Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1081 Commits
2 Branches
Tree: 67aa729cc8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '67aa729cc8'
${ noResults }
Gazelle/sections/register/index.php

index.php 10KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281 
  1. <?php

  2. declare(strict_types=1);

  3. 

  4. # Unsure if require_once is needed here

  5. require_once 'classes/env.class.php';

  6. $ENV = ENV::go();

  7. 

  8. /*

  9. if (isset($LoggedUser)) {

  10.     // Silly user, what are you doing here!

  11.     header('Location: index.php');

  12.     error();

  13. }

  14. */

  15. 

  16. include SERVER_ROOT.'/classes/validate.class.php';

  17. $Val = new Validate;

  18. 

  19. if (!empty($_REQUEST['confirm'])) {

  20.     // Confirm registration

  21.     $DB->query("

  22.     SELECT ID

  23.     FROM users_main

  24.     WHERE torrent_pass = '".db_string($_REQUEST['confirm'])."'

  25.       AND Enabled = '0'");

  26.     list($UserID) = $DB->next_record();

  27. 

  28.     if ($UserID) {

  29.         $DB->query("

  30.       UPDATE users_main

  31.       SET Enabled = '1'

  32.       WHERE ID = '$UserID'");

  33.         $Cache->increment('stats_user_count');

  34.         include('step2.php');

  35.     }

  36. } elseif ($ENV->OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {

  37.     $Val->SetFields('username', true, 'regex', "You didn't enter a valid username.", array('regex' => USERNAME_REGEX));

  38.     $Val->SetFields('email', true, 'email', "You didn't enter a valid email address.");

  39.     $Val->SetFields('password', true, 'regex', "Your password was too short.", array('regex'=>'/(?=^.{6,}$).*$/'));

  40.     $Val->SetFields('confirm_password', true, 'compare', "Your passwords don't match.", array('comparefield' => 'password'));

  41.     $Val->SetFields('readrules', true, 'checkbox', "You didn't agree to read the rules and wiki.");

  42.     $Val->SetFields('readwiki', true, 'checkbox', "You didn't provide consent to the privacy policy.");

  43.     $Val->SetFields('agereq', true, 'checkbox', "You didn't confirm that you're of legal age.");

  44. 

  45.     if (!apcu_exists('DBKEY')) {

  46.         $Err = "Registration temporarily disabled due to degraded database access (security measure).";

  47.     }

  48. 

  49.     if (!empty($_POST['submit'])) {

  50.         // User has submitted registration form

  51.         $Err = $Val->ValidateForm($_REQUEST);

  52. 

  53.         if (!$Err) {

  54.             // Don't allow a username of "0" or "1" due to PHP's type juggling

  55.             if (trim($_POST['username']) === '0' || trim($_POST['username']) === '1') {

  56.                 $Err = "You can't have a username of 0 or 1.";

  57.             }

  58. 

  59.             $DB->query("

  60.         SELECT COUNT(ID)

  61.         FROM users_main

  62.         WHERE Username LIKE '".db_string(trim($_POST['username']))."'");

  63.             list($UserCount) = $DB->next_record();

  64. 

  65.             if ($UserCount) {

  66.                 $Err = "There's already someone registered with that username.";

  67.                 $_REQUEST['username'] = '';

  68.             }

  69. 

  70.             if ($_REQUEST['invite']) {

  71.                 $DB->query("

  72.           SELECT InviterID, Email, Reason

  73.           FROM invites

  74.           WHERE InviteKey = '".db_string($_REQUEST['invite'])."'");

  75.                 if (!$DB->has_results()) {

  76.                     $Err = "The invite code is invalid.";

  77.                     $InviterID = 0;

  78.                 } else {

  79.                     list($InviterID, $InviteEmail, $InviteReason) = $DB->next_record(MYSQLI_NUM, false);

  80.                     $InviteEmail = Crypto::decrypt($InviteEmail);

  81.                 }

  82.             } else {

  83.                 $InviterID = 0;

  84.                 $InviteEmail = $_REQUEST['email'];

  85.                 $InviteReason = '';

  86.             }

  87.         }

  88. 

  89.         if (!$Err) {

  90.             $torrent_pass = Users::make_secret();

  91. 

  92.             // Previously SELECT COUNT(ID) FROM users_main, which is a lot slower

  93.             $DB->query("

  94.         SELECT ID

  95.         FROM users_main

  96.         LIMIT 1");

  97.             $UserCount = $DB->record_count();

  98.             if ($UserCount === 0) {

  99.                 $NewInstall = true;

  100.                 $Class = SYSOP;

  101.                 $Enabled = '1';

  102.             } else {

  103.                 $NewInstall = false;

  104.                 $Class = USER;

  105.                 $Enabled = '0';

  106.             }

  107. 

  108. 

  109.             $DB->query("

  110.         INSERT INTO users_main

  111.           (Username, Email, PassHash, torrent_pass, IP, PermissionID, Enabled, Invites, FLTokens, Uploaded)

  112.         VALUES

  113.           ('".db_string(trim($_POST['username']))."',

  114.           '".Crypto::encrypt($_POST['email'])."',

  115.           '".db_string(Users::make_sec_hash($_POST['password']))."',

  116.           '".db_string($torrent_pass)."',

  117.           '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."',

  118.           '$Class',

  119.           '$Enabled',

  120.           '".$ENV->STARTING_INVITES."',

  121.           '".$ENV->STARTING_TOKENS."',

  122.           '".$ENV->STARTING_UPLOAD."')

  123.           ");

  124. 

  125.             $UserID = $DB->inserted_id();

  126. 

  127.             // User created, delete invite. If things break after this point, then it's better to have a broken account to fix than a 'free' invite floating around that can be reused

  128.             $DB->query("

  129.         DELETE FROM invites

  130.         WHERE InviteKey = '".db_string($_REQUEST['invite'])."'");

  131. 

  132.             // Award invite badge to inviter if they don't have it

  133.             /*

  134.                 if (Badges::award_badge($InviterID, 136)) {

  135.                     Misc::send_pm($InviterID, 0, 'You have received a badge!', "You have received a badge for inviting a user to the site.\n\nIt can be enabled from your user settings.");

  136.                     $Cache->delete_value('user_badges_'.$InviterID);

  137.             }

  138.              */

  139. 

  140.             $DB->query("

  141.         SELECT ID

  142.         FROM stylesheets

  143.         WHERE `Default` = '1'");

  144.             list($StyleID) = $DB->next_record();

  145.             $AuthKey = Users::make_secret();

  146. 

  147.             if ($InviteReason !== '') {

  148.                 $InviteReason = db_string(sqltime()." - $InviteReason");

  149.             }

  150.             $DB->query("

  151.         INSERT INTO users_info

  152.           (UserID, StyleID, AuthKey, Inviter, JoinDate, AdminComment)

  153.         VALUES

  154.           ('$UserID', '$StyleID', '".db_string($AuthKey)."', '$InviterID', NOW(), '$InviteReason')");

  155. 

  156.             $DB->query("

  157.         INSERT INTO users_history_ips

  158.           (UserID, IP, StartTime)

  159.         VALUES

  160.           ('$UserID', '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."', NOW())");

  161.             $DB->query("

  162.         INSERT INTO users_notifications_settings

  163.           (UserID)

  164.         VALUES

  165.           ('$UserID')");

  166. 

  167.             $DB->query("

  168.         INSERT INTO users_history_emails

  169.           (UserID, Email, Time, IP)

  170.         VALUES

  171.           ('$UserID', '".Crypto::encrypt($_REQUEST['email'])."', NULL, '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."')");

  172. 

  173.             if ($_REQUEST['email'] != $InviteEmail) {

  174.                 $DB->query("

  175.           INSERT INTO users_history_emails

  176.             (UserID, Email, Time, IP)

  177.           VALUES

  178.             ('$UserID', '".Crypto::encrypt($InviteEmail)."', NOW(), '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."')");

  179.             }

  180. 

  181.             // Manage invite trees, delete invite

  182.             if ($InviterID !== null && $InviterID !== 0) {

  183.                 $DB->query("

  184.           SELECT TreePosition, TreeID, TreeLevel

  185.           FROM invite_tree

  186.           WHERE UserID = '$InviterID'");

  187.                 list($InviterTreePosition, $TreeID, $TreeLevel) = $DB->next_record();

  188. 

  189.                 // If the inviter doesn't have an invite tree

  190.                 // Note: This should never happen unless you've transferred from another database, like What.CD did

  191.                 if (!$DB->has_results()) {

  192.                     $DB->query("

  193.             SELECT MAX(TreeID) + 1

  194.             FROM invite_tree");

  195.                     list($TreeID) = $DB->next_record();

  196. 

  197.                     $DB->query("

  198.             INSERT INTO invite_tree

  199.               (UserID, InviterID, TreePosition, TreeID, TreeLevel)

  200.             VALUES ('$InviterID', '0', '1', '$TreeID', '1')");

  201. 

  202.                     $TreePosition = 2;

  203.                     $TreeLevel = 2;

  204.                 } else {

  205.                     $DB->query("

  206.             SELECT TreePosition

  207.             FROM invite_tree

  208.             WHERE TreePosition > '$InviterTreePosition'

  209.               AND TreeLevel <= '$TreeLevel'

  210.               AND TreeID = '$TreeID'

  211.             ORDER BY TreePosition

  212.             LIMIT 1");

  213.                     list($TreePosition) = $DB->next_record();

  214. 

  215.                     if ($TreePosition) {

  216.                         $DB->query("

  217.               UPDATE invite_tree

  218.               SET TreePosition = TreePosition + 1

  219.               WHERE TreeID = '$TreeID'

  220.                 AND TreePosition >= '$TreePosition'");

  221.                     } else {

  222.                         $DB->query("

  223.               SELECT TreePosition + 1

  224.               FROM invite_tree

  225.               WHERE TreeID = '$TreeID'

  226.               ORDER BY TreePosition DESC

  227.               LIMIT 1");

  228.                         list($TreePosition) = $DB->next_record();

  229.                     }

  230.                     $TreeLevel++;

  231. 

  232.                     // Create invite tree record

  233.                     $DB->query("

  234.             INSERT INTO invite_tree

  235.               (UserID, InviterID, TreePosition, TreeID, TreeLevel)

  236.             VALUES

  237.               ('$UserID', '$InviterID', '$TreePosition', '$TreeID', '$TreeLevel')");

  238.                 }

  239.             } else { // No inviter (open registration)

  240.                 $DB->query("

  241.           SELECT MAX(TreeID)

  242.           FROM invite_tree");

  243.                 list($TreeID) = $DB->next_record();

  244.                 $TreeID++;

  245.                 $InviterID = 0;

  246.                 $TreePosition = 1;

  247.                 $TreeLevel = 1;

  248.             }

  249. 

  250.             include(SERVER_ROOT.'/classes/templates.class.php');

  251.             $TPL = new TEMPLATE;

  252.             $TPL->open(SERVER_ROOT.'/templates/new_registration.tpl');

  253. 

  254.             $TPL->set('Username', $_REQUEST['username']);

  255.             $TPL->set('TorrentKey', $torrent_pass);

  256.             $TPL->set('SITE_NAME', $ENV->SITE_NAME);

  257.             $TPL->set('SITE_DOMAIN', SITE_DOMAIN);

  258. 

  259.             Misc::send_email($_REQUEST['email'], "New account confirmation at $ENV->SITE_NAME", $TPL->get(), 'noreply');

  260.             Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $torrent_pass));

  261.             $Sent = 1;

  262.         }

  263.     } elseif ($_GET['invite']) {

  264.         // If they haven't submitted the form, check to see if their invite is good

  265.         $DB->query("

  266.       SELECT InviteKey

  267.       FROM invites

  268.       WHERE InviteKey = '".db_string($_GET['invite'])."'");

  269.         if (!$DB->has_results()) {

  270.             error('Invite not found!');

  271.         }

  272.     }

  273. 

  274.     include('step1.php');

  275. } elseif (!$ENV->OPEN_REGISTRATION) {

  276.     if (isset($_GET['welcome'])) {

  277.         include('code.php');

  278.     } else {

  279.         include('closed.php');

  280.     }

  281. }