function init() { $result = null; $cmd = argc() > 1 ? argv(1) : ''; // Provide a stored request for somebody desiring a connection // when they first need to register someplace. Once they've // created a channel, we'll try to revive the connection request // and process it. if ($_REQUEST['connect']) { $_SESSION['connect'] = $_REQUEST['connect']; } switch ($cmd) { case 'invite_check.json': $result = check_account_invite($_REQUEST['invite_code']); break; case 'email_check.json': $result = check_account_email($_REQUEST['email']); break; case 'password_check.json': $result = check_account_password($_REQUEST['password']); break; default: break; } if ($result) { json_return_and_die($result); } }
function create_account($arr) { // Required: { email, password } $result = array('success' => false, 'email' => '', 'password' => '', 'message' => ''); $invite_code = x($arr, 'invite_code') ? notags(trim($arr['invite_code'])) : ''; $email = x($arr, 'email') ? notags(trim($arr['email'])) : ''; $password = x($arr, 'password') ? trim($arr['password']) : ''; $password2 = x($arr, 'password2') ? trim($arr['password2']) : ''; $parent = x($arr, 'parent') ? intval($arr['parent']) : 0; $flags = x($arr, 'account_flags') ? intval($arr['account_flags']) : ACCOUNT_OK; $roles = x($arr, 'account_roles') ? intval($arr['account_roles']) : 0; $expires = x($arr, 'expires') ? intval($arr['expires']) : NULL_DATE; $default_service_class = get_config('system', 'default_service_class'); if ($default_service_class === false) { $default_service_class = ''; } if (!x($email) || !x($password)) { $result['message'] = t('Please enter the required information.'); return $result; } // prevent form hackery if ($roles & ACCOUNT_ROLE_ADMIN) { $admin_result = check_account_admin($arr); if (!$admin_result) { $roles = 0; } } // allow the admin_email account to be admin, but only if it's the first account. $c = account_total(); if ($c === 0 && check_account_admin($arr)) { $roles |= ACCOUNT_ROLE_ADMIN; } // Ensure that there is a host keypair. if (!get_config('system', 'pubkey') && !get_config('system', 'prvkey')) { $hostkey = new_keypair(4096); set_config('system', 'pubkey', $hostkey['pubkey']); set_config('system', 'prvkey', $hostkey['prvkey']); } $invite_result = check_account_invite($invite_code); if ($invite_result['error']) { $result['message'] = $invite_result['message']; return $result; } $email_result = check_account_email($email); if ($email_result['error']) { $result['message'] = $email_result['message']; return $result; } $password_result = check_account_password($password); if ($password_result['error']) { $result['message'] = $password_result['message']; return $result; } $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $password); $r = q("INSERT INTO account \n\t\t\t( account_parent, account_salt, account_password, account_email, account_language, \n\t\t\t account_created, account_flags, account_roles, account_expires, account_service_class )\n\t\tVALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s' )", intval($parent), dbesc($salt), dbesc($password_encoded), dbesc($email), dbesc(get_best_language()), dbesc(datetime_convert()), dbesc($flags), dbesc($roles), dbesc($expires), dbesc($default_service_class)); if (!$r) { logger('create_account: DB INSERT failed.'); $result['message'] = t('Failed to store account information.'); return $result; } $r = q("select * from account where account_email = '%s' and account_password = '******' limit 1", dbesc($email), dbesc($password_encoded)); if ($r && count($r)) { $result['account'] = $r[0]; } else { logger('create_account: could not retrieve newly created account'); } // Set the parent record to the current record_id if no parent was provided if (!$parent) { $r = q("update account set account_parent = %d where account_id = %d", intval($result['account']['account_id']), intval($result['account']['account_id'])); if (!$r) { logger('create_account: failed to set parent'); } $result['account']['parent'] = $result['account']['account_id']; } $result['success'] = true; $result['email'] = $email; $result['password'] = $password; call_hooks('register_account', $result); return $result; }