search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Improved the CSS id/class stuff.
[specialops2.git] / register.php
blobab41331d395015783753d6a162a448ee42e4eb54
1 <?php
2 // $Id$
3
4 // See lib/mysql.example
5
6 require 'con.php';
7 $page->title = 'Account Registration';
8
9 if ( $user instanceof authuser ) {
10 isset($_POST['login']) ?
11 header('Location: .') : $page->errorfooter('logout');
12 }
13
14 if ( isset($_POST['prompt']) ) {
15 $_GET = $_POST;
16 }
17
18 if ( isset($_POST['something']) ) {
19
20 // Data validation
21 try {
22 // Obvious stuff
23 if ( empty($_POST['reg_u']) || empty($_POST['reg_p']) ) {
24 throw new LengthException('You left one or more fields empty.');
25 }
26 if ( $_POST['reg_p'] !== $_POST['reg_c'] ) {
27 throw new InvalidInputException('Both passwords must match exactly.');
28 }
29 if ( $DB->query('SELECT `userid` FROM `users` WHERE `alias` = '.$DB->string($_POST['reg_u']))->num_rows ) {
30 throw new InvalidInputException('That username is already in use. Try a different name.');
31 }
32
33 // Catch people trying to mess with the system, then waste their time some more
34 if ( defined('INVITE_ONLY') && (
35 !isset($_GET['code']) || !isset($_GET['user']) ||
36 0 == $DB->query('SELECT `userid` FROM `items` WHERE `item` = "invite"
37 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']))->num_rows
38 ) ) {
39 sleep(7);
40 throw new InvalidInputException('Form data was submitted incorrectly.');
41 }
42
43 // Flood protection
44 if ( $DB->query('SELECT `userid` FROM `users`
45 WHERE `reg_ip` = INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")
46 AND `register_date` > (UNIX_TIMESTAMP() - 3600)')->num_rows ) {
47 throw new RateLimitException('You can only register a maximum of one account per hour. Try again in one hour.');
48 }
49
50 $DB->autocommit(false);
51
52 $DB->query('INSERT INTO `users` (
53 `alias`,
54 `password`,
55 `referrer`,
56
57 `register_date`, `last_active_date`,
58 `reg_email`,
59 `last_login_ip`, `reg_ip`
60 ) VALUES (
61 '.$DB->string(htmlspecialchars($_POST['reg_u'])).',
62 AES_ENCRYPT('.$DB->string($_POST['reg_p']).', INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")),
63 '.( defined('INVITE_ONLY') ? intval($_GET['user']) : 'NULL' ).',
64
65 UNIX_TIMESTAMP(), UNIX_TIMESTAMP(),
66 '.$DB->string($_POST['reg_e']).',
67 INET_ATON("'.$_SERVER['REMOTE_ADDR'].'"), INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")
68 )');
69
70 if ( defined('INVITE_ONLY') ) {
71 $DB->query('DELETE FROM `items` WHERE `item` = "invite"
72 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']));
73 }
74
75 $DB->commit();
76
77 $user->userheader();
78 echo '<p class="info">Account has been created.</p>';
79 $page->pagefooter();
80
81 } catch ( InvalidInputException $e ) {
82 header('HTTP/1.1 400 Bad Request');
83 $user->userheader();
84 echo '<p class="error">',$e->getMessage(),'</p>';
85 } catch ( RateLimitException $e ) {
86 header('HTTP/1.1 400 Bad Request');
87 $user->userheader();
88 echo '<p class="error">',$e->getMessage(),'</p>';
89 }
90 } elseif ( defined('INVITE_ONLY') && (
91 !isset($_GET['code']) || !isset($_GET['user']) ||
92 0 == $DB->query('SELECT `userid` FROM `items` NATURAL LEFT JOIN `users`
93 WHERE `item` = "invite" AND `data` = '.$DB->string($_GET['code']).'
94 AND `users`.`userid` IS NOT NULL AND `items`.`userid` = '.intval($_GET['user']))->num_rows
95 ) ) {
96 $user->userheader();
97 ?>
98
99 <p class="error">You need a valid invitation code to create an account.</p>
100 <p>Enter the registration code you were given and the user ID number of the person who gave you it.</p>
101 <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="get">
102 <table class="inputlist">
103 <tr><th scope="row">Code</th><td><input type="text" name="code" size="36" maxlength="36"/></td></tr>
104 <tr><th scope="row">User ID</th><td><input type="text" name="user" size="5"/></td></tr>
105 </table>
106 <p><button type="submit">Confirm</button></p>
107 </form>
108
109 <?php
110 $page->pagefooter();
111 } else {
112 $user->userheader();
113 }
114
115
116 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // mysql is brain-damaged and doesn't have an ipv6 inet_aton()
117 echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
118 $page->pagefooter();
119 }
120
121 if ( defined('INVITE_ONLY') ) {
122 printf('<form action="%s?user=%d;code=%s" method="post">',
123 $_SERVER['PHP_SELF'], intval($_GET['user']), htmlentities($_GET['code']));
124 } else {
125 echo '<form action="register" method="post">';
126 }
127 ?>
128
129 <fieldset><legend>Register Account</legend>
130 <table class="inputlist">
131 <tr><th scope="row">Username</th>
132 <td><input type="text" name="reg_u"/></td></tr>
133 <tr><th scope="row">Password</th>
134 <td><input type="password" name="reg_p"/></td></tr>
135 <tr><th scope="row">Confirm Password</th>
136 <td><input type="password" name="reg_c"/></td></tr>
137 <tr><th scope="row">E-mail/IM contact address (optional)</th>
138 <td><input type="text" name="reg_e"/></td></tr>
139 </table>
140 <p><button type="submit" name="something">Do It</button></p>
141 </fieldset>
142 </form>
143
144 <?php
145 $page->pagefooter();
146 ?>
147
Special Ops source code from the bad old days, 2nd generation