register.php

   1 <?php
   2 /**
   3  * User Account Registration
   4  *
   5  * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
   6  * @license file://COPYING
   7  * @version $Id$
   8  * @see file://lib/mysql.example
   9  */
  10
  11 require 'con.php';
  12 $page->title = 'Account Registration';
  13
  14 if ( $user instanceof User_Authenticated ) {
  15         isset($_POST['login']) ?
  16                 header('Location: .') : $page->errorfooter('logout');
  17 }
  18
  19 if ( isset($_POST['prompt']) ) {
  20         $_GET = $_POST;
  21 }
  22
  23 if ( isset($_POST['something']) ) {
  24
  25         // Data validation
  26         try {
  27                 // Obvious stuff
  28                 if ( empty($_POST['reg_u']) || empty($_POST['reg_p']) || empty($_POST['reg_e']) ) {
  29                         throw new InvalidInputException('You left one or more fields empty.');
  30                 }
  31                 if ( $_POST['reg_p'] !== $_POST['reg_c'] ) {
  32                         throw new InvalidInputException('Both passwords must match exactly.');
  33                 }
  34                 if ( $DB->query('SELECT `userid` FROM `users` WHERE `alias` = '.$DB->string($_POST['reg_u']))->num_rows ) {
  35                         throw new InvalidInputException('That username is already in use. Try a different name.');
  36                 }
  37
  38                 // Faggot protection
  39                 if ( defined('INVITE_ONLY') && (
  40                                         !isset($_GET['code']) || !isset($_GET['user']) ||
  41                                         0 == $DB->query('SELECT `userid` FROM `things` WHERE `what` = "invite"
  42                                                         AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']))->num_rows
  43                         ) ) {
  44                         sleep(7);
  45                         throw new InvalidInputException('Form data was submitted incorrectly.');
  46                 }
  47
  48                 // Flood protection
  49                 if ( $DB->query('SELECT `userid` FROM `users`
  50                                         WHERE `reg_ip` = INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")
  51                                         AND `register_date` > (UNIX_TIMESTAMP() - 3600)')->num_rows ) {
  52                         throw new RateLimitException('You can only register a maximum of one account per hour. Try again in one hour.');
  53                 }
  54
  55                 $DB->autocommit(false);
  56
  57                 $DB->query('SET @userip = INET_ATON('.$DB->string($_SERVER['REMOTE_ADDR']).')');
  58
  59                 // Retard protection
  60                 if ( empty($_POST['CYA']) ) {
  61                         $_POST['reg_p']);
  62                         $DB->query('SET @userpass = "banned"');
  63                 } else {
  64                         $DB->query('SET @userpass = AES_ENCRYPT('.$DB->string($_POST['reg_p']).', @userip)');
  65                 }
  66
  67                 $DB->query('INSERT INTO `users` (
  68                                         `alias`,
  69                                         `password`,
  70                                         `referrer`,
  71                                         `register_date`,
  72                                         `last_active_date`,
  73                                         `reg_contact`,
  74                                         `last_login_ip`,
  75                                         `reg_ip`
  76                                 ) VALUES (
  77                                         '.$DB->string(htmlspecialchars($_POST['reg_u'])).',
  78                                         AES_ENCRYPT('.$DB->string($_POST['reg_p']).', @userip),
  79                                         '.( defined('INVITE_ONLY') ? intval($_GET['user']) : 'NULL' ).',
  80                                         UNIX_TIMESTAMP(),
  81                                         UNIX_TIMESTAMP(),
  82                                         '.$DB->string($_POST['reg_e']).',
  83                                         @userip,
  84                                         @userip
  85                                 )');
  86
  87                 if ( defined('INVITE_ONLY') ) {
  88                         $DB->query('DELETE FROM `things` WHERE `what` = "invite"
  89                                         AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']));
  90                 }
  91
  92                 $DB->commit();
  93
  94                 setcookie('u', $_POST['reg_u'], time()+86400, '/');
  95                 setcookie('p', $_POST['reg_p'], time()+86400, '/');
  96
  97                 $user->userheader();
  98                         echo '<p class="info">Your account has been created!</p>';
  99                         if ( empty($_POST['CYA']) ) {
 100                                 echo '<p class="notice">And since you didn\'t agree to the TOS, it\'s been automatically banned! Have a nice day, fag!</p>';
 101                         }
 102                 $page->pagefooter();
 103
 104         } catch ( InvalidInputException $e ) {
 105                 header('HTTP/1.1 400 Bad Request');
 106                 $user->userheader();
 107                 echo '<p class="error">',$e->getMessage(),'</p>';
 108         } catch ( RateLimitException $e ) {
 109                 header('HTTP/1.1 400 Bad Request');
 110                 $user->userheader();
 111                 echo '<p class="error">',$e->getMessage(),'</p>';
 112         }
 113 } elseif ( defined('INVITE_ONLY') && (
 114                         !isset($_GET['code']) || !isset($_GET['user']) ||
 115                         0 == $DB->query('SELECT `userid` FROM `things` NATURAL LEFT JOIN `users`
 116                                                 WHERE `what` = "invite" AND `data` = '.$DB->string($_GET['code']).'
 117                                                 AND `users`.`userid` IS NOT NULL AND `things`.`userid` = '.intval($_GET['user']))->num_rows
 118                 ) ) {
 119         $user->userheader();
 120 ?>
 121
 122 <p class="error">You need a valid invitation code to create an account.</p>
 123 <p>Enter the registration code you were given and the user ID number of the person who gave you it.</p>
 124 <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="get">
 125         <table class="inputlist">
 126                 <tr><th scope="row">Code</th><td><input type="text" name="code" size="36" maxlength="36"/></td></tr>
 127                 <tr><th scope="row">User ID</th><td><input type="text" name="user" size="5"/></td></tr>
 128         </table>
 129         <p><button type="submit">Confirm</button></p>
 130         <p>Don't have an invite? One of <a href="userlist">our members</a> might.</p>
 131 </form>
 132
 133 <?php
 134         $page->pagefooter();
 135 } else {
 136         $user->userheader();
 137 }
 138
 139
 140 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // ipv6 doesn't work yet
 141         echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
 142         $page->pagefooter();
 143 }
 144
 145 if ( defined('INVITE_ONLY') ) {
 146         printf('<form action="%s?user=%d;code=%s" method="post">',
 147                         $_SERVER['PHP_SELF'], intval($_GET['user']), htmlentities($_GET['code']));
 148 } else {
 149         echo '<form action="',$_SERVER['PHP_SELF'],'" method="post">';
 150 }
 151
 152 list($tmp) = $DB->query('SELECT `CHARACTER_MAXIMUM_LENGTH`
 153                                                 FROM `information_schema`.`COLUMNS`
 154                                                 WHERE `TABLE_SCHEMA` = "'.DATABASE_NAME.'"
 155                                                 AND `TABLE_NAME` = "users"
 156                                                 AND `COLUMN_NAME` = "alias"')->fetch_row();
 157 ?>
 158
 159 <fieldset><legend>Register Account</legend>
 160         <p>All fields must be filled in. Usernames must be no longer than <?php echo $tmp ?> characters.</p>
 161         <table class="inputlist">
 162                 <tr><th scope="row">Username</th>
 163                         <td><input type="text" name="reg_u"/></td></tr>
 164                 <tr><th scope="row">Password</th>
 165                         <td><input type="password" name="reg_p"/></td></tr>
 166                 <tr><th scope="row">Confirm Password</th>
 167                         <td><input type="password" name="reg_c"/></td></tr>
 168                 <tr><th scope="row">Contact IRI</th>
 169                         <td><input type="text" name="reg_e"/></td></tr>
 170         </table>
 171         <p><label><input type="checkbox" name="CYA"/> I have read and agree to follow the <a href="stuff">board rules</a></label></p>
 172         <p><button type="submit" name="something">Create Account</button></p>
 173 </fieldset>
 174 </form>
 175
 176 <?php
 177 $page->pagefooter();
 178 ?>