Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Improvements to self-register (the /register page) so that it works correctly for users how are already subscribers and enter the subscriber email. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
4c43f2cd43a0dcf40576edf0f5318fc9 |
| User & Date: | drh 2018-08-15 18:14:43 |
Context
|
2018-08-15
| ||
| 20:17 | On the "Recent Threads" page (/forum) show the number of messages and the duration of each thread. check-in: a50dfe6f user: drh tags: trunk | |
| 18:14 | Improvements to self-register (the /register page) so that it works correctly for users how are already subscribers and enter the subscriber email. check-in: 4c43f2cd user: drh tags: trunk | |
| 15:53 | Remove an db_begin_transaction() that had no matching db_end_transaction(). check-in: b2fca3dd user: drh tags: trunk | |
Changes
Changes to src/login.c.
1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 .... 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 .... 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 .... 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 .... 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 .... 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 |
unsigned int uSeed;
const char *zDecoded;
char *zCaptcha;
int iErrLine = -1;
const char *zErr = 0;
char *zPerms; /* Permissions for the default user */
int canDoAlerts = 0; /* True if receiving email alerts is possible */
if( !db_get_boolean("self-register", 0) ){
style_header("Registration not possible");
@ <p>This project does not allow user self-registration. Please contact the
@ project administrator to obtain an account.</p>
style_footer();
return;
}
................................................................................
zPerms = db_get("default-perms","u");
/* Prompt the user for email alerts if this repository is configured for
** email alerts and if the default permissions include "7" */
canDoAlerts = email_tables_exist() && db_int(0,
"SELECT fullcap(%Q) GLOB '*7*'", zPerms
);
zUserID = PDT("u","");
zPasswd = PDT("p","");
zConfirm = PDT("cp","");
zEAddr = PDT("ea","");
zDName = PDT("dn","");
................................................................................
zErr = "Password must be at least 6 characters long";
}else if( fossil_strcmp(zPasswd,zConfirm)!=0 ){
iErrLine = 5;
zErr = "Passwords do not match";
}else if( db_exists("SELECT 1 FROM user WHERE login=%Q", zUserID) ){
iErrLine = 1;
zErr = "This User ID is already taken. Choose something different.";
}else if( db_exists("SELECT 1 FROM user WHERE info LIKE '%%%q%%'", zEAddr) ){
iErrLine = 3;
zErr = "This address is already used.";
}else{
Blob sql;
int uid;
char *zPass = sha1_shared_secret(zPasswd, zUserID, 0);
blob_init(&sql, 0, 0);
blob_append_sql(&sql,
"INSERT INTO user(login,pw,cap,info,mtime)\n"
................................................................................
"VALUES(%Q,%Q,%Q,"
"'%q <%q>\nself-register from ip %q on '||datetime('now'),now())",
zUserID, zPass, zPerms, zDName, zEAddr, g.zIpAddr);
fossil_free(zPass);
db_multi_exec("%s", blob_sql_text(&sql));
uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUserID);
login_set_user_cookie(zUserID, uid, NULL);
if( canDoAlerts && atoi(PD("alerts","1"))!=0 ){
/* Also make the new user a subscriber. */
Blob hdr, body;
EmailSender *pSender;
sqlite3_int64 id; /* New subscriber Id */
const char *zCode; /* New subscriber code (in hex) */
const char *zGoto = P("g");
int nsub = 0;
................................................................................
if( g.perm.RdForum ) ssub[nsub++] = 'f';
if( g.perm.RdTkt ) ssub[nsub++] = 't';
if( g.perm.RdWiki ) ssub[nsub++] = 'w';
ssub[nsub] = 0;
db_multi_exec(
"INSERT INTO subscriber(semail,suname,"
" sverified,sdonotcall,sdigest,ssub,sctime,mtime,smip)"
"VALUES(%Q,%Q,%d,0,%d,%Q,now(),now(),%Q)",
/* semail */ zEAddr,
/* suname */ zUserID,
/* sverified */ 0,
/* sdigest */ 0,
/* ssub */ ssub,
/* smip */ g.zIpAddr
);
id = db_last_insert_rowid();
zCode = db_text(0,
"SELECT hex(subscriberCode) FROM subscriber WHERE subscriberId=%lld",
id);
/* A verification email */
pSender = email_sender_new(0,0);
blob_init(&hdr,0,0);
blob_init(&body,0,0);
................................................................................
@ </select></td></tr>
}
@ <tr>
@ <td class="form_label" align="right">Password:</td>
@ <td><input type="password" name="p" value="%h(zPasswd)" size="30"></td>
if( iErrLine==4 ){
@ <td><span class='loginError'>← %h(zErr)</span></td>
}
@ </tr>
@ <tr>
@ <td class="form_label" align="right">Confirm password:</td>
@ <td><input type="password" name="cp" value="%h(zConfirm)" size="30"></td>
if( iErrLine==5 ){
@ <td><span class='loginError'>← %h(zErr)</span></td>
|
> > > > | > > > > > > > < > | | > > > > > > > > > > > |
1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 .... 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 .... 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 .... 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 .... 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 .... 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 |
unsigned int uSeed; const char *zDecoded; char *zCaptcha; int iErrLine = -1; const char *zErr = 0; char *zPerms; /* Permissions for the default user */ int canDoAlerts = 0; /* True if receiving email alerts is possible */ int doAlerts = 0; /* True if subscription is wanted too */ if( !db_get_boolean("self-register", 0) ){ style_header("Registration not possible"); @ <p>This project does not allow user self-registration. Please contact the @ project administrator to obtain an account.</p> style_footer(); return; } ................................................................................ zPerms = db_get("default-perms","u"); /* Prompt the user for email alerts if this repository is configured for ** email alerts and if the default permissions include "7" */ canDoAlerts = email_tables_exist() && db_int(0, "SELECT fullcap(%Q) GLOB '*7*'", zPerms ); doAlerts = canDoAlerts && atoi(PD("alerts","1"))!=0; zUserID = PDT("u",""); zPasswd = PDT("p",""); zConfirm = PDT("cp",""); zEAddr = PDT("ea",""); zDName = PDT("dn",""); ................................................................................ zErr = "Password must be at least 6 characters long"; }else if( fossil_strcmp(zPasswd,zConfirm)!=0 ){ iErrLine = 5; zErr = "Passwords do not match"; }else if( db_exists("SELECT 1 FROM user WHERE login=%Q", zUserID) ){ iErrLine = 1; zErr = "This User ID is already taken. Choose something different."; }else if( /* If the email is found anywhere in USER.INFO... */ db_exists("SELECT 1 FROM user WHERE info LIKE '%%%q%%'", zEAddr) || /* Or if the email is a verify subscriber email with an associated ** user... */ db_exists( "SELECT 1 FROM subscriber WHERE semail=%Q AND suname IS NOT NULL" " AND sverified",zEAddr) ){ iErrLine = 3; zErr = "This email address is already claimed by another user"; }else{ Blob sql; int uid; char *zPass = sha1_shared_secret(zPasswd, zUserID, 0); blob_init(&sql, 0, 0); blob_append_sql(&sql, "INSERT INTO user(login,pw,cap,info,mtime)\n" ................................................................................ "VALUES(%Q,%Q,%Q," "'%q <%q>\nself-register from ip %q on '||datetime('now'),now())", zUserID, zPass, zPerms, zDName, zEAddr, g.zIpAddr); fossil_free(zPass); db_multi_exec("%s", blob_sql_text(&sql)); uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUserID); login_set_user_cookie(zUserID, uid, NULL); if( doAlerts ){ /* Also make the new user a subscriber. */ Blob hdr, body; EmailSender *pSender; sqlite3_int64 id; /* New subscriber Id */ const char *zCode; /* New subscriber code (in hex) */ const char *zGoto = P("g"); int nsub = 0; ................................................................................ if( g.perm.RdForum ) ssub[nsub++] = 'f'; if( g.perm.RdTkt ) ssub[nsub++] = 't'; if( g.perm.RdWiki ) ssub[nsub++] = 'w'; ssub[nsub] = 0; db_multi_exec( "INSERT INTO subscriber(semail,suname," " sverified,sdonotcall,sdigest,ssub,sctime,mtime,smip)" " VALUES(%Q,%Q,%d,0,%d,%Q,now(),now(),%Q)" " ON CONFLICT(semail) DO UPDATE" " SET suname=excluded.suname", /* semail */ zEAddr, /* suname */ zUserID, /* sverified */ 0, /* sdigest */ 0, /* ssub */ ssub, /* smip */ g.zIpAddr ); id = db_last_insert_rowid(); if( db_exists("SELECT 1 FROM subscriber WHERE semail=%Q" " AND sverified", zEAddr) ){ /* This the case where the user was formerly a verified subscriber ** and here they have also registered as a user as well. It is ** not necessary to repeat the verfication step */ redirect_to_g(); } zCode = db_text(0, "SELECT hex(subscriberCode) FROM subscriber WHERE subscriberId=%lld", id); /* A verification email */ pSender = email_sender_new(0,0); blob_init(&hdr,0,0); blob_init(&body,0,0); ................................................................................ @ </select></td></tr> } @ <tr> @ <td class="form_label" align="right">Password:</td> @ <td><input type="password" name="p" value="%h(zPasswd)" size="30"></td> if( iErrLine==4 ){ @ <td><span class='loginError'>← %h(zErr)</span></td> }else{ @ <td>← Must be at least 6 characters</td> } @ </tr> @ <tr> @ <td class="form_label" align="right">Confirm password:</td> @ <td><input type="password" name="cp" value="%h(zConfirm)" size="30"></td> if( iErrLine==5 ){ @ <td><span class='loginError'>← %h(zErr)</span></td> |