From 552c3cedd78263ce385d0ac47b02ccd22ea474b3 Mon Sep 17 00:00:00 2001
From: Karl 'vollmerk' Vollmer <vollmer@ampache.org>
Date: Sun, 2 Dec 2007 16:40:03 +0000
Subject: fixed registration page, and simplifed its logic

---
 activate.php                             |  55 -----------
 docs/CHANGELOG                           |   1 +
 lib/class/registration.class.php         |  94 +++++++++++++++++++
 lib/class/user.class.php                 |  42 ++++-----
 lib/ui.lib.php                           | 153 -------------------------------
 register.php                             |   9 +-
 templates/show_user_activate.inc.php     |  60 ++++++++++++
 templates/show_user_registration.inc.php |   2 +-
 8 files changed, 184 insertions(+), 232 deletions(-)
 delete mode 100644 activate.php
 create mode 100644 lib/class/registration.class.php
 create mode 100644 templates/show_user_activate.inc.php

diff --git a/activate.php b/activate.php
deleted file mode 100644
index cbac089f..00000000
--- a/activate.php
+++ /dev/null
@@ -1,55 +0,0 @@
-<?php
-/*
-
- Copyright (c) 2001 - 2006 Ampache.org
- All Rights Reserved
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License v2
- as published by the Free Software Foundation.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-
-*/
-
-define('NO_SESSION','1');
-require_once('lib/init.php');
-
-$web_path = conf('web_path');
-
-/* Keep them out if they shouldn't be here */
-if(!conf('allow_public_registration') || conf('demo_mode'))  {
-	access_denied();
-}
-?>
-<html><head>
-<link rel="stylesheet" href="<?php echo $web_path; ?><?php echo conf('theme_path'); ?>/templates/default.css" type="text/css" />
-<head><body>
-<?php 
-
-$username 	= scrub_in($_GET['u']);
-$validation  	= scrub_in($_GET['act_key']);
-$val1 		= $GLOBALS['user']->get_user_validation($username,$validation);
-
-if (!$val1) {
-	    $GLOBALS['error']->add_error('no_such_user',_("No user with this name registered"));    
-	    $GLOBALS['error']->print_error('no_such_user');    
-    }
-elseif ($val1 != $validation) {
-	    $GLOBALS['error']->add_error('validation_failed',_("The validation key used isn't correct."));    
-	    $GLOBALS['error']->print_error('validation_failed');    
-    }
-else { 
-	$activate = $GLOBALS['user']->activate_user($username);
-	show_confirmation(_('User activated'),_('This User ID is activated and can be used'),'/login.php');
-}
-?>
-</body>
-</html>
diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index 90132369..181e629d 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,7 @@
 
 --------------------------------------------------------------------------
   v.3.4-Alpha4 
+	- Fixed Public registration page, and simplified logic
 	- Added 'Add' button to recently played
 	- Limited Rightbar to only 100 items, adds last row indicating any
 		additional items on playlist. Prevents Firefox crash if you
diff --git a/lib/class/registration.class.php b/lib/class/registration.class.php
new file mode 100644
index 00000000..7b964b7f
--- /dev/null
+++ b/lib/class/registration.class.php
@@ -0,0 +1,94 @@
+<?php
+/*
+
+ Copyright (c) 2001 - 2007 Ampache.org
+ All rights reserved.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License v2
+ as published by the Free Software Foundation.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*/
+
+/**
+ * Registration
+ * This class handles all the doodlys for the registration
+ * stuff in ampache
+ */
+class Registration {
+
+	/**
+	 * constructor
+	 * This is what is called when the class is loaded
+	 */
+	public function __construct() { 
+
+		// Rien a faire
+
+	} // constructor
+
+	/**
+ 	 * send_confirmation
+	 * This sends the confirmation e-mail for the specified user
+	 */
+	public static function send_confirmation($username,$fullname,$email,$password,$validation) { 
+
+		$headers = "From: Ampache <" . Config::get('mail_from') . ">"; 
+		$subject = "New User Registration at " . Config::get('site_title'); 
+		$body = "Thank you for registering\n\n" . 
+			"Please keep this e-mail for your records. Your account information is as follows:\n\n" . 
+			"----------------------\n" . 
+			"Username: $username\n" . 
+			"Password: $password\n" . 
+			"----------------------\n\n" . 
+			"Your account is currently inactive. You cannot use it until you've visited the following link:\n\n" . 
+			Config::get('web_path') . "/register.php?action=validate&username=$username&auth=$validation\n\n" . 
+			"Thank you for registering\n"; 
+		
+		// Send the mail!	
+		mail($email,$subject,$body,$headers); 	
+
+		// Check to see if the admin should be notified
+		if (Config::get('admin_notify_reg')) { 
+			$body = "A new user has registered\n\n" . 
+				"The following values were entered.\n\n"
+				"Username:$username\nFullname:$fullname\nE-mail:$mail\n\n"; 
+			mail(Config::get('mail_from'),$subject,$body,$headers); 
+		} 
+				
+		return true; 
+
+	} // send_confirmation
+
+	/**
+ 	 * show_agreement
+	 * This shows the registration agreement, /config/registration_agreement.php
+	 */
+	public static function show_agreement() { 
+
+	        $filename = Config::get('prefix') . '/config/registration_agreement.php';
+
+	        if (!file_exists($filename)) { return false; } 
+
+	        /* Check for existance */
+	        $fp = fopen($filename,'r');
+
+	        if (!$fp) { return false; }
+
+	        $data = fread($fp,filesize($filename));
+
+	        /* Scrub and show */
+	        echo $data;
+
+	} // show_agreement
+
+} // end registration class
+?>
diff --git a/lib/class/user.class.php b/lib/class/user.class.php
index 3870f910..1fa24adb 100644
--- a/lib/class/user.class.php
+++ b/lib/class/user.class.php
@@ -942,34 +942,34 @@ class User {
 
 	} // delete
 
-	/*!
-		@function is_online
-		@parameter delay how long since last_seen in seconds default of 20 min
-		@description  calcs difference between now and last_seen
-			if less than delay, we consider them still online
-	*/
-	
-	function is_online( $delay = 1200 ) {
+	/**
+	 * is_online
+	 * delay how long since last_seen in seconds default of 20 min
+	 * calcs difference between now and last_seen
+	 * if less than delay, we consider them still online
+	 */
+	public function is_online( $delay = 1200 ) {
+
 		return time() - $this->last_seen <= $delay;
-	}
 
-	/*!
-		@function get_user_validation
-		@check if user exists before activation can be done.
-	*/
-	function get_user_validation($username,$validation) {
+	} // is_online
+
+	/**
+	 * get_user_validation
+	 *if user exists before activation can be done.
+	 */
+	public static function get_validation($username) {
 	
-		$usename = sql_escape($username);
+		$usename = Dba::escape($username);
 	
-		$sql = "SELECT validation FROM user where username='$username'";
-		$db_results = mysql_query($sql, dbh());
+		$sql = "SELECT `validation` FROM `user` WHERE `username`='$username'";
+		$db_results = Dba::query($sql); 
 		
-		$row = mysql_fetch_assoc($db_results);
-		$val = $row['validation'];
+		$row = Dba::fetch_assoc($db_results);
 
-		return $val;
+		return $row['validation'];
 
-	} // get_user_validation
+	} // get_validation
 
 	/**
 	 * get_recently_played
diff --git a/lib/ui.lib.php b/lib/ui.lib.php
index 815b995a..72203091 100644
--- a/lib/ui.lib.php
+++ b/lib/ui.lib.php
@@ -144,30 +144,6 @@ function show_alphabet_list () {
 
 } // show_alphabet_list
 
-/**
- * show_alphabet_form
- * this shows the spiffy little form that acts as a "quick search" when browsing
- * @package General
- * @catagory Display
- */
-function show_alphabet_form($match, $text, $action) {
-
-	require (conf('prefix') . '/templates/show_alphabet_form.inc.php');
-
-} // show_alphabet_form
-
-
-/**
- *  show_local_control
- * shows the controls
- *	for localplay
- */
-function show_local_control () {
-
-	require_once(conf('prefix') . "/templates/show_localplay.inc");
-
-} // show_local_control
-
 /**
  * truncate_with_ellipsis
  * Correct Spelling function that truncates text to a specific lenght
@@ -337,19 +313,6 @@ function set_song_rating($song_id, $rate_user, $rating) {
 	}
 } // set_song_rating()
 
-/**
- *  show_clear
- * this is a hack because of the float mojo it clears the floats
- * @package Web Interface
- * @catagory Hack-o-Rama
- * @author Karl Vollmer
- */
-function show_clear() {
-
-	echo "\n<br style=\"clear:both;\" />\n";
-
-} // show_clear
-
 /**
  *	show_page_footer
  *	adds page footer including html and body end tags
@@ -374,25 +337,6 @@ function show_page_footer($menu="Home", $admin_menu='', $display_menu=0) {
 
 } // show_page_footer
 
-/**
- * 	Show All Popular
- * 	This functions shows all of the possible global popular tables, this is basicly a top X where X is
- * 	set on a per user basis
- *	@package Web Interface
- *	@catagory Display
- *	@author Karl Vollmer
- */
-function show_all_popular() {
-
-	$artists 	= get_global_popular('artist');
-	$albums		= get_global_popular('album');
-	$songs		= get_global_popular('song');
-	$genres		= get_global_popular('genre');
-
-	require_once Config::get('prefix') . '/templates/show_all_popular.inc.php';
-
-} // show_all_popular
-
 /**
  * img_resize
  * this automaticly resizes the image for thumbnail viewing
@@ -654,103 +598,6 @@ function good_email($email) {
 	return true;
 } //good_email
 
-/**
- * str_rand
- *
- *
- */
-function str_rand($length = 8, $seeds = 'abcdefghijklmnopqrstuvwxyz0123456789'){
-    $str = '';
-    $seeds_count = strlen($seeds);
-
-    // Seed
-    list($usec, $sec) = explode(' ', microtime());
-    $seed = (float) $sec + ((float) $usec * 100000);
-    mt_srand($seed);
-
-    // Generate
-    for ($i = 0; $length > $i; $i++) {
-        $str .= $seeds{mt_rand(0, $seeds_count - 1)};
-    }
-
-    return $str;
-} //str_rand
-
-/**
- * send_confirmation
- *
- *
- */
-function send_confirmation($username, $fullname, $email, $password, $validation) {
-
-$title = conf('site_title');
-$from = "From: Ampache <".conf('mail_from').">";
-$body = "Welcome to $title
-
-Please keep this email for your records. Your account information is as follows: 
-
-----------------------------
-Username: $username
-Password: $password
-----------------------------
-
-Your account is currently inactive. You cannot use it until you visit the following link:
-"
-. conf('web_path'). "/activate.php?mode=activate&u=$username&act_key=$validation
-
-Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you. However, should you forget your password you can request a new one which will be activated in the same way as this account.
-
-Thank you for registering.";
-
-
-mail($email, "Welcome to $title" , $body, $from);
-
-if (conf('admin_notify_reg')){
-
-$admin_body = "A new user has registered at $title
-
-The following values where entered;
-
-Username: $username
-Fullname: $fullname
-E-Mail: $email
-
-Click here to view user:
-"
- . conf('web_path') . "/admin/users.php?action=edit&user=$username";
-
-
-
-mail (conf('mail_from'), "New user registration at $title", $admin_body, $from);
-}
-
-
-} //send_confirmation
-
-/**
- * show_registration_agreement
- * This function reads in /config/registration_agreement.php
- * Plaintext Only
- */
-function show_registration_agreement() { 
-
-	$filename = Config::get('prefix') . '/config/registration_agreement.php';
-
-	if (!file_exists($filename)) { return false; } 
-
-	/* Check for existance */
-	$fp = fopen($filename,'r');
-
-	if (!$fp) { return false; }
-
-	$data = fread($fp,filesize($filename));
-
-	/* Scrub and show */
-	echo $data;
-		
-} // show_registration_agreement
-
-
 /**
  * show_playlist_import
  * This shows the playlist import templates
diff --git a/register.php b/register.php
index d280a9fc..c0a31127 100644
--- a/register.php
+++ b/register.php
@@ -45,6 +45,11 @@ if (Config::get('captcha_public_reg')) {
 
 /* Start switch based on action passed */
 switch ($_REQUEST['action']) {
+	case 'validate': 
+		$username 	= scrub_in($_GET['username']); 
+		$validation	= scrub_in($_GET['auth']); 
+		require_once Config::get('prefix') . '/templates/show_user_activate.inc.php'; 
+	break; 
 	case 'add_user':
 		/** 
 		 * User information has been entered
@@ -156,14 +161,14 @@ switch ($_REQUEST['action']) {
 		}
 
 		$client = new User($new_user);
-		$validation = str_rand(20);
+		$validation = md5(uniqid(rand(), true));
 		$client->update_validation($validation);
 
 		$message = 'Your account has been created. However, this application requires account activation.' .
 				' An activation key has been sent to the e-mail address you provided. ' .
 				'Please check your e-mail for further information';
 
-		send_confirmation($username, $fullname, $email, $pass1, $validation);
+		Registration::send_confirmation($username, $fullname, $email, $pass1, $validation);
 		?>
 		<link rel="stylesheet" href="<?php echo $web_path; ?><?php echo conf('theme_path'); ?>/templates/default.css" type="text/css" />
 		<?php
diff --git a/templates/show_user_activate.inc.php b/templates/show_user_activate.inc.php
new file mode 100644
index 00000000..0fc03d11
--- /dev/null
+++ b/templates/show_user_activate.inc.php
@@ -0,0 +1,60 @@
+<?php
+/*
+
+ Copyright (c) 2001 - 2007 Ampache.org
+ All rights reserved.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; version 2
+ of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+*/
+$htmllang = str_replace("_","-",Config::get('lang'));
+$web_path = Config::get('web_path'); 
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $htmllang; ?>" lang="<?php echo $htmllang; ?>">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=<?php echo Config::get('site_charset'); ?>" />
+<title><?php echo Config::get('site_title'); ?> - <?php echo _('Registration'); ?></title>
+</head>
+<body bgcolor="#f0f0f0">
+<link rel="stylesheet" href="<?php echo Config::get('web_path'); ?>/templates/install.css" type="text/css" media="screen" />
+<link rel="shortcut icon" href="<?php echo Config::get('web_path'); ?>/favicon.ico" />
+<div id="header">
+<h1><?php echo Config::get('site_title'); ?></h1>
+<?php echo _('Registration'); ?>...
+</div>
+</head>
+<body>
+<script src="<?php echo $web_path; ?>/lib/javascript-base.js" language="javascript" type="text/javascript"></script>
+<script src="<?php echo $web_path; ?>/modules/kajax/ajax.js" language="javascript" type="text/javascript"></script>
+<script src="<?php echo $web_path; ?>/modules/prototype/prototype.js" language="javascript" type="text/javascript"></script>
+
+<div id="maincontainer">
+<?php if ($validation == User::get_validation($username) AND strlen($validation)) { ?>
+<h3><?php echo _('User Activated'); ?></h3>
+<p>
+	<?php echo _('This User ID is activated and can be used'); ?>. <a href="<?php echo Config::get('web_path'); ?>/login.php"><?php echo _('Login'); ?></a>
+</p>
+<?php } else { ?>
+<h3><?php echo _('Validation Failed'); ?></h3>
+<p><?php echo _("The validation key used isn't correct"); ?></p>
+<?php } ?>
+</div><!--end <div>id="maincontainer-->
+<div id="bottom">
+<p><b>Ampache</b><br />
+Pour l'Amour de la Musique.</p>
+</div>
+</body>
+</html>
diff --git a/templates/show_user_registration.inc.php b/templates/show_user_registration.inc.php
index 236e436d..fbddd210 100644
--- a/templates/show_user_registration.inc.php
+++ b/templates/show_user_registration.inc.php
@@ -57,7 +57,7 @@ if (Config::get('user_agreement')) { ?>
 <table cellpadding="2" cellspacing="0">
 <tr>
 	<td>
-		<?php show_registration_agreement(); ?>
+		<?php Registration::show_agreement(); ?>
 	</td>
 </tr>
 <tr>
-- 
cgit