search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Reduced the gfh2 background image contrast a bit since it was hard to read text with it.
[specialops2.git] / register.php
blobb9c3aad6cd62011261e33a356eddef0560ac53e7
1 <?php
2 // $Id$
3
4 // See lib/mysql.example
5
6 require 'con.php';
7 $page->title = 'Account Registration';
8
9 if ( $user instanceof authuser ) {
10 isset($_POST['login']) ?
11 header('Location: .') : $page->errorfooter('logout');
12 }
13
14 if ( isset($_POST['prompt']) )
15 $_GET = $_POST;
16
17 if ( isset($_POST['something']) ) {
18
19 // Data validation
20 try {
21 // Obvious stuff
22 if ( empty($_POST['reg_u']) || empty($_POST['reg_p']) )
23 throw new LengthException('You left one or more fields empty.');
24 elseif ( $_POST['reg_p'] !== $_POST['reg_c'] )
25 throw new InvalidInputException('Both passwords must match exactly.');
26 elseif ( $DB->query('SELECT `userid` FROM `users`
27 WHERE `alias` = '.$DB->string($_POST['reg_u']))->num_rows )
28 throw new InvalidInputException('That username is already in use. Try a different name.');
29
30 // Catch people trying to mess with the system, then waste their time some more
31 elseif ( defined('INVITE_ONLY') && (
32 !isset($_GET['code']) ||
33 !isset($_GET['user']) ||
34 !$DB->query('SELECT `userid` FROM `invites`
35 WHERE `code` = '.$DB->string($_GET['code']).'
36 AND `userid` = '.intval($_GET['user']))->num_rows )
37 ) {
38 sleep(7);
39 throw new InvalidInputException('Form data was submitted incorrectly.');
40 }
41
42 // Flood protection
43 elseif ( $DB->query('SELECT `userid` FROM `users`
44 WHERE `reg_ip` = INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
45 AND `register_date` > (UNIX_TIMESTAMP() - 3600)')->num_rows )
46 throw new RateLimitException
47 ('You can only register a maximum of one account per hour. Try again in one hour.');
48
49 $DB->autocommit(false);
50
51 $DB->query('INSERT INTO `users` (
52 `alias`,
53 `password`,
54 `referrer`,
55 `register_date`,
56 `last_active_date`,
57 `reg_email`,
58 `last_login_ip`,
59 `reg_ip`
60 ) VALUES (
61 '.$DB->string(htmlspecialchars($_POST['reg_u'])).',
62 AES_ENCRYPT('.$DB->string($_POST['reg_p']).',
63 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')),
64 '.( defined('INVITE_ONLY') ? intval($_GET['user']) : 'NULL' ).',
65 UNIX_TIMESTAMP(),
66 UNIX_TIMESTAMP(),
67 '.$DB->string($_POST['reg_e']).',
68 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\'),
69 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
70 )');
71
72 if ( defined('INVITE_ONLY') )
73 $DB->query('DELETE FROM `invites`
74 WHERE `code` = '.$DB->string($_GET['code']).'
75 AND `userid` = '.intval($_GET['user']));
76
77 $DB->commit();
78
79 $user->userheader();
80 echo '<p class="info">Account has been created.</p>';
81 $page->pagefooter();
82
83 } catch ( InvalidInputException $e ) {
84 header('HTTP/1.1 400 Bad Request');
85 $user->userheader();
86 echo '<p class="error">',$e->getMessage(),'</p>';
87 } catch ( RateLimitException $e ) {
88 header('HTTP/1.1 400 Bad Request');
89 $user->userheader();
90 echo '<p class="error">',$e->getMessage(),'</p>';
91 }
92 } elseif ( defined('INVITE_ONLY') && (
93 !isset($_GET['code']) ||
94 !isset($_GET['user']) ||
95 !$DB->query('SELECT `userid` FROM `invites`
96 NATURAL LEFT JOIN `users`
97 WHERE `code` = '.$DB->string($_GET['code']).'
98 AND `users`.`userid` IS NOT NULL
99 AND `invites`.`userid` = '.intval($_GET['user']))->num_rows )
100 ) {
101 $user->userheader();
102 ?>
103
104 <p class="error">You need a valid invitation code to create an account.</p>
105 <p>Enter the registration code you were given and the user ID number of the person who gave you it.</p>
106 <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="get">
107 <table class="inputlist">
108 <tr><th scope="row">Code</th><td><input type="text" name="code" size="36" maxlength="36"/></td></tr>
109 <tr><th scope="row">User ID</th><td><input type="text" name="user" size="5"/></td></tr>
110 </table>
111 <p><button type="submit">Confirm</button></p>
112 </form>
113
114 <?php
115 $page->pagefooter();
116 } else
117 $user->userheader();
118
119 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // mysql is brain-damaged and doesn't have an ipv6 inet_aton()
120 echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
121 $page->pagefooter();
122 }
123
124 if ( defined('INVITE_ONLY') )
125 printf('<form action="%s?user=%d;code=%s" method="post">',
126 $_SERVER['PHP_SELF'], intval($_GET['user']), htmlentities($_GET['code']));
127 else
128 echo '<form action="register" method="post">';
129 ?>
130
131 <fieldset><legend>Register Account</legend>
132 <table class="inputlist">
133 <tr><th scope="row">Username</th>
134 <td><input type="text" name="reg_u"/></td></tr>
135 <tr><th scope="row">Password</th>
136 <td><input type="password" name="reg_p"/></td></tr>
137 <tr><th scope="row">Confirm Password</th>
138 <td><input type="password" name="reg_c"/></td></tr>
139 <tr><th scope="row">E-mail/IM contact address (optional)</th>
140 <td><input type="text" name="reg_e"/></td></tr>
141 </table>
142 <p><button type="submit" name="something" value="reg">Do It</button></p>
143 </fieldset>
144 </form>
145
146 <?php
147 $page->pagefooter();
148 ?>
149
Special Ops source code from the bad old days, 2nd generation