3 * User Account Registration
5 * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
6 * @license file://COPYING
8 * @see file://lib/mysql.example
12 $page->title
= 'Account Registration';
14 if ( $user instanceof User_Authenticated
) {
15 isset($_POST['login']) ?
16 header('Location: .') : $page->errorfooter('logout');
19 if ( isset($_POST['prompt']) ) {
23 $iri = new HTML_Select('iri', 3);
24 $iri->add_item('mailto:');
25 $iri->add_item('xmpp:');
26 $iri->add_item('aim:');
27 $iri->add_item('http://');
28 $iri->add_item('irc://');
29 $iri->add_item('Other (specify)');
30 $iri->set_default('mailto:');
32 if ( isset($_POST['something']) ) {
37 $iri->check_value($_POST['iri']);
38 if ( 'Other (specify)' == $_POST['iri'] && !preg_match('/^[a-zA-Z0-9]+:/', $_POST['addr']) ) {
39 throw new InvalidInputException('IRI protocol not specified.');
42 // Set $address if valid
43 if ( 'Other (specify)' == $_POST['iri'] ) {
44 $address = $_POST['addr'];
46 $address = $_POST['iri'].$_POST['addr'];
50 if ( empty($_POST['reg_u']) ||
empty($_POST['reg_p']) ||
empty($_POST['addr']) ) {
51 throw new InvalidInputException('You left one or more fields empty.');
54 // Mismatched passwords
55 if ( $_POST['reg_p'] !== $_POST['reg_c'] ) {
56 throw new InvalidInputException('Both passwords must match exactly.');
60 $_POST['reg_u'] = trim($_POST['reg_u']);
61 if ( preg_match('/\s{2,}/', $_POST['reg_u']) ) {
62 throw new InvalidInputException('Usernames cannot contain sequences of 2 or more spaces.');
66 if ( $DB->query('SELECT `userid` FROM `users` WHERE `alias` = '.$DB->string($_POST['reg_u']))->num_rows
) {
67 throw new InvalidInputException('That username is already in use. Try a different name.');
71 if ( defined('INVITE_ONLY') && (
72 !isset($_GET['code']) ||
!isset($_GET['user']) ||
73 0 == $DB->query('SELECT `userid` FROM `things` WHERE `what` = "invite"
74 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']))->num_rows
77 throw new InvalidInputException('Form data was submitted incorrectly.');
81 if ( $DB->query('SELECT `userid` FROM `users`
82 WHERE `reg_ip` = INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")')->num_rows
) {
83 throw new RateLimitException('You can only register one account. '.
84 'If you lost your password, contact an admin and a new one will be sent to the IRI you specified when you signed up.');
87 $DB->autocommit(false);
89 $DB->query('SET @userip = INET_ATON('.$DB->string($_SERVER['REMOTE_ADDR']).')');
92 if ( empty($_POST['CYA']) ) {
93 header('HTTP/1.1 403 Forbidden');
94 $DB->query('SET @userpass = "banned"');
96 header('HTTP/1.1 202 Accepted');
97 $DB->query('SET @userpass = AES_ENCRYPT('.$DB->string($_POST['reg_p']).', @userip)');
100 $DB->query('INSERT INTO `users` (
110 '.$DB->string(htmlspecialchars($_POST['reg_u'])).',
112 '.( defined('INVITE_ONLY') ?
intval($_GET['user']) : 'NULL' ).',
115 '.$DB->string($address).',
120 $DB->query('SET @userid = LAST_INSERT_ID()');
121 $user = new User_Authenticated(null);
123 if ( defined('INVITE_ONLY') ) {
124 $DB->query('DELETE FROM `things` WHERE `what` = "invite"
125 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']));
128 setcookie('u', $_POST['reg_u'], time()+
86400, '/');
129 setcookie('p', $_POST['reg_p'], time()+
86400, '/');
133 if ( empty($_POST['CYA']) ) {
134 echo '<p class="notice">Can\'t follow rules? Then we don\'t want you here.</p>';
136 echo '<p class="info">Your account has been created!</p>';
143 } catch ( Exception
$e ) {
144 header('HTTP/1.1 400 Bad Request');
146 echo '<p class="error">',$e->getMessage(),'</p>';
149 } elseif ( defined('INVITE_ONLY') && (
150 !isset($_GET['code']) ||
!isset($_GET['user']) ||
151 0 == $DB->query('SELECT `userid` FROM `things` NATURAL LEFT JOIN `users`
152 WHERE `what` = "invite" AND `data` = '.$DB->string($_GET['code']).'
153 AND `users`.`userid` IS NOT NULL AND `things`.`userid` = '.intval($_GET['user']))->num_rows
158 <p
class="error">You need a valid invitation code to create an account
.</p
>
159 <p
>Enter the registration code you were given
and the user ID number of the person who gave you it
.</p
>
160 <form action
="<?php echo $_SERVER['PHP_SELF'] ?>" method
="get">
161 <table
class="inputlist">
162 <tr
><th scope
="row">Code
</th
><td
><input type
="text" name
="code" size
="36" maxlength
="36"/></td
></tr
>
163 <tr
><th scope
="row">User ID
</th
><td
><input type
="text" name
="user" size
="5"/></td
></tr
>
165 <p
><button type
="submit">Confirm
</button
></p
>
166 <p
>Don
't have an invite? One of our members might.</p>
176 if ( ip2long($_SERVER['REMOTE_ADDR
']) === false ) { // ipv6 doesn't work yet
177 echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
181 if ( defined('INVITE_ONLY') ) {
182 printf('<form action="%s?user=%d;code=%s" method="post">',
183 $_SERVER['PHP_SELF'], intval($_GET['user']), htmlentities($_GET['code']));
185 echo '<form action="',$_SERVER['PHP_SELF'],'" method="post">';
188 list($tmp) = $DB->query('SELECT `CHARACTER_MAXIMUM_LENGTH`
189 FROM `information_schema`.`COLUMNS`
190 WHERE `TABLE_SCHEMA` = "'.DATABASE_NAME
.'"
191 AND `TABLE_NAME` = "users"
192 AND `COLUMN_NAME` = "alias"')->fetch_row();
194 function inputval($which, $type = 'text')
196 if ( !empty($_POST[$which]) ) {
199 echo ' value="',htmlspecialchars($_POST[$which]),'"'; break;
201 echo ' checked="checked"'; break;
207 <fieldset
><legend
>Register Account
</legend
>
208 <p
>All fields must be filled in
. Usernames must be no longer than
<?php
echo $tmp ?
> characters
.
209 You will provide a valid
, permanent contact location
.</p
>
210 <table
class="inputlist">
211 <tr
><th scope
="row">Username
</th
>
212 <td
><input type
="text" name
="reg_u" maxlength
="<?php echo $tmp ?>"<?php
inputval('reg_u'); ?
>/></td
></tr
>
213 <tr
><th scope
="row">Password
</th
>
214 <td
><input type
="password" name
="reg_p"/></td
></tr
>
215 <tr
><th scope
="row">Confirm Password
</th
>
216 <td
><input type
="password" name
="reg_c"/></td
></tr
>
217 <tr
><th scope
="row">Contact IRI
</th
>
218 <td
><?php
echo $iri->display(); ?
><input type
="text" name
="addr"<?php
inputval('addr'); ?
>/></td
></tr
>
221 <?php
readfile('res/tos.xml'); echo "\n"; ?
>
223 <p
><label
><input type
="checkbox" name
="CYA"<?php
inputval('CYA', 'bool'); ?
>/> I have read
and agree to follow the board rules
.</label
></p
>
224 <p
><button type
="submit" name
="something">Create Account
</button
></p
>