it uses compute_auth_hash that comes with moss to create the pass word hash so make sure the user the runs httpd also has right to run compute_auth_hash also.
i also added a switch so you can have all user use them same @ address in there user name ex. username@myserver.com or it can be set to just use real e-mail.
Code for config.php
Code: Select all
<?php
$dbhost = 'localhost';
$dbport = '5432';
$dbname = 'moss';
$dbuser = 'moss';
$dbpass = 'dbpass';
$useemail = true; //If set to flase will use dbemal for last part of user name
$dbemail = '@someplace.com';
$passhash = 'compute_auth_hash'; //Full path to compute_auth_hash ex /use/local/moss/compute_auth_hash make sure user the runs httpd has right
//to run it
?>
Code: Select all
<?php
include('config.php');
function check_name($var) {
$var = stripslashes($var);
$var = strip_tags($var);
$var = preg_replace('/[\x80-\xFF]/', '', $var);
$var = preg_replace("/[^a-zA-Z0-9@._s]/", '', $var);
return $var;
}
if ($_GET['action'] == 'go') {
if ($_POST['login'] == '' || $_POST['password'] == '')
die ("You must enter a valid username and password! Click <a ".
"href=\"javascript:history.back()\">here</a> to go back.");
if ($_POST['password'] != $_POST['password2'])
die ("Your passwords don't match! Please go <a ".
"href=\"javascript:history.back()\">back</a> and re-enter it.");
$login = strtolower(check_name($_POST['login']));
$pass = ($_POST['password']);
$conn = pg_connect("host=$dbhost port=$dbport dbname=$dbname user=$dbuser password=$dbpass");
if(!$conn) {
echo "Unable to connect to test database\n";
exit;
}
unset($dbpass); //do this to be safe
if (!$useemail) {
$name="$login$dbemail";
} else {
$name = "$login";
}
$result = pg_query($conn,"SELECT * FROM accounts WHERE name = '$name'");
if (pg_num_rows($result) > 0) {
echo "An account with that name already exists in the database. If this ".
"is not your account, please go <a href=\"javascript:history.back()\">".
"back</a> and choose another login name.";
} else {
$hash = exec("$passhash $name $pass");
$res = pg_query($conn, "select uuid()");
$uid = pg_fetch_result($res, 0);
pg_query($conn,"insert into accounts values('$name','','$hash', '$uid', '','FALSE','FALSE')");
echo "Congratulations, your account has been successfully created!<br>";
echo "Your login is $name";
}
} else {
unset($dbpass); //do this to be safe
?>
<html>
<head>
<title>Moss Account Creation</title>
</head>
<body>
<h1>Moss Account Creation</h1>
<?php if (!$useemail) {
?>
<p>Please enter a username and password for logging into this Moss Shard.
please choose a username and password that you will remember. If you
forget your password, it can be reset, but it
can't be retrieved, since the passwords are encrypted.<br>
NOTE: you only need to enter a username <?php echo $dbemail; ?> will be auto added to then end of your name</p>
<br>
<form action="new.php?action=go" method="post">
<table border="0">
<tr>
<td>Login Name:</td>
<td ><input type="text" name="login" maxlength="50" size="50"/></td>
</tr><tr>
<td>Password:</td>
<td><input type="password" name="password" maxlength="50" size="50"/></td>
</tr><tr>
<td>Password again:</td>
<td><input type="password" name="password2" maxlength="50" size="50"/></td>
</tr>
</table><br>
<input type="submit" value="Create Account" />
</form>
<?php } else { ?>
<p>Please enter a E-Mail and password for logging into this Moss Shard.
please choose a E-mail and password that you will remember. If you
forget your password, it can be reset, but it
can't be retrieved, since the passwords are encrypted.</p>
<br>
<form action="new.php?action=go" method="post">
<table border="0">
<tr>
<td>E-Mail:</td>
<td><input type="text" name="login" maxlength="50" size="50"/></td>
</tr><tr>
<td>Password:</td>
<td><input type="password" name="password" maxlength="50" size="50"/></td>
</tr><tr>
<td>Password again:</td>
<td><input type="password" name="password2" maxlength="50" size="50"/></td>
</tr>
</table><br>
<input type="submit" value="Create Account" />
</form>
<?php } } ?>
</body>
</html>