<?phpif(basename($_SERVER["PHP_SELF"]) == "register.php"){ die("403 - A

1.  
2. <?php
3. if(basename($_SERVER["PHP_SELF"]) == "register.php"){
4. die("403 - Access Forbidden");
5. }
6. ?>
7. <h2 class="text-center">Register to <?php echo $servername; ?></h2>
8. <hr/>
9. <?php
10. if (@$_POST["register"] != "1") {
11. ?>
12. <form action="?p=register" method="POST" role="form">
13. <div class="form-group">
14. <label for="inputUser">Username</label>
15. <input type="text" name="musername" maxlength="12" class="form-control" id="inputUser" required autocomplete="off" placeholder="Username">
16. </div>
17. <div class="form-group">
18. <label for="inputPass">Password</label>
19. <input type="password" name="mpass" maxlength="30" class="form-control" id="inputPass" required autocomplete="off" placeholder="Password">
20. </div>
21. <div class="form-group">
22. <label for="inputConfirm">Confirm Password</label>
23. <input type="password" name="mpwcheck" maxlength="30" class="form-control" id="inputConfirm" required autocomplete="off" placeholder="Confirm Password">
24. </div>
25. <div class="form-group">
26. <label for="inputEmail">Email</label>
27. <input type="email" name="memail" maxlength="50" class="form-control" id="inputEmail" required autocomplete="off" placeholder="Email">
28. </div>
29. <b>ReCaptcha</b>
30. <?php
31. require_once('assets/config/recaptchalib.php');
32. $error = null;
33. $publickey = "6LemqAwAAAAAAF4dIpSjTB3GJt1ax0MRQ9FvOX_T";
34. $privatekey = "6LemqAwAAAAAAO69RT3j9M1eHPX_ahhmC6Gakuwb";
35. echo recaptcha_get_html($publickey, $error);
36. ?>
37. <br/>
38. <input type="submit" class="btn btn-primary" name="submit" value="Register &raquo;"/>
39. <input type="hidden" name="register" value="1" />
40. </form>
41. <br/>
42. <?php
43. } else {
44. if (!isset($_POST["musername"]) OR
45. !isset($_POST["mpass"]) OR
46. !isset($_POST["mpwcheck"]) OR
47. !isset($_POST["memail"]) OR
48. !isset($_POST["recaptcha_response_field"])) {
49. die ("<div class=\"alert alert-error\"><b>Error A:</b> Please fill in the correct ReCAPTCHA code!<br/><a href=\"?cype=main&page=register\" class=\"areg\">&laquo; Go Back</a></div>");
50. }
51.  
52. $getusername = $mysqli->real_escape_string($_POST["musername"]); # Get Username
53. $username = preg_replace("/[^A-Za-z0-9 ]/", '', $getusername); # Escape and Strip
54. $password = $mysqli->real_escape_string($_POST["mpass"]); # Get Password
55. $confirm_password = $mysqli->real_escape_string($_POST["mpwcheck"]); # Get Confirm Password
56. $email = $mysqli->real_escape_string($_POST["memail"]);
57. $birth = "1990-01-01";
58. $ip = $_SERVER["REMOTE_ADDR"];
59.  
60. $continue = false;
61.  
62. require_once('assets/config/recaptchalib.php');
63. $publickey = "6LemqAwAAAAAAF4dIpSjTB3GJt1ax0MRQ9FvOX_T";
64. $privatekey = "6LemqAwAAAAAAO69RT3j9M1eHPX_ahhmC6Gakuwb";
65.  
66. $resp = null;
67. $error = null;
68. if ($_POST["recaptcha_response_field"]) {
69. $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
70. if ($resp->is_valid) {
71. $continue = true;
72. }
73. }
74.  
75. if (!$continue) {
76. echo ("<div class=\"alert alert-danger\"><b>Error:</b> Please fill in the correct ReCAPTCHA code!<br/><a href=\"?p=register\" class=\"areg\">&laquo; Go Back</a></div>");
77. } else {
78. $select_user_result = $mysqli->query("SELECT id FROM accounts WHERE name='".$username."' OR email='".$email."' LIMIT 1");
79. $returned = $select_user_result->num_rows;
80. if ($returned > 0) {
81. echo ("<div class=\"alert alert-danger\"><b>Error:</b> This username or email is already used!<br/><a href=\"?p=register\" class=\"areg\">&laquo; Go Back</a></div>");
82. } else if ($password != $confirm_password) {
83. echo ("<div class=\"alert alert-danger\">Passwords didn't match!<br/><a href=\"?p=register\" class=\"areg\">&laquo; Go Back</a></div>");
84. } else if (strlen($password) < 4 || strlen($password) > 12) {
85. echo ("<div class=\"alert alert-danger\">Your password must be between 4-12 characters<br/><a href=\"?p=register\" class=\"areg\">&laquo; Go Back</a></div>");
86. } else if (strlen($username) < 4 || strlen($username) > 12) {
87. echo ("<div class=\"alert alert-danger\">Your username must be between 4-12 characters<br/><a href=\"?p=register\" class=\"areg\">&laquo; Go Back</a></div>");
88. } else if (!strstr($email, '@')) {
89. echo ("<div class=\"alert alert-danger\">You have filled in a wrong email address<br/><a href=\"?p=register\" class=\"areg\">&laquo; Go Back</a></div>");
90. } else {
91. //All data is ok
92. $insert_user_query = "INSERT INTO accounts (`name`, `password`, `email`) VALUES ('".$username."', '".hash("sha1", $password)."', '".$email."')";
93. $mysqli->query($insert_user_query);
94.  
95. echo "<div class=\"alert alert-success\"><b>Success!</b> Please head over to the downloads page to get started!</div>";
96. }
97. }
98. }
99. ?>