protect the 'create account form' against abuse:

author kimitake <kimitake@1ca29b6e-896d-4ea0-84a5-967f57386b96>

Tue, 23 Oct 2007 06:24:50 +0000 (06:24 +0000)

committer kimitake <kimitake@1ca29b6e-896d-4ea0-84a5-967f57386b96>

Tue, 23 Oct 2007 06:24:50 +0000 (06:24 +0000)
author kimitake <kimitake@1ca29b6e-896d-4ea0-84a5-967f57386b96>
Tue, 23 Oct 2007 06:24:50 +0000 (06:24 +0000)
committer kimitake <kimitake@1ca29b6e-896d-4ea0-84a5-967f57386b96>
Tue, 23 Oct 2007 06:24:50 +0000 (06:24 +0000)
diff --git a/utf8/nucleus/libs/ACTION.php b/utf8/nucleus/libs/ACTION.php

index 1a0dac8..3208a25 100755 (executable)
--- a/utf8/nucleus/libs/ACTION.php
+++ b/utf8/nucleus/libs/ACTION.php
@@ -15,8 +15,8 @@
   *
   * @license http://nucleuscms.org/license.txt GNU General Public License
   * @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: ACTION.php,v 1.8.2.1 2007-08-08 05:17:54 kimitake Exp $
- * $NucleusJP: ACTION.php,v 1.8 2007/03/13 05:19:04 shizuki Exp $
+ * @version $Id: ACTION.php,v 1.8.2.2 2007-10-23 06:24:50 kimitake Exp $
+ * $NucleusJP: ACTION.php,v 1.8.2.1 2007/08/08 05:17:54 kimitake Exp $
   */
  class ACTION
  {
@@ -198,30 +198,42 @@ class ACTION
                 if (!$CONF['AllowMemberCreate'])
                         doError(_ERROR_MEMBERCREATEDISABLED);
  
-               // even though the member can not log in, set some random initial password. One never knows.
-               srand((double)microtime()*1000000);
-               $initialPwd = md5(uniqid(rand(), true));
+               // evaluate content from FormExtra
+               $result = 1;
+               $data = array('type' => 'membermail', 'error' => &$result);
+               $manager->notify('ValidateForm', &$data);
  
-               // create member (non admin/can not login/no notes/random string as password)
-               $r = MEMBER::create(postVar('name'), postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
+               if ($result!=1) {
+                       return $result;
+               }
+               else {
  
-               if ($r != 1)
-                       doError($r);
+                       // even though the member can not log in, set some random initial password. One never knows.
+                       srand((double)microtime()*1000000);
+                       $initialPwd = md5(uniqid(rand(), true));
  
-               // send message containing password.
-               $newmem = new MEMBER();
-               $newmem->readFromName(postVar('name'));
-               $newmem->sendActivationLink('register');
+                       // create member (non admin/can not login/no notes/random string as password)
+                       $r = MEMBER::create(postVar('name'), postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
  
-               $manager->notify('PostRegister',array('member' => &$newmem));
+                       if ($r != 1) {
+                               return $r;
+                       }
  
-               if (postVar('desturl')) {
-                       redirect(postVar('desturl'));
-               } else {
-                       header ("Content-Type: text/html; charset="._CHARSET);
-                       echo _MSG_ACTIVATION_SENT;
+                       // send message containing password.
+                       $newmem = new MEMBER();
+                       $newmem->readFromName(postVar('name'));
+                       $newmem->sendActivationLink('register');
+
+                       $manager->notify('PostRegister',array('member' => &$newmem));
+
+                       if (postVar('desturl')) {
+                               redirect(postVar('desturl'));
+                       } else {
+                               header ("Content-Type: text/html; charset="._CHARSET);
+                               echo _MSG_ACTIVATION_SENT;
+                       }
+                       exit;
                 }
-               exit;
         }
  
         /**
author	kimitake <kimitake@1ca29b6e-896d-4ea0-84a5-967f57386b96>
	Tue, 23 Oct 2007 06:24:50 +0000 (06:24 +0000)
committer	kimitake <kimitake@1ca29b6e-896d-4ea0-84a5-967f57386b96>
	Tue, 23 Oct 2007 06:24:50 +0000 (06:24 +0000)