Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1074 Commits
2 Branches
Tree: b9eaa7696d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b9eaa7696d'
${ noResults }
Gazelle/sections/register/index.php

index.php 10KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283 
  1. <?php

  2. declare(strict_types=1);

  3. 

  4. # Unsure if require_once is needed here

  5. require_once 'classes/env.class.php';

  6. $ENV = ENV::go();

  7. 

  8. /*

  9. if (isset($LoggedUser)) {

  10.     // Silly user, what are you doing here!

  11.     header('Location: index.php');

  12.     error();

  13. }

  14. */

  15. 

  16. include SERVER_ROOT.'/classes/validate.class.php';

  17. $Val = new Validate;

  18. 

  19. if (!empty($_REQUEST['confirm'])) {

  20.     // Confirm registration

  21.     $DB->query("

  22.     SELECT ID

  23.     FROM users_main

  24.     WHERE torrent_pass = '".db_string($_REQUEST['confirm'])."'

  25.       AND Enabled = '0'");

  26.     list($UserID) = $DB->next_record();

  27. 

  28.     if ($UserID) {

  29.         $DB->query("

  30.       UPDATE users_main

  31.       SET Enabled = '1'

  32.       WHERE ID = '$UserID'");

  33.         $Cache->increment('stats_user_count');

  34.         include('step2.php');

  35.     }

  36. } elseif ($ENV->OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {

  37.     $Val->SetFields('username', true, 'regex', "You didn't enter a valid username.", array('regex' => USERNAME_REGEX));

  38.     $Val->SetFields('email', true, 'email', "You didn't enter a valid email address.");

  39.     $Val->SetFields('password', true, 'regex', "Your password was too short.", array('regex'=>'/(?=^.{6,}$).*$/'));

  40.     $Val->SetFields('confirm_password', true, 'compare', "Your passwords don't match.", array('comparefield' => 'password'));

  41.     $Val->SetFields('readrules', true, 'checkbox', "You didn't agree to read the rules and wiki.");

  42.     $Val->SetFields('readwiki', true, 'checkbox', "You didn't provide consent to the privacy policy.");

  43.     $Val->SetFields('agereq', true, 'checkbox', "You didn't confirm that you're of legal age.");

  44. 

  45.     if (!apcu_exists('DBKEY')) {

  46.         $Err = "Registration temporarily disabled due to degraded database access (security measure).";

  47.     }

  48. 

  49.     if (!empty($_POST['submit'])) {

  50.         // User has submitted registration form

  51.         $Err = $Val->ValidateForm($_REQUEST);

  52. 

  53.         if (!$Err) {

  54.             // Don't allow a username of "0" or "1" due to PHP's type juggling

  55.             if (trim($_POST['username']) === '0' || trim($_POST['username']) === '1') {

  56.                 $Err = "You can't have a username of 0 or 1.";

  57.             }

  58. 

  59.             $DB->query("

  60.         SELECT COUNT(ID)

  61.         FROM users_main

  62.         WHERE Username LIKE '".db_string(trim($_POST['username']))."'");

  63.             list($UserCount) = $DB->next_record();

  64. 

  65.             if ($UserCount) {

  66.                 $Err = "There's already someone registered with that username.";

  67.                 $_REQUEST['username'] = '';

  68.             }

  69. 

  70.             if ($_REQUEST['invite']) {

  71.                 $DB->query("

  72.           SELECT InviterID, Email, Reason

  73.           FROM invites

  74.           WHERE InviteKey = '".db_string($_REQUEST['invite'])."'");

  75.                 if (!$DB->has_results()) {

  76.                     $Err = "The invite code is invalid.";

  77.                     $InviterID = 0;

  78.                 } else {

  79.                     list($InviterID, $InviteEmail, $InviteReason) = $DB->next_record(MYSQLI_NUM, false);

  80.                     $InviteEmail = Crypto::decrypt($InviteEmail);

  81.                 }

  82.             } else {

  83.                 $InviterID = 0;

  84.                 $InviteEmail = $_REQUEST['email'];

  85.                 $InviteReason = '';

  86.             }

  87.         }

  88. 

  89.         if (!$Err) {

  90.             $torrent_pass = Users::make_secret();

  91. 

  92.             // Previously SELECT COUNT(ID) FROM users_main, which is a lot slower

  93.             $DB->query("

  94.         SELECT ID

  95.         FROM users_main

  96.         LIMIT 1");

  97.             $UserCount = $DB->record_count();

  98.             if ($UserCount === 0) {

  99.                 $NewInstall = true;

  100.                 $Class = SYSOP;

  101.                 $Enabled = '1';

  102.             } else {

  103.                 $NewInstall = false;

  104.                 $Class = USER;

  105.                 $Enabled = '0';

  106.             }

  107. 

  108.             $IPcc = Tools::geoip($_SERVER['REMOTE_ADDR']);

  109. 

  110.             $DB->query("

  111.         INSERT INTO users_main

  112.           (Username, Email, PassHash, torrent_pass, IP, PermissionID, Enabled, Invites, FLTokens, Uploaded, ipcc)

  113.         VALUES

  114.           ('".db_string(trim($_POST['username']))."',

  115.           '".Crypto::encrypt($_POST['email'])."',

  116.           '".db_string(Users::make_sec_hash($_POST['password']))."',

  117.           '".db_string($torrent_pass)."',

  118.           '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."',

  119.           '$Class',

  120.           '$Enabled',

  121.           '".$ENV->STARTING_INVITES."',

  122.           '".$ENV->STARTING_TOKENS."',

  123.           '".$ENV->STARTING_UPLOAD."',

  124.           '$IPcc')

  125.           ");

  126. 

  127.             $UserID = $DB->inserted_id();

  128. 

  129.             // User created, delete invite. If things break after this point, then it's better to have a broken account to fix than a 'free' invite floating around that can be reused

  130.             $DB->query("

  131.         DELETE FROM invites

  132.         WHERE InviteKey = '".db_string($_REQUEST['invite'])."'");

  133. 

  134.             // Award invite badge to inviter if they don't have it

  135.             /*

  136.                 if (Badges::award_badge($InviterID, 136)) {

  137.                     Misc::send_pm($InviterID, 0, 'You have received a badge!', "You have received a badge for inviting a user to the site.\n\nIt can be enabled from your user settings.");

  138.                     $Cache->delete_value('user_badges_'.$InviterID);

  139.             }

  140.              */

  141. 

  142.             $DB->query("

  143.         SELECT ID

  144.         FROM stylesheets

  145.         WHERE `Default` = '1'");

  146.             list($StyleID) = $DB->next_record();

  147.             $AuthKey = Users::make_secret();

  148. 

  149.             if ($InviteReason !== '') {

  150.                 $InviteReason = db_string(sqltime()." - $InviteReason");

  151.             }

  152.             $DB->query("

  153.         INSERT INTO users_info

  154.           (UserID, StyleID, AuthKey, Inviter, JoinDate, AdminComment)

  155.         VALUES

  156.           ('$UserID', '$StyleID', '".db_string($AuthKey)."', '$InviterID', NOW(), '$InviteReason')");

  157. 

  158.             $DB->query("

  159.         INSERT INTO users_history_ips

  160.           (UserID, IP, StartTime)

  161.         VALUES

  162.           ('$UserID', '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."', NOW())");

  163.             $DB->query("

  164.         INSERT INTO users_notifications_settings

  165.           (UserID)

  166.         VALUES

  167.           ('$UserID')");

  168. 

  169.             $DB->query("

  170.         INSERT INTO users_history_emails

  171.           (UserID, Email, Time, IP)

  172.         VALUES

  173.           ('$UserID', '".Crypto::encrypt($_REQUEST['email'])."', NULL, '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."')");

  174. 

  175.             if ($_REQUEST['email'] != $InviteEmail) {

  176.                 $DB->query("

  177.           INSERT INTO users_history_emails

  178.             (UserID, Email, Time, IP)

  179.           VALUES

  180.             ('$UserID', '".Crypto::encrypt($InviteEmail)."', NOW(), '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."')");

  181.             }

  182. 

  183.             // Manage invite trees, delete invite

  184.             if ($InviterID !== null && $InviterID !== 0) {

  185.                 $DB->query("

  186.           SELECT TreePosition, TreeID, TreeLevel

  187.           FROM invite_tree

  188.           WHERE UserID = '$InviterID'");

  189.                 list($InviterTreePosition, $TreeID, $TreeLevel) = $DB->next_record();

  190. 

  191.                 // If the inviter doesn't have an invite tree

  192.                 // Note: This should never happen unless you've transferred from another database, like What.CD did

  193.                 if (!$DB->has_results()) {

  194.                     $DB->query("

  195.             SELECT MAX(TreeID) + 1

  196.             FROM invite_tree");

  197.                     list($TreeID) = $DB->next_record();

  198. 

  199.                     $DB->query("

  200.             INSERT INTO invite_tree

  201.               (UserID, InviterID, TreePosition, TreeID, TreeLevel)

  202.             VALUES ('$InviterID', '0', '1', '$TreeID', '1')");

  203. 

  204.                     $TreePosition = 2;

  205.                     $TreeLevel = 2;

  206.                 } else {

  207.                     $DB->query("

  208.             SELECT TreePosition

  209.             FROM invite_tree

  210.             WHERE TreePosition > '$InviterTreePosition'

  211.               AND TreeLevel <= '$TreeLevel'

  212.               AND TreeID = '$TreeID'

  213.             ORDER BY TreePosition

  214.             LIMIT 1");

  215.                     list($TreePosition) = $DB->next_record();

  216. 

  217.                     if ($TreePosition) {

  218.                         $DB->query("

  219.               UPDATE invite_tree

  220.               SET TreePosition = TreePosition + 1

  221.               WHERE TreeID = '$TreeID'

  222.                 AND TreePosition >= '$TreePosition'");

  223.                     } else {

  224.                         $DB->query("

  225.               SELECT TreePosition + 1

  226.               FROM invite_tree

  227.               WHERE TreeID = '$TreeID'

  228.               ORDER BY TreePosition DESC

  229.               LIMIT 1");

  230.                         list($TreePosition) = $DB->next_record();

  231.                     }

  232.                     $TreeLevel++;

  233. 

  234.                     // Create invite tree record

  235.                     $DB->query("

  236.             INSERT INTO invite_tree

  237.               (UserID, InviterID, TreePosition, TreeID, TreeLevel)

  238.             VALUES

  239.               ('$UserID', '$InviterID', '$TreePosition', '$TreeID', '$TreeLevel')");

  240.                 }

  241.             } else { // No inviter (open registration)

  242.                 $DB->query("

  243.           SELECT MAX(TreeID)

  244.           FROM invite_tree");

  245.                 list($TreeID) = $DB->next_record();

  246.                 $TreeID++;

  247.                 $InviterID = 0;

  248.                 $TreePosition = 1;

  249.                 $TreeLevel = 1;

  250.             }

  251. 

  252.             include(SERVER_ROOT.'/classes/templates.class.php');

  253.             $TPL = new TEMPLATE;

  254.             $TPL->open(SERVER_ROOT.'/templates/new_registration.tpl');

  255. 

  256.             $TPL->set('Username', $_REQUEST['username']);

  257.             $TPL->set('TorrentKey', $torrent_pass);

  258.             $TPL->set('SITE_NAME', $ENV->SITE_NAME);

  259.             $TPL->set('SITE_DOMAIN', SITE_DOMAIN);

  260. 

  261.             Misc::send_email($_REQUEST['email'], "New account confirmation at $ENV->SITE_NAME", $TPL->get(), 'noreply');

  262.             Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $torrent_pass));

  263.             $Sent = 1;

  264.         }

  265.     } elseif ($_GET['invite']) {

  266.         // If they haven't submitted the form, check to see if their invite is good

  267.         $DB->query("

  268.       SELECT InviteKey

  269.       FROM invites

  270.       WHERE InviteKey = '".db_string($_GET['invite'])."'");

  271.         if (!$DB->has_results()) {

  272.             error('Invite not found!');

  273.         }

  274.     }

  275. 

  276.     include('step1.php');

  277. } elseif (!$ENV->OPEN_REGISTRATION) {

  278.     if (isset($_GET['welcome'])) {

  279.         include('code.php');

  280.     } else {

  281.         include('closed.php');

  282.     }

  283. }