function post()
{
$max_dailies = intval(get_config('system', 'max_daily_registrations'));
if ($max_dailies) {
$r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", db_utcnow(), db_quoteinterval('1 day'));
if ($r && $r[0]['total'] >= $max_dailies) {
notice(t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL);
return;
}
}
if (!x($_POST, 'tos')) {
notice(t('Please indicate acceptance of the Terms of Service. Registration failed.') . EOL);
return;
}
$policy = get_config('system', 'register_policy');
$email_verify = get_config('system', 'verify_email');
switch ($policy) {
case REGISTER_OPEN:
$flags = ACCOUNT_OK;
break;
case REGISTER_APPROVE:
$flags = ACCOUNT_BLOCKED | ACCOUNT_PENDING;
break;
default:
case REGISTER_CLOSED:
if (!is_site_admin()) {
notice(t('Permission denied.') . EOL);
return;
}
$flags = ACCOUNT_BLOCKED;
break;
}
if ($email_verify && $policy == REGISTER_OPEN) {
$flags = $flags | ACCOUNT_UNVERIFIED;
}
if (!$_POST['password'] || $_POST['password'] !== $_POST['password2']) {
notice(t('Passwords do not match.') . EOL);
return;
}
$arr = $_POST;
$arr['account_flags'] = $flags;
$result = create_account($arr);
if (!$result['success']) {
notice($result['message']);
return;
}
require_once 'include/security.php';
if ($_REQUEST['name']) {
set_aconfig($result['account']['account_id'], 'register', 'channel_name', $_REQUEST['name']);
}
if ($_REQUEST['nickname']) {
set_aconfig($result['account']['account_id'], 'register', 'channel_address', $_REQUEST['nickname']);
}
if ($_REQUEST['permissions_role']) {
set_aconfig($result['account']['account_id'], 'register', 'permissions_role', $_REQUEST['permissions_role']);
}
$using_invites = intval(get_config('system', 'invitation_only'));
$num_invites = intval(get_config('system', 'number_invites'));
$invite_code = x($_POST, 'invite_code') ? notags(trim($_POST['invite_code'])) : '';
if ($using_invites && $invite_code) {
q("delete * from register where hash = '%s'", dbesc($invite_code));
// @FIXME - this also needs to be considered when using 'invites_remaining' in mod/invite.php
set_aconfig($result['account']['account_id'], 'system', 'invites_remaining', $num_invites);
}
if ($policy == REGISTER_OPEN) {
if ($email_verify) {
$res = verify_email_address($result);
} else {
$res = send_register_success_email($result['email'], $result['password']);
}
if ($res) {
info(t('Registration successful. Please check your email for validation instructions.') . EOL);
}
} elseif ($policy == REGISTER_APPROVE) {
$res = send_reg_approval_email($result);
if ($res) {
info(t('Your registration is pending approval by the site owner.') . EOL);
} else {
notice(t('Your registration can not be processed.') . EOL);
}
goaway(z_root());
}
if ($email_verify) {
goaway(z_root());
}
authenticate_success($result['account'], null, true, false, true);
$new_channel = false;
$next_page = 'new_channel';
if (get_config('system', 'auto_channel_create') || UNO) {
$new_channel = auto_channel_create($result['account']['account_id']);
if ($new_channel['success']) {
$channel_id = $new_channel['channel']['channel_id'];
change_channel($channel_id);
$next_page = '~';
} else {
$new_channel = false;
}
}
$x = get_config('system', 'workflow_register_next');
if ($x) {
$next_page = $x;
$_SESSION['workflow'] = true;
}
goaway(z_root() . '/' . $next_page);
}
function account_approve($hash)
{
$ret = array('success' => false);
// Note: when the password in the register table is 'verify', the uid actually contains the account_id
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' and password = '******' LIMIT 1", dbesc($hash));
if (!$register) {
return $ret;
}
$account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1", intval($register[0]['uid']));
if (!$account) {
return $ret;
}
$r = q("DELETE FROM register WHERE hash = '%s' and password = '******'", dbesc($register[0]['hash']));
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']));
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']));
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_UNVERIFIED), intval($register[0]['uid']));
if (get_config('system', 'auto_channel_create')) {
auto_channel_create($register[0]['uid']);
}
info(t('Account verified. Please login.') . EOL);
return true;
}
function account_approve($hash)
{
$ret = array('success' => false);
// Note: when the password in the register table is 'verify', the uid actually contains the account_id
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' and password = '******' LIMIT 1", dbesc($hash));
if (!$register) {
return $ret;
}
$account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1", intval($register[0]['uid']));
if (!$account) {
return $ret;
}
$r = q("DELETE FROM register WHERE hash = '%s' and password = '******'", dbesc($register[0]['hash']));
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']));
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']));
$r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_UNVERIFIED), intval($register[0]['uid']));
// get a fresh copy after we've modified it.
$account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1", intval($register[0]['uid']));
if (!$account) {
return $ret;
}
if (get_config('system', 'auto_channel_create') || get_config('system', 'server_role') === 'basic') {
auto_channel_create($register[0]['uid']);
} else {
$_SESSION['login_return_url'] = 'new_channel';
authenticate_success($account[0], null, true, true, false, true);
}
// info( t('Account verified. Please login.') . EOL );
return true;
}
