liquid_feedback_frontend

view app/main/index/_action/register.lua @ 9:0ee1e0c42d4c

find changesets by author, revision, files, or words in the commit message
Version beta5

Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.

Changing of name and login is possible while a history of these changes is written and accessible by all users.

Statistics shown in area list

Trimming of user input also converts multiple whitespaces to single space character.
author bsw
date Mon Jan 04 12:00:00 2010 +0100 (2010-01-04)
parents 8d91bccab0bf
children 26c8177ef348
line source
1 local invite_code = InviteCode:by_code(param.get("code"))
2
3 if not invite_code or invite_code.used then
4 slot.put_into("error", _"The code you've entered is invalid")
5 request.redirect{
6 mode = "forward",
7 module = "index",
8 view = "register"
9 }
10 return false
11 end
12
13 local notify_email = param.get("notify_email")
14
15 if invite_code and not notify_email then
16 request.redirect{
17 mode = "redirect",
18 module = "index",
19 view = "register",
20 params = { code = invite_code.code }
21 }
22 return false
23 end
24
25 if #notify_email < 5 then
26 slot.put_into("error", _"Email address too short!")
27 request.redirect{
28 mode = "redirect",
29 module = "index",
30 view = "register",
31 params = { code = invite_code.code }
32 }
33 return false
34 end
35
36 local name = param.get("name")
37
38 if notify_email and not name then
39 request.redirect{
40 mode = "redirect",
41 module = "index",
42 view = "register",
43 params = {
44 code = invite_code.code,
45 notify_email = notify_email
46 }
47 }
48 return false
49 end
50
51 name = util.trim(name)
52
53 if #name < 3 then
54 slot.put_into("error", _"This username is too short!")
55 request.redirect{
56 mode = "redirect",
57 module = "index",
58 view = "register",
59 params = {
60 code = invite_code.code,
61 notify_email = notify_email
62 }
63 }
64 return false
65 end
66
67 if Member:by_name(name) then
68 slot.put_into("error", _"This name is already taken, please choose another one!")
69 request.redirect{
70 mode = "redirect",
71 module = "index",
72 view = "register",
73 params = {
74 code = invite_code.code,
75 notify_email = notify_email
76 }
77 }
78 return false
79 end
80
81 local login = param.get("login")
82
83 if name and not login then
84 request.redirect{
85 mode = "redirect",
86 module = "index",
87 view = "register",
88 params = {
89 code = invite_code.code,
90 notify_email = notify_email,
91 name = name
92 }
93 }
94 return false
95 end
96
97 login = util.trim(login)
98
99 if #login < 3 then
100 slot.put_into("error", _"This login is too short!")
101 request.redirect{
102 mode = "redirect",
103 module = "index",
104 view = "register",
105 params = {
106 code = invite_code.code,
107 notify_email = notify_email,
108 name = name
109 }
110 }
111 return false
112 end
113
114 if Member:by_login(login) then
115 slot.put_into("error", _"This login is already taken, please choose another one!")
116 request.redirect{
117 mode = "redirect",
118 module = "index",
119 view = "register",
120 params = {
121 code = invite_code.code,
122 notify_email = notify_email,
123 name = name
124 }
125 }
126 return false
127 end
128
129 local use_terms_accepted = param.get("use_terms_accepted", atom.boolean)
130
131 if login and use_terms_accepted == nil then
132 request.redirect{
133 mode = "redirect",
134 module = "index",
135 view = "register",
136 params = {
137 code = invite_code.code,
138 notify_email = notify_email,
139 name = name,
140 login = login
141 }
142 }
143 return false
144 end
145
146 if use_terms_accepted ~= true then
147 slot.put_into("error", _"You have to accept the terms of use to complete registration.")
148 request.redirect{
149 mode = "redirect",
150 module = "index",
151 view = "register",
152 params = {
153 code = invite_code.code,
154 notify_email = notify_email,
155 name = name,
156 login = login
157 }
158 }
159 return false
160 end
161
162 local password1 = param.get("password1")
163 local password2 = param.get("password2")
164
165 if login and not password1 then
166 request.redirect{
167 mode = "redirect",
168 module = "index",
169 view = "register",
170 params = {
171 code = invite_code.code,
172 notify_email = notify_email,
173 name = name,
174 login = login
175 }
176 }
177 return false
178 end
179
180 if password1 ~= password2 then
181 slot.put_into("error", _"Passwords don't match!")
182 request.redirect{
183 mode = "redirect",
184 module = "index",
185 view = "register",
186 params = {
187 code = invite_code.code,
188 notify_email = notify_email,
189 name = name,
190 login = login
191 }
192 }
193 return false
194 end
195
196 if #password1 < 8 then
197 slot.put_into("error", _"Passwords must consist of at least 8 characters!")
198 request.redirect{
199 mode = "redirect",
200 module = "index",
201 view = "register",
202 params = {
203 code = invite_code.code,
204 notify_email = notify_email,
205 name = name,
206 login = login
207 }
208 }
209 return false
210 end
211
212 local member = Member:new()
213
214 member.login = login
215 member.name = name
216
217 local success = member:set_notify_email(notify_email)
218 if not success then
219 slot.put_into("error", _"Can't send confirmation email")
220 request.redirect{
221 mode = "redirect",
222 module = "index",
223 view = "register",
224 params = {
225 code = invite_code.code,
226 notify_email = notify_email,
227 name = name,
228 login = login
229 }
230 }
231 return
232 end
233
234 member:set_password(password1)
235 member:save()
236
237 invite_code.member_id = member.id
238 invite_code.used = "now"
239 invite_code:save()
240
241 slot.put_into("notice", _"You've successfully registered and you can login now with your login and password!")
242
243 request.redirect{
244 mode = "redirect",
245 module = "index",
246 view = "login",
247 }

Impressum / About Us