From 36ced79b9dfaeb4fcd3f5bc6e4d3fd2b25c19d2f Mon Sep 17 00:00:00 2001 From: marcus Date: Tue, 12 Aug 2008 13:28:55 +0000 Subject: Refs #229 : Register now has more granular messages, dupe email checkiong, sanitisation + fill in the blanks failure mode! (yay) git-svn-id: https://code.elgg.org/elgg/trunk@1855 36083f99-b078-4883-b0ff-0f9b5a30f544 --- actions/register.php | 49 ++++++++++++++--------- engine/lib/exceptions.php | 12 ++++++ engine/lib/users.php | 68 +++++++++++++++++++++++++++++--- languages/en.php | 10 ++++- views/default/account/forms/register.php | 12 ++++-- 5 files changed, 121 insertions(+), 30 deletions(-) diff --git a/actions/register.php b/actions/register.php index 43a653b3f..17b6fa169 100644 --- a/actions/register.php +++ b/actions/register.php @@ -29,27 +29,40 @@ if (!$CONFIG->disable_registration) { - // For now, just try and register the user - if ( - ( - (trim($password)!="") && - (strcmp($password, $password2)==0) - ) && - ($guid = register_user($username, $password, $name, $email)) - ) { - if (($guid) && ($admin)) - { - admin_gatekeeper(); // Only admins can make someone an admin - $new_user = get_entity($guid); - $new_user->admin = 'yes'; + // For now, just try and register the user + + try { + if ( + ( + (trim($password)!="") && + (strcmp($password, $password2)==0) + ) && + ($guid = register_user($username, $password, $name, $email)) + ) { + if (($guid) && ($admin)) + { + admin_gatekeeper(); // Only admins can make someone an admin + $new_user = get_entity($guid); + $new_user->admin = 'yes'; + } + + system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename)); + + forward(); // Forward on success, assume everything else is an error... + } else { + register_error(elgg_echo("registerbad")); } - - system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename)); - } else { - register_error(elgg_echo("registerbad")); + } catch (RegistrationException $r) { + register_error($r->getMessage()); } } else - register_error(elgg_echo('registerdisabled')); + register_error(elgg_echo('registerdisabled')); + + $qs = explode('?',$_SERVER['HTTP_REFERER']); + $qs = $qs[0]; + $qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name); + + forward($qs); ?> \ No newline at end of file diff --git a/engine/lib/exceptions.php b/engine/lib/exceptions.php index 23b24eec1..faccf5ca4 100644 --- a/engine/lib/exceptions.php +++ b/engine/lib/exceptions.php @@ -149,4 +149,16 @@ * @subpackage Exceptions */ class InvalidParameterException extends CallException {} + + // Installation exception ///////////////////////////////////////////////////////////////// + + /** + * RegistrationException + * Could not register a new user for whatever reason. + * + * @author Curverider Ltd + * @package Elgg + * @subpackage Exceptions + */ + class RegistrationException extends InstallationException {} ?> \ No newline at end of file diff --git a/engine/lib/users.php b/engine/lib/users.php index 4939cc7fb..b221779dc 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -689,6 +689,23 @@ return false; } + /** + * Get an array of users from their + * + * @param string $email Email address. + * @return Array of users + */ + function get_user_by_email($email) + { + global $CONFIG; + + $email = sanitise_string($email); + + $query = "SELECT e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where email='$email'"; + + return get_data($query, 'entity_row_to_elggstar'); + } + /** * Searches for a user based on a complete or partial name or username using full text searching. * @@ -936,6 +953,25 @@ return $valid; } + /** + * Validates an email address. + * + * @param string $address Email address. + * @return bool + */ + function is_email_address($address) + { + // TODO: Make this better! + + if (strpos($address, '@')=== false) + return false; + + if (strpos($address, '.')=== false) + return false; + + return true; + } + /** * Simple function that will generate a random clear text password suitable for feeding into generate_user_password(). * @@ -966,13 +1002,19 @@ * @param string $username The username of the new user * @param string $password The password * @param string $name The user's display name - * @param string $email Their email address + * @param string $email Their email address + * @param bool $allow_multiple_emails Allow the same email address to be registered multiple times? * @return int|false The new user's GUID; false on failure */ - function register_user($username, $password, $name, $email) { + function register_user($username, $password, $name, $email, $allow_multiple_emails = false) { // Load the configuration - global $CONFIG; + global $CONFIG; + + $username = sanitise_string($username); + $password = sanitise_string($password); + $name = sanitise_string($name); + $email = sanitise_string($email); // A little sanity checking if (empty($username) @@ -981,11 +1023,25 @@ || empty($email)) { return false; } - + + if (!is_email_address($email)) throw new RegistrationException(elgg_echo('registration:notemail')); + + if (strlen($username)<4) throw new RegistrationException(elgg_echo('registration:usernametooshort')); + + if (strlen($password)<6) throw new RegistrationException(elgg_echo('registration:passwordtooshort')); + // Check to see if $username exists already if ($user = get_user_by_username($username)) { - return false; - } + //return false; + throw new RegistrationException(elgg_echo('registration:userexists')); + } + + // If we're not allowed multiple emails then see if this address has been used before + if ((!$allow_multiple_emails) && (get_user_by_email($email))) + { + throw new RegistrationException(elgg_echo('registration:dupeemail')); + } + // Check to see if we've registered the first admin yet. // If not, this is the first admin user! diff --git a/languages/en.php b/languages/en.php index 6fd0d30f4..35441bed9 100644 --- a/languages/en.php +++ b/languages/en.php @@ -370,8 +370,14 @@ To remove a widget drag it back to the Widget gallery.", 'register' => "Register", 'registerok' => "You have successfully registered for %s. To activate your account, please confirm your email address by clicking on the link we sent you.", - 'registerbad' => "Your registration was unsuccessful. The username may already exist, or your passwords might not match.", - 'registerdisabled' => "Registration has been disabled by the system administrator", + 'registerbad' => "Your registration was unsuccessful. The username may already exist, your passwords might not match, or your username or password may be too short.", + 'registerdisabled' => "Registration has been disabled by the system administrator", + + 'registration:notemail' => 'The email address you provided does not appear to be a valid email address.', + 'registration:userexists' => 'That username already exists', + 'registration:usernametooshort' => 'Your username must be a minimum of 4 characters long.', + 'registration:passwordtooshort' => 'The password must be a minimum of 6 characters long.', + 'registration:dupeemail' => 'This email address has already been registered.', 'adduser' => "Add User", 'adduser:ok' => "You have successfully added a new user.", diff --git a/views/default/account/forms/register.php b/views/default/account/forms/register.php index f8c9ffe5b..1352212b8 100644 --- a/views/default/account/forms/register.php +++ b/views/default/account/forms/register.php @@ -10,15 +10,19 @@ * @copyright Curverider Ltd 2008 * @link http://elgg.org/ */ - + + $username = get_input('u'); + $email = get_input('e'); + $name = get_input('n'); + $admin_option = false; if (($_SESSION['user']->admin) && ($vars['show_admin'])) $admin_option = true; - $form_body = "


"; + $form_body = "


"; - $form_body .= "
"; - $form_body .= "
"; + $form_body .= "
"; + $form_body .= "
"; $form_body .= "
"; $form_body .= "
"; -- cgit v1.2.3