source: branches/2.0/register.php @ 12078

Last change on this file since 12078 was 5937, checked in by nikrou, 15 years ago

Bug 1621 fixed : CSS vulnerability in register.php
login and mail_address fields must be filtered with htmlspecialchars.
merge from trunk

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 3.5 KB
RevLine 
[2]1<?php
[354]2// +-----------------------------------------------------------------------+
[2297]3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
[3046]5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
[2297]6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
[2]23
[345]24//----------------------------------------------------------- include
[364]25define('PHPWG_ROOT_PATH','./');
[365]26include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
[1851]27
28// +-----------------------------------------------------------------------+
29// | Check Access and exit when user status is not ok                      |
30// +-----------------------------------------------------------------------+
[2325]31check_status(ACCESS_FREE);
[1851]32
[2]33//----------------------------------------------------------- user registration
[1652]34
35if (!$conf['allow_user_registration'])
36{
37  page_forbidden('User registration closed');
38}
39
[631]40$errors = array();
[661]41if (isset($_POST['submit']))
[2]42{
[808]43  if ($_POST['password'] != $_POST['password_conf'])
44  {
[2014]45    array_push($errors, l10n('reg_err_pass'));
[808]46  }
[1068]47
[808]48  $errors =
[3214]49      register_user(htmlspecialchars($_POST['login'],ENT_COMPAT,'utf-8'),
[808]50                    $_POST['password'],
[1985]51                    $_POST['mail_address'],
[2178]52                    true,
[1985]53                    $errors);
[1068]54
[661]55  if (count($errors) == 0)
[2]56  {
[902]57    $user_id = get_userid($_POST['login']);
[2178]58    log_user($user_id, false);
[1082]59    redirect(make_index_url());
[2]60  }
61}
[365]62
[393]63$login = !empty($_POST['login'])?$_POST['login']:'';
[740]64$email = !empty($_POST['mail_address'])?$_POST['mail_address']:'';
[365]65
[2]66//----------------------------------------------------- template initialization
[345]67//
68// Start output of page
69//
[2268]70$title= l10n('Registration');
[850]71$page['body_id'] = 'theRegisterPage';
[369]72include(PHPWG_ROOT_PATH.'include/page_header.php');
[345]73
[365]74$template->set_filenames( array('register'=>'register.tpl') );
[2247]75$template->assign(array(
[1082]76  'U_HOME' => make_index_url(),
[1068]77
[1004]78  'F_ACTION' => 'register.php',
[5937]79  'F_LOGIN' => htmlspecialchars($login, ENT_QUOTES, 'utf-8'),
80  'F_EMAIL' => htmlspecialchars($email, ENT_QUOTES, 'utf-8')
[365]81  ));
82
[2]83//-------------------------------------------------------------- errors display
[2247]84if (count($errors) != 0)
[2]85{
[2247]86  $template->assign('errors', $errors);
[2]87}
[365]88
[688]89$template->parse('register');
[369]90include(PHPWG_ROOT_PATH.'include/page_tail.php');
[362]91?>
Note: See TracBrowser for help on using the repository browser.