Changeset 7495 for trunk/register.php

Timestamp:

Oct 30, 2010, 1:32:11 PM (14 years ago)

Author:

rvelices

Message:

feature 1915: add protection on user registration against robots

File:

• trunk/register.php (modified) (4 diffs)

trunk/register.php

@@ -41 +41 @@
 if (isset($_POST['submit']))
 {
+  if (!verify_ephemeral_key(@$_POST['key']))
+  {
+                set_status_header(403);
+    array_push($errors, 'Invalid/expired form key');
+  }
+
   if ($_POST['password'] != $_POST['password_conf'])
   {
@@ -47 +53 @@
 
   $errors =
-      register_user(htmlspecialchars($_POST['login'],ENT_COMPAT,'utf-8'),
+      register_user($_POST['login'],
                     $_POST['password'],
                     $_POST['mail_address'],
@@ -59 +65 @@
     redirect(make_index_url());
   }
+        $registration_post_key = get_ephemeral_key(2);
+}
+else
+{
+        $registration_post_key = get_ephemeral_key(6);
 }
 
-$login = !empty($_POST['login'])?$_POST['login']:'';
-$email = !empty($_POST['mail_address'])?$_POST['mail_address']:'';
+$login = !empty($_POST['login'])?htmlspecialchars(stripslashes($_POST['login'])):'';
+$email = !empty($_POST['mail_address'])?htmlspecialchars(stripslashes($_POST['mail_address'])):'';
 
 //----------------------------------------------------- template initialization
@@ -75 +86 @@
 $template->assign(array(
   'U_HOME' => make_index_url(),
-
+        'F_KEY' => $registration_post_key,
   'F_ACTION' => 'register.php',
-  'F_LOGIN' => htmlspecialchars($login, ENT_QUOTES, 'utf-8'),
-  'F_EMAIL' => htmlspecialchars($email, ENT_QUOTES, 'utf-8')
+  'F_LOGIN' => $login,
+  'F_EMAIL' => $email
   ));