Home Explore Help
Register Sign In
NSHkD
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Oppaitime's version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 Commits
1 Branch
Tree: 0012dc1adb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0012dc1adb'
${ noResults }
Gazelle/sections/register/index.php

index.php 9.4KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282 
  1. <?

  2. 

  3. /*

  4. if (isset($LoggedUser)) {

  5. 

  6.   //Silly user, what are you doing here!

  7.   header('Location: index.php');

  8.   die();

  9. }

  10. */

  11. 

  12. include(SERVER_ROOT.'/classes/validate.class.php');

  13. 

  14. $Val = NEW VALIDATE;

  15. 

  16. if (!empty($_REQUEST['confirm'])) {

  17.   // Confirm registration

  18.   $DB->query("

  19.     SELECT ID

  20.     FROM users_main

  21.     WHERE torrent_pass = '".db_string($_REQUEST['confirm'])."'

  22.       AND Enabled = '0'");

  23.   list($UserID) = $DB->next_record();

  24. 

  25.   if ($UserID) {

  26.     $DB->query("

  27.       UPDATE users_main

  28.       SET Enabled = '1'

  29.       WHERE ID = '$UserID'");

  30.     $Cache->increment('stats_user_count');

  31.     include('step2.php');

  32.   }

  33. 

  34. } elseif (OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {

  35.   $Val->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX));

  36.   $Val->SetFields('email', true, 'email', 'You did not enter a valid email address.');

  37.   $Val->SetFields('password', true, 'regex', 'Your password must be at least 6 characters long.', array('regex'=>'/(?=^.{6,}$).*$/'));

  38.   $Val->SetFields('confirm_password', true, 'compare', 'Your passwords do not match.', array('comparefield' => 'password'));

  39.   $Val->SetFields('readrules', true, 'checkbox', 'You did not select the box that says you will read the rules.');

  40.   $Val->SetFields('readwiki', true, 'checkbox', 'You did not select the box that says you will read the wiki.');

  41.   $Val->SetFields('agereq', true, 'checkbox', 'You did not select the box that says you are 18 years of age or older.');

  42.   //$Val->SetFields('captcha', true, 'string', 'You did not enter a captcha code.', array('minlength' => 6, 'maxlength' => 6));

  43. 

  44.   if (!apc_exists('DBKEY')) {

  45.     $Err = "Registration temporarily disabled due to degraded database access (security measure)";

  46.   }

  47. 

  48.   if (!empty($_POST['submit'])) {

  49.     // User has submitted registration form

  50.     $Err = $Val->ValidateForm($_REQUEST);

  51.     /*

  52.     if (!$Err && strtolower($_SESSION['captcha']) != strtolower($_REQUEST['captcha'])) {

  53.       $Err = 'You did not enter the correct captcha code.';

  54.     }

  55.     */

  56.     if (!$Err) {

  57.       // Don't allow a username of "0" or "1" due to PHP's type juggling

  58.       if (trim($_POST['username']) == '0' || trim($_POST['username']) == '1') {

  59.         $Err = 'You cannot have a username of "0" or "1".';

  60.       }

  61. 

  62.       $DB->query("

  63.         SELECT COUNT(ID)

  64.         FROM users_main

  65.         WHERE Username LIKE '".db_string(trim($_POST['username']))."'");

  66.       list($UserCount) = $DB->next_record();

  67. 

  68.       if ($UserCount) {

  69.         $Err = 'There is already someone registered with that username.';

  70.         $_REQUEST['username'] = '';

  71.       }

  72. 

  73.       if ($_REQUEST['invite']) {

  74.         $DB->query("

  75.           SELECT InviterID, Email, Reason

  76.           FROM invites

  77.           WHERE InviteKey = '".db_string($_REQUEST['invite'])."'");

  78.         if (!$DB->has_results()) {

  79.           $Err = 'Invite does not exist.';

  80.           $InviterID = 0;

  81.         } else {

  82.           list($InviterID, $InviteEmail, $InviteReason) = $DB->next_record(MYSQLI_NUM, false);

  83.           $InviteEmail = DBCrypt::decrypt($InviteEmail);

  84.         }

  85.       } else {

  86.         $InviterID = 0;

  87.         $InviteEmail = $_REQUEST['email'];

  88.         $InviteReason = '';

  89.       }

  90.     }

  91. 

  92.     if (!$Err) {

  93.       $torrent_pass = Users::make_secret();

  94. 

  95.       // Previously SELECT COUNT(ID) FROM users_main, which is a lot slower.

  96.       $DB->query("

  97.         SELECT ID

  98.         FROM users_main

  99.         LIMIT 1");

  100.       $UserCount = $DB->record_count();

  101.       if ($UserCount == 0) {

  102.         $NewInstall = true;

  103.         $Class = SYSOP;

  104.         $Enabled = '1';

  105.       } else {

  106.         $NewInstall = false;

  107.         $Class = USER;

  108.         $Enabled = '0';

  109.       }

  110. 

  111.       $IPcc = Tools::geoip($_SERVER['REMOTE_ADDR']);

  112. 

  113.       $DB->query("

  114.         INSERT INTO users_main

  115.           (Username, Email, PassHash, torrent_pass, IP, PermissionID, Enabled, Invites, Uploaded, ipcc)

  116.         VALUES

  117.           ('".db_string(trim($_POST['username']))."', '".DBCrypt::encrypt($_POST['email'])."', '".db_string(Users::make_sec_hash($_POST['password']))."', '".db_string($torrent_pass)."', '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."', '$Class', '$Enabled', '".STARTING_INVITES."', '1073741824', '$IPcc')");

  118. 

  119.       $UserID = $DB->inserted_id();

  120. 

  121. 

  122.       // User created, delete invite. If things break after this point, then it's better to have a broken account to fix than a 'free' invite floating around that can be reused

  123.       $DB->query("

  124.         DELETE FROM invites

  125.         WHERE InviteKey = '".db_string($_REQUEST['invite'])."'");

  126. 

  127.       // Award invite badge to inviter if they don't have it

  128.       if (Badges::award_badge($InviterID, 136)) {

  129.         Misc::send_pm($InviterID, 0, 'You have received a badge!', "You have received a badge for inviting a user to the site.\n\nIt can be enabled from your user settings.");

  130.         $Cache->delete_value('user_badges_'.$InviterID);

  131.       }

  132. 

  133.       $DB->query("

  134.         SELECT ID

  135.         FROM stylesheets

  136.         WHERE `Default` = '1'");

  137.       list($StyleID) = $DB->next_record();

  138.       $AuthKey = Users::make_secret();

  139. 

  140.       if ($InviteReason !== '') {

  141.         $InviteReason = db_string(sqltime()." - $InviteReason");

  142.       }

  143.       $DB->query("

  144.         INSERT INTO users_info

  145.           (UserID, StyleID, AuthKey, Inviter, JoinDate, AdminComment)

  146.         VALUES

  147.           ('$UserID', '$StyleID', '".db_string($AuthKey)."', '$InviterID', '".sqltime()."', '$InviteReason')");

  148. 

  149.       $DB->query("

  150.         INSERT INTO users_history_ips

  151.           (UserID, IP, StartTime)

  152.         VALUES

  153.           ('$UserID', '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."', '".sqltime()."')");

  154.       $DB->query("

  155.         INSERT INTO users_notifications_settings

  156.           (UserID)

  157.         VALUES

  158.           ('$UserID')");

  159. 

  160. 

  161.       $DB->query("

  162.         INSERT INTO users_history_emails

  163.           (UserID, Email, Time, IP)

  164.         VALUES

  165.           ('$UserID', '".DBCrypt::encrypt($_REQUEST['email'])."', '0000-00-00 00:00:00', '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."')");

  166. 

  167.       if ($_REQUEST['email'] != $InviteEmail) {

  168.         $DB->query("

  169.           INSERT INTO users_history_emails

  170.             (UserID, Email, Time, IP)

  171.           VALUES

  172.             ('$UserID', '".DBCrypt::encrypt($InviteEmail)."', '".sqltime()."', '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."')");

  173.       }

  174. 

  175. 

  176. 

  177.       // Manage invite trees, delete invite

  178. 

  179.       if ($InviterID !== null) {

  180.         $DB->query("

  181.           SELECT TreePosition, TreeID, TreeLevel

  182.           FROM invite_tree

  183.           WHERE UserID = '$InviterID'");

  184.         list($InviterTreePosition, $TreeID, $TreeLevel) = $DB->next_record();

  185. 

  186.         // If the inviter doesn't have an invite tree

  187.         // Note: This should never happen unless you've transferred from another database, like What.CD did

  188.         if (!$DB->has_results()) {

  189.           $DB->query("

  190.             SELECT MAX(TreeID) + 1

  191.             FROM invite_tree");

  192.           list($TreeID) = $DB->next_record();

  193. 

  194.           $DB->query("

  195.             INSERT INTO invite_tree

  196.               (UserID, InviterID, TreePosition, TreeID, TreeLevel)

  197.             VALUES ('$InviterID', '0', '1', '$TreeID', '1')");

  198. 

  199.           $TreePosition = 2;

  200.           $TreeLevel = 2;

  201.         } else {

  202.           $DB->query("

  203.             SELECT TreePosition

  204.             FROM invite_tree

  205.             WHERE TreePosition > '$InviterTreePosition'

  206.               AND TreeLevel <= '$TreeLevel'

  207.               AND TreeID = '$TreeID'

  208.             ORDER BY TreePosition

  209.             LIMIT 1");

  210.           list($TreePosition) = $DB->next_record();

  211. 

  212.           if ($TreePosition) {

  213.             $DB->query("

  214.               UPDATE invite_tree

  215.               SET TreePosition = TreePosition + 1

  216.               WHERE TreeID = '$TreeID'

  217.                 AND TreePosition >= '$TreePosition'");

  218.           } else {

  219.             $DB->query("

  220.               SELECT TreePosition + 1

  221.               FROM invite_tree

  222.               WHERE TreeID = '$TreeID'

  223.               ORDER BY TreePosition DESC

  224.               LIMIT 1");

  225.             list($TreePosition) = $DB->next_record();

  226.           }

  227.           $TreeLevel++;

  228. 

  229.           // Create invite tree record

  230.           $DB->query("

  231.             INSERT INTO invite_tree

  232.               (UserID, InviterID, TreePosition, TreeID, TreeLevel)

  233.             VALUES

  234.               ('$UserID', '$InviterID', '$TreePosition', '$TreeID', '$TreeLevel')");

  235.         }

  236.       } else { // No inviter (open registration)

  237.         $DB->query("

  238.           SELECT MAX(TreeID)

  239.           FROM invite_tree");

  240.         list($TreeID) = $DB->next_record();

  241.         $TreeID++;

  242.         $InviterID = 0;

  243.         $TreePosition = 1;

  244.         $TreeLevel = 1;

  245.       }

  246. 

  247.       include(SERVER_ROOT.'/classes/templates.class.php');

  248.       $TPL = NEW TEMPLATE;

  249.       $TPL->open(SERVER_ROOT.'/templates/new_registration.tpl');

  250. 

  251.       $TPL->set('Username', $_REQUEST['username']);

  252.       $TPL->set('TorrentKey', $torrent_pass);

  253.       $TPL->set('SITE_NAME', SITE_NAME);

  254.       $TPL->set('SITE_DOMAIN', SITE_DOMAIN);

  255. 

  256.       Misc::send_email($_REQUEST['email'], 'New account confirmation at '.SITE_NAME, $TPL->get(), 'noreply');

  257.       Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $torrent_pass));

  258.       $Sent = 1;

  259. 

  260. 

  261.     }

  262.   } elseif ($_GET['invite']) {

  263.     // If they haven't submitted the form, check to see if their invite is good

  264.     $DB->query("

  265.       SELECT InviteKey

  266.       FROM invites

  267.       WHERE InviteKey = '".db_string($_GET['invite'])."'");

  268.     if (!$DB->has_results()) {

  269.       error('Invite not found!');

  270.     }

  271.   }

  272. 

  273.   include('step1.php');

  274. 

  275. } elseif (!OPEN_REGISTRATION) {

  276.   if (isset($_GET['welcome'])) {

  277.     include('code.php');

  278.   } else {

  279.     include('closed.php');

  280.   }

  281. }

  282. ?>