4 // See lib/mysql.example
7 $page->title
= 'Account Registration';
9 if ( $user instanceof authuser
) {
10 isset($_POST['login']) ?
11 header('Location: .') : $page->errorfooter('logout');
14 if ( isset($_POST['prompt']) )
17 if ( isset($_POST['something']) ) {
22 if ( empty($_POST['reg_u']) ||
empty($_POST['reg_p']) )
23 throw new LengthException('You left one or more fields empty.');
24 elseif ( $_POST['reg_p'] !== $_POST['reg_c'] )
25 throw new InvalidInputException('Both passwords must match exactly.');
26 elseif ( $DB->query('SELECT `userid` FROM `users`
27 WHERE `alias` = '.$DB->string($_POST['reg_u']))->num_rows
)
28 throw new InvalidInputException('That username is already in use. Try a different name.');
30 // Catch people trying to mess with the system, then waste their time some more
31 elseif ( defined('INVITE_ONLY') && (
32 !isset($_GET['code']) ||
33 !isset($_GET['user']) ||
34 !$DB->query('SELECT `userid` FROM `invites`
35 WHERE `code` = '.$DB->string($_GET['code']).'
36 AND `userid` = '.intval($_GET['user']))->num_rows
)
39 throw new InvalidInputException('Form data was submitted incorrectly.');
43 elseif ( $DB->query('SELECT `userid` FROM `users`
44 WHERE `reg_ip` = INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
45 AND `register_date` > (UNIX_TIMESTAMP() - 3600)')->num_rows
)
46 throw new RateLimitException
47 ('You can only register a maximum of one account per hour. Try again in one hour.');
49 $DB->autocommit(false);
51 $DB->query('INSERT INTO `users` (
61 '.$DB->string(htmlspecialchars($_POST['reg_u'])).',
62 AES_ENCRYPT('.$DB->string($_POST['reg_p']).',
63 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')),
64 '.( defined('INVITE_ONLY') ?
intval($_GET['user']) : 'NULL' ).',
67 '.$DB->string($_POST['reg_e']).',
68 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\'),
69 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
72 if ( defined('INVITE_ONLY') )
73 $DB->query('DELETE FROM `invites`
74 WHERE `code` = '.$DB->string($_GET['code']).'
75 AND `userid` = '.intval($_GET['user']));
80 echo '<p class="info">Account has been created.</p>';
83 } catch ( InvalidInputException
$e ) {
84 header('HTTP/1.1 400 Bad Request');
86 echo '<p class="error">',$e->getMessage(),'</p>';
87 } catch ( RateLimitException
$e ) {
88 header('HTTP/1.1 400 Bad Request');
90 echo '<p class="error">',$e->getMessage(),'</p>';
92 } elseif ( defined('INVITE_ONLY') && (
93 !isset($_GET['code']) ||
94 !isset($_GET['user']) ||
95 !$DB->query('SELECT `userid` FROM `invites`
96 NATURAL LEFT JOIN `users`
97 WHERE `code` = '.$DB->string($_GET['code']).'
98 AND `users`.`userid` IS NOT NULL
99 AND `invites`.`userid` = '.intval($_GET['user']))->num_rows
)
104 <p
class="error">You need a valid invitation code to create an account
.</p
>
105 <p
>Enter the registration code you were given
and the user ID number of the person who gave you it
.</p
>
106 <form action
="<?php echo $_SERVER['PHP_SELF'] ?>" method
="get">
107 <table
class="inputlist">
108 <tr
><th scope
="row">Code
</th
><td
><input type
="text" name
="code" size
="36" maxlength
="36"/></td
></tr
>
109 <tr
><th scope
="row">User ID
</th
><td
><input type
="text" name
="user" size
="5"/></td
></tr
>
111 <p
><button type
="submit">Confirm
</button
></p
>
119 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // mysql is brain-damaged and doesn't have an ipv6 inet_aton()
120 echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
124 if ( defined('INVITE_ONLY') )
125 printf('<form action="%s?user=%d;code=%s" method="post">',
126 $_SERVER['PHP_SELF'], intval($_GET['user']), htmlentities($_GET['code']));
128 echo '<form action="register" method="post">';
131 <fieldset
><legend
>Register Account
</legend
>
132 <table
class="inputlist">
133 <tr
><th scope
="row">Username
</th
>
134 <td
><input type
="text" name
="reg_u"/></td
></tr
>
135 <tr
><th scope
="row">Password
</th
>
136 <td
><input type
="password" name
="reg_p"/></td
></tr
>
137 <tr
><th scope
="row">Confirm Password
</th
>
138 <td
><input type
="password" name
="reg_c"/></td
></tr
>
139 <tr
><th scope
="row">E
-mail
/IM contact
address (optional
)</th
>
140 <td
><input type
="text" name
="reg_e"/></td
></tr
>
142 <p
><button type
="submit" name
="something" value
="reg">Do It
</button
></p
>