{%
	title = "Registration"
	
	local expired = false
	
	if request:post() and request:post().iagree and request.querystring.q then
		local q = Escapes.urlunescape(request.querystring.q)
		local ver = DB.userregverify(q)
		-- Second condition prevents double registration
		if ver and not DB.getuserbyemail(ver.em) then
			local name = Escapes.urlspunescape(request:post().mydispname)
			if not name or name:match"^%s*$" then
				name = "Empty Space"
			end
			
			local userid = DB.reguser(ver.em, name, BigGlobe.cfg.membexcl == BigGlobe.MEMBEXCL_PUBLIC_WITHAPPROVAL and DB.USER_PRIVS_UNAPPROVED or DB.USER_PRIVS_APPROVED)
			response:addHeader("Set-Cookie", "sesh=" .. Escapes.urlescape(DB.userauth(DB.getuserbyid(userid))) .. "; SameSite=Lax; Secure; HttpOnly")
			response:addHeader("Location", "/")
			response:statusCode(303)
		else
			response:statusCode(400)
			expired = true
		end
	end
%}

{% function content() %}
	{% if expired then %}
		<p>This link has expired.</p>
	{% else %}
		<h2>Registration</h2>
		
		<div>{{ BigGlobe.cfg.ruleset }}</div>
		
		<p>{{ Escapes.htmlescape(BigGlobe.cfg.sitename) }} uses 1 cookie to handle user sessions, and requires a user-chosen name to be publicly displayed and your e-mail address, both for as long as the account is registered. These are strictly necessary for {{ Escapes.htmlescape(BigGlobe.cfg.sitename) }} to function.</p>
		
		<p>All items posted and their files shall be publicly available, along with all of your comments.</p>
		
		<form action="#" method="POST">
			<input type="hidden" name="iagree" value="" />
			<input type="text" name="mydispname" value="" placeholder="Display name..." autocomplete="off" style="display:block;margin-bottom:1em;" />
			<button style="margin-top:0;">I agree to the terms.</button>
		</form>
	{% end %}
{% end %}

{# base.inc