search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Made the registration process and TOS more appropriate.
[specialops2.git] / register.php
blobf96b30ff73198ad414fe248a561318de7bc26077
1 <?php
2 /**
3 * User Account Registration
4 *
5 * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
6 * @license file://COPYING
7 * @version $Id$
8 * @see file://lib/mysql.example
9 */
10
11 require 'con.php';
12 $page->title = 'Account Registration';
13
14 if ( $user instanceof User_Authenticated ) {
15 isset($_POST['login']) ?
16 header('Location: .') : $page->errorfooter('logout');
17 }
18
19 if ( isset($_POST['prompt']) ) {
20 $_GET = $_POST;
21 }
22
23 if ( isset($_POST['something']) ) {
24
25 // Data validation
26 try {
27 // Obvious stuff
28 if ( empty($_POST['reg_u']) || empty($_POST['reg_p']) ) {
29 throw new InvalidInputException('You left one or more fields empty.');
30 }
31 if ( $_POST['reg_p'] !== $_POST['reg_c'] ) {
32 throw new InvalidInputException('Both passwords must match exactly.');
33 }
34 if ( $DB->query('SELECT `userid` FROM `users` WHERE `alias` = '.$DB->string($_POST['reg_u']))->num_rows ) {
35 throw new InvalidInputException('That username is already in use. Try a different name.');
36 }
37
38 // Faggot protection
39 if ( defined('INVITE_ONLY') && (
40 !isset($_GET['code']) || !isset($_GET['user']) ||
41 0 == $DB->query('SELECT `userid` FROM `things` WHERE `what` = "invite"
42 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']))->num_rows
43 ) ) {
44 sleep(7);
45 throw new InvalidInputException('Form data was submitted incorrectly.');
46 }
47
48 // Retard protection
49 if ( empty($_POST['CYA']) ) {
50 throw new InvalidInputException('Illiteracy is not a defence.');
51 }
52
53 // Flood protection
54 if ( $DB->query('SELECT `userid` FROM `users`
55 WHERE `reg_ip` = INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")
56 AND `register_date` > (UNIX_TIMESTAMP() - 3600)')->num_rows ) {
57 throw new RateLimitException('You can only register a maximum of one account per hour. Try again in one hour.');
58 }
59
60 $DB->autocommit(false);
61
62 $DB->query('SET @userip = INET_ATON('.$DB->string($_SERVER['REMOTE_ADDR']).')');
63 $DB->query('INSERT INTO `users` (
64 `alias`,
65 `password`,
66 `referrer`,
67 `register_date`,
68 `last_active_date`,
69 `reg_email`,
70 `last_login_ip`,
71 `reg_ip`
72 ) VALUES (
73 '.$DB->string(htmlspecialchars($_POST['reg_u'])).',
74 AES_ENCRYPT('.$DB->string($_POST['reg_p']).', @userip),
75 '.( defined('INVITE_ONLY') ? intval($_GET['user']) : 'NULL' ).',
76 UNIX_TIMESTAMP(),
77 UNIX_TIMESTAMP(),
78 '.$DB->string($_POST['reg_e']).',
79 @userip,
80 @userip
81 )');
82
83 if ( defined('INVITE_ONLY') ) {
84 $DB->query('DELETE FROM `things` WHERE `what` = "invite"
85 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']));
86 }
87
88 $DB->commit();
89
90 setcookie('u', $_POST['reg_u'], time()+86400, '/');
91 setcookie('p', $_POST['reg_p'], time()+86400, '/');
92
93 $user->userheader();
94 echo '<p class="info">Account has been created.</p>';
95 $page->pagefooter();
96
97 } catch ( InvalidInputException $e ) {
98 header('HTTP/1.1 400 Bad Request');
99 $user->userheader();
100 echo '<p class="error">',$e->getMessage(),'</p>';
101 } catch ( RateLimitException $e ) {
102 header('HTTP/1.1 400 Bad Request');
103 $user->userheader();
104 echo '<p class="error">',$e->getMessage(),'</p>';
105 }
106 } elseif ( defined('INVITE_ONLY') && (
107 !isset($_GET['code']) || !isset($_GET['user']) ||
108 0 == $DB->query('SELECT `userid` FROM `things` NATURAL LEFT JOIN `users`
109 WHERE `what` = "invite" AND `data` = '.$DB->string($_GET['code']).'
110 AND `users`.`userid` IS NOT NULL AND `things`.`userid` = '.intval($_GET['user']))->num_rows
111 ) ) {
112 $user->userheader();
113 ?>
114
115 <p class="error">You need a valid invitation code to create an account.</p>
116 <p>Enter the registration code you were given and the user ID number of the person who gave you it.</p>
117 <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="get">
118 <table class="inputlist">
119 <tr><th scope="row">Code</th><td><input type="text" name="code" size="36" maxlength="36"/></td></tr>
120 <tr><th scope="row">User ID</th><td><input type="text" name="user" size="5"/></td></tr>
121 </table>
122 <p><button type="submit">Confirm</button></p>
123 <p>Don't have an invite? One of <a href="userlist">our members</a> might.</p>
124 </form>
125
126 <?php
127 $page->pagefooter();
128 } else {
129 $user->userheader();
130 }
131
132
133 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // ipv6 doesn't work yet
134 echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
135 $page->pagefooter();
136 }
137
138 if ( defined('INVITE_ONLY') ) {
139 printf('<form action="%s?user=%d;code=%s" method="post">',
140 $_SERVER['PHP_SELF'], intval($_GET['user']), htmlentities($_GET['code']));
141 } else {
142 echo '<form action="',$_SERVER['PHP_SELF'],'" method="post">';
143 }
144 ?>
145
146 <fieldset><legend>Register Account</legend>
147 <table class="inputlist">
148 <tr><th scope="row">Username</th>
149 <td><input type="text" name="reg_u"/></td></tr>
150 <tr><th scope="row">Password</th>
151 <td><input type="password" name="reg_p"/></td></tr>
152 <tr><th scope="row">Confirm Password</th>
153 <td><input type="password" name="reg_c"/></td></tr>
154 <tr><th scope="row">Contact IRI</th>
155 <td><input type="text" name="reg_e"/></td></tr>
156 </table>
157 <p><label><input type="checkbox" name="CYA"/> I have read and agree to follow the <a href="stuff">board rules</a></label></p>
158 <p><button type="submit" name="something">Create Account</button></p>
159 </fieldset>
160 </form>
161
162 <?php
163 $page->pagefooter();
164 ?>
Special Ops source code from the bad old days, 2nd generation