source: branches/2.0/register.php @ 29919

Last change on this file since 29919 was 5937, checked in by nikrou, 15 years ago

Bug 1621 fixed : CSS vulnerability in register.php
login and mail_address fields must be filtered with htmlspecialchars.
merge from trunk

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 3.5 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24//----------------------------------------------------------- include
25define('PHPWG_ROOT_PATH','./');
26include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
27
28// +-----------------------------------------------------------------------+
29// | Check Access and exit when user status is not ok                      |
30// +-----------------------------------------------------------------------+
31check_status(ACCESS_FREE);
32
33//----------------------------------------------------------- user registration
34
35if (!$conf['allow_user_registration'])
36{
37  page_forbidden('User registration closed');
38}
39
40$errors = array();
41if (isset($_POST['submit']))
42{
43  if ($_POST['password'] != $_POST['password_conf'])
44  {
45    array_push($errors, l10n('reg_err_pass'));
46  }
47
48  $errors =
49      register_user(htmlspecialchars($_POST['login'],ENT_COMPAT,'utf-8'),
50                    $_POST['password'],
51                    $_POST['mail_address'],
52                    true,
53                    $errors);
54
55  if (count($errors) == 0)
56  {
57    $user_id = get_userid($_POST['login']);
58    log_user($user_id, false);
59    redirect(make_index_url());
60  }
61}
62
63$login = !empty($_POST['login'])?$_POST['login']:'';
64$email = !empty($_POST['mail_address'])?$_POST['mail_address']:'';
65
66//----------------------------------------------------- template initialization
67//
68// Start output of page
69//
70$title= l10n('Registration');
71$page['body_id'] = 'theRegisterPage';
72include(PHPWG_ROOT_PATH.'include/page_header.php');
73
74$template->set_filenames( array('register'=>'register.tpl') );
75$template->assign(array(
76  'U_HOME' => make_index_url(),
77
78  'F_ACTION' => 'register.php',
79  'F_LOGIN' => htmlspecialchars($login, ENT_QUOTES, 'utf-8'),
80  'F_EMAIL' => htmlspecialchars($email, ENT_QUOTES, 'utf-8')
81  ));
82
83//-------------------------------------------------------------- errors display
84if (count($errors) != 0)
85{
86  $template->assign('errors', $errors);
87}
88
89$template->parse('register');
90include(PHPWG_ROOT_PATH.'include/page_tail.php');
91?>
Note: See TracBrowser for help on using the repository browser.