root/signup.php

Revision 336, 17.5 kB (checked in by Nafania, 1 year ago)

Мелкие баг-фиксы. Поддержка сфинкса (корявая) в поиске торрентов. sphinxapi.php надо использовать свой - тот что лежит, только для примера.
Список файлов показывается напрямую из торрент файла, а не из базы, но таблицы пока оставлены - на всякий случай.

Line
1	<?php</span>
2	<span class="code-lang">$root_path = './';
3	require ($root_path . 'include/config.php');
4	require ($root_path . 'include/functions_check.php');
5
6	$userdata = session_pagestart($user_ip);
7	init_userprefs($userdata);
8
9	$id = request_var('id', 0);
10	$md5 = request_var('hash', '');
11	$email = request_var('email', '');
12	$type = request_var('type', '');
13	$invite_hash = request_var('invite_hash', '');
14	$gd_enabled = ( function_exists('gd_info') ? true : false );</span>
15	<span class="code-lang">
16	switch ( $type ) {
17	case 'change_mail':
18	$sql = 'SELECT editsecret, name FROM ' . USERS_TABLE . ' WHERE uid = ' . $id . ' AND uid <> ' . ANONYMOUS;
19	$result = $db->sql_query($sql);
20	if ( !($row = $db->sql_fetchrow($result)) ) {
21	trigger_error($lang['bad_data']);
22	}
23
24	$sec = str_pad($row['editsecret'], 20);
25
26	$sql = 'UPDATE ' . USERS_TABLE . ' SET editsecret=\'\', email=' . "'" . $db->sql_escape($email) . "'" . ' WHERE uid=' . $id . ' AND editsecret=' . "'" . $db->sql_escape($row['editsecret']) . "'";
27	$db->sql_query($sql);
28	if ( !$db->sql_affectedrows() ) {
29	trigger_error($lang['bad_data']);
30	}
31	redirect( append_sid($root_path . 'my.php?emailch=1'));
32	break;
33
34	case 'signup':
35	trigger_error(sprintf($lang['signup_email_sended'], $email));
36	break;
37
38	case 'confirmed':
39	trigger_error(sprintf($lang['account_already_comfirmed'], 'login.php'));
40	break;
41
42	case 'confirm':
43	if ( $userdata['session_logged_in'] ) {
44	trigger_error($lang['account_succefully_comfirmed']);
45	}
46	else {
47	trigger_error($lang['account_succefully_comfirmed_but_cookies_not_on']);
48	}
49	break;
50
51	case 'username_check':
52	$wantusername = request_var('wantusername', '');
53	if ( $error = check_username($wantusername) ) {
54	echo 'false';
55	}
56	else {
57	echo 'true';
58	}
59	gc();
60	break;
61
62	case 'email_check':
63	$email = request_var('email', '');
64	if ( $error = check_email($email) ) {
65	echo 'false';
66	}
67	else {
68	echo 'true';
69	}
70	gc();
71	break;
72
73	case 'register':
74	$sql = 'SELECT pass, editsecret, email, name, status FROM ' . USERS_TABLE . ' WHERE uid = ' . $id . ' AND uid <> ' . ANONYMOUS;
75	$result = $db->sql_query($sql);
76	if ( !($row = $db->sql_fetchrow($result)) ) {
77	trigger_error(sprintf($lang['invalid_id'], $id));
78	}
79	if ( $row['status'] ) {
80	redirect( append_sid($root_path . 'signup.php?type=confirmed'));
81	}
82	$sec = str_pad($row['editsecret'], 20);
83	if ( $md5 != md5($sec) ) {
84	trigger_error(sprintf($lang['invalid_id'], $id));
85	}
86	$sql = 'UPDATE ' . USERS_TABLE . ' SET status = 1, editsecret=\'\' WHERE uid=' . $id . ' AND status = 0';
87	$db->sql_query($sql);
88	if (!$db->sql_affectedrows($result)) {
89	trigger_error(sprintf($lang['invalid_id'], $id));
90	}
91	session_begin ($id, $user_ip, FALSE);
92	redirect( append_sid($root_path . 'signup.php?type=confirm'));
93	break;
94
95	case 'restore':
96	$sql = 'SELECT name, email, pass, editsecret FROM ' . USERS_TABLE . ' WHERE uid = ' . $id . ' AND uid <> ' . ANONYMOUS;
97	$result = $db->sql_query($sql);
98	if ( !($row = $db->sql_fetchrow($result)) ) {
99	trigger_error(sprintf($lang['invalid_id'], $id));
100	}
101
102	$email = $row['email'];
103	if ( $md5 != md5($row['editsecret'] . $email . $row['pass'] . $row['editsecret']) ) {
104	trigger_error($lang['passwords_not_the_same']);
105	}
106
107	$newpassword = mksecret(10);
108	$sec = mksecret();
109	$newpasshash = md5($sec . $newpassword . $sec);
110
111	$sql = 'UPDATE ' . USERS_TABLE . ' SET secret=' . "'" . $db->sql_escape($sec) . "'" . ', editsecret=\'\', pass=' . "'" . $db->sql_escape($newpasshash) . "'" . ' WHERE uid=' . $id . ' AND editsecret=' . "'" . $db->sql_escape($row['editsecret']) . "'";
112	$db->sql_query($sql);
113
114	include_once($root_path . 'include/functions_messenger.php');
115	$messenger = new messenger(false);
116	$messenger->template('recover_password_step_2', $config['default_lang']);
117	$messenger->replyto($email);
118	$messenger->to($email, $row['name']);
119
120	if ( $seo->seo_opt['url_rewrite'] ) {
121	$u_link = $seo->drop_sid(append_sid($root_path . 'login.php', false, false));
122	}
123	else {
124	$u_link = generate_base_url() . '/login.php';
125	}
126
127	$messenger->assign_vars(array(
128	'USERNAME' => $row['name'],
129	'PASSWORD' => $newpassword,
130	'U_LINK' => $u_link,
131	));
132	$messenger->send(NOTIFY_EMAIL);
133	$messenger->reset();
134	trigger_error(sprintf($lang['email_sended'], $email));
135	break;
136
137	case 'recover':
138	if ( isset($_POST['submit']) ) {
139	if (!$email \|\| !preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email) ) {
140	trigger_error($lang['email_invalid']);
141	}
142	$sql = 'SELECT uid, pass, name FROM ' . USERS_TABLE . ' WHERE email=\'' . $db->sql_escape($email) . '\' AND uid <> ' . ANONYMOUS;
143	$result = $db->sql_query_limit($sql, 1);
144	if ( !$row = $db->sql_fetchrow($result) ) {
145	trigger_error(sprintf($lang['email_adress_not_found'], $email));
146	}
147	$sec = mksecret();
148	$sql = 'UPDATE ' . USERS_TABLE . ' SET editsecret=' . "'" . $db->sql_escape($sec) . "'" . ' WHERE uid=' . $row['uid'];
149	$db->sql_query($sql);
150	$hash = md5($sec . $email . $row['pass'] . $sec);
151
152	include_once($root_path . 'include/functions_messenger.php');
153	$messenger = new messenger(false);
154	$messenger->template('recover_password_step_1', $config['default_lang']);
155	$messenger->replyto($email);
156	$messenger->to($email, $row['name']);
157
158	if ( $seo->seo_opt['url_rewrite'] ) {
159	$u_link = $seo->drop_sid(append_sid($root_path . 'signup.php?id=' . $row['uid'] . '&type=restore&hash=' . $hash, false, false));
160	}
161	else {
162	$u_link = generate_base_url() . '/signup.php?id=' . $row['uid'] . '&type=restore&hash=' . $hash;
163	}
164
165	$messenger->assign_vars(array(
166	'EMAIL' => $email,
167	'IP' => $user_ip,
168	'U_LINK' => $u_link
169	));
170	$messenger->send(NOTIFY_EMAIL);
171	$messenger->reset();
172
173	trigger_error(sprintf($lang['email_sended'], $email));
174	}
175	else {
176	$template->assign_vars(array(
177	'S_FORM_ACTION' => append_sid($root_path . 'signup.php?type=recover')
178	));
179	stdhead($lang['pass_recover']);
180	$template->set_filenames(array(
181	'body' => 'recover.html'
182	));
183	stdfoot();
184	}
185	break;
186
187	case 'confirm_image':
188	require_once ($root_path . 'include/captcha.php');
189	break;
190
191	default:
192	if ( isset($_POST['submit']) ) {
193	foreach (array('wantusername','wantpassword','passagain','gender','year', 'month', 'day', 'download', 'upload', 'country') as $x) {
194	$$x = request_var($x, '');
195	}
196	if ( $wantpassword != $passagain ) {
197	trigger_error($lang['passwords_not_the_same']);
198	}
199	if ( utf_strlen($wantpassword) < 6 \|\| utf_strlen($wantpassword) > 40 ) {
200	trigger_error($lang['pass_too_long']);
201	}
202	if ( $wantpassword == $wantusername ) {
203	trigger_error($lang['pass_and_username_are_the_same']);
204	}
205
206	//now we check invite_hash if user invited
207	if ( isset($_POST['invite_hash']) ) {
208	$invite_hash = request_var('invite_hash', '');
209	$sql = 'SELECT invite_email, invite_user FROM ' . INVITES_TABLE . ' WHERE hash = ' . "'" . $db->sql_escape($invite_hash) . "'";
210	$result = $db->sql_query($sql);
211	if ( !($row = $db->sql_fetchrow($result)) ) {
212	trigger_error($lang['invalid_invite_hash']);
213	}
214	$db->sql_freeresult($result);
215	$email = $row['invite_email'];
216	$inviter = $row['invite_user'];
217	}
218	else {
219	$email = request_var('email', '');
220	if ( $error = check_email($email) ) {
221	trigger_error($error['error_msg']);
222	}
223	}
224	if ( $error = check_username($wantusername) ) {
225	trigger_error($error['error_msg']);
226	}
227
228	$download = request_var('download', '');
229	$upload = request_var('upload', '');
230	if ( !check_internet_speed($upload) \|\| !check_internet_speed($download) ) {
231	trigger_error($lang['speed_invalid']);
232	}
233
234	$gender = ( $gender ? 1 : 0 );
235
236	if ( !check_country_id($country) ) {
237	trigger_error($lang['invalid_country']);
238	}
239
240	if ( !checkdate($month, $day, $year) ) {
241	trigger_error($lang['birthday_invalid']);
242	}
243	$birthday = $year . '-' . $month . '-' . $day;
244
245	if ( $config['enable_confirm'] && $gd_enabled )
246	{
247	$confirm_code = request_var('captcha_code', '');
248	$confirm_id = request_var('confirm_id', '');
249	if (empty($confirm_id)) {
250	trigger_error($lang['invalid_verify_image_code']);
251	}
252	else
253	{
254	if (!preg_match('/^[[:alnum:]]+$/', $confirm_id))
255	{
256	$confirm_id = '';
257	}
258
259	$sql = 'SELECT code
260	FROM ' . CONFIRM_TABLE . "
261	WHERE confirm_id = '$confirm_id'
262	AND session_id = '" . $userdata['session_id'] . "'";
263	$result = $db->sql_query($sql);
264
265	if ( $row = $db->sql_fetchrow($result) )
266	{
267	if ($row['code'] != $confirm_code)
268	{
269	trigger_error($lang['invalid_verify_image_code']);
270	}
271	else
272	{
273	$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
274	WHERE confirm_id = '$confirm_id'
275	AND session_id = '" . $userdata['session_id'] . "'";
276	$db->sql_query($sql);
277	}
278	}
279	else
280	{
281	trigger_error($lang['invalid_verify_image_code']);
282	}
283	$db->sql_freeresult($result);
284	}
285	}
286
287	// make sure user agrees to everything...
288	if ( !isset($_POST['rulesverify']) \|\| !isset($_POST['faqverify']) \|\| !isset($_POST['ageverify']) ){
289	trigger_error($lang['you_cant_be_registered']);
290	}
291
292	if ( !$config['allow_clons'] ) {
293	// check if ip is already in use
294	$sql = 'SELECT COUNT(*) AS count FROM ' . USERS_TABLE . ' WHERE ip=' . "'" . $db->sql_escape($user_ip) . "'";
295	$result = $db->sql_query($sql);
296	$ip_check = ( $row = $db->sql_fetchrow($result) ) ? intval($row['count']) : 0;
297	$db->sql_freeresult($result);
298	if ( $ip_check ) {
299	trigger_error(sprintf($lang['ip_already_in_use'], $user_ip));
300	}
301	}
302
303	if ( $config['check_dnsbl'] ) {
304	if ( ($dnsbl = check_dnsbl('register')) !== false ) {
305	trigger_error($lang['you_been_banned']);
306	}
307	}
308
309	$secret = mksecret();
310	$wantpasshash = md5($secret . $wantpassword . $secret);
311	$editsecret = mksecret();
312
313	$torrent_pass = md5($wantusername . time() . $wantpasshash);
314
315	$user_limit_ary_allow_download = unserialize($config['user_limit_ary_allow_download']);
316	$user_limit_ary_torrents = unserialize($config['user_limit_ary_torrents']);
317
318	//ranks section start
319	if ( !isset($ranks) ) {
320	$ranks = $cache->obtain_ranks();
321	}
322
323	$user_rank_id = 0;
324	$user_reputation_level = 0;
325
326	foreach ( $ranks AS $rank_id => $rank_ary ) {
327	if ( $rank_ary['rank_points'] <= 0 ) {
328	$user_rank_id = $rank_id;
329	$user_reputation_level = $rank_ary['rank_level'];
330	}
331	}
332	//ranks section end
333
334	$result = $db->sql_query('SELECT MAX(uid) AS max_uid FROM ' . USERS_TABLE);
335	$id = ( $row = $db->sql_fetchrow($result) ) ? intval($row['max_uid']) + 1 : 1;
336
337	//now we generate insert sql
338	$sql_ary = array('uid' => $id,
339	'name' => $wantusername,
340	'pass' => $wantpasshash,
341	'secret' => $secret,
342	'editsecret' => $editsecret,
343	'email' => $email,
344	'ip' => $user_ip,
345	'country' => $country,
346	'torrent_pass' => $torrent_pass,
347	'status' => ( $config['activate_via_email'] ? 0 : 1 ),
348	'added' => time(),
349	'upload' => $upload,
350	'download' => $download,
351	'gender' => $gender,
352	'birthday' => $birthday,
353	'user_style' => $config['default_style'],
354	'language' => $config['default_lang'],
355	'tzoffset' => doubleval($config['board_timezone']),
356	'user_dst' => $config['board_dst'],
357	'can_leech' => ( isset($user_limit_ary_allow_download[UC_USER]) ? 1 : 0 ),
358	'torrents_limit' => $user_limit_ary_torrents[UC_USER],
359	'invited_by' => ( isset($inviter) ? $inviter : 0 ),
360
361	'user_rank_id' => $user_rank_id,
362	'user_reputation_level' => $user_reputation_level,
363
364	'name_append' => '',
365	);
366
367	$db->sql_query('INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
368
369	$db->sql_query('INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', array('group_name' => '',
370	'group_description' => 'Personal User',
371	'group_single_user' => 1,
372	'group_moderator' => 0)));
373	$group_id = $db->sql_nextid();
374	$db->sql_query('INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => $id,
375	'group_id' => $group_id,
376	'user_pending' => 0)));
377	$db->sql_query('INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => $id,
378	'group_id' => $phpbb_class[UC_USER],
379	'user_pending' => 0)));
380	if ( isset($_POST['invite_hash']) ) {
381	$sql = 'DELETE FROM ' . INVITES_TABLE . ' WHERE hash = ' . "'" . $db->sql_escape($invite_hash) . "'";
382	$db->sql_query($sql);
383	}
384	$psecret = md5($editsecret);
385
386	if ( $config['activate_via_email'] && $config['email_enable'] ) {
387	include_once($root_path . 'include/functions_messenger.php');
388	$messenger = new messenger(false);
389	$messenger->template('signup_confimation', $config['default_lang']);
390	$messenger->replyto($email);
391	$messenger->to($email, $wantusername);
392
393	if ( $seo->seo_opt['url_rewrite'] ) {
394	$u_link = $seo->drop_sid(append_sid($root_path . 'signup.php?type=register&id=' . $id . '&hash=' . $psecret, false, false));
395	}
396	else {
397	$u_link = generate_base_url() . '/signup.php?type=register&id=' . $id . '&hash=' . $psecret;
398	}
399
400	$messenger->assign_vars(array(
401	'EMAIL' => $email,
402	'IP' => $user_ip,
403	'U_LINK' => $u_link,
404	));
405	$messenger->send(NOTIFY_EMAIL);
406	$messenger->reset();
407	redirect( append_sid($root_path . 'signup.php?type=signup&email=' . urlencode($email)));
408	}
409	else {
410	$sql = 'UPDATE ' . USERS_TABLE . ' SET status = 1, editsecret=\'\' WHERE uid=' . $id . ' AND status = 0';
411	$db->sql_query($sql);
412	session_begin ($id, $user_ip, false);
413	redirect( append_sid($root_path . 'signup.php?type=confirm'));
414	}
415	}
416	else {
417	if ( $userdata['session_logged_in'] ) {
418	redirect( append_sid($root_path));
419	}
420	if ( ( empty($config['maxusers']) \|\| !$config['maxusers'] ) && !$invite_hash ) {
421	trigger_error($lang['signup_closed']);
422	}
423	if ( !$invite_hash ) {
424	$sql = 'SELECT COUNT(*) AS ' . USERS_TABLE . ' FROM users WHERE uid != ' . ANONYMOUS;
425	$result = $db->sql_query($sql);
426	$limit = ( $row = $db->sql_fetchrow($result) ) ? intval($row['users']) : 0;
427	$db->sql_freeresult($result);
428	if ($limit >= $config['maxusers']) {
429	trigger_error(sprintf($lang['current_limit_users_reached'], $config['maxusers']));
430	}
431	}
432	elseif ( $invite_hash ) {
433	$sql = 'SELECT id FROM ' . INVITES_TABLE . ' WHERE hash = ' . "'" . $db->sql_escape($invite_hash) . "'";
434	$result = $db->sql_query($sql);
435	if ( !($row = $db->sql_fetchrow($result)) ) {
436	trigger_error($lang['invalid_invite_hash']);
437	}
438	$db->sql_freeresult($result);
439	}
440
441	require_once ($root_path . 'include/functions_selects.php');
442
443	$countries = countries_select();
444	$downloadspeed = generate_internet_speed(0, 'download');
445	$uploadspeed = generate_internet_speed(0, 'upload');
446	$birthday_select = birthday_select();
447
448	$confirm_image = '';
449	$confirm_id = '';
450
451	if ( $config['enable_confirm'] && $gd_enabled ) {
452
453	$sql = 'SELECT COUNT(session_id) AS attempts
454	FROM ' . CONFIRM_TABLE . "
455	WHERE session_id = '" . $userdata['session_id'] . "'";
456	$result = $db->sql_query($sql);
457
458	if ( $row = $db->sql_fetchrow($result) ) {
459	if ($row['attempts'] > $config['max_register_attempts_per_session'])
460	{
461	trigger_error($lang['too_many_registers']);
462	}
463	}
464	$db->sql_freeresult($result);
465	// Generate the required confirmation code
466	$code_length = mt_rand(4, 6);
467	$code = dss_rand();
468	$code = strtoupper(base_convert($code, 16, 35));
469	$code = str_replace('I', '', $code); // The letter I could get confused with the letter J and the number 1 (one) so we remove it
470	$code = str_replace('0', '', $code); // NB 0 (zero) could get confused with O (the letter) so we remove it
471	$code = substr($code, 2, $code_length);
472	$confirm_id = md5(uniqid($user_ip));
473
474	$db->sql_query('INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
475	'confirm_id' => $confirm_id,
476	'session_id' => $userdata['session_id'],
477	'code' => $code
478	)));
479	unset($code);
480
481	$confirm_image = append_sid($root_path . 'signup.php?type=confirm_image&id=' . $confirm_id, false, true, $userdata['session_id']);
482	}
483
484	$template->assign_vars(array(
485	'S_FORM_ACTION' => append_sid($root_path . 'signup.php'),
486	'S_USERNAME_CHECK' => append_sid($root_path . 'signup.php?type=username_check'),
487	'S_EMAIL_CHECK' => append_sid($root_path . 'signup.php?type=email_check'),
488
489	'BIRTHDAY_SELECT' => $birthday_select,
490	'UPLOAD_SPEED_SELECT' => $uploadspeed,
491	'DOWNLOAD_SPEED_SELECT' => $downloadspeed,
492	'COUNTRY_SELECT' => $countries,
493	'INVITE_HASH' => $invite_hash,
494	'CONFIRM_ID' => $confirm_id,
495	'VERIFY_IMAGE_SRC' => $confirm_image
496	));
497
498	stdhead($lang['signup']);
499	$template->set_filenames(array(
500	'body' => 'signup.html'
501	));
502	stdfoot();
503	}
504	break;
505	}
506
507	?>

Note: See TracBrowser for help on using the browser.

root/signup.php

Download in other formats: