* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /** Si occupa di registrare un nuovo utente method: POST params: hash: username e password oscurati (vedi /js/site.js Login.encrypt) returns: success: false => errore, true => OK error: messaggio di errore se success e' false */ require_once "__inc__.php"; $response = new RestfulResponse("json"); $av = new AutoValidator("frm-register", $_POST); if ($av->validate()) { if (isset($_POST['question']) && $_POST['question'] == "10") { $email = db_escape(purify(trim(Charset::Utf8ToDB($_POST['email'])))); $creds = LoginUtils::HashToCredentials(db_escape($_POST['hash'])); $username = db_escape(purify(trim(Charset::Utf8ToDB($creds['username'])))); $password = db_escape(purify(trim(Charset::Utf8ToDB($creds['password'])))); // Username libero? if (!DB::FindOne("SELECT 1 FROM users WHERE user = \"{$username}\"")) { // Legacy: Un timestamp sarebbe stato meglio, ma non dobbiamo fare nulla con questo dato, quindi va bene cosi' $data = date("d/m/Y G:i"); $description = "Normal User"; $md5 = LoginUtils::Md5FromCredentials($username, $password); // Tutto a posto exequery(sprintf('INSERT INTO users (user, mail, ip, os_browser, date, description, permission, verified, md5, last_login_timestamp, last_login_ip, newsletter) VALUES ("%s", "%s", "%s", "%s", "%s", "%s", %s, %s, "%s", %s, "%s", %s)', $username, $email, get_ip(), db_escape(purify($_SERVER["HTTP_USER_AGENT"])), $data, $description, User::PERMISSION_USER, 1, $md5, time(), get_ip(), 1)); // Logga l'utente $currentUser = UserFactory::CreateFromCredentials($username, $password); if ($currentUser->isLogged()) { $response->setSuccess(true);
public static function CreateFromLoginHash($hash) { $creds = LoginUtils::HashToCredentials($hash); //et voila! user e pass pronti all'uso return UserFactory::CreateFromCredentials($creds['username'], $creds['password']); }