diff options
| author | Andrew Dolgov <[email protected]> | 2021-02-12 15:57:43 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-02-12 15:57:43 +0300 |
| commit | d23a261b92429b2064f6df43753f068851a3a457 (patch) | |
| tree | 7630843e66a990a913706e678f6102fd7d17ba80 | |
| parent | 3268364693814ae89df5d2c2d090108b182e48eb (diff) | |
RIP self-registration
| -rw-r--r-- | config.php-dist | 17 | ||||
| -rwxr-xr-x | include/login_form.php | 6 | ||||
| -rw-r--r-- | include/sanity_config.php | 4 | ||||
| -rw-r--r-- | register.php | 354 |
4 files changed, 2 insertions, 379 deletions
diff --git a/config.php-dist b/config.php-dist index eed1a699d..cd0ee0078 100644 --- a/config.php-dist +++ b/config.php-dist @@ -89,23 +89,6 @@ // intervals is disabled and all articles (which are not starred) // older than this amount of days are purged. - // *********************************** - // *** Self-registrations by users *** - // *********************************** - - define('ENABLE_REGISTRATION', false); - // Allow users to register themselves. Please be aware that allowing - // random people to access your tt-rss installation is a security risk - // and potentially might lead to data loss or server exploit. Disabled - // by default. - - define('REG_NOTIFY_ADDRESS', '[email protected]'); - // Email address to send new user notifications to. - - define('REG_MAX_USERS', 10); - // Maximum amount of users which will be allowed to register on this - // system. 0 - no limit. - // ********************************** // *** Cookies and login sessions *** // ********************************** diff --git a/include/login_form.php b/include/login_form.php index f3f5d448e..aec305b13 100755 --- a/include/login_form.php +++ b/include/login_form.php @@ -177,13 +177,7 @@ <fieldset class="align-right"> <label> </label> - <button dojoType="dijit.form.Button" type="submit" class="alt-primary"><?php echo __('Log in') ?></button> - - <?php if (defined('ENABLE_REGISTRATION') && ENABLE_REGISTRATION) { ?> - <button onclick="return UtilityApp.gotoRegForm()" dojoType="dijit.form.Button"> - <?php echo __("Create new account") ?></button> - <?php } ?> </fieldset> </form> diff --git a/include/sanity_config.php b/include/sanity_config.php index e13eb2cd0..7aa4f6b0f 100644 --- a/include/sanity_config.php +++ b/include/sanity_config.php @@ -1,3 +1,3 @@ -<?php # This file has been generated at: Fri Dec 11 09:30:20 MSK 2020 +<?php # This file has been generated at: Fri Feb 12 15:56:39 MSK 2021 define('GENERATED_CONFIG_CHECK', 26); -$required_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'CHECK_FOR_UPDATES', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?> +$required_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'SESSION_COOKIE_LIFETIME', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'CHECK_FOR_UPDATES', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?> diff --git a/register.php b/register.php deleted file mode 100644 index dde3f2d8d..000000000 --- a/register.php +++ /dev/null @@ -1,354 +0,0 @@ -<?php - // This file uses two additional include files: - // - // 1) templates/register_notice.txt - displayed above the registration form - // 2) register_expire_do.php - contains user expiration queries when necessary - - set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR . - get_include_path()); - - require_once "autoload.php"; - require_once "functions.php"; - require_once "sessions.php"; - require_once "sanity_check.php"; - require_once "config.php"; - require_once "db.php"; - - startup_gettext(); - - $action = $_REQUEST["action"]; - - if (!init_plugins()) return; - - if ($_REQUEST["format"] == "feed") { - header("Content-Type: text/xml"); - - print '<?xml version="1.0" encoding="utf-8"?>'; - print "<feed xmlns=\"http://www.w3.org/2005/Atom\"> - <id>".htmlspecialchars(SELF_URL_PATH . "/register.php")."</id> - <title>Tiny Tiny RSS registration slots</title> - <link rel=\"self\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php?format=feed")."\"/> - <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH)."\"/>"; - - if (ENABLE_REGISTRATION) { - $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users"); - $num_users = db_fetch_result($result, 0, "cu"); - - $num_users = REG_MAX_USERS - $num_users; - if ($num_users < 0) $num_users = 0; - $reg_suffix = "enabled"; - } else { - $num_users = 0; - $reg_suffix = "disabled"; - } - - print "<entry> - <id>".htmlspecialchars(SELF_URL_PATH)."/register.php?$num_users"."</id> - <link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH . "/register.php")."\"/>"; - - print "<title>$num_users slots are currently available, registration $reg_suffix</title>"; - print "<summary>$num_users slots are currently available, registration $reg_suffix</summary>"; - - print "</entry>"; - - print "</feed>"; - - return; - } - - /* Remove users which didn't login after receiving their registration information */ - - if (DB_TYPE == "pgsql") { - db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL - AND created < NOW() - INTERVAL '1 day' AND access_level = 0"); - } else { - db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL - AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0"); - } - - if (file_exists("register_expire_do.php")) { - require_once "register_expire_do.php"; - } - - if ($action == "check") { - header("Content-Type: application/xml"); - - $login = clean($_REQUEST['login']); - $is_registered = UserHelper::find_user_by_login($login); - - print "<result>"; - - printf("%d", $is_registered); - - print "</result>"; - - return; - } -?> -<!DOCTYPE html> -<html> -<head> -<title>Create new account</title> -<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> -<?php echo stylesheet_tag("themes/light.css") ?> -<?php echo javascript_tag("js/common.js") ?> -<?php echo javascript_tag("lib/prototype.js") ?> -<?php echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls") ?> -<?php if (theme_exists(LOCAL_OVERRIDE_STYLESHEET)) { - echo stylesheet_tag(get_theme_path(LOCAL_OVERRIDE_STYLESHEET)); -} ?> -</head> - -<script type="text/javascript"> - - function checkUsername() { - - try { - var f = document.forms['register_form']; - var login = f.login.value; - - if (login == "") { - new Effect.Highlight(f.login); - f.sub_btn.disabled = true; - return false; - } - - var query = "register.php?action=check&login=" + - encodeURIComponent(login); - - new Ajax.Request(query, { - onComplete: function(transport) { - - try { - - var reply = transport.responseXML; - - var result = reply.getElementsByTagName('result')[0]; - var result_code = result.firstChild.nodeValue; - - if (result_code == 0) { - new Effect.Highlight(f.login, {startcolor : '#00ff00'}); - f.sub_btn.disabled = false; - } else { - new Effect.Highlight(f.login, {startcolor : '#ff0000'}); - f.sub_btn.disabled = true; - } - } catch (e) { - App.Error.report(e); - } - - } }); - - } catch (e) { - App.Error.report(e); - } - - return false; - - } - - function validateRegForm() { - try { - - var f = document.forms['register_form']; - - if (f.login.value.length == 0) { - new Effect.Highlight(f.login); - return false; - } - - if (f.email.value.length == 0) { - new Effect.Highlight(f.email); - return false; - } - - if (f.turing_test.value.length == 0) { - new Effect.Highlight(f.turing_test); - return false; - } - - return true; - - } catch (e) { - alert(e.stack); - return false; - } - } - -</script> - -<body class="claro ttrss_utility"> - -<h1><?php echo __("Create new account") ?></h1> - -<div class="content"> - -<?php - if (!ENABLE_REGISTRATION) { - print_error(__("New user registrations are administratively disabled.")); - - print "<p><form method=\"GET\" action=\"backend.php\"> - <input type=\"hidden\" name=\"op\" value=\"logout\"> - <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> - </form>"; - return; - } -?> - -<?php if (REG_MAX_USERS > 0) { - $result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users"); - $num_users = db_fetch_result($result, 0, "cu"); -} ?> - -<?php if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?> - - <!-- If you have any rules or ToS you'd like to display, enter them here --> - - <?php if (file_exists("templates/register_notice.txt")) { - require_once "templates/register_notice.txt"; - } ?> - - <?php if (!$action) { ?> - - <p><?php echo __('Your temporary password will be sent to the specified email. Accounts, which were not logged in once, are erased automatically 24 hours after temporary password is sent.') ?></p> - - <form action="register.php" method="POST" name="register_form"> - <input type="hidden" name="action" value="do_register"> - <table> - <tr> - <td><?php echo __('Desired login:') ?></td><td> - <input name="login" required> - </td><td> - <input type="submit" value="<?php echo __('Check availability') ?>" onclick='return checkUsername()'> - </td></tr> - <tr><td><?php echo __('Email:') ?></td><td> - <input name="email" type="email" required> - </td></tr> - <tr><td><?php echo __('How much is two plus two:') ?></td><td> - <input name="turing_test" required></td></tr> - <tr><td colspan="2" align="right"> - <input type="submit" name="sub_btn" value="<?php echo __('Submit registration') ?>" - disabled="disabled" onclick='return validateRegForm()'> - </td></tr> - </table> - </form> - - <?php print "<p><form method=\"GET\" action=\"index.php\"> - <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> - </form>"; ?> - - <?php } else if ($action == "do_register") { ?> - - <?php - $login = mb_strtolower(trim(db_escape_string( $_REQUEST["login"]))); - $email = trim(db_escape_string( $_REQUEST["email"])); - $test = trim(db_escape_string( $_REQUEST["turing_test"])); - - if (!$login || !$email || !$test) { - print_error(__("Your registration information is incomplete.")); - print "<p><form method=\"GET\" action=\"index.php\"> - <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> - </form>"; - return; - } - - if ($test == "four" || $test == "4") { - - $is_registered = UserHelper::find_user_by_login($login); - - if ($is_registered) { - print_error(__('Sorry, this username is already taken.')); - print "<p><form method=\"GET\" action=\"index.php\"> - <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> - </form>"; - } else { - - $password = make_password(); - - $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); - $pwd_hash = encrypt_password($password, $salt, true); - - db_query( "INSERT INTO ttrss_users - (login,pwd_hash,access_level,last_login, email, created, salt) - VALUES (LOWER('$login'), '$pwd_hash', 0, null, '$email', NOW(), '$salt')"); - - $new_uid = UserHelper::find_user_by_login($login); - - if (!$new_uid) { - print_error(__('Registration failed.')); - print "<p><form method=\"GET\" action=\"index.php\"> - <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> - </form>"; - } else { - Pref_Users::initialize_user($new_uid); - - $reg_text = "Hi!\n". - "\n". - "You are receiving this message, because you (or somebody else) have opened\n". - "an account at Tiny Tiny RSS.\n". - "\n". - "Your login information is as follows:\n". - "\n". - "Login: $login\n". - "Password: $password\n". - "\n". - "Don't forget to login at least once to your new account, otherwise\n". - "it will be deleted in 24 hours.\n". - "\n". - "If that wasn't you, just ignore this message. Thanks."; - - $mailer = new Mailer(); - $rc = $mailer->mail(["to_address" => $email, - "subject" => "Registration information for Tiny Tiny RSS", - "message" => $reg_text]); - - if (!$rc) print_error($mailer->error()); - - $reg_text = "Hi!\n". - "\n". - "New user had registered at your Tiny Tiny RSS installation.\n". - "\n". - "Login: $login\n". - "Email: $email\n"; - - $mailer = new Mailer(); - $rc = $mailer->mail(["to_address" => REG_NOTIFY_ADDRESS, - "subject" => "Registration notice for Tiny Tiny RSS", - "message" => $reg_text]); - - if (!$rc) print_error($mailer->error()); - - print_notice(__("Account created successfully.")); - - print "<p><form method=\"GET\" action=\"index.php\"> - <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> - </form>"; - - } - - } - - } else { - print_error('Plese check the form again, you have failed the robot test.'); - print "<p><form method=\"GET\" action=\"index.php\"> - <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> - </form>"; - - } - } - ?> - -<?php } else { ?> - - <?php print_notice(__('New user registrations are currently closed.')) ?> - - <?php print "<p><form method=\"GET\" action=\"index.php\"> - <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\"> - </form>"; ?> - -<?php } ?> - - </div> - -</body> -</html> |