search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Did something with the DTD thing
[specialops2.git] / register.php
blobdb8e2bceb54f6b686d360928a4bb9cf66b7ffb11
1 <?php
2 /**
3 * User Account Registration
4 *
5 * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
6 * @license file://COPYING
7 * @version $Id$
8 * @see file://lib/mysql.example
9 */
10
11 require 'con.php';
12 $page->title = 'Account Registration';
13
14 if ( $user instanceof User_Authenticated ) {
15 isset($_POST['login']) ?
16 header('Location: .') : $page->errorfooter('logout');
17 }
18
19 if ( isset($_POST['prompt']) ) {
20 $_GET = $_POST;
21 }
22
23 $iri = new HTML_Select('iri', 3);
24 $iri->add_item('mailto:');
25 $iri->add_item('xmpp:');
26 $iri->add_item('aim:');
27 $iri->add_item('http://');
28 $iri->add_item('irc://');
29 $iri->add_item('Other (specify)');
30 $iri->set_default('mailto:');
31
32 if ( isset($_POST['something']) ) {
33
34 // Data validation
35 try {
36 // Check address
37 $iri->check_value($_POST['iri']);
38 if ( 'Other (specify)' == $_POST['iri'] && !preg_match('/^[a-zA-Z0-9]+:/', $_POST['addr']) ) {
39 throw new InvalidInputException('IRI protocol not specified.');
40 }
41
42 // Set $address if valid
43 if ( 'Other (specify)' == $_POST['iri'] ) {
44 $address = $_POST['addr'];
45 } else {
46 $address = $_POST['iri'].$_POST['addr'];
47 }
48
49 // Blank fields
50 if ( empty($_POST['reg_u']) || empty($_POST['reg_p']) || empty($_POST['addr']) ) {
51 throw new InvalidInputException('You left one or more fields empty.');
52 }
53
54 // Mismatched passwords
55 if ( $_POST['reg_p'] !== $_POST['reg_c'] ) {
56 throw new InvalidInputException('Both passwords must match exactly.');
57 }
58
59 // Username
60 $_POST['reg_u'] = trim($_POST['reg_u']);
61 if ( preg_match('/\s{2,}/', $_POST['reg_u']) ) {
62 throw new InvalidInputException('Usernames cannot contain sequences of 2 or more spaces.');
63 }
64
65 // Username in use
66 if ( $DB->query('SELECT `userid` FROM `users` WHERE `alias` = '.$DB->string($_POST['reg_u']))->num_rows ) {
67 throw new InvalidInputException('That username is already in use. Try a different name.');
68 }
69
70 // Faggot protection
71 if ( defined('INVITE_ONLY') && (
72 !isset($_GET['code']) || !isset($_GET['user']) ||
73 0 == $DB->query('SELECT `userid` FROM `things` WHERE `what` = "invite"
74 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']))->num_rows
75 ) ) {
76 sleep(7);
77 throw new InvalidInputException('Form data was submitted incorrectly.');
78 }
79
80 // Flood protection
81 if ( $DB->query('SELECT `userid` FROM `users`
82 WHERE `reg_ip` = INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")')->num_rows ) {
83 throw new RateLimitException('You can only register one account. '.
84 'If you lost your password, contact an admin and a new one will be sent to the IRI you specified when you signed up.');
85 }
86
87 $DB->autocommit(false);
88
89 $DB->query('SET @userip = INET_ATON('.$DB->string($_SERVER['REMOTE_ADDR']).')');
90
91 // Retard protection
92 if ( empty($_POST['CYA']) ) {
93 header('HTTP/1.1 403 Forbidden');
94 $DB->query('SET @userpass = "banned"');
95 } else {
96 header('HTTP/1.1 202 Accepted');
97 $DB->query('SET @userpass = AES_ENCRYPT('.$DB->string($_POST['reg_p']).', @userip)');
98 }
99
100 $DB->query('INSERT INTO `users` (
101 `alias`,
102 `password`,
103 `referrer`,
104 `register_date`,
105 `last_active_date`,
106 `reg_contact`,
107 `last_login_ip`,
108 `reg_ip`
109 ) VALUES (
110 '.$DB->string(htmlspecialchars($_POST['reg_u'])).',
111 @userpass,
112 '.( defined('INVITE_ONLY') ? intval($_GET['user']) : 'NULL' ).',
113 UNIX_TIMESTAMP(),
114 UNIX_TIMESTAMP(),
115 '.$DB->string($address).',
116 @userip,
117 @userip
118 )');
119
120 $DB->query('SET @userid = LAST_INSERT_ID()');
121 $user = new User_Authenticated(null);
122
123 if ( defined('INVITE_ONLY') ) {
124 $DB->query('DELETE FROM `things` WHERE `what` = "invite"
125 AND `data` = '.$DB->string($_GET['code']).' AND `userid` = '.intval($_GET['user']));
126 }
127
128 setcookie('u', $_POST['reg_u'], time()+86400, '/');
129 setcookie('p', $_POST['reg_p'], time()+86400, '/');
130
131 $user->userheader();
132
133 if ( empty($_POST['CYA']) ) {
134 echo '<p class="notice">Can\'t follow rules? Then we don\'t want you here.</p>';
135 } else {
136 echo '<p class="info">Your account has been created!</p>';
137 }
138
139 $DB->commit();
140
141 $page->pagefooter();
142
143 } catch ( Exception $e ) {
144 header('HTTP/1.1 400 Bad Request');
145 $user->userheader();
146 echo '<p class="error">',$e->getMessage(),'</p>';
147 }
148
149 } elseif ( defined('INVITE_ONLY') && (
150 !isset($_GET['code']) || !isset($_GET['user']) ||
151 0 == $DB->query('SELECT `userid` FROM `things` NATURAL LEFT JOIN `users`
152 WHERE `what` = "invite" AND `data` = '.$DB->string($_GET['code']).'
153 AND `users`.`userid` IS NOT NULL AND `things`.`userid` = '.intval($_GET['user']))->num_rows
154 ) ) {
155 $user->userheader();
156 ?>
157
158 <p class="error">You need a valid invitation code to create an account.</p>
159 <p>Enter the registration code you were given and the user ID number of the person who gave you it.</p>
160 <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="get">
161 <table class="inputlist">
162 <tr><th scope="row">Code</th><td><input type="text" name="code" size="36" maxlength="36"/></td></tr>
163 <tr><th scope="row">User ID</th><td><input type="text" name="user" size="5"/></td></tr>
164 </table>
165 <p><button type="submit">Confirm</button></p>
166 <p>Don't have an invite? One of our members might.</p>
167 </form>
168
169 <?php
170 $page->pagefooter();
171 } else {
172 $user->userheader();
173 }
174
175
176 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // ipv6 doesn't work yet
177 echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
178 $page->pagefooter();
179 }
180
181 if ( defined('INVITE_ONLY') ) {
182 printf('<form action="%s?user=%d;code=%s" method="post">',
183 $_SERVER['PHP_SELF'], intval($_GET['user']), htmlentities($_GET['code']));
184 } else {
185 echo '<form action="',$_SERVER['PHP_SELF'],'" method="post">';
186 }
187
188 list($tmp) = $DB->query('SELECT `CHARACTER_MAXIMUM_LENGTH`
189 FROM `information_schema`.`COLUMNS`
190 WHERE `TABLE_SCHEMA` = "'.DATABASE_NAME.'"
191 AND `TABLE_NAME` = "users"
192 AND `COLUMN_NAME` = "alias"')->fetch_row();
193
194 function inputval($which, $type = 'text')
195 {
196 if ( !empty($_POST[$which]) ) {
197 switch ($type) {
198 case 'text':
199 echo ' value="',htmlspecialchars($_POST[$which]),'"'; break;
200 case 'bool':
201 echo ' checked="checked"'; break;
202 }
203 }
204 }
205 ?>
206
207 <fieldset><legend>Register Account</legend>
208 <p>All fields must be filled in. Usernames must be no longer than <?php echo $tmp ?> characters.
209 You will provide a valid, permanent contact location.</p>
210 <table class="inputlist">
211 <tr><th scope="row">Username</th>
212 <td><input type="text" name="reg_u" maxlength="<?php echo $tmp ?>"<?php inputval('reg_u'); ?>/></td></tr>
213 <tr><th scope="row">Password</th>
214 <td><input type="password" name="reg_p"/></td></tr>
215 <tr><th scope="row">Confirm Password</th>
216 <td><input type="password" name="reg_c"/></td></tr>
217 <tr><th scope="row">Contact IRI</th>
218 <td><?php echo $iri->display(); ?><input type="text" name="addr"<?php inputval('addr'); ?>/></td></tr>
219 </table>
220
221 <?php readfile('res/tos.xml'); echo "\n"; ?>
222
223 <p><label><input type="checkbox" name="CYA"<?php inputval('CYA', 'bool'); ?>/> I have read and agree to follow the board rules.</label></p>
224 <p><button type="submit" name="something">Create Account</button></p>
225 </fieldset>
226 </form>
227
228 <?php
229 $page->pagefooter();
230 ?>
Special Ops source code from the bad old days, 2nd generation