diff options
| -rw-r--r-- | admin/users.php | 2 | ||||
| -rw-r--r-- | config/ampache.cfg.php.dist | 71 | ||||
| -rwxr-xr-x | docs/CHANGELOG | 3 | ||||
| -rw-r--r-- | lib/class/update.class.php | 22 | ||||
| -rw-r--r-- | lib/class/user.class.php | 33 | ||||
| -rw-r--r-- | lib/ui.lib.php | 55 | ||||
| -rw-r--r-- | register.php | 231 | ||||
| -rw-r--r-- | templates/show_user.inc.php | 2 | ||||
| -rw-r--r-- | templates/userform.inc | 4 |
9 files changed, 222 insertions, 201 deletions
diff --git a/admin/users.php b/admin/users.php index b2d6da22..c3b583e8 100644 --- a/admin/users.php +++ b/admin/users.php @@ -135,7 +135,7 @@ switch ($action) { /* If we end up with an error */ if ($GLOBALS['error']->error_state) { - show_user_form('','$username','$fullname','$email','$access','new_user',''); + show_user_form('','$username','$fullname','$email','new_user',''); break; } show_confirmation("New User Added",$username . " has been created with an access level of " . $access,"admin/users.php"); diff --git a/config/ampache.cfg.php.dist b/config/ampache.cfg.php.dist index cbd73113..f106e628 100644 --- a/config/ampache.cfg.php.dist +++ b/config/ampache.cfg.php.dist @@ -119,35 +119,6 @@ require_session = "true" # DEFAULT: false #allow_zip_download = "false" -# This setting turns on/off public registration. It is -# recommended you leave this off, as it will allow anyone to -# sign up for an account on your server. -# REMEMBER: don't forget to set the mail from address futher down in the config. -# DEFAULT: false -#allow_public_registration = "false" - -# This setting defines the mail domain your in. -# It tries to deliver a test mail before the user can register and uses -# the from address info@"domain.tld". No mail is send from this address it's -# only used to test the existense of a mailbox before accepting user registration. -# DEFAULT: domain.tld -#mail_domain = "domain.tld" - -# This settting will be used as mail from address. -# You need to change this when you activate public_registration. -mail_from = "info@domain.tld" - -# This setting will allow all registrants to be auto-approved -# as a user. By default, they will be added as a guest and -# must be "promoted" by the admin. -# DEFAULT: false -#auto_user = "false" - -# This will display the user agreement when registering -# For agreement text, edit templates/user_agreement.php -# User will need to accept the agreement before they can register -#user_agreement = "false" - # This sets which ID3 tag takes precedence. # we've found for those of you who don't have # good v2 tags it's sometimes nice to keep the v1 @@ -262,6 +233,48 @@ max_upload_size = "10485760" # DEFAULT: iso-8859-1 site_charset = iso-8859-1 + +########################################################## +# Public Registration settings, defaults to disabled +########################################################## + +# This setting turns on/off public registration. It is +# recommended you leave this off, as it will allow anyone to +# sign up for an account on your server. +# REMEMBER: don't forget to set the mail from address futher down in the config. +# DEFAULT: false +#allow_public_registration = "false" + +# Require Captcha Text on Image confirmation +# Turning this on requires the user to correctly +# type in the letters in the image created by Captcha +# Default is off because its very hard to detect if it failed +# to draw, or they failed to enter it. +# DEFAULT: false +#captcha_public_reg = "false" + +# This setting defines the mail domain your in. +# It tries to deliver a test mail before the user can register and uses +# the from address info@"domain.tld". No mail is send from this address it's +# only used to test the existense of a mailbox before accepting user registration. +# DEFAULT: domain.tld +#mail_domain = "domain.tld" + +# This settting will be used as mail from address. +# You need to change this when you activate public_registration. +#mail_from = "info@domain.tld" + +# This setting will allow all registrants to be auto-approved +# as a user. By default, they will be added as a guest and +# must be "promoted" by the admin. +# DEFAULT: false +#auto_user = "false" + +# This will display the user agreement when registering +# For agreement text, edit templates/user_agreement.php +# User will need to accept the agreement before they can register +#user_agreement = "false" + ########################################################## # These Option Control which playback methods are allowed ########################################################## diff --git a/docs/CHANGELOG b/docs/CHANGELOG index d0b6d91a..707f6e29 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,6 +4,9 @@ -------------------------------------------------------------------------- v.3.3.2-Beta1 + - Fixed Registration code so that it used existing functions and + added default to off config option for captcha because + its hard to detect compatiblity - Fixed some logic errors in Downsampling code - Updated Registration code (Thx pb1dft) - Updated GetId3() Library to v.1.7.5 diff --git a/lib/class/update.class.php b/lib/class/update.class.php index 4977135a..e6dfbb84 100644 --- a/lib/class/update.class.php +++ b/lib/class/update.class.php @@ -254,6 +254,11 @@ class Update { $version[] = array('version' => '332005','description' => $update_string); + + $update_string = '- Adds Create Date to User table to track registration and user creation time.'; + + $version[] = array('version' => '332006','description' => $update_string); + return $version; } // populate_version @@ -1364,5 +1369,22 @@ class Update { } // update_332005 + /** + * update_332006 + * Hmm 2006 perfect for the new year.. anyway this just adds the create_date on the account + * so that you know when they were registered/created + */ + function update_332006() { + + $sql = "ALTER TABLE `user` ADD `create_date` INT ( 11 ) UNSIGNED NULL DEFAULT NULL"; + $db_results = mysql_query($sql, dbh()); + + $sql = "ALTER TABLE `user` ADD `validation` VARCHAR ( 128 )"; + $db_results = mysql_query($sql, dbh()); + + $this->set_version('db_version','332006'); + + } // update_332006 + } // end update class ?> diff --git a/lib/class/user.class.php b/lib/class/user.class.php index 83b473a3..49f9f1a9 100644 --- a/lib/class/user.class.php +++ b/lib/class/user.class.php @@ -308,6 +308,23 @@ class User { } // update_username + /** + * update_validation + * This is used by the registration mumbojumbo + * Use this function to update the validation key + * NOTE: crap this doesn't have update_item the humanity of it all + */ + function update_validation($new_validation) { + + $new_validation = sql_escape($new_validation); + $sql = "UPDATE user SET validation='$new_validation' WHERE username='$this->username'"; + $this->validation = $new_validation; + $db_results = mysql_query($sql, dbh()); + + return $db_results; + + } // update_validation + /*! @function update_fullname @discussion updates their fullname @@ -470,20 +487,22 @@ class User { } // update_stats - /*! - @function create - @discussion inserts a new user into ampache - */ + /** + * create + * inserts a new user into ampache + */ function create($username, $fullname, $email, $password, $access) { /* Lets clean up the fields... */ $username = sql_escape($username); $fullname = sql_escape($fullname); $email = sql_escape($email); + /* Now Insert this new user */ - $sql = "INSERT INTO user (username, fullname, email, password, access, reg_date) VALUES" . - " ('$username','$fullname','$email',PASSWORD('$password'),'$access', unix_timestamp())"; + $sql = "INSERT INTO user (username, fullname, email, password, access, create_date) VALUES" . + " ('$username','$fullname','$email',PASSWORD('$password'),'$access','" . time() ."')"; $db_results = mysql_query($sql, dbh()); + if (!$db_results) { return false; } /* Populates any missing preferences, in this case all of them */ @@ -491,7 +510,7 @@ class User { return $username; - } // new + } // create /*! @function update_password diff --git a/lib/ui.lib.php b/lib/ui.lib.php index e1144abb..c5db1a16 100644 --- a/lib/ui.lib.php +++ b/lib/ui.lib.php @@ -1104,61 +1104,6 @@ function show_genre_pulldown ($name,$selected='',$size=1,$width=0,$style='') { } // show_genre_pulldown -function username_exists($check_user){ - - $check_user = sql_escape($check_user); - - $sql = "SELECT * FROM user WHERE username='$check_user'"; - $db_results = mysql_query($sql, dbh()); - - if ($r = mysql_fetch_assoc($db_results)) { - return true; - } - else { - return false; - } -} // username_exists - -/** - * new_user - * FIXME: This needs to be done right... I don't know how right is - * but my guess is this isn't it, so anyway this just creates a new user - * this should really use the built in functions rather than creating - * a new one - */ -function new_user($username, $fullname, $email, $password) { - - /* First lets clean up the fields... */ - $username = sql_escape($username); - $fullname = sql_escape($fullname); - $email = sql_escape($email); - $validation = str_rand(20); - $access = '5'; - if(conf('auto_user')){ - $access='25'; - } - - /* Check to see if the user exists... */ - //FIXME: Use the error class - if(username_exists($username)){ - return false; - } - - /* Uhh let's not auto-pass through in this fashion FIXME */ - else { - /* Apparently it's a new user, now insert the user into the database*/ - $sql = "INSERT INTO user (username, fullname, email, password, access, disabled, reg_date, validation) VALUES" . - " ('$username','$fullname','$email',PASSWORD('$password'),'$access', '1', unix_timestamp(), '$validation')"; - $db_results = mysql_query($sql, dbh()); - show_template('style'); - show_confirmation('Registration Complete','Your account has been created. However, this forum requires account activation. An activation key has been sent to the e-mail address you provided. Please check your e-mail for further information','/login.php'); - send_confirmation($username, $fullname, $email, $password, $validation); - } - - return true; - -} // new_user - /** * good_email * Don't get me started... I'm sure the indenting is still wrong on this diff --git a/register.php b/register.php index 027dc991..f51e9cdf 100644 --- a/register.php +++ b/register.php @@ -30,127 +30,146 @@ $no_session = true; require_once ("modules/init.php"); -//Captcha - -define ("CAPTCHA_INVERSE, 1"); -include ("modules/captcha/captcha.php"); -require ("modules/validatemail/validateEmailFormat.php"); -require ("modules/validatemail/validateEmail.php"); - /* Check Perms */ if (!conf('allow_public_registration') || conf('demo_mode')) { access_denied(); } +/** + * These are only needed for this page so they aren't included in init.php + * this is for email validation and the cool little graphic +*/ +require ("modules/validatemail/validateEmailFormat.php"); +require ("modules/validatemail/validateEmail.php"); -$action = scrub_in($_REQUEST['action']); +/* Don't even include it if we aren't going to use it */ +if (conf('captcha_public_reg')) { + define ("CAPTCHA_INVERSE, 1"); + include ("modules/captcha/captcha.php"); +} -?> +/* Show a light header */ -<?php +$action = scrub_in($_REQUEST['action']); /* Start switch based on action passed */ switch ($action) { - case 'add_user': - // User information has been entered - // we need to check the database for possible existing username first - // if username exists, error and say "Please choose a different name." - // if username does not exist, insert user information into database - // then allow the user to 'click here to login' - // possibly by logging them in right then and there with their current info - // and 'click here to login' would just be a link back to index.php - if (conf('demo_mode')) { break; } - $captcha = captcha::check(); - $accept_agreement = scrub_in($_REQUEST['accept_agreement']); - $fullname = scrub_in($_REQUEST['fullname']); - $username = scrub_in($_REQUEST['username']); - $email = scrub_in($_REQUEST['email']); - $pass1 = scrub_in($_REQUEST['password_1']); - $pass2 = scrub_in($_REQUEST['password_2']); - - if(!isset ($captcha)){ - $GLOBALS['error']->add_error('captcha',_("Error Captcha Required")); - } - if (isset ($captcha)){ - if ($captcha) { - $msg="SUCCESS"; + case 'add_user': + /** + * User information has been entered + * we need to check the database for possible existing username first + * if username exists, error and say "Please choose a different name." + * if username does not exist, insert user information into database + * then allow the user to 'click here to login' + * possibly by logging them in right then and there with their current info + * and 'click here to login' would just be a link back to index.php + */ + $accept_agreement = scrub_in($_REQUEST['accept_agreement']); + $fullname = scrub_in($_REQUEST['fullname']); + $username = scrub_in($_REQUEST['username']); + $email = scrub_in($_REQUEST['email']); + $pass1 = scrub_in($_REQUEST['password_1']); + $pass2 = scrub_in($_REQUEST['password_2']); + + /* If we're using the captcha stuff */ + if (conf('captcha_public_reg')) { + $captcha = captcha::check(); + if(!isset ($captcha)) { + $GLOBALS['error']->add_error('captcha',_("Error Captcha Required")); + } + if (isset ($captcha)) { + if ($captcha) { + $msg="SUCCESS"; + } + else { + $GLOBALS['error']->add_error('captcha',_("Error Captcha Failed")); + } + } // end if we've got captcha + } // end if it's enabled + + if(conf('user_agreement')) { + if(!$accept_agreement) { + $GLOBALS['error']->add_error('user_agreement',_("You <U>must</U> accept the user agreement")); + } + } // if they have to agree to something + + if(!$username) { + $GLOBALS['error']->add_error('username',_("You did not enter a username")); } - else { - $GLOBALS['error']->add_error('captcha',_("Error Captcha Failed")); - } - } - - if(conf('user_agreement')==true){ - if(!$accept_agreement){ - $GLOBALS['error']->add_error('user_agreement',_("You <U>must</U> accept the user agreement")); + + if(!$fullname) { + $GLOBALS['error']->add_error('fullname',_("Please fill in your full name (Firstname Lastname)")); } - } - - if(!$username){ - $GLOBALS['error']->add_error('username',_("You did not enter a username")); - } - - if(!$fullname){ - $GLOBALS['error']->add_error('fullname',_("Please fill in your full name (Firstname Lastname)")); - } - -//Check the mail for correct address formation. - - $attempt = 0; - $max_attempts = 3; - $response_code = ""; - - while ( $response_code == "" || strstr( $response_code, "fsockopen error" )) { - $validate_results = validateEmail( $email ); - - $response_code = $validate_results[1]; - if($attempt == $max_attempts) break; - $attempt++; - } - - if ( $validate_results[0] ) { - $mmsg = "MAILOK"; - } - else { - $GLOBALS['error']->add_error('email',_("Error Email address not confirmed<br>$validate_results[1]")); - } -// End of mailcheck - if(!$pass1){ - $GLOBALS['error']->add_error('password',_("You must enter a password")); - } - - if ( $pass1 != $pass2 ) { - $GLOBALS['error']->add_error('password',_("Your passwords do not match")); - } - - if($GLOBALS['error']->error_state){ - show_user_registration($values); - break; - } - - $new_user = new_user("$username", "$fullname", "$email", "$pass1"); - if(!$new_user){ - $GLOBALS['error']->add_error('duplicate_user',_("That username already exists")); - } - if($GLOBALS['error']->error_state){ - show_user_registration($values); - break; - } - -break; - // This is the default action. - case 'show_add_user': - default: - if (conf('demo_mode')) { break; } - $values = array('type'=>"new_user"); - show_user_registration($values); - break; - case 'new_user': - include("templates/show_new_user.inc"); - break; -} + /* Check the mail for correct address formation. */ + $attempt = 0; + $max_attempts = 3; + $response_code = ""; + + while ( $response_code == "" || strstr( $response_code, "fsockopen error" )) { + $validate_results = validateEmail( $email ); + $response_code = $validate_results[1]; + if($attempt == $max_attempts) { + break; + } + $attempt++; + } + + if ($validate_results[0]) { + $mmsg = "MAILOK"; + } + else { + $GLOBALS['error']->add_error('email',_("Error Email address not confirmed<br>$validate_results[1]")); + } + /* End of mailcheck */ + + if(!$pass1){ + $GLOBALS['error']->add_error('password',_("You must enter a password")); + } + + if ( $pass1 != $pass2 ) { + $GLOBALS['error']->add_error('password',_("Your passwords do not match")); + } + + if (!check_username($username)) { + $GLOBALS['error']->add_error('duplicate_user',_("Error Username already exists")); + } + + if($GLOBALS['error']->error_state){ + show_user_registration($values); + break; + } + /* Attempt to create the new user */ + $access = '0'; + if (conf('auto_user')) { $access = '5'; } + $new_user = $GLOBALS['user']->create($username,$fullname,$email,$pass1,$access); + if (!$new_user) { + $GLOBALS['error']->add_error('duplicate_user',_("Error: Insert Failed")); + show_user_registration($values); + break; + } + + $user_object = new User($new_user); + $user_object->update_validation(str_rand(20)); + + $message = 'Your account has been created. However, this forum requires account activation.' . + ' An activation key has been sent to the e-mail address you provided. ' . + 'Please check your e-mail for further information'; + + send_confirmation($username, $fullname, $email, $password, $validation); + show_template('style'); + show_confirmation(_('Registration Complete'),$message,'/login.php'); + break; + case 'new_user': + include("templates/show_new_user.inc"); + break; + case 'show_add_user': + default: + $values = array('type'=>"new_user"); + show_user_registration($values); + break; +} // end switch on action ?> diff --git a/templates/show_user.inc.php b/templates/show_user.inc.php index b9ad0ea8..52cb860c 100644 --- a/templates/show_user.inc.php +++ b/templates/show_user.inc.php @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2005 Ampache.org + Copyright (c) 2001 - 2006 Ampache.org All rights reserved. This program is free software; you can redistribute it and/or diff --git a/templates/userform.inc b/templates/userform.inc index 59af787c..46c70dd9 100644 --- a/templates/userform.inc +++ b/templates/userform.inc @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2005 Ampache.org + Copyright (c) 2001 - 2006 Ampache.org All rights reserved. This program is free software; you can redistribute it and/or @@ -25,7 +25,7 @@ if ($type === 'new_user') { $title = _("Adding a New User"); } else { - $userfield = "$username"; + $userfield = "$username; $title = _("Editing existing User"); } ?> |