biotorrents
/
Gazelle
forked from Oppaitime/Gazelle


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289
							<?php
declare(strict_types=1);

# Unsure if require_once is needed here
require_once 'classes/env.class.php';
$ENV = ENV::go();

/*
if (isset($LoggedUser)) {

  // Silly user, what are you doing here!
  header('Location: index.php');
  error();
}
*/

include SERVER_ROOT.'/classes/validate.class.php';
$Val = new Validate;

if (!empty($_REQUEST['confirm'])) {
    // Confirm registration
    $DB->query("
    SELECT ID
    FROM users_main
    WHERE torrent_pass = '".db_string($_REQUEST['confirm'])."'
      AND Enabled = '0'");
    list($UserID) = $DB->next_record();

    if ($UserID) {
        $DB->query("
      UPDATE users_main
      SET Enabled = '1'
      WHERE ID = '$UserID'");
        $Cache->increment('stats_user_count');
        include('step2.php');
    }
} elseif ($ENV->OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {
    $Val->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX));
    $Val->SetFields('email', true, 'email', 'You did not enter a valid email address.');
    $Val->SetFields('password', true, 'regex', 'Your password must be at least 6 characters long.', array('regex'=>'/(?=^.{6,}$).*$/'));
    $Val->SetFields('confirm_password', true, 'compare', 'Your passwords do not match.', array('comparefield' => 'password'));
    $Val->SetFields('readrules', true, 'checkbox', 'You did not select the box that says you will read the rules.');
    $Val->SetFields('readwiki', true, 'checkbox', 'You did not select the box that says you will read the wiki.');
    $Val->SetFields('agereq', true, 'checkbox', 'You did not select the box that says you are 18 years of age or older.');
    //$Val->SetFields('captcha', true, 'string', 'You did not enter a captcha code.', array('minlength' => 6, 'maxlength' => 6));

    if (!apcu_exists('DBKEY')) {
        $Err = "Registration temporarily disabled due to degraded database access (security measure).";
    }

    if (!empty($_POST['submit'])) {
        // User has submitted registration form
        $Err = $Val->ValidateForm($_REQUEST);
        /*
        if (!$Err && strtolower($_SESSION['captcha']) !== strtolower($_REQUEST['captcha'])) {
          $Err = 'You did not enter the correct captcha code.';
        }
        */
        if (!$Err) {
            // Don't allow a username of "0" or "1" due to PHP's type juggling
            if (trim($_POST['username']) === '0' || trim($_POST['username']) === '1') {
                $Err = 'You cannot have a username of "0" or "1."';
            }

            $DB->query("
        SELECT COUNT(ID)
        FROM users_main
        WHERE Username LIKE '".db_string(trim($_POST['username']))."'");
            list($UserCount) = $DB->next_record();

            if ($UserCount) {
                $Err = 'There is already someone registered with that username.';
                $_REQUEST['username'] = '';
            }

            if ($_REQUEST['invite']) {
                $DB->query("
          SELECT InviterID, Email, Reason
          FROM invites
          WHERE InviteKey = '".db_string($_REQUEST['invite'])."'");
                if (!$DB->has_results()) {
                    $Err = 'Invite does not exist.';
                    $InviterID = 0;
                } else {
                    list($InviterID, $InviteEmail, $InviteReason) = $DB->next_record(MYSQLI_NUM, false);
                    $InviteEmail = Crypto::decrypt($InviteEmail);
                }
            } else {
                $InviterID = 0;
                $InviteEmail = $_REQUEST['email'];
                $InviteReason = '';
            }
        }

        if (!$Err) {
            $torrent_pass = Users::make_secret();

            // Previously SELECT COUNT(ID) FROM users_main, which is a lot slower
            $DB->query("
        SELECT ID
        FROM users_main
        LIMIT 1");
            $UserCount = $DB->record_count();
            if ($UserCount === 0) {
                $NewInstall = true;
                $Class = SYSOP;
                $Enabled = '1';
            } else {
                $NewInstall = false;
                $Class = USER;
                $Enabled = '0';
            }

            $IPcc = Tools::geoip($_SERVER['REMOTE_ADDR']);

            $DB->query("
        INSERT INTO users_main
          (Username, Email, PassHash, torrent_pass, IP, PermissionID, Enabled, Invites, FLTokens, Uploaded, ipcc)
        VALUES
          ('".db_string(trim($_POST['username']))."',
          '".Crypto::encrypt($_POST['email'])."',
          '".db_string(Users::make_sec_hash($_POST['password']))."',
          '".db_string($torrent_pass)."',
          '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."',
          '$Class',
          '$Enabled',
          '".$ENV->STARTING_INVITES."',
          '".$ENV->STARTING_TOKENS."',
          '".$ENV->STARTING_UPLOAD."',
          '$IPcc')
          ");

            $UserID = $DB->inserted_id();

            // User created, delete invite. If things break after this point, then it's better to have a broken account to fix than a 'free' invite floating around that can be reused
            $DB->query("
        DELETE FROM invites
        WHERE InviteKey = '".db_string($_REQUEST['invite'])."'");

	    // Award invite badge to inviter if they don't have it
	    /*
            if (Badges::award_badge($InviterID, 136)) {
                Misc::send_pm($InviterID, 0, 'You have received a badge!', "You have received a badge for inviting a user to the site.\n\nIt can be enabled from your user settings.");
                $Cache->delete_value('user_badges_'.$InviterID);
	    }
	     */

            $DB->query("
        SELECT ID
        FROM stylesheets
        WHERE `Default` = '1'");
            list($StyleID) = $DB->next_record();
            $AuthKey = Users::make_secret();

            if ($InviteReason !== '') {
                $InviteReason = db_string(sqltime()." - $InviteReason");
            }
            $DB->query("
        INSERT INTO users_info
          (UserID, StyleID, AuthKey, Inviter, JoinDate, AdminComment)
        VALUES
          ('$UserID', '$StyleID', '".db_string($AuthKey)."', '$InviterID', NOW(), '$InviteReason')");

            $DB->query("
        INSERT INTO users_history_ips
          (UserID, IP, StartTime)
        VALUES
          ('$UserID', '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."', NOW())");
            $DB->query("
        INSERT INTO users_notifications_settings
          (UserID)
        VALUES
          ('$UserID')");

            $DB->query("
        INSERT INTO users_history_emails
          (UserID, Email, Time, IP)
        VALUES
          ('$UserID', '".Crypto::encrypt($_REQUEST['email'])."', NULL, '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."')");

            if ($_REQUEST['email'] != $InviteEmail) {
                $DB->query("
          INSERT INTO users_history_emails
            (UserID, Email, Time, IP)
          VALUES
            ('$UserID', '".Crypto::encrypt($InviteEmail)."', NOW(), '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."')");
            }

            // Manage invite trees, delete invite
            if ($InviterID !== null && $InviterID !== 0) {
                $DB->query("
          SELECT TreePosition, TreeID, TreeLevel
          FROM invite_tree
          WHERE UserID = '$InviterID'");
                list($InviterTreePosition, $TreeID, $TreeLevel) = $DB->next_record();

                // If the inviter doesn't have an invite tree
                // Note: This should never happen unless you've transferred from another database, like What.CD did
                if (!$DB->has_results()) {
                    $DB->query("
            SELECT MAX(TreeID) + 1
            FROM invite_tree");
                    list($TreeID) = $DB->next_record();

                    $DB->query("
            INSERT INTO invite_tree
              (UserID, InviterID, TreePosition, TreeID, TreeLevel)
            VALUES ('$InviterID', '0', '1', '$TreeID', '1')");

                    $TreePosition = 2;
                    $TreeLevel = 2;
                } else {
                    $DB->query("
            SELECT TreePosition
            FROM invite_tree
            WHERE TreePosition > '$InviterTreePosition'
              AND TreeLevel <= '$TreeLevel'
              AND TreeID = '$TreeID'
            ORDER BY TreePosition
            LIMIT 1");
                    list($TreePosition) = $DB->next_record();

                    if ($TreePosition) {
                        $DB->query("
              UPDATE invite_tree
              SET TreePosition = TreePosition + 1
              WHERE TreeID = '$TreeID'
                AND TreePosition >= '$TreePosition'");
                    } else {
                        $DB->query("
              SELECT TreePosition + 1
              FROM invite_tree
              WHERE TreeID = '$TreeID'
              ORDER BY TreePosition DESC
              LIMIT 1");
                        list($TreePosition) = $DB->next_record();
                    }
                    $TreeLevel++;

                    // Create invite tree record
                    $DB->query("
            INSERT INTO invite_tree
              (UserID, InviterID, TreePosition, TreeID, TreeLevel)
            VALUES
              ('$UserID', '$InviterID', '$TreePosition', '$TreeID', '$TreeLevel')");
                }
            } else { // No inviter (open registration)
                $DB->query("
          SELECT MAX(TreeID)
          FROM invite_tree");
                list($TreeID) = $DB->next_record();
                $TreeID++;
                $InviterID = 0;
                $TreePosition = 1;
                $TreeLevel = 1;
            }

            include(SERVER_ROOT.'/classes/templates.class.php');
            $TPL = new TEMPLATE;
            $TPL->open(SERVER_ROOT.'/templates/new_registration.tpl');

            $TPL->set('Username', $_REQUEST['username']);
            $TPL->set('TorrentKey', $torrent_pass);
            $TPL->set('SITE_NAME', $ENV->SITE_NAME);
            $TPL->set('SITE_DOMAIN', SITE_DOMAIN);

            Misc::send_email($_REQUEST['email'], "New account confirmation at $ENV->SITE_NAME", $TPL->get(), 'noreply');
            Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $torrent_pass));
            $Sent = 1;
        }
    } elseif ($_GET['invite']) {
        // If they haven't submitted the form, check to see if their invite is good
        $DB->query("
      SELECT InviteKey
      FROM invites
      WHERE InviteKey = '".db_string($_GET['invite'])."'");
        if (!$DB->has_results()) {
            error('Invite not found!');
        }
    }

    include('step1.php');
} elseif (!$ENV->OPEN_REGISTRATION) {
    if (isset($_GET['welcome'])) {
        include('code.php');
    } else {
        include('closed.php');
    }
}