        $tplVars['msg'] = T_('You have successfully registered. Enjoy!');
-    } else {
-        $tplVars['error'] = T_('Registration failed. Please try again.');
+    elseif ($userservice->addUser($posteduser, $_POST['password'], $_POST['email'])) {
+      // Log in with new username
+      $login = $userservice->login($posteduser, $_POST['password']);
+      if ($login) {
+        header('Location: '. createURL('bookmarks', $posteduser));
+      }
+      $tplVars['msg'] = T_('You have successfully registered. Enjoy!');
+    }
+    else {
+      $tplVars['error'] = T_('Registration failed. Please try again.');
     }
+  }
+  else {
+    $tplVars['msg'] = T_('Woah there, go easy on the Register button! Your registration was successful. Check your e-mail for instructions on how to verify your account.');  
+  }
 }
 
-$tplVars['loadjs']      = true;
-$tplVars['subtitle']    = T_('Register');
-$tplVars['formaction']  = createURL('register');
+// Generate anti-CSRF token
+$token = md5(uniqid(rand(), TRUE));
+$_SESSION['token']      = $token;
+$_SESSION['token_time'] = time();
+
+$tplVars['loadjs']     = TRUE;
+$tplVars['subtitle']   = T_('Register');
+$tplVars['formaction'] = createURL('register');
+$tplVars['token']      = $token;
 $templateservice->loadTemplate('register.tpl', $tplVars);