search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
see last index.php commit
[specialops2.git] / register.php
blob520bc83f99f3122f2031b160d719c59345356e9d
1 <?php
2 // $Id$
3
4 // Comment this out to allow anyone to make an account
5 define('USE_INVITES', 1);
6
7 require 'con.php';
8 $page->title = 'Account Registration';
9
10 if ( $user instanceof authuser ) {
11 isset($_POST['login']) ?
12 header('Location: .') : $page->errorfooter('logout');
13 }
14
15 if ( isset($_POST['prompt']) )
16 $_GET = $_POST;
17
18 if ( isset($_POST['something']) ) {
19
20 // Data validation
21 try {
22 // Obvious stuff
23 if ( empty($_POST['reg_u']) || empty($_POST['reg_p']) )
24 throw new LengthException('You left one or more fields empty.');
25 elseif ( $_POST['reg_p'] !== $_POST['reg_c'] )
26 throw new InvalidInputException('Both passwords must match exactly.');
27 elseif ( $DB->query('SELECT `userid` FROM `users`
28 WHERE `alias` = \''.$DB->escape_string($_POST['reg_u']).'\'')->num_rows )
29 throw new InvalidInputException('That username is already in use. Try a different name.');
30
31 // I should make this run fail2ban or something
32 elseif (
33 defined('USE_INVITES') && (
34 !isset($_GET['code']) ||
35 !isset($_GET['user']) ||
36 !$DB->query('SELECT `userid` FROM `invites`
37 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\'
38 AND `userid` = '.intval($_GET['user']))->num_rows
39 )
40 )
41 throw new InvalidInputException('Form data was submitted incorrectly.');
42
43 // Flood protection
44 elseif ( $DB->query('SELECT `userid` FROM `users`
45 WHERE `reg_ip` = INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
46 AND `register_date` > (UNIX_TIMESTAMP() - 3600)')->num_rows )
47 throw new RateLimitException
48 ('You can only register a maximum of one account per hour. Try again in one hour.');
49
50 $DB->query('INSERT INTO `users` (
51 `alias`,
52 `password`,
53 `referrer`,
54 `register_date`,
55 `last_active_date`,
56 `reg_email`,
57 `last_login_ip`,
58 `reg_ip`
59 ) VALUES (
60 \''.$DB->escape_string(htmlspecialchars($_POST['reg_u'])).'\',
61 AES_ENCRYPT(\''.$DB->escape_string($_POST['reg_p']).'\',
62 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')),
63 '.( defined('USE_INVITES') ? intval($_GET['user']) : 'NULL' ).',
64 UNIX_TIMESTAMP(),
65 UNIX_TIMESTAMP(),
66 \''.$DB->escape_string($_POST['reg_e']).'\',
67 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\'),
68 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
69 )');
70
71 if ( $DB->error ) // this _really_ shouldn't happen
72 throw new DatabaseException('MySQL error in user creation: '.$DB->error);
73
74 if ( defined('USE_INVITES') )
75 $DB->query('DELETE FROM `invites`
76 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\'
77 AND `userid` = '.intval($_GET['user']));
78
79 $user->userheader();
80 echo '<p class="info">Account has been created.</p>';
81 $page->pagefooter();
82
83 } catch ( InvalidInputException $e ) {
84 $user->userheader();
85 echo '<p class="error">',$e->getMessage(),'</p>';
86 } catch ( RateLimitException $e ) {
87 $user->userheader();
88 echo '<p class="error">',$e->getMessage(),'</p>';
89 }
90 } elseif (
91 defined('USE_INVITES') && (
92 !isset($_GET['code']) ||
93 !isset($_GET['user']) ||
94 !$DB->query('SELECT `userid` FROM `invites`
95 NATURAL LEFT JOIN `users`
96 WHERE `code` = \''.$DB->escape_string($_GET['code']).'\'
97 AND `users`.`userid` IS NOT NULL
98 AND `invites`.`userid` = '.intval($_GET['user']))->num_rows
99 )
100 ) {
101 $user->userheader();
102 ?>
103
104 <p class="error">You need a valid invitation code to create an account.</p>
105 <p>Enter the registration code you were given and the user ID number of the person who gave you it.</p>
106 <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
107 <table class="inputlist">
108 <tr><th scope="row">Code</th><td><input type="text" name="code"/></td></tr>
109 <tr><th scope="row">User ID</th><td><input type="text" name="user"/></td></tr>
110 </table>
111 <p><button type="submit" name="prompt" value="yes">Confirm</button></p>
112 </form>
113
114 <?php
115 $page->pagefooter();
116 } else
117 $user->userheader();
118
119 if ( ip2long($_SERVER['REMOTE_ADDR']) === false ) { // lancelott is a ricer
120 echo '<p class="error">Error: You have to register from an IPv4 address.</p>',"\n";
121 $page->pagefooter();
122 }
123
124 if ( defined('USE_INVITES') )
125 printf('<form action="%s?user=%d;code=%s" method="post">',
126 $_SERVER['PHP_SELF'], intval($_GET['user']), htmlentities($_GET['code']));
127 else
128 echo '<form action="register" method="post">';
129 ?>
130
131 <fieldset><legend>Register Account</legend>
132 <p class="info">Fill in the form and click Register to make a new account.</p>
133 <table class="inputlist">
134 <tr><th scope="row">Username</th>
135 <td><input type="text" name="reg_u"/></td></tr>
136 <tr><th scope="row">Password</th>
137 <td><input type="password" name="reg_p"/></td></tr>
138 <tr><th scope="row">Confirm Password</th>
139 <td><input type="password" name="reg_c"/></td></tr>
140 <tr><th scope="row">Email (optional)</th>
141 <td><input type="text" name="reg_e"/></td></tr>
142 </table>
143 <p><button type="submit" name="something" value="reg">Register Account</button></p>
144 </fieldset>
145 </form>
146
147 <?php
148 $page->pagefooter();
149 ?>
150
Special Ops source code from the bad old days, 2nd generation