Home Explore Help
Register Sign In
thenoob
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Oppaitime's version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
Tree: 3d9458b3d0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3d9458b3d0'
${ noResults }
Gazelle/sections/register/index.php

index.php 8.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276 
  1. <?

  2. 

  3. /*

  4. if (isset($LoggedUser)) {

  5. 

  6. 	//Silly user, what are you doing here!

  7. 	header('Location: index.php');

  8. 	die();

  9. }

  10. */

  11. 

  12. include(SERVER_ROOT.'/classes/validate.class.php');

  13. 

  14. $Val = NEW VALIDATE;

  15. 

  16. if (!empty($_REQUEST['confirm'])) {

  17. 	// Confirm registration

  18. 	$DB->query("

  19. 		SELECT ID

  20. 		FROM users_main

  21. 		WHERE torrent_pass = '".db_string($_REQUEST['confirm'])."'

  22. 			AND Enabled = '0'");

  23. 	list($UserID) = $DB->next_record();

  24. 

  25. 	if ($UserID) {

  26. 		$DB->query("

  27. 			UPDATE users_main

  28. 			SET Enabled = '1'

  29. 			WHERE ID = '$UserID'");

  30. 		$Cache->increment('stats_user_count');

  31. 		include('step2.php');

  32. 	}

  33. 

  34. } elseif (OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {

  35. 	$Val->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX));

  36. 	$Val->SetFields('email', true, 'email', 'You did not enter a valid email address.');

  37. 	$Val->SetFields('password', true, 'regex', 'Your password must be at least 6 characters long.', array('regex'=>'/(?=^.{6,}$).*$/'));

  38. 	$Val->SetFields('confirm_password', true, 'compare', 'Your passwords do not match.', array('comparefield' => 'password'));

  39. 	$Val->SetFields('readrules', true, 'checkbox', 'You did not select the box that says you will read the rules.');

  40. 	$Val->SetFields('readwiki', true, 'checkbox', 'You did not select the box that says you will read the wiki.');

  41. 	$Val->SetFields('agereq', true, 'checkbox', 'You did not select the box that says you are 18 years of age or older.');

  42. 	//$Val->SetFields('captcha', true, 'string', 'You did not enter a captcha code.', array('minlength' => 6, 'maxlength' => 6));

  43. 

  44.   if (!apc_exists('DBKEY')) {

  45.     $Err = "Registration temporarily disabled due to degraded database access (security measure)";

  46.   }

  47. 

  48. 	if (!empty($_POST['submit'])) {

  49. 		// User has submitted registration form

  50. 		$Err = $Val->ValidateForm($_REQUEST);

  51. 		/*

  52. 		if (!$Err && strtolower($_SESSION['captcha']) != strtolower($_REQUEST['captcha'])) {

  53. 			$Err = 'You did not enter the correct captcha code.';

  54. 		}

  55. 		*/

  56. 		if (!$Err) {

  57. 			// Don't allow a username of "0" or "1" due to PHP's type juggling

  58. 			if (trim($_POST['username']) == '0' || trim($_POST['username']) == '1') {

  59. 				$Err = 'You cannot have a username of "0" or "1".';

  60. 			}

  61. 

  62. 			$DB->query("

  63. 				SELECT COUNT(ID)

  64. 				FROM users_main

  65. 				WHERE Username LIKE '".db_string(trim($_POST['username']))."'");

  66. 			list($UserCount) = $DB->next_record();

  67. 

  68. 			if ($UserCount) {

  69. 				$Err = 'There is already someone registered with that username.';

  70. 				$_REQUEST['username'] = '';

  71. 			}

  72. 

  73. 			if ($_REQUEST['invite']) {

  74. 				$DB->query("

  75. 					SELECT InviterID, Email, Reason

  76. 					FROM invites

  77. 					WHERE InviteKey = '".db_string($_REQUEST['invite'])."'");

  78. 				if (!$DB->has_results()) {

  79. 					$Err = 'Invite does not exist.';

  80. 					$InviterID = 0;

  81. 				} else {

  82. 					list($InviterID, $InviteEmail, $InviteReason) = $DB->next_record(MYSQLI_NUM, false);

  83.           $InviteEmail = DBCrypt::decrypt($InviteEmail);

  84. 				}

  85. 			} else {

  86. 				$InviterID = 0;

  87. 				$InviteEmail = $_REQUEST['email'];

  88. 				$InviteReason = '';

  89. 			}

  90. 		}

  91. 

  92. 		if (!$Err) {

  93. 			$torrent_pass = Users::make_secret();

  94. 

  95. 			// Previously SELECT COUNT(ID) FROM users_main, which is a lot slower.

  96. 			$DB->query("

  97. 				SELECT ID

  98. 				FROM users_main

  99. 				LIMIT 1");

  100. 			$UserCount = $DB->record_count();

  101. 			if ($UserCount == 0) {

  102.         $NewInstall = true;

  103. 				$Class = SYSOP;

  104. 				$Enabled = '1';

  105.       } else {

  106.         $NewInstall = false;

  107. 				$Class = USER;

  108. 				$Enabled = '0';

  109. 			}

  110. 

  111. 			$IPcc = Tools::geoip($_SERVER['REMOTE_ADDR']);

  112. 

  113. 			$DB->query("

  114. 				INSERT INTO users_main

  115. 					(Username, Email, PassHash, torrent_pass, IP, PermissionID, Enabled, Invites, Uploaded, ipcc)

  116. 				VALUES

  117. 					('".db_string(trim($_POST['username']))."', '".DBCrypt::encrypt($_POST['email'])."', '".db_string(Users::make_sec_hash($_POST['password']))."', '".db_string($torrent_pass)."', '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."', '$Class', '$Enabled', '".STARTING_INVITES."', '524288000', '$IPcc')");

  118. 

  119. 			$UserID = $DB->inserted_id();

  120. 

  121. 

  122. 			// User created, delete invite. If things break after this point, then it's better to have a broken account to fix than a 'free' invite floating around that can be reused

  123. 			$DB->query("

  124. 				DELETE FROM invites

  125. 				WHERE InviteKey = '".db_string($_REQUEST['invite'])."'");

  126. 

  127. 			$DB->query("

  128. 				SELECT ID

  129. 				FROM stylesheets

  130. 				WHERE `Default` = '1'");

  131. 			list($StyleID) = $DB->next_record();

  132. 			$AuthKey = Users::make_secret();

  133. 

  134. 			if ($InviteReason !== '') {

  135. 				$InviteReason = db_string(sqltime()." - $InviteReason");

  136. 			}

  137. 			$DB->query("

  138. 				INSERT INTO users_info

  139. 					(UserID, StyleID, AuthKey, Inviter, JoinDate, AdminComment)

  140. 				VALUES

  141. 					('$UserID', '$StyleID', '".db_string($AuthKey)."', '$InviterID', '".sqltime()."', '$InviteReason')");

  142. 

  143. 			$DB->query("

  144. 				INSERT INTO users_history_ips

  145. 					(UserID, IP, StartTime)

  146. 				VALUES

  147. 					('$UserID', '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."', '".sqltime()."')");

  148. 			$DB->query("

  149. 				INSERT INTO users_notifications_settings

  150. 					(UserID)

  151. 				VALUES

  152. 					('$UserID')");

  153. 

  154. 

  155. 			$DB->query("

  156. 				INSERT INTO users_history_emails

  157. 					(UserID, Email, Time, IP)

  158. 				VALUES

  159. 					('$UserID', '".DBCrypt::encrypt($_REQUEST['email'])."', '0000-00-00 00:00:00', '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."')");

  160. 

  161. 			if ($_REQUEST['email'] != $InviteEmail) {

  162. 				$DB->query("

  163. 					INSERT INTO users_history_emails

  164. 						(UserID, Email, Time, IP)

  165. 					VALUES

  166. 						('$UserID', '".DBCrypt::encrypt($InviteEmail)."', '".sqltime()."', '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."')");

  167. 			}

  168. 

  169. 

  170. 

  171. 			// Manage invite trees, delete invite

  172. 

  173. 			if ($InviterID !== null) {

  174. 				$DB->query("

  175. 					SELECT TreePosition, TreeID, TreeLevel

  176. 					FROM invite_tree

  177. 					WHERE UserID = '$InviterID'");

  178. 				list($InviterTreePosition, $TreeID, $TreeLevel) = $DB->next_record();

  179. 

  180. 				// If the inviter doesn't have an invite tree

  181. 				// Note: This should never happen unless you've transferred from another database, like What.CD did

  182. 				if (!$DB->has_results()) {

  183. 					$DB->query("

  184. 						SELECT MAX(TreeID) + 1

  185. 						FROM invite_tree");

  186. 					list($TreeID) = $DB->next_record();

  187. 

  188. 					$DB->query("

  189. 						INSERT INTO invite_tree

  190. 							(UserID, InviterID, TreePosition, TreeID, TreeLevel)

  191. 						VALUES ('$InviterID', '0', '1', '$TreeID', '1')");

  192. 

  193. 					$TreePosition = 2;

  194. 					$TreeLevel = 2;

  195. 				} else {

  196. 					$DB->query("

  197. 						SELECT TreePosition

  198. 						FROM invite_tree

  199. 						WHERE TreePosition > '$InviterTreePosition'

  200. 							AND TreeLevel <= '$TreeLevel'

  201. 							AND TreeID = '$TreeID'

  202. 						ORDER BY TreePosition

  203. 						LIMIT 1");

  204. 					list($TreePosition) = $DB->next_record();

  205. 

  206. 					if ($TreePosition) {

  207. 						$DB->query("

  208. 							UPDATE invite_tree

  209. 							SET TreePosition = TreePosition + 1

  210. 							WHERE TreeID = '$TreeID'

  211. 								AND TreePosition >= '$TreePosition'");

  212. 					} else {

  213. 						$DB->query("

  214. 							SELECT TreePosition + 1

  215. 							FROM invite_tree

  216. 							WHERE TreeID = '$TreeID'

  217. 							ORDER BY TreePosition DESC

  218. 							LIMIT 1");

  219. 						list($TreePosition) = $DB->next_record();

  220. 					}

  221. 					$TreeLevel++;

  222. 

  223. 					// Create invite tree record

  224. 					$DB->query("

  225. 						INSERT INTO invite_tree

  226. 							(UserID, InviterID, TreePosition, TreeID, TreeLevel)

  227. 						VALUES

  228. 							('$UserID', '$InviterID', '$TreePosition', '$TreeID', '$TreeLevel')");

  229. 				}

  230. 			} else { // No inviter (open registration)

  231. 				$DB->query("

  232. 					SELECT MAX(TreeID)

  233. 					FROM invite_tree");

  234. 				list($TreeID) = $DB->next_record();

  235. 				$TreeID++;

  236. 				$InviterID = 0;

  237. 				$TreePosition = 1;

  238. 				$TreeLevel = 1;

  239. 			}

  240. 

  241. 			include(SERVER_ROOT.'/classes/templates.class.php');

  242. 			$TPL = NEW TEMPLATE;

  243. 			$TPL->open(SERVER_ROOT.'/templates/new_registration.tpl');

  244. 

  245. 			$TPL->set('Username', $_REQUEST['username']);

  246. 			$TPL->set('TorrentKey', $torrent_pass);

  247. 			$TPL->set('SITE_NAME', SITE_NAME);

  248. 			$TPL->set('SITE_URL', SITE_URL);

  249. 

  250. 			Misc::send_email($_REQUEST['email'], 'New account confirmation at '.SITE_NAME, $TPL->get(), 'noreply');

  251. 			Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $torrent_pass));

  252. 			$Sent = 1;

  253. 

  254. 

  255. 		}

  256. 	} elseif ($_GET['invite']) {

  257. 		// If they haven't submitted the form, check to see if their invite is good

  258. 		$DB->query("

  259. 			SELECT InviteKey

  260. 			FROM invites

  261. 			WHERE InviteKey = '".db_string($_GET['invite'])."'");

  262. 		if (!$DB->has_results()) {

  263. 			error('Invite not found!');

  264. 		}

  265. 	}

  266. 

  267. 	include('step1.php');

  268. 

  269. } elseif (!OPEN_REGISTRATION) {

  270. 	if (isset($_GET['welcome'])) {

  271. 		include('code.php');

  272. 	} else {

  273. 		include('closed.php');

  274. 	}

  275. }

  276. ?>