3 * User Account Registration
5 * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
6 * @license file://COPYING
8 * @see file://lib/mysql.example
12 $page->title
= 'Account Registration';
14 if ( $user instanceof User_Authenticated
) {
15 isset($_POST['login']) ?
16 header('Location: .') : $page->errorfooter('logout');
19 if ( isset($_POST['prompt']) ) {
23 if ( isset($_POST['something']) ) {
28 if ( empty($_POST['reg_u']) ||
empty($_POST['reg_p']) ||
empty($_POST['reg_e']) ) {
29 throw new InvalidInputException('You left one or more fields empty.');
31 if ( $_POST['reg_p'] !== $_POST['reg_c'] ) {
32 throw new InvalidInputException('Both passwords must match exactly.');
34 if ( $DB->query('SELECT `userid` FROM `users` WHERE `alias` = '.$DB->string($_POST['reg_u']))->num_rows
) {
35 throw new InvalidInputException('That username is already in use. Try a different name.');
39 if ( defined('INVITE_ONLY') && (
40 !isset($_GET['code']) ||
!isset($_GET['user']) ||
41 0 == $DB->query('SELECT `userid` FROM `things` WHERE `what` = "invite"
42 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']))->num_rows
45 throw new InvalidInputException('Form data was submitted incorrectly.');
49 if ( $DB->query('SELECT `userid` FROM `users`
50 WHERE `reg_ip` = INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")
51 AND `register_date` > (UNIX_TIMESTAMP() - 3600)')->num_rows
) {
52 throw new RateLimitException('You can only register a maximum of one account per hour. Try again in one hour.');
55 $DB->autocommit(false);
57 $DB->query('SET @userip = INET_ATON('.$DB->string($_SERVER['REMOTE_ADDR']).')');
60 if ( empty($_POST['CYA']) ) {
62 $DB->query('SET @userpass = "banned"');
64 $DB->query('SET @userpass = AES_ENCRYPT('.$DB->string($_POST['reg_p']).', @userip)');
67 $DB->query('INSERT INTO `users` (
77 '.$DB->string(htmlspecialchars($_POST['reg_u'])).',
78 AES_ENCRYPT('.$DB->string($_POST['reg_p']).', @userip),
79 '.( defined('INVITE_ONLY') ?
intval($_GET['user']) : 'NULL' ).',
82 '.$DB->string($_POST['reg_e']).',
87 if ( defined('INVITE_ONLY') ) {
88 $DB->query('DELETE FROM `things` WHERE `what` = "invite"
89 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']));
94 setcookie('u', $_POST['reg_u'], time()+
86400, '/');
95 setcookie('p', $_POST['reg_p'], time()+
86400, '/');
98 echo '<p class="info">Your account has been created!</p>';
99 if ( empty($_POST['CYA']) ) {
100 echo '<p class="notice">And since you didn\'t agree to the TOS, it\'s been automatically banned! Have a nice day, fag!</p>';
104 } catch ( InvalidInputException
$e ) {
105 header('HTTP/1.1 400 Bad Request');
107 echo '<p class="error">',$e->getMessage(),'</p>';
108 } catch ( RateLimitException
$e ) {
109 header('HTTP/1.1 400 Bad Request');
111 echo '<p class="error">',$e->getMessage(),'</p>';
113 } elseif ( defined('INVITE_ONLY') && (
114 !isset($_GET['code']) ||
!isset($_GET['user']) ||
115 0 == $DB->query('SELECT `userid` FROM `things` NATURAL LEFT JOIN `users`
116 WHERE `what` = "invite" AND `data` = '.$DB->string($_GET['code']).'
117 AND `users`.`userid` IS NOT NULL AND `things`.`userid` = '.intval($_GET['user']))->num_rows
122 <p
class="error">You need a valid invitation code to create an account
.</p
>
123 <p
>Enter the registration code you were given
and the user ID number of the person who gave you it
.</p
>
124 <form action
="<?php echo $_SERVER['PHP_SELF'] ?>" method
="get">
125 <table
class="inputlist">
126 <tr
><th scope
="row">Code
</th
><td
><input type
="text" name
="code" size
="36" maxlength
="36"/></td
></tr
>
127 <tr
><th scope
="row">User ID
</th
><td
><input type
="text" name
="user" size
="5"/></td
></tr
>
129 <p
><button type
="submit">Confirm
</button
></p
>
130 <p
>Don
't have an invite? One of <a href="userlist">our members</a> might.</p>
140 if ( ip2long($_SERVER['REMOTE_ADDR
']) === false ) { // ipv6 doesn't work yet
141 echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
145 if ( defined('INVITE_ONLY') ) {
146 printf('<form action="%s?user=%d;code=%s" method="post">',
147 $_SERVER['PHP_SELF'], intval($_GET['user']), htmlentities($_GET['code']));
149 echo '<form action="',$_SERVER['PHP_SELF'],'" method="post">';
152 list($tmp) = $DB->query('SELECT `CHARACTER_MAXIMUM_LENGTH`
153 FROM `information_schema`.`COLUMNS`
154 WHERE `TABLE_SCHEMA` = "'.DATABASE_NAME
.'"
155 AND `TABLE_NAME` = "users"
156 AND `COLUMN_NAME` = "alias"')->fetch_row();
159 <fieldset
><legend
>Register Account
</legend
>
160 <p
>All fields must be filled in
. Usernames must be no longer than
<?php
echo $tmp ?
> characters
.</p
>
161 <table
class="inputlist">
162 <tr
><th scope
="row">Username
</th
>
163 <td
><input type
="text" name
="reg_u"/></td
></tr
>
164 <tr
><th scope
="row">Password
</th
>
165 <td
><input type
="password" name
="reg_p"/></td
></tr
>
166 <tr
><th scope
="row">Confirm Password
</th
>
167 <td
><input type
="password" name
="reg_c"/></td
></tr
>
168 <tr
><th scope
="row">Contact IRI
</th
>
169 <td
><input type
="text" name
="reg_e"/></td
></tr
>
171 <p
><label
><input type
="checkbox" name
="CYA"/> I have read
and agree to follow the
<a href
="stuff">board rules
</a
></label
></p
>
172 <p
><button type
="submit" name
="something">Create Account
</button
></p
>