register.php

   1 <?php
   2 /**
   3  * User Account Registration
   4  *
   5  * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
   6  * @license file://COPYING
   7  * @version $Id$
   8  * @see file://lib/mysql.example
   9  */
  10
  11 require 'con.php';
  12 $page->title = 'Account Registration';
  13
  14 if ( $user instanceof User_Authenticated ) {
  15         isset($_POST['login']) ?
  16                 header('Location: .') : $page->errorfooter('logout');
  17 }
  18
  19 if ( isset($_POST['prompt']) ) {
  20         $_GET = $_POST;
  21 }
  22
  23 if ( isset($_POST['something']) ) {
  24
  25         // Data validation
  26         try {
  27                 // Obvious stuff
  28                 if ( empty($_POST['reg_u']) || empty($_POST['reg_p']) || empty($_POST['reg_e']) ) {
  29                         throw new InvalidInputException('You left one or more fields empty.');
  30                 }
  31                 if ( $_POST['reg_p'] !== $_POST['reg_c'] ) {
  32                         throw new InvalidInputException('Both passwords must match exactly.');
  33                 }
  34                 if ( !preg_match('/^[a-zA-Z0-9]+:/', $_POST['reg_e']) ) {
  35                         throw new InvalidInputException('IRI protocol not specified.');
  36                 }
  37                 if ( strpos($_POST['reg_e'], 'dodgeit') ) {
  38                         unset($_POST['CYA']);
  39                 }
  40                 if ( $DB->query('SELECT `userid` FROM `users` WHERE `alias` = '.$DB->string($_POST['reg_u']))->num_rows ) {
  41                         throw new InvalidInputException('That username is already in use. Try a different name.');
  42                 }
  43
  44                 // Faggot protection
  45                 if ( defined('INVITE_ONLY') && (
  46                                         !isset($_GET['code']) || !isset($_GET['user']) ||
  47                                         0 == $DB->query('SELECT `userid` FROM `things` WHERE `what` = "invite"
  48                                                         AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']))->num_rows
  49                         ) ) {
  50                         sleep(7);
  51                         throw new InvalidInputException('Form data was submitted incorrectly.');
  52                 }
  53
  54                 // Flood protection
  55                 if ( $DB->query('SELECT `userid` FROM `users`
  56                                         WHERE `reg_ip` = INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")')->num_rows ) {
  57                         throw new RateLimitException('You can only register one account. '.
  58                                 'If you lost your password, contact an admin and a new one will be sent to the IRI you specified when you signed up.');
  59                 }
  60
  61                 $DB->autocommit(false);
  62
  63                 $DB->query('SET @userip = INET_ATON('.$DB->string($_SERVER['REMOTE_ADDR']).')');
  64
  65                 // Retard protection
  66                 if ( empty($_POST['CYA']) ) {
  67                         header('HTTP/1.1 403 Forbidden');
  68                         $DB->query('SET @userpass = "banned"');
  69                 } else {
  70                         $DB->query('SET @userpass = AES_ENCRYPT('.$DB->string($_POST['reg_p']).', @userip)');
  71                 }
  72
  73                 $DB->query('INSERT INTO `users` (
  74                                         `alias`,
  75                                         `password`,
  76                                         `referrer`,
  77                                         `register_date`,
  78                                         `last_active_date`,
  79                                         `reg_contact`,
  80                                         `last_login_ip`,
  81                                         `reg_ip`
  82                                 ) VALUES (
  83                                         '.$DB->string(htmlspecialchars($_POST['reg_u'])).',
  84                                         @userpass,
  85                                         '.( defined('INVITE_ONLY') ? intval($_GET['user']) : 'NULL' ).',
  86                                         UNIX_TIMESTAMP(),
  87                                         UNIX_TIMESTAMP(),
  88                                         '.$DB->string($_POST['reg_e']).',
  89                                         @userip,
  90                                         @userip
  91                                 )');
  92
  93                 if ( defined('INVITE_ONLY') ) {
  94                         $DB->query('DELETE FROM `things` WHERE `what` = "invite"
  95                                         AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']));
  96                 }
  97
  98                 $DB->commit();
  99
 100                 setcookie('u', $_POST['reg_u'], time()+86400, '/');
 101                 setcookie('p', $_POST['reg_p'], time()+86400, '/');
 102
 103                 header('HTTP/1.1 202 Accepted');
 104                 $user->userheader();
 105                         echo '<p class="info">Your account has been created!</p>';
 106                         if ( empty($_POST['CYA']) ) {
 107                                 echo '<p class="notice">And since you didn\'t agree to the TOS, it\'s been automatically banned! Have a nice day, fag!</p>';
 108                         }
 109                 $page->pagefooter();
 110
 111         } catch ( InvalidInputException $e ) {
 112                 header('HTTP/1.1 400 Bad Request');
 113                 $user->userheader();
 114                 echo '<p class="error">',$e->getMessage(),'</p>';
 115         } catch ( RateLimitException $e ) {
 116                 header('HTTP/1.1 400 Bad Request');
 117                 $user->userheader();
 118                 echo '<p class="error">',$e->getMessage(),'</p>';
 119         }
 120 } elseif ( defined('INVITE_ONLY') && (
 121                         !isset($_GET['code']) || !isset($_GET['user']) ||
 122                         0 == $DB->query('SELECT `userid` FROM `things` NATURAL LEFT JOIN `users`
 123                                                 WHERE `what` = "invite" AND `data` = '.$DB->string($_GET['code']).'
 124                                                 AND `users`.`userid` IS NOT NULL AND `things`.`userid` = '.intval($_GET['user']))->num_rows
 125                 ) ) {
 126         $user->userheader();
 127 ?>
 128
 129 <p class="error">You need a valid invitation code to create an account.</p>
 130 <p>Enter the registration code you were given and the user ID number of the person who gave you it.</p>
 131 <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="get">
 132         <table class="inputlist">
 133                 <tr><th scope="row">Code</th><td><input type="text" name="code" size="36" maxlength="36"/></td></tr>
 134                 <tr><th scope="row">User ID</th><td><input type="text" name="user" size="5"/></td></tr>
 135         </table>
 136         <p><button type="submit">Confirm</button></p>
 137         <p>Don't have an invite? One of <a href="userlist">our members</a> might.</p>
 138 </form>
 139
 140 <?php
 141         $page->pagefooter();
 142 } else {
 143         $user->userheader();
 144 }
 145
 146
 147 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // ipv6 doesn't work yet
 148         echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
 149         $page->pagefooter();
 150 }
 151
 152 if ( defined('INVITE_ONLY') ) {
 153         printf('<form action="%s?user=%d;code=%s" method="post">',
 154                         $_SERVER['PHP_SELF'], intval($_GET['user']), htmlentities($_GET['code']));
 155 } else {
 156         echo '<form action="',$_SERVER['PHP_SELF'],'" method="post">';
 157 }
 158
 159 list($tmp) = $DB->query('SELECT `CHARACTER_MAXIMUM_LENGTH`
 160                                                 FROM `information_schema`.`COLUMNS`
 161                                                 WHERE `TABLE_SCHEMA` = "'.DATABASE_NAME.'"
 162                                                 AND `TABLE_NAME` = "users"
 163                                                 AND `COLUMN_NAME` = "alias"')->fetch_row();
 164 ?>
 165
 166 <fieldset><legend>Register Account</legend>
 167         <p>All fields must be filled in. Usernames must be no longer than <?php echo $tmp ?> characters.
 168                 You will provide a valid, permanent contact location.</p>
 169         <table class="inputlist">
 170                 <tr><th scope="row">Username</th>
 171                         <td><input type="text" name="reg_u"/></td></tr>
 172                 <tr><th scope="row">Password</th>
 173                         <td><input type="password" name="reg_p"/></td></tr>
 174                 <tr><th scope="row">Confirm Password</th>
 175                         <td><input type="password" name="reg_c"/></td></tr>
 176                 <tr><th scope="row">Contact IRI</th>
 177                         <td><input type="text" name="reg_e"/></td></tr>
 178         </table>
 179 <?php readfile('res/tos.xml') ?>
 180         <p><label><input type="checkbox" name="CYA"/> I have read and agree to follow the board rules.</label></p>
 181         <p><button type="submit" name="something">Create Account</button></p>
 182 </fieldset>
 183 </form>
 184
 185 <?php
 186 $page->pagefooter();
 187 ?>