aboutsummaryrefslogtreecommitdiffstats
path: root/register.php
diff options
context:
space:
mode:
Diffstat (limited to 'register.php')
-rw-r--r--register.php23
1 files changed, 17 insertions, 6 deletions
diff --git a/register.php b/register.php
index 98e76d916..81fd85c78 100644
--- a/register.php
+++ b/register.php
@@ -40,13 +40,19 @@ if (!$conf['allow_user_registration'])
$errors = array();
if (isset($_POST['submit']))
{
+ if (!verify_ephemeral_key(@$_POST['key']))
+ {
+ set_status_header(403);
+ array_push($errors, 'Invalid/expired form key');
+ }
+
if ($_POST['password'] != $_POST['password_conf'])
{
array_push($errors, l10n('please enter your password again'));
}
$errors =
- register_user(htmlspecialchars($_POST['login'],ENT_COMPAT,'utf-8'),
+ register_user($_POST['login'],
$_POST['password'],
$_POST['mail_address'],
true,
@@ -58,10 +64,15 @@ if (isset($_POST['submit']))
log_user($user_id, false);
redirect(make_index_url());
}
+ $registration_post_key = get_ephemeral_key(2);
+}
+else
+{
+ $registration_post_key = get_ephemeral_key(6);
}
-$login = !empty($_POST['login'])?$_POST['login']:'';
-$email = !empty($_POST['mail_address'])?$_POST['mail_address']:'';
+$login = !empty($_POST['login'])?htmlspecialchars(stripslashes($_POST['login'])):'';
+$email = !empty($_POST['mail_address'])?htmlspecialchars(stripslashes($_POST['mail_address'])):'';
//----------------------------------------------------- template initialization
//
@@ -74,10 +85,10 @@ include(PHPWG_ROOT_PATH.'include/page_header.php');
$template->set_filenames( array('register'=>'register.tpl') );
$template->assign(array(
'U_HOME' => make_index_url(),
-
+ 'F_KEY' => $registration_post_key,
'F_ACTION' => 'register.php',
- 'F_LOGIN' => htmlspecialchars($login, ENT_QUOTES, 'utf-8'),
- 'F_EMAIL' => htmlspecialchars($email, ENT_QUOTES, 'utf-8')
+ 'F_LOGIN' => $login,
+ 'F_EMAIL' => $email
));
//-------------------------------------------------------------- errors display