4 // See lib/mysql.example
7 $page->title
= 'Account Registration';
9 if ( $user instanceof authuser
) {
10 isset($_POST['login']) ?
11 header('Location: .') : $page->errorfooter('logout');
14 if ( isset($_POST['prompt']) ) {
18 if ( isset($_POST['something']) ) {
23 if ( empty($_POST['reg_u']) ||
empty($_POST['reg_p']) ) {
24 throw new LengthException('You left one or more fields empty.');
26 if ( $_POST['reg_p'] !== $_POST['reg_c'] ) {
27 throw new InvalidInputException('Both passwords must match exactly.');
29 if ( $DB->query('SELECT `userid` FROM `users` WHERE `alias` = '.$DB->string($_POST['reg_u']))->num_rows
) {
30 throw new InvalidInputException('That username is already in use. Try a different name.');
33 // Catch people trying to mess with the system, then waste their time some more
34 if ( defined('INVITE_ONLY') && (
35 !isset($_GET['code']) ||
!isset($_GET['user']) ||
36 0 == $DB->query('SELECT `userid` FROM `items` WHERE `item` = "invite"
37 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']))->num_rows
40 throw new InvalidInputException('Form data was submitted incorrectly.');
44 if ( $DB->query('SELECT `userid` FROM `users`
45 WHERE `reg_ip` = INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")
46 AND `register_date` > (UNIX_TIMESTAMP() - 3600)')->num_rows
) {
47 throw new RateLimitException('You can only register a maximum of one account per hour. Try again in one hour.');
50 $DB->autocommit(false);
52 $DB->query('INSERT INTO `users` (
57 `register_date`, `last_active_date`,
59 `last_login_ip`, `reg_ip`
61 '.$DB->string(htmlspecialchars($_POST['reg_u'])).',
62 AES_ENCRYPT('.$DB->string($_POST['reg_p']).', INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")),
63 '.( defined('INVITE_ONLY') ?
intval($_GET['user']) : 'NULL' ).',
65 UNIX_TIMESTAMP(), UNIX_TIMESTAMP(),
66 '.$DB->string($_POST['reg_e']).',
67 INET_ATON("'.$_SERVER['REMOTE_ADDR'].'"), INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")
70 if ( defined('INVITE_ONLY') ) {
71 $DB->query('DELETE FROM `items` WHERE `item` = "invite"
72 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']));
78 echo '<p class="info">Account has been created.</p>';
81 } catch ( InvalidInputException
$e ) {
82 header('HTTP/1.1 400 Bad Request');
84 echo '<p class="error">',$e->getMessage(),'</p>';
85 } catch ( RateLimitException
$e ) {
86 header('HTTP/1.1 400 Bad Request');
88 echo '<p class="error">',$e->getMessage(),'</p>';
90 } elseif ( defined('INVITE_ONLY') && (
91 !isset($_GET['code']) ||
!isset($_GET['user']) ||
92 0 == $DB->query('SELECT `userid` FROM `items` NATURAL LEFT JOIN `users`
93 WHERE `item` = "invite" AND `data` = '.$DB->string($_GET['code']).'
94 AND `users`.`userid` IS NOT NULL AND `items`.`userid` = '.intval($_GET['user']))->num_rows
99 <p
class="error">You need a valid invitation code to create an account
.</p
>
100 <p
>Enter the registration code you were given
and the user ID number of the person who gave you it
.</p
>
101 <form action
="<?php echo $_SERVER['PHP_SELF'] ?>" method
="get">
102 <table
class="inputlist">
103 <tr
><th scope
="row">Code
</th
><td
><input type
="text" name
="code" size
="36" maxlength
="36"/></td
></tr
>
104 <tr
><th scope
="row">User ID
</th
><td
><input type
="text" name
="user" size
="5"/></td
></tr
>
106 <p
><button type
="submit">Confirm
</button
></p
>
116 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // mysql is brain-damaged and doesn't have an ipv6 inet_aton()
117 echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
121 if ( defined('INVITE_ONLY') ) {
122 printf('<form action="%s?user=%d;code=%s" method="post">',
123 $_SERVER['PHP_SELF'], intval($_GET['user']), htmlentities($_GET['code']));
125 echo '<form action="register" method="post">';
129 <fieldset
><legend
>Register Account
</legend
>
130 <table
class="inputlist">
131 <tr
><th scope
="row">Username
</th
>
132 <td
><input type
="text" name
="reg_u"/></td
></tr
>
133 <tr
><th scope
="row">Password
</th
>
134 <td
><input type
="password" name
="reg_p"/></td
></tr
>
135 <tr
><th scope
="row">Confirm Password
</th
>
136 <td
><input type
="password" name
="reg_c"/></td
></tr
>
137 <tr
><th scope
="row">E
-mail
/IM contact
address (optional
)</th
>
138 <td
><input type
="text" name
="reg_e"/></td
></tr
>
140 <p
><button type
="submit" name
="something">Do It
</button
></p
>