forked from mlangill/biotorrents
-
Notifications
You must be signed in to change notification settings - Fork 0
/
takesignup.php
156 lines (122 loc) · 5.11 KB
/
takesignup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
<?php
require_once("include/bittorrent.php");
dbconn();
$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
$arr[0]--;
if ($arr[0] >= $maxusers)
stderr("Error", "Sorry, user limit reached. Please try again later.");
if (!mkglobal("wantusername:wantpassword:passagain:email:captcha"))
die();
session_start();
if(empty($captcha) || $_SESSION['captcha_id'] != strtoupper($captcha)){
header('Location: signup.php');
exit();
}
function bark($msg) {
stdhead();
stdmsg("Signup failed!", $msg);
stdfoot();
exit;
}
function validusername($username)
{
if ($username == "")
return false;
// The following characters are allowed in user names
$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i = 0; $i < strlen($username); ++$i)
if (strpos($allowedchars, $username[$i]) === false)
return false;
return true;
}
function isportopen($port)
{
$sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);
if ($sd)
{
fclose($sd);
return true;
}
else
return false;
}
/*
function isproxy()
{
$ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);
for ($i = 0; $i < count($ports); ++$i)
if (isportopen($ports[$i])) return true;
return false;
}
*/
if (empty($wantusername) || empty($wantpassword) || empty($email))
bark("Don't leave any fields blank.");
if (strlen($wantusername) > 12)
bark("Sorry, username is too long (max is 12 chars)");
if ($wantpassword != $passagain)
bark("The passwords didn't match! Must've typoed. Try again.");
if (strlen($wantpassword) < 6)
bark("Sorry, password is too short (min is 6 chars)");
if (strlen($wantpassword) > 40)
bark("Sorry, password is too long (max is 40 chars)");
if ($wantpassword == $wantusername)
bark("Sorry, password cannot be same as user name.");
if (!validemail($email))
bark("That doesn't look like a valid email address.");
if (!validusername($wantusername))
bark("Invalid username.");
// make sure user agrees to everything...
#if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")
# stderr("Signup failed", "Sorry, you're not qualified to become a member of this site.");
// check if email addy is already in use
$a = (@mysql_fetch_row(@mysql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
if ($a[0] != 0)
bark("The e-mail address is already in use.");
// TIMEZONE STUFF
if(isset($_POST["user_timezone"]) && preg_match('#^\-?\d{1,2}(?:\.\d{1,2})?$#', $_POST['user_timezone']))
{
$time_offset = sqlesc($_POST['user_timezone']);
}
else
{ $time_offset = isset($CONFIG_INFO['time_offse']) ? sqlesc($CONFIG_INFO['time_offse']) : '0'; }
// have a stab at getting dst parameter?
$dst_in_use = localtime(time() + ($time_offset * 3600), true);
// TIMEZONE STUFF END
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = (!$arr[0]?"":mksecret());
if($arr[0]){
$ret = mysql_query("INSERT INTO users (username, passhash, secret, editsecret, email, status, ". (!$arr[0]?"class, ":"") ."added, time_offset, dst_in_use) VALUES (" .
implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $email, (!$arr[0]?'confirmed':'pending')))).
", ". (!$arr[0]?UC_SYSOP.", ":""). "". time() ." , $time_offset, {$dst_in_use['tm_isdst']})");
}else{
$ret = mysql_query("INSERT INTO users (id,username, passhash, secret, editsecret, email, status, ". (!$arr[0]?"class, ":"") ."added, time_offset, dst_in_use)
VALUES (1," . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $email, (!$arr[0]?'confirmed':'pending')))).
", ". (!$arr[0]?UC_SYSOP.", ":""). "". time() ." , $time_offset, {$dst_in_use['tm_isdst']})");
}
if (!$ret) {
if (mysql_errno() == 1062)
bark("Username already exists!");
bark("borked");
}
$id = mysql_insert_id();
//write_log("User account $id ($wantusername) was created");
$psecret = md5($editsecret);
$body = <<<EOD
You have requested a new user account on $SITENAME and you have
specified this address ($email) as user contact.
If you did not do this, please ignore this email. The person who entered your
email address had the IP address {$_SERVER["REMOTE_ADDR"]}. Please do not reply.
To confirm your user registration, you have to follow this link:
$DEFAULTBASEURL/confirm.php?id=$id&secret=$psecret
After you do this, you will be able to use your new account and upload torrents. If you fail to
do this, you account will be deleted within a few days. We urge you to read
the FAQ before you start using $SITENAME.
EOD;
if($arr[0])
mail($email, "$SITENAME user registration confirmation", $body, "From: $SITEEMAIL", "-f$SITEEMAIL");
else
logincookie($id, $wantpasshash);
header("Refresh: 0; url=ok.php?type=". (!$arr[0]?"sysop":("signup&email=" . urlencode($email))));
?>