search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
.
[specialops2.git] / register.php
blob3853653e8299bb6d9784456cd24b280e09d4d393
1 <?php
2 // $Id$
3
4 require 'con.php';
5 $page->title = _('Account Registration');
6
7 if ( $user instanceof authuser ) {
8 if ( isset($_POST['login']) ) {
9 $page->pagefooter();
10 } else {
11 $page->errorfooter('logout');
12 }
13 } else
14 unset($user->userlinks[_('Register')]);
15
16 if ( isset($_POST['something']) ) {
17
18 // Data validation
19 try {
20 // Obvious stuff
21 if ( empty($_POST['reg_u']) || empty($_POST['reg_p']) || empty($_POST['reg_e']) )
22 throw new LengthException(_('You left one or more text fields empty.'));
23 elseif ( $_POST['reg_p'] !== $_POST['reg_c'] )
24 throw new InvalidInputException(_('You did not confirm your password correctly. Both passwords must match exactly.'));
25 elseif ( $DB->query('SELECT `userid` FROM `users` WHERE `alias` = \''.$DB->escape_string($_POST['reg_u']).'\'')->num_rows )
26 throw new InvalidInputException(_('That username is already in use. Try a different name.'));
27
28 // I should make this run fail2ban or something
29 elseif ( !isset($_GET['code']) || !isset($_GET['user'])
30 || $DB->query('SELECT COUNT(*) as `c` FROM `invites`
31 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\'
32 AND `userid` = '.intval($_GET['user'])
33 )->fetch_object()->c < 1 )
34 throw new InvalidInputException(_('Form data was submitted incorrectly.'));
35
36 // Flood protection
37 elseif ( isset($_COOKIE['auto'])
38 || $DB->query('SELECT `userid` FROM `users`
39 WHERE `reg_ip` = INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
40 AND `register_date` > (UNIX_TIMESTAMP() - 3600)'
41 )->num_rows )
42 throw new RateLimitException(_('You can only register a maximum of one account per hour. Try again in one hour.'));
43
44 $DB->query('INSERT INTO `users` (`alias`, `password`, `referrer`, `register_date`, `last_active_date`, `reg_email`, `last_login_ip`, `reg_ip`)
45 VALUES (
46 \''.$DB->escape_string(htmlspecialchars($_POST['reg_u'])).'\',
47 AES_ENCRYPT(\''.$DB->escape_string($_POST['reg_p']).'\', INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')),
48 '.intval($_GET['user']).',
49 UNIX_TIMESTAMP(),
50 UNIX_TIMESTAMP(),
51 \''.$DB->escape_string($_POST['reg_e']).'\',
52 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\'),
53 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
54 )');
55
56 if ( $DB->error )
57 throw new DatabaseException('MySQL error in user creation: '.$DB->error); // furry
58 $DB->query('DELETE FROM `invites`
59 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\' AND `userid` = '.intval($_GET['user']));
60
61 setcookie('auto', 'yes', time()+3600);
62 $user->userheader();
63 echo '<div class="info">',_('Account created.'),'</div>';
64 $page->pagefooter();
65
66 } catch ( InvalidInputException $e ) {
67 $user->userheader();
68 echo '<div class="error">',$e->getMessage(),'</div>';
69 } catch ( RateLimitException $e ) {
70 setcookie('auto', 'yes', time()+3600);
71 $user->userheader();
72 echo '<div class="error">',$e->getMessage(),'</div>';
73 }
74 } elseif ( !isset($_GET['code']) || !isset($_GET['user'])
75 || $DB->query('SELECT COUNT(*) as `c` FROM `invites`
76 NATURAL LEFT JOIN `users`
77 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\'
78 AND `users`.`userid` IS NOT NULL
79 AND `invites`.`userid` = '.intval($_GET['user']))->fetch_object()->c < 1 ) {
80
81 $user->userheader();
82 echo '<div class="error">',_('You need a valid invitation code to create an account.'),'</div>';
83 $page->pagefooter();
84 } else
85 $user->userheader();
86
87 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // Tell ricers to fuckoff
88 echo '<p class="error">',_('Error: You are attempting to register from an IPv6 address. This doesn\'t work yet. You have to register using a IPv4 address.'),"</p>\n";
89 $page->pagefooter();
90 }
91 ?>
92
93 <form action="register?user=<?php echo intval($_GET['user']) ?>;code=<?php echo htmlentities($_GET['code']) ?>" method="post">
94 <fieldset class="content">
95 <legend><?php echo _('Register Account') ?></legend>
96 <p class="info"><?php echo _('Fill in all fields and click Register to make a new account.') ?></p>
97 <!--DO NOT BITCH ABOUT THIS TABLE.-->
98 <table class="inputlist">
99 <tr><th scope="row"><?php echo _('Username') ?></th>
100 <td><input type="text" name="reg_u"/></td></tr>
101 <tr><th scope="row"><?php echo _('Password') ?></th>
102 <td><input type="password" name="reg_p"/></td></tr>
103 <tr><th scope="row"><?php echo _('Confirm Password') ?></th>
104 <td><input type="password" name="reg_c"/></td></tr>
105 <tr><th scope="row"><?php echo _('Email') ?></th>
106 <td><input type="text" name="reg_e"/></td></tr>
107 </table>
108 <p><button type="submit" name="something" value="reg"><?php echo _('Register Account') ?></button></p>
109 </fieldset>
110 </form>
111
112 <?php
113 $page->pagefooter();
114 ?>
Special Ops source code from the bad old days, 2nd generation