5 $page->title
= 'Account Registration';
7 if ( $user instanceof authuser
) {
8 if ( isset($_POST['login']) ) {
11 $page->errorfooter('logout');
14 unset($user->userlinks
['Register']);
16 if ( isset($_POST['something']) ) {
21 if ( empty($_POST['reg_u']) ||
empty($_POST['reg_p']) ||
empty($_POST['reg_e']) )
22 throw new LengthException('You left one or more text fields empty.');
23 elseif ( $_POST['reg_p'] !== $_POST['reg_c'] )
24 throw new InvalidInputException('You did not confirm your password correctly. Both passwords must match exactly.');
25 elseif ( $DB->query('SELECT `userid` FROM `users` WHERE `alias` = \''.$DB->escape_string($_POST['reg_u']).'\'')->num_rows
)
26 throw new InvalidInputException('That username is already in use. Try a different name.');
28 // I should make this run fail2ban or something
29 elseif ( !isset($_GET['code']) ||
!isset($_GET['user'])
30 ||
$DB->query('SELECT COUNT(*) as `c` FROM `invites`
31 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\'
32 AND `userid` = '.intval($_GET['user'])
33 )->fetch_object()->c
< 1 )
34 throw new InvalidInputException('Form data was submitted incorrectly.');
37 elseif ( isset($_COOKIE['auto'])
38 ||
$DB->query('SELECT `userid` FROM `users`
39 WHERE `reg_ip` = INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
40 AND `register_date` > (UNIX_TIMESTAMP() - 3600)'
42 throw new RateLimitException('You can only register a maximum of one account per hour. Try again in one hour.');
44 $DB->query('INSERT INTO `users` (`alias`, `password`, `referrer`, `register_date`, `last_active_date`, `reg_email`, `last_login_ip`, `reg_ip`)
46 \''.$DB->escape_string(htmlspecialchars($_POST['reg_u'])).'\',
47 AES_ENCRYPT(\''.$DB->escape_string($_POST['reg_p']).'\', INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')),
48 '.intval($_GET['user']).',
51 \''.$DB->escape_string($_POST['reg_e']).'\',
52 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\'),
53 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
57 throw new DatabaseException('MySQL error in user creation: '.$DB->error
); // furry
58 $DB->query('DELETE FROM `invites`
59 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\' AND `userid` = '.intval($_GET['user']));
61 setcookie('auto', 'yes', time()+
3600);
63 echo '<div class="info">Account created.</div>';
66 } catch ( InvalidInputException
$e ) {
68 echo '<div class="error">',$e->getMessage(),'</div>';
69 } catch ( RateLimitException
$e ) {
70 setcookie('auto', 'yes', time()+
3600);
72 echo '<div class="error">',$e->getMessage(),'</div>';
74 } elseif ( !isset($_GET['code']) ||
!isset($_GET['user'])
75 ||
$DB->query('SELECT COUNT(*) as `c` FROM `invites`
76 NATURAL LEFT JOIN `users`
77 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\'
78 AND `users`.`userid` IS NOT NULL
79 AND `invites`.`userid` = '.intval($_GET['user']))->fetch_object()->c
< 1 ) {
82 echo '<div class="error">You need a valid invitation code to create an account.</div>';
87 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // Tell ricers to fuckoff
88 echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
93 <form action
="register?user=<?php echo intval($_GET['user']) ?>;code=<?php echo htmlentities($_GET['code']) ?>" method
="post">
94 <fieldset
class="content">
95 <legend
>Register Account
</legend
>
96 <p
class="info">Fill in all fields
and click Register to make a
new account
.</p
>
98 <table
class="inputlist">
99 <tr
><th scope
="row">Username
</th
>
100 <td
><input type
="text" name
="reg_u"/></td
></tr
>
101 <tr
><th scope
="row">Password
</th
>
102 <td
><input type
="password" name
="reg_p"/></td
></tr
>
103 <tr
><th scope
="row">Confirm Password
</th
>
104 <td
><input type
="password" name
="reg_c"/></td
></tr
>
105 <tr
><th scope
="row">Email
</th
>
106 <td
><input type
="text" name
="reg_e"/></td
></tr
>
108 <p
><button type
="submit" name
="something" value
="reg">Register Account
</button
></p
>