<?phpif (basename($_SERVER["PHP_SELF"]) == "register.php") { die("403 - A

1. <?php
2. if (basename($_SERVER["PHP_SELF"]) == "register.php") {
3.     die("403 - Access Forbidden");
4. }
5. if (isset($_SESSION['id'])) {
6.     echo "<meta http-equiv=refresh content='0; url=?base=ucp'>";
7. } else {
8.     echo '<h2 class="text-left">Registration</h2><hr/>';
9.     if (@$_POST["register"] != "1") {
10. ?>
11.    <form action="?base=main&page=register" method="POST" role="form">
12.     <div class="form-group">
13.         <label for="inputUser">Username</label>
14.         <input type="text" name="musername" maxlength="12" class="form-control" id="inputUser" required autocomplete="off" placeholder="Username">
15.     </div>
16.     <div class="form-group">
17.         <label for="inputPass">Password</label>
18.         <input type="password" name="mpass" maxlength="30" class="form-control" id="inputPass" required autocomplete="off" placeholder="Password">
19.     </div>
20.     <div class="form-group">
21.         <label for="inputConfirm">Confirm Password</label>
22.         <input type="password" name="mpwcheck" maxlength="30" class="form-control" id="inputConfirm" required autocomplete="off" placeholder="Confirm Password">
23.     </div>
24.     <div class="form-group">
25.         <label for="inputEmail">Email</label>
26.         <input type="email" name="memail" maxlength="50" class="form-control" id="inputEmail" required autocomplete="off" placeholder="Email">
27.     </div>
28.     <b>reCaptcha</b>
29.     <div class="g-recaptcha" data-sitekey="YOUR SITE KEY HERE"></div>
30.     <br/>
31.         <input type="submit" class="btn btn-primary" name="submit" alt="Register" value="Register &raquo;"/>
32.         <input type="hidden" name="register" value="1" />
33.     </form>
34.     <br/>
35. <?php
36.     } else {
37.         $getusername      = $mysqli->real_escape_string($_POST["musername"]); # Get Username
38.        $username         = preg_replace("/[^A-Za-z0-9 ]/", '', $getusername); # Escape and Strip
39.        $password         = $_POST["mpass"]; # Get Password
40.        $confirm_password = $_POST["mpwcheck"]; # Get Confirm Password
41.        $email            = $mysqli->real_escape_string($_POST["memail"]);
42.         $captcha          = $mysqli->real_escape_string($_POST["g-recaptcha-response"]);
43.         $birth            = "1990-01-01";
44.         $ip               = getRealIpAddr();
45.        
46.         $secretkey = "YOUR PRIVATE SITE KEY HERE";
47.        
48.         if (empty($captcha)) {
49.             echo ('<div class="content"><div class="contentbg registerbg"></div><div class="body_register"><div class="alert alert-danger"><b>Error:</b> Please fill in the correct ReCAPTCHA code!<br/><a href="?base=main&page=register" class="areg">&laquo; Go Back</a></div></div></div>');
50.         } else {
51.             $select_user_result = $mysqli->query("SELECT id FROM accounts WHERE name='" . $username . "' OR email='" . $email . "' LIMIT 1");
52.             $returned           = $select_user_result->num_rows;
53.             if ($returned > 0) {
54.                 echo ('<div class="alert alert-danger"><b>Error:</b> This username or email is already used!<br/><a href="?base=main&page=register">&laquo; Go Back</a>');
55.             } else if ($password != $confirm_password) {
56.                 echo ('<div class="alert alert-danger">Passwords didn&apos;t match!<br/><a href="?base=main&page=register">&laquo; Go Back</a></div></div></div>');
57.             } else if (strlen($password) < 4 || strlen($password) > 12) {
58.                 echo ('<div class="alert alert-danger">Your password must be between 4-12 characters<br/><a href="?base=main&page=register">&laquo; Go Back</a>');
59.             } else if (strlen($username) < 4 || strlen($username) > 12) {
60.                 echo ('<div class="alert alert-danger">Your username must be between 4-12 characters<br/><a href="?base=main&page=register">&laquo; Go Back</a>');
61.             } else if (!strstr($email, '@')) {
62.                 echo ('<div class="alert alert-danger">You have filled in a wrong email address<br/><a href="?base=main&page=register">&laquo; Go Back</a>');
63.             } else {
64.                 $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $secretkey . "&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR']);
65.                 if ($response . success == true) {
66.                     //All data is ok
67.                     $password          = sha1($password);
68.                     $insert_user_query = "INSERT INTO accounts (`name`, `password`, `ip`, `email`, `birthday`) VALUES ('" . $username . "', '" . $password . "', '" . $ip . "', '" . $email . "', '" . $birth . "')";
69.                     $mysqli->query($insert_user_query);
70.                     echo '<div class="alert alert-success"><b>Success!</b> Please login, and head to the downloads page to get started!</div>';
71.                 }
72.             }
73.         }
74.     }
75. }
76. ?>