X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttRegistrator.class.php;h=b3551dad617898f6adfa9d6a44d5eebccb96b0c0;hb=a711e76851f29c7e0ac290a279eb4dd984ea7167;hp=71f49e690b32e53b304b904d6b1e2e87f89ece90;hpb=7ca15b5853146dd809f2ad3f5b2e1d9dab4f8dd4;p=timetracker.git

diff --git a/WEB-INF/lib/ttRegistrator.class.php b/WEB-INF/lib/ttRegistrator.class.php
index 71f49e69..b3551dad 100644
--- a/WEB-INF/lib/ttRegistrator.class.php
+++ b/WEB-INF/lib/ttRegistrator.class.php
@@ -62,21 +62,21 @@ class ttRegistrator {
     global $i18n;
 
     if (!ttValidString($this->group_name, true))
-      $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.team_name'));
+      $this->err->add($i18n->get('error.field'), $i18n->get('label.group_name'));
     if (!ttValidString($this->currency, true))
-      $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.currency'));
+      $this->err->add($i18n->get('error.field'), $i18n->get('label.currency'));
     if (!ttValidString($this->user_name))
-      $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.manager_name'));
+      $this->err->add($i18n->get('error.field'), $i18n->get('label.manager_name'));
     if (!ttValidString($this->login))
-      $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.manager_login'));
+      $this->err->add($i18n->get('error.field'), $i18n->get('label.manager_login'));
     if (!ttValidString($this->password1))
-      $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.password'));
+      $this->err->add($i18n->get('error.field'), $i18n->get('label.password'));
     if (!ttValidString($this->password2))
-      $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.confirm_password'));
+      $this->err->add($i18n->get('error.field'), $i18n->get('label.confirm_password'));
     if ($this->password1 !== $this->password2)
-      $this->err->add($i18n->getKey('error.not_equal'), $i18n->getKey('label.password'), $i18n->getKey('label.confirm_password'));    
+      $this->err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password'));
     if (!ttValidEmail($this->email, true))
-      $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.email'));
+      $this->err->add($i18n->get('error.field'), $i18n->get('label.email'));
   }
 
   // The register function registers a user in Time Tracker.
@@ -85,30 +85,36 @@ class ttRegistrator {
 
     global $i18n;
 
+    // Protection fom too many recent bot registrations from user IP.
+    if ($this->registeredRecently()) {
+      $this->err->add($i18n->get('error.access_denied'));
+      return false;
+    }
+
     import('ttUserHelper');
     if (ttUserHelper::getUserByLogin($this->login)) {
       // User login already exists.
-      $this->err->add($i18n->getKey('error.user_exists'));
+      $this->err->add($i18n->get('error.user_exists'));
       return false;
     }
 
     // Create a new group.
     $this->group_id = $this->createGroup();
     if (!$this->group_id) {
-      $this->err->add($i18n->getKey('error.db'));
+      $this->err->add($i18n->get('error.db'));
       return false;
     }
 
     import('ttRoleHelper');
     if (!ttRoleHelper::createPredefinedRoles($this->group_id, $this->lang)) {
-      $err->add($i18n->getKey('error.db'));
+      $err->add($i18n->get('error.db'));
       return false;
     }
     $this->role_id = ttRoleHelper::getTopManagerRoleID();
     $this->user_id = $this->createUser();
 
     if (!$this->user_id) {
-      $err->add($i18n->getKey('error.db'));
+      $err->add($i18n->get('error.db'));
       return false;
     }
 
@@ -129,14 +135,18 @@ class ttRegistrator {
     $created = 'now()';
     $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']);
 
-    $sql = "insert into tt_teams (name, currency, lang, created, created_ip) values($name, $currency, $lang, $created, $created_ip)";
+    $sql = "insert into tt_groups (name, currency, lang, created, created_ip) values($name, $currency, $lang, $created, $created_ip)";
     $affected = $mdb2->exec($sql);
+    if (is_a($affected, 'PEAR_Error')) return false;
 
-    if (!is_a($affected, 'PEAR_Error')) {
-      $group_id = $mdb2->lastInsertID('tt_teams', 'id');
-      return $group_id;
-    }
-    return false;
+    $group_id = $mdb2->lastInsertID('tt_groups', 'id');
+
+    // Update org_id with group_id.
+    $sql = "update tt_groups set org_id = $group_id where org_id is NULL and id = $group_id";
+    $affected = $mdb2->exec($sql);
+    if (is_a($affected, 'PEAR_Error')) return false;
+
+    return $group_id;
   }
 
   // The createUser creates a user in database as part of registration process.
@@ -149,9 +159,9 @@ class ttRegistrator {
     $email = $mdb2->quote($this->email);
     $created = 'now()';
     $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']);
-    $values = "values($login, $password, $name, $this->group_id, $this->role_id, $email, $created, $created_ip)";
+    $values = "values($login, $password, $name, $this->group_id, $this->group_id, $this->role_id, $email, $created, $created_ip)";
 
-    $sql = 'insert into tt_users (login, password, name, team_id, role_id, email, created, created_ip) '.$values;
+    $sql = 'insert into tt_users (login, password, name, group_id, org_id, role_id, email, created, created_ip) '.$values;
     $affected = $mdb2->exec($sql);
     if (!is_a($affected, 'PEAR_Error')) {
       $user_id = $mdb2->lastInsertID('tt_users', 'id');
@@ -168,21 +178,39 @@ class ttRegistrator {
     $mdb2 = getConnection();
 
     // Update group.
-    $sql = "update tt_teams set created_by = $user_id where id = $this->group_id";
+    $sql = "update tt_groups set created_by = $user_id where id = $this->group_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error')) {
-      $this->err->add($i18n->getKey('error.db'));
+      $this->err->add($i18n->get('error.db'));
       return false;
     }
 
     // Update top manager.
-    $sql = "update tt_users set created_by = $user_id where id = $user_id and team_id = $this->group_id";
+    $sql = "update tt_users set created_by = $user_id where id = $user_id and group_id = $this->group_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error')) {
-      $this->err->add($i18n->getKey('error.db'));
+      $this->err->add($i18n->get('error.db'));
       return false;
     }
 
     return true;
   }
+
+  // registeredRecently determines if we already have a successful recent registration from user IP.
+  // "recent" means "within the last minute" and is set in a query by the following condition:
+  // "and created > now() - interval 1 minute". Change if necessary.
+  function registeredRecently() {
+    $mdb2 = getConnection();
+
+    $ip_part = ' created_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']);
+    $sql = 'select created from tt_groups where '.$ip_part.' and created > now() - interval 1 minute';
+    $res = $mdb2->query($sql);
+    if (is_a($res, 'PEAR_Error'))
+      return false;
+    $val = $res->fetchRow();
+    if ($val)
+      return true;
+
+    return false;
+  }
 }