aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-12 13:28:55 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-12 13:28:55 +0000
commit36ced79b9dfaeb4fcd3f5bc6e4d3fd2b25c19d2f (patch)
treeab89c83745ead98d010196d85b899e12ab1b011d
parent79916b49fbea384981eba250080ce92a61d4c350 (diff)
downloadelgg-36ced79b9dfaeb4fcd3f5bc6e4d3fd2b25c19d2f.tar.gz
elgg-36ced79b9dfaeb4fcd3f5bc6e4d3fd2b25c19d2f.tar.bz2
Refs #229 : Register now has more granular messages, dupe email checkiong, sanitisation + fill in the blanks failure mode! (yay)
git-svn-id: https://code.elgg.org/elgg/trunk@1855 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--actions/register.php49
-rw-r--r--engine/lib/exceptions.php12
-rw-r--r--engine/lib/users.php68
-rw-r--r--languages/en.php10
-rw-r--r--views/default/account/forms/register.php12
5 files changed, 121 insertions, 30 deletions
diff --git a/actions/register.php b/actions/register.php
index 43a653b3f..17b6fa169 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -29,27 +29,40 @@
if (!$CONFIG->disable_registration)
{
- // For now, just try and register the user
- if (
- (
- (trim($password)!="") &&
- (strcmp($password, $password2)==0)
- ) &&
- ($guid = register_user($username, $password, $name, $email))
- ) {
- if (($guid) && ($admin))
- {
- admin_gatekeeper(); // Only admins can make someone an admin
- $new_user = get_entity($guid);
- $new_user->admin = 'yes';
+ // For now, just try and register the user
+
+ try {
+ if (
+ (
+ (trim($password)!="") &&
+ (strcmp($password, $password2)==0)
+ ) &&
+ ($guid = register_user($username, $password, $name, $email))
+ ) {
+ if (($guid) && ($admin))
+ {
+ admin_gatekeeper(); // Only admins can make someone an admin
+ $new_user = get_entity($guid);
+ $new_user->admin = 'yes';
+ }
+
+ system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename));
+
+ forward(); // Forward on success, assume everything else is an error...
+ } else {
+ register_error(elgg_echo("registerbad"));
}
-
- system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename));
- } else {
- register_error(elgg_echo("registerbad"));
+ } catch (RegistrationException $r) {
+ register_error($r->getMessage());
}
}
else
- register_error(elgg_echo('registerdisabled'));
+ register_error(elgg_echo('registerdisabled'));
+
+ $qs = explode('?',$_SERVER['HTTP_REFERER']);
+ $qs = $qs[0];
+ $qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name);
+
+ forward($qs);
?> \ No newline at end of file
diff --git a/engine/lib/exceptions.php b/engine/lib/exceptions.php
index 23b24eec1..faccf5ca4 100644
--- a/engine/lib/exceptions.php
+++ b/engine/lib/exceptions.php
@@ -149,4 +149,16 @@
* @subpackage Exceptions
*/
class InvalidParameterException extends CallException {}
+
+ // Installation exception /////////////////////////////////////////////////////////////////
+
+ /**
+ * RegistrationException
+ * Could not register a new user for whatever reason.
+ *
+ * @author Curverider Ltd <info@elgg.com>
+ * @package Elgg
+ * @subpackage Exceptions
+ */
+ class RegistrationException extends InstallationException {}
?> \ No newline at end of file
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 4939cc7fb..b221779dc 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -690,6 +690,23 @@
}
/**
+ * Get an array of users from their
+ *
+ * @param string $email Email address.
+ * @return Array of users
+ */
+ function get_user_by_email($email)
+ {
+ global $CONFIG;
+
+ $email = sanitise_string($email);
+
+ $query = "SELECT e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where email='$email'";
+
+ return get_data($query, 'entity_row_to_elggstar');
+ }
+
+ /**
* Searches for a user based on a complete or partial name or username using full text searching.
*
* IMPORTANT NOTE: With MySQL's default setup:
@@ -937,6 +954,25 @@
}
/**
+ * Validates an email address.
+ *
+ * @param string $address Email address.
+ * @return bool
+ */
+ function is_email_address($address)
+ {
+ // TODO: Make this better!
+
+ if (strpos($address, '@')=== false)
+ return false;
+
+ if (strpos($address, '.')=== false)
+ return false;
+
+ return true;
+ }
+
+ /**
* Simple function that will generate a random clear text password suitable for feeding into generate_user_password().
*
* @see generate_user_password
@@ -966,13 +1002,19 @@
* @param string $username The username of the new user
* @param string $password The password
* @param string $name The user's display name
- * @param string $email Their email address
+ * @param string $email Their email address
+ * @param bool $allow_multiple_emails Allow the same email address to be registered multiple times?
* @return int|false The new user's GUID; false on failure
*/
- function register_user($username, $password, $name, $email) {
+ function register_user($username, $password, $name, $email, $allow_multiple_emails = false) {
// Load the configuration
- global $CONFIG;
+ global $CONFIG;
+
+ $username = sanitise_string($username);
+ $password = sanitise_string($password);
+ $name = sanitise_string($name);
+ $email = sanitise_string($email);
// A little sanity checking
if (empty($username)
@@ -981,11 +1023,25 @@
|| empty($email)) {
return false;
}
-
+
+ if (!is_email_address($email)) throw new RegistrationException(elgg_echo('registration:notemail'));
+
+ if (strlen($username)<4) throw new RegistrationException(elgg_echo('registration:usernametooshort'));
+
+ if (strlen($password)<6) throw new RegistrationException(elgg_echo('registration:passwordtooshort'));
+
// Check to see if $username exists already
if ($user = get_user_by_username($username)) {
- return false;
- }
+ //return false;
+ throw new RegistrationException(elgg_echo('registration:userexists'));
+ }
+
+ // If we're not allowed multiple emails then see if this address has been used before
+ if ((!$allow_multiple_emails) && (get_user_by_email($email)))
+ {
+ throw new RegistrationException(elgg_echo('registration:dupeemail'));
+ }
+
// Check to see if we've registered the first admin yet.
// If not, this is the first admin user!
diff --git a/languages/en.php b/languages/en.php
index 6fd0d30f4..35441bed9 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -370,8 +370,14 @@ To remove a widget drag it back to the <b>Widget gallery</b>.",
'register' => "Register",
'registerok' => "You have successfully registered for %s. To activate your account, please confirm your email address by clicking on the link we sent you.",
- 'registerbad' => "Your registration was unsuccessful. The username may already exist, or your passwords might not match.",
- 'registerdisabled' => "Registration has been disabled by the system administrator",
+ 'registerbad' => "Your registration was unsuccessful. The username may already exist, your passwords might not match, or your username or password may be too short.",
+ 'registerdisabled' => "Registration has been disabled by the system administrator",
+
+ 'registration:notemail' => 'The email address you provided does not appear to be a valid email address.',
+ 'registration:userexists' => 'That username already exists',
+ 'registration:usernametooshort' => 'Your username must be a minimum of 4 characters long.',
+ 'registration:passwordtooshort' => 'The password must be a minimum of 6 characters long.',
+ 'registration:dupeemail' => 'This email address has already been registered.',
'adduser' => "Add User",
'adduser:ok' => "You have successfully added a new user.",
diff --git a/views/default/account/forms/register.php b/views/default/account/forms/register.php
index f8c9ffe5b..1352212b8 100644
--- a/views/default/account/forms/register.php
+++ b/views/default/account/forms/register.php
@@ -10,15 +10,19 @@
* @copyright Curverider Ltd 2008
* @link http://elgg.org/
*/
-
+
+ $username = get_input('u');
+ $email = get_input('e');
+ $name = get_input('n');
+
$admin_option = false;
if (($_SESSION['user']->admin) && ($vars['show_admin']))
$admin_option = true;
- $form_body = "<p><label>" . elgg_echo('name') . "<br />" . elgg_view('input/text' , array('internalname' => 'name', 'class' => "general-textarea")) . "</label><br />";
+ $form_body = "<p><label>" . elgg_echo('name') . "<br />" . elgg_view('input/text' , array('internalname' => 'name', 'class' => "general-textarea", 'value' => $name)) . "</label><br />";
- $form_body .= "<label>" . elgg_echo('email') . "<br />" . elgg_view('input/text' , array('internalname' => 'email', 'class' => "general-textarea")) . "</label><br />";
- $form_body .= "<label>" . elgg_echo('username') . "<br />" . elgg_view('input/text' , array('internalname' => 'username', 'class' => "general-textarea")) . "</label><br />";
+ $form_body .= "<label>" . elgg_echo('email') . "<br />" . elgg_view('input/text' , array('internalname' => 'email', 'class' => "general-textarea", 'value' => $email)) . "</label><br />";
+ $form_body .= "<label>" . elgg_echo('username') . "<br />" . elgg_view('input/text' , array('internalname' => 'username', 'class' => "general-textarea", 'value' => $username)) . "</label><br />";
$form_body .= "<label>" . elgg_echo('password') . "<br />" . elgg_view('input/password' , array('internalname' => 'password', 'class' => "general-textarea")) . "</label><br />";
$form_body .= "<label>" . elgg_echo('passwordagain') . "<br />" . elgg_view('input/password' , array('internalname' => 'password2', 'class' => "general-textarea")) . "</label><br />";