boinc/html/user/create_account.php

<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.

// RPC handler for account creation

require_once("../inc/db.inc");
require_once("../inc/util.inc");
require_once("../inc/email.inc");
require_once("../inc/xml.inc");
require_once("../inc/user.inc");

xml_header();

$retval = db_init_xml();
if ($retval) xml_error($retval);

$config = get_config();
if (parse_bool($config, "disable_account_creation")) {
    xml_error(-208);
}

if(defined('INVITE_CODES')) {
    $invite_code = get_str("invite_code");
    if (!preg_match(INVITE_CODES, $invite_code)) {
        xml_error(-209);
    }
} 

$email_addr = get_str("email_addr");
$email_addr = strtolower($email_addr);
$passwd_hash = get_str("passwd_hash");
$user_name = get_str("user_name");

if (!is_valid_email_addr($email_addr)) {
    xml_error(-205);
}
if (is_banned_email_addr($email_addr)) {
    xml_error(-205);
}

if (strlen($passwd_hash) != 32) {
    xml_error(-1, "password hash length not 32");
}

$user = lookup_user_email_addr($email_addr);
if ($user) {
    if ($user->passwd_hash != $passwd_hash) {
        xml_error(-137);
    } else {
        $authenticator = $user->authenticator;
    }
} else {
    $user = make_user($email_addr, $user_name, $passwd_hash, 'International');
    if (!$user) {
        xml_error(-137);
    }
    
    if(defined('INVITE_CODES')) {
        error_log("Account for '$email_addr' created using invitation code '$invite_code'");
    }
}

echo " <account_out>\n";
echo "   <authenticator>$user->authenticator</authenticator>\n";
echo "</account_out>\n";

?>
* empty log message * svn path=/trunk/boinc/; revision=7216 2005-08-09 18:46:53 +00:00			`<?php`
- web: added copyright and license info to PHP files svn path=/trunk/boinc/; revision=15758 2008-08-05 22:43:14 +00:00			`// This file is part of BOINC.`
			`// http://boinc.berkeley.edu`
			`// Copyright (C) 2008 University of California`
			`//`
			`// BOINC is free software; you can redistribute it and/or modify it`
			`// under the terms of the GNU Lesser General Public License`
			`// as published by the Free Software Foundation,`
			`// either version 3 of the License, or (at your option) any later version.`
			`//`
			`// BOINC is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.`
			`// See the GNU Lesser General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Lesser General Public License`
			`// along with BOINC. If not, see <http://www.gnu.org/licenses/>.`
* empty log message * svn path=/trunk/boinc/; revision=7216 2005-08-09 18:46:53 +00:00
			`// RPC handler for account creation`

			`require_once("../inc/db.inc");`
			`require_once("../inc/util.inc");`
			`require_once("../inc/email.inc");`
			`require_once("../inc/xml.inc");`
- user web: code cleanup related to user creation. Make a single function that creates users and cleanses args. svn path=/trunk/boinc/; revision=13216 2007-07-25 15:11:14 +00:00			`require_once("../inc/user.inc");`
* empty log message * svn path=/trunk/boinc/; revision=7216 2005-08-09 18:46:53 +00:00
			`xml_header();`

* empty log message * svn path=/trunk/boinc/; revision=11117 2006-09-06 20:56:55 +00:00			`$retval = db_init_xml();`
			`if ($retval) xml_error($retval);`

* empty log message * svn path=/trunk/boinc/; revision=7216 2005-08-09 18:46:53 +00:00			`$config = get_config();`
account creation via RPC with invitation code svn path=/trunk/boinc/; revision=11314 2006-10-19 18:09:02 +00:00			`if (parse_bool($config, "disable_account_creation")) {`
* empty log message * svn path=/trunk/boinc/; revision=11117 2006-09-06 20:56:55 +00:00			`xml_error(-208);`
* empty log message * svn path=/trunk/boinc/; revision=7216 2005-08-09 18:46:53 +00:00			`}`

account creation via RPC with invitation code svn path=/trunk/boinc/; revision=11314 2006-10-19 18:09:02 +00:00			`if(defined('INVITE_CODES')) {`
- web: cleaned up logic of string processing. There are two aspects: 1) undoing magic quotes (if it's being used). This must be done for all GET and POST string inputs. It is now done automatically by get_str() and post_str(). The places that refer to $_GET and $_POST directly must do it themselves using undo_magic_quotes(). 2) Escaping user-supplied strings before using them in DB queries. This is done by process_user_text() (which should be renamed db_escape_string()). The new principle: call process_user_text() in the function that does the DB query (not at any higher level). svn path=/trunk/boinc/; revision=15389 2008-06-11 19:36:10 +00:00			`$invite_code = get_str("invite_code");`
account creation via RPC with invitation code svn path=/trunk/boinc/; revision=11314 2006-10-19 18:09:02 +00:00			`if (!preg_match(INVITE_CODES, $invite_code)) {`
Do not allow blank or NULL countries svn path=/trunk/boinc/; revision=13462 2007-08-26 10:29:08 +00:00			`xml_error(-209);`
account creation via RPC with invitation code svn path=/trunk/boinc/; revision=11314 2006-10-19 18:09:02 +00:00			`}`
			`}`

* empty log message * svn path=/trunk/boinc/; revision=7216 2005-08-09 18:46:53 +00:00			`$email_addr = get_str("email_addr");`
- web: cleaned up logic of string processing. There are two aspects: 1) undoing magic quotes (if it's being used). This must be done for all GET and POST string inputs. It is now done automatically by get_str() and post_str(). The places that refer to $_GET and $_POST directly must do it themselves using undo_magic_quotes(). 2) Escaping user-supplied strings before using them in DB queries. This is done by process_user_text() (which should be renamed db_escape_string()). The new principle: call process_user_text() in the function that does the DB query (not at any higher level). svn path=/trunk/boinc/; revision=15389 2008-06-11 19:36:10 +00:00			`$email_addr = strtolower($email_addr);`
			`$passwd_hash = get_str("passwd_hash");`
			`$user_name = get_str("user_name");`
* empty log message * svn path=/trunk/boinc/; revision=7216 2005-08-09 18:46:53 +00:00
			`if (!is_valid_email_addr($email_addr)) {`
* empty log message * svn path=/trunk/boinc/; revision=11117 2006-09-06 20:56:55 +00:00			`xml_error(-205);`
* empty log message * svn path=/trunk/boinc/; revision=7216 2005-08-09 18:46:53 +00:00			`}`
svn path=/trunk/boinc/; revision=18353 2009-06-10 18:42:15 +00:00			`if (is_banned_email_addr($email_addr)) {`
			`xml_error(-205);`
			`}`
* empty log message * svn path=/trunk/boinc/; revision=7216 2005-08-09 18:46:53 +00:00
			`if (strlen($passwd_hash) != 32) {`
* empty log message * svn path=/trunk/boinc/; revision=11125 2006-09-08 19:51:33 +00:00			`xml_error(-1, "password hash length not 32");`
* empty log message * svn path=/trunk/boinc/; revision=7216 2005-08-09 18:46:53 +00:00			`}`

* empty log message * svn path=/trunk/boinc/; revision=7360 2005-08-16 20:48:21 +00:00			`$user = lookup_user_email_addr($email_addr);`
			`if ($user) {`
			`if ($user->passwd_hash != $passwd_hash) {`
* empty log message * svn path=/trunk/boinc/; revision=11872 2007-01-15 22:53:41 +00:00			`xml_error(-137);`
* empty log message * svn path=/trunk/boinc/; revision=7360 2005-08-16 20:48:21 +00:00			`} else {`
			`$authenticator = $user->authenticator;`
			`}`
			`} else {`
Do not allow blank or NULL countries svn path=/trunk/boinc/; revision=13462 2007-08-26 10:29:08 +00:00			`$user = make_user($email_addr, $user_name, $passwd_hash, 'International');`
- user web: code cleanup related to user creation. Make a single function that creates users and cleanses args. svn path=/trunk/boinc/; revision=13216 2007-07-25 15:11:14 +00:00			`if (!$user) {`
* empty log message * svn path=/trunk/boinc/; revision=11125 2006-09-08 19:51:33 +00:00			`xml_error(-137);`
* empty log message * svn path=/trunk/boinc/; revision=7360 2005-08-16 20:48:21 +00:00			`}`
Add a message to error_log when account is created using an invitation code (from Eric Myers) svn path=/trunk/boinc/; revision=11532 2006-11-15 20:15:01 +00:00
			`if(defined('INVITE_CODES')) {`
- user web: code cleanup related to user creation. Make a single function that creates users and cleanses args. svn path=/trunk/boinc/; revision=13216 2007-07-25 15:11:14 +00:00			`error_log("Account for '$email_addr' created using invitation code '$invite_code'");`
Add a message to error_log when account is created using an invitation code (from Eric Myers) svn path=/trunk/boinc/; revision=11532 2006-11-15 20:15:01 +00:00			`}`
* empty log message * svn path=/trunk/boinc/; revision=7360 2005-08-16 20:48:21 +00:00			`}`

* empty log message * svn path=/trunk/boinc/; revision=11125 2006-09-08 19:51:33 +00:00			`echo " <account_out>\n";`
- user web: code cleanup related to user creation. Make a single function that creates users and cleanses args. svn path=/trunk/boinc/; revision=13216 2007-07-25 15:11:14 +00:00			`echo " <authenticator>$user->authenticator</authenticator>\n";`
* empty log message * svn path=/trunk/boinc/; revision=11125 2006-09-08 19:51:33 +00:00			`echo "</account_out>\n";`
* empty log message * svn path=/trunk/boinc/; revision=7226 2005-08-10 08:55:57 +00:00
* empty log message * svn path=/trunk/boinc/; revision=7216 2005-08-09 18:46:53 +00:00			`?>`