function user_allow($hash) { $a = get_app(); $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1", dbesc($hash)); if (!count($register)) { return false; } $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($register[0]['uid'])); if (!count($user)) { killme(); } $r = q("DELETE FROM `register` WHERE `hash` = '%s'", dbesc($register[0]['hash'])); $r = q("UPDATE `user` SET `blocked` = 0, `verified` = 1 WHERE `uid` = %d", intval($register[0]['uid'])); $r = q("SELECT * FROM `profile` WHERE `uid` = %d AND `is-default` = 1", intval($user[0]['uid'])); if (count($r) && $r[0]['net-publish']) { $url = $a->get_baseurl() . '/profile/' . $user[0]['nickname']; if ($url && strlen(get_config('system', 'directory'))) { proc_run('php', "include/directory.php", "{$url}"); } } push_lang($register[0]['language']); send_register_open_eml($user[0]['email'], $a->config['sitename'], $a->get_baseurl(), $user[0]['username'], $register[0]['password']); pop_lang(); if ($res) { info(t('Account approved.') . EOL); return true; } }
function register_post(&$a) { global $lang; $verified = 0; $blocked = 1; $arr = array('post' => $_POST); call_hooks('register_post', $arr); $max_dailies = intval(get_config('system', 'max_daily_registrations')); if ($max_dailies) { $r = q("select count(*) as total from user where register_date > UTC_TIMESTAMP - INTERVAL 1 day"); if ($r && $r[0]['total'] >= $max_dailies) { return; } } switch ($a->config['register_policy']) { case REGISTER_OPEN: $blocked = 0; $verified = 1; break; case REGISTER_APPROVE: $blocked = 1; $verified = 0; break; default: case REGISTER_CLOSED: if (!x($_SESSION, 'authenticated') && !x($_SESSION, 'administrator')) { notice(t('Permission denied.') . EOL); return; } $blocked = 1; $verified = 0; break; } $arr = $_POST; $arr['blocked'] = $blocked; $arr['verified'] = $verified; $result = create_user($arr); if (!$result['success']) { notice($result['message']); return; } $user = $result['user']; if ($netpublish && $a->config['register_policy'] != REGISTER_APPROVE) { $url = $a->get_baseurl() . '/profile/' . $user['nickname']; proc_run('php', "include/directory.php", "{$url}"); } $using_invites = get_config('system', 'invitation_only'); $num_invites = get_config('system', 'number_invites'); $invite_id = x($_POST, 'invite_id') ? notags(trim($_POST['invite_id'])) : ''; if ($a->config['register_policy'] == REGISTER_OPEN) { if ($using_invites && $invite_id) { q("delete * from register where hash = '%s' limit 1", dbesc($invite_id)); set_pconfig($user['uid'], 'system', 'invites_remaining', $num_invites); } // Only send a password mail when the password wasn't manually provided if (!x($_POST, 'password1') or !x($_POST, 'confirm')) { $res = send_register_open_eml($user['email'], $a->config['sitename'], $a->get_baseurl(), $user['username'], $result['password']); if ($res) { info(t('Registration successful. Please check your email for further instructions.') . EOL); goaway(z_root()); } else { notice(sprintf(t('Failed to send email message. Here your accout details:<br> login: %s<br> password: %s<br><br>You can change your password after login.'), $user['email'], $result['password']) . EOL); } } else { info(t('Registration successful.') . EOL); goaway(z_root()); } } elseif ($a->config['register_policy'] == REGISTER_APPROVE) { if (!strlen($a->config['admin_email'])) { notice(t('Your registration can not be processed.') . EOL); goaway(z_root()); } $hash = random_string(); $r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language` ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ", dbesc($hash), dbesc(datetime_convert()), intval($user['uid']), dbesc($result['password']), dbesc($lang)); // invite system if ($using_invites && $invite_id) { q("delete * from register where hash = '%s' limit 1", dbesc($invite_id)); set_pconfig($user['uid'], 'system', 'invites_remaining', $num_invites); } // send email to admins $admin_mail_list = "'" . implode("','", array_map(dbesc, explode(",", str_replace(" ", "", $a->config['admin_email'])))) . "'"; $adminlist = q("SELECT uid, language, email FROM user WHERE email IN (%s)", $admin_mail_list); foreach ($adminlist as $admin) { notification(array('type' => NOTIFY_SYSTEM, 'event' => 'SYSTEM_REGISTER_REQUEST', 'source_name' => $user['username'], 'source_mail' => $user['email'], 'source_nick' => $user['nickname'], 'source_link' => $a->get_baseurl() . "/admin/users/", 'link' => $a->get_baseurl() . "/admin/users/", 'source_photo' => $a->get_baseurl() . "/photo/avatar/" . $user['uid'] . ".jpg", 'to_email' => $admin['email'], 'uid' => $admin['uid'], 'language' => $admin['language'] ? $admin['language'] : 'en')); } info(t('Your registration is pending approval by the site owner.') . EOL); goaway(z_root()); } return; }