search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Userlevel checks are gone, as are the defines. SQL code is next.
[specialops2.git] / register.php
blobf5da7687d898fb776a47fc09a82c25b1475c4c8f
1 <?php
2 // $Id$
3
4 require 'con.php';
5 $page->title = 'Account Registration';
6
7 if ( $user instanceof authuser ) {
8 isset($_POST['login']) ?
9 $page->pagefooter() :
10 $page->errorfooter('logout');
11 }
12
13 if ( isset($_POST['prompt']) )
14 $_GET = $_POST;
15
16 if ( isset($_POST['something']) ) {
17
18 // Data validation
19 try {
20 // Obvious stuff
21 if ( empty($_POST['reg_u']) || empty($_POST['reg_p']) || empty($_POST['reg_e']) )
22 throw new LengthException('You left one or more text fields empty.');
23 elseif ( $_POST['reg_p'] !== $_POST['reg_c'] )
24 throw new InvalidInputException('Both passwords must match exactly.');
25 elseif ( $DB->query('SELECT `userid` FROM `users`
26 WHERE `alias` = \''.$DB->escape_string($_POST['reg_u']).'\'')->num_rows )
27 throw new InvalidInputException('That username is already in use. Try a different name.');
28
29 // I should make this run fail2ban or something
30 elseif (
31 !isset($_GET['code']) ||
32 !isset($_GET['user']) ||
33 !$DB->query('SELECT `userid` FROM `invites`
34 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\'
35 AND `userid` = '.intval($_GET['user']))->num_rows
36 )
37 throw new InvalidInputException('Form data was submitted incorrectly.');
38
39 // Flood protection
40 elseif (
41 isset($_COOKIE['auto']) ||
42 $DB->query('SELECT `userid` FROM `users`
43 WHERE `reg_ip` = INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
44 AND `register_date` > (UNIX_TIMESTAMP() - 3600)')->num_rows
45 )
46 throw new RateLimitException('You can only register a maximum of one account per hour. Try again in one hour.');
47
48 $DB->query('INSERT INTO `users` (
49 `alias`,
50 `password`,
51 `referrer`,
52 `register_date`,
53 `last_active_date`,
54 `reg_email`,
55 `last_login_ip`,
56 `reg_ip`
57 ) VALUES (
58 \''.$DB->escape_string(htmlspecialchars($_POST['reg_u'])).'\',
59 AES_ENCRYPT(\''.$DB->escape_string($_POST['reg_p']).'\',
60 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')),
61 '.intval($_GET['user']).',
62 UNIX_TIMESTAMP(),
63 UNIX_TIMESTAMP(),
64 \''.$DB->escape_string($_POST['reg_e']).'\',
65 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\'),
66 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
67 )');
68
69 if ( $DB->error )
70 throw new DatabaseException('MySQL error in user creation: '.$DB->error); // furry
71 $DB->query('DELETE FROM `invites`
72 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\'
73 AND `userid` = '.intval($_GET['user']));
74
75 setcookie('auto', 'yes', time()+3600);
76 $user->userheader();
77 echo '<p class="info">Account has been created.</p>';
78 $page->pagefooter();
79
80 } catch ( InvalidInputException $e ) {
81 $user->userheader();
82 echo '<p class="error">',$e->getMessage(),'</p>';
83 } catch ( RateLimitException $e ) {
84 setcookie('auto', 'yes', time()+3600);
85 $user->userheader();
86 echo '<p class="error">',$e->getMessage(),'</p>';
87 }
88 } elseif (
89 !isset($_GET['code']) ||
90 !isset($_GET['user']) ||
91 !$DB->query('SELECT `userid` FROM `invites`
92 NATURAL LEFT JOIN `users`
93 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\'
94 AND `users`.`userid` IS NOT NULL
95 AND `invites`.`userid` = '.intval($_GET['user']))->num_rows
96 ) {
97 $user->userheader();
98 ?>
99 <p class="error">You need a valid invitation code to create an account.</p>
100 <form action="register" method="post">
101 <p class="info">Enter the registration code you were given and the user ID number of the person who gave you it.</p>
102 <table class="inputlist">
103 <tr><th scope="row">Code</th>
104 <td><input type="text" name="code"/></td></tr>
105 <tr><th scope="row">User ID</th>
106 <td><input type="text" name="user"/></td></tr>
107 </table>
108 <p><button type="submit" name="prompt" value="yes">Confirm</button></p>
109 </form>
110
111 <?php
112 $page->pagefooter();
113 } else
114 $user->userheader();
115
116 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // lancelott is a ricer
117 echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
118 $page->pagefooter();
119 }
120 ?>
121
122 <form action="register?user=<?php echo intval($_GET['user']) ?>;code=<?php echo htmlentities($_GET['code']) ?>" method="post">
123 <fieldset class="content"><legend>Register Account</legend>
124 <p class="info">Fill in all fields and click Register to make a new account.</p>
125 <table class="inputlist">
126 <tr><th scope="row">Username</th>
127 <td><input type="text" name="reg_u"/></td></tr>
128 <tr><th scope="row">Password</th>
129 <td><input type="password" name="reg_p"/></td></tr>
130 <tr><th scope="row">Confirm Password</th>
131 <td><input type="password" name="reg_c"/></td></tr>
132 <tr><th scope="row">Email</th>
133 <td><input type="text" name="reg_e"/></td></tr>
134 </table>
135 <p><button type="submit" name="something" value="reg">Register Account</button></p>
136 </fieldset>
137 </form>
138
139 <?php
140 $page->pagefooter();
141 ?>
142
Special Ops source code from the bad old days, 2nd generation