<?require_once("include/bittorrent.php");dbconn(); set_time_limit(0);

1. <?
2.  
3. require_once("include/bittorrent.php");
4. dbconn();
5.  
6. set_time_limit(0);
7. ignore_user_abort(1);
8.  
9. if (!mkglobal("wantusername:wantpassword:passagain:email:language:invitekod"))
10. httperr();
11.  
12. function bark($msg) {
13. stdhead();
14. stdmsg("Failed!", $msg);
15. stdfoot();
16. exit;
17. }
18.  
19. function validinvitekod($kod)
20. {
21. $o = mysql_query("SELECT * FROM invites WHERE secret = '$kod';") or sqlerr(__FILE__, __LINE__);
22. $b = mysql_num_rows($o);
23.  
24. if($b == 1)
25. return True;
26. else
27. return False;
28. }
29.  
30.  
31.  
32.  
33. $eh = sqlesc($wantusername);
34. $count = mysql_query("SELECT * FROM users WHERE username = $eh;") or sqlerr(__FILE__, __LINE__);
35.  
36. if(mysql_num_rows($count)>0)
37. {
38. stderr("Error","Username taken.");
39. }
40.  
41.  
42.  
43.  
44.  
45. function validusername($username)
46. {
47. if ($username == "")
48. return false;
49.  
50. // The following characters are allowed in user names
51. $allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
52.  
53. for ($i = 0; $i < strlen($username); ++$i)
54. if (strpos($allowedchars, $username[$i]) === false)
55. return false;
56.  
57. return true;
58. }
59.  
60. function validatepass($pass)
61. {
62.  
63. //if((ctype_digit($pass) || ctype_alpha($pass)) && strlen($pass) <7)
64. //bark("The password must contain both letters and digits.");
65.  
66. if($pass == 'abc123')
67. bark("Oh please... abc123 is the worst password ever.");
68.  
69. if($pass == 'hejsan')
70. bark("Oh please... hejsan is the worst password ever.");
71.  
72. if($pass == '123456')
73. bark("Oh please... 123456 is the worst password ever.");
74.  
75. if($pass == 'password')
76. bark("Oh please... password is the worst password ever.");
77.  
78. if($pass == 'qwerty')
79. bark("Oh please... qwerty is the worst password ever.");
80.  
81. if($pass == 'hejhej')
82. bark("Oh please... hejhej is the worst password ever.");
83.  
84. if($pass == 'bajskorv')
85. bark("Oh please... bajskorv is the worst password ever.");
86.  
87. if($pass == 'kalle')
88. bark("Oh please... kalle is the worst password ever.");
89.  
90. if($pass == 'general')
91. bark("Oh please... general is the worst password ever.");
92.  
93. if (strlen($pass) < 6)
94. bark("Password too short (atleast 6 chars)");
95. if (strlen($pass) > 20)
96. bark("Password too long (maximum 20 chars)");
97.  
98. return true;
99. }
100.  
101. function isportopen($port)
102. {
103. global $HTTP_SERVER_VARS;
104. $sd = @fsockopen($HTTP_SERVER_VARS["REMOTE_ADDR"], $port, $errno, $errstr, 1);
105. if ($sd)
106. {
107. fclose($sd);
108. return true;
109. }
110. else
111. return false;
112. }
113. /*
114. function isproxy()
115. {
116. $ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);
117. for ($i = 0; $i < count($ports); ++$i)
118. if (isportopen($ports[$i])) return true;
119. return false;
120. }
121. */
122. if (empty($wantusername) || empty($wantpassword) || empty($email))
123. bark("Dont leave any fields blank.");
124.  
125. if (strlen($wantusername) > 12)
126. bark("Username too long. (Max 12 chars)");
127.  
128. if ($wantpassword != $passagain)
129. bark("Password missmatch.");
130.  
131.  
132. if ($wantpassword == $wantusername)
133. bark("The password cant be the same as the username.");
134.  
135. if (!validusername($wantusername))
136. bark("Invalid username");
137.  
138.  
139. if (!validatepass($wantpassword))
140. bark("Pick another password...");
141.  
142. if (!validinvitekod($invitekod))
143. bark("Bad invitecode.");
144.  
145. if (!validemail($email))
146. bark("That doesn't look like a valid email address.");
147.  
148. // make sure user agrees to everything...
149.  
150. $a = (@mysql_fetch_row(@mysql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
151. if ($a[0] != 0)
152. bark("The e-mail address $email is already in use.");
153.  
154.  
155. $wantpasshash = "temp";
156.  
157. $gender = 0+$_POST["gender"];
158. $alder = 0+$_POST["alder"];
159.  
160. $b = mysql_query("SELECT * FROM invites WHERE secret = '$invitekod';") or sqlerr(__FILE__, __LINE__);
161. $oo = mysql_fetch_array($b);
162.  
163. $inv = $oo[userid];
164. $ip = $_SERVER["REMOTE_ADDR"];
165.  
166. $passkey = md5($CURUSER['username'].get_date_time().$CURUSER['passhash']);
167.  
168. //$ret = mysql_query("INSERT INTO users (username, passhash, email, passkey, invited_by, added, last_access,byttpass) VALUES (" .implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $email, $passkey, $inv))) .",'" . get_date_time() . "','" . get_date_time() . "',1)");
169.  
170. $ret = mysql_query("INSERT INTO users (username, passhash, email, passkey, invited_by, language, added, last_access, ip, gender, alder) VALUES (" .implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $email, $passkey, $inv, $language))) .",'" . get_date_time() . "','" . get_date_time() . "', '$ip', $gender, $alder)");
171.  
172.  
173. if (!$ret) {
174. if (mysql_errno() == 1062)
175. bark("MySQL fel i skapning av kontot!");
176. bark("Fel?");
177. }
178.  
179. $uid = mysql_insert_id();
180.  
181. $msg = sqlesc("The invite sent to {$email} is accepted and he/she choosed [url=/userdetails.php?id={$uid}][b]{$wantusername}[/b][/url] as username.");
182. $dt = sqlesc(get_date_time());
183. mysql_query("INSERT INTO messages (sender, receiver, added, msg, subject) VALUES(1, $inv, $dt, $msg, 'Invite accepted')") or sqlerr(__FILE__, __LINE__);
184.  
185.  
186.  
187. $ro = mysql_fetch_array(mysql_query("SELECT added FROM users WHERE id = $uid LIMIT 1"));
188. $nyhash = md5(md5($wantpassword.$ro["added"])."korvspad1".$wantpassword);
189. mysql_query("UPDATE users SET passhash = '$nyhash' WHERE id = $uid LIMIT 1;") or sqlerr(__FILE__, __LINE__);
190.  
191. // Ny-Regg-Koll
192.  
193.  
194. $ip = $_SERVER["REMOTE_ADDR"];
195. $iplog = mysql_query("SELECT COUNT(*) FROM iplog WHERE ip = '$ip'") or sqlerr(__FILE__, __LINE__);
196. $iplog = mysql_fetch_array($iplog);
197.  
198. $host = gethostbyaddr($ip);
199.  
200.  
201. $regg = mysql_query("SELECT COUNT(*) FROM inlogg WHERE ip = '$ip'");
202. $regg = mysql_fetch_array($regg);
203.  
204. $ilog = $iplog[0] + $regg[0];
205.  
206.  
207. $level1 = mysql_num_rows(mysql_query("SELECT enabled FROM `inlogg` JOIN users on inlogg.uid = users.id WHERE inlogg.ip = '$ip' AND enabled = 'no'"));
208.  
209. $level2 = mysql_num_rows(mysql_query("SELECT enabled FROM `iplog` JOIN users on iplog.userid = users.id WHERE iplog.ip = '$ip' AND enabled = 'no'"));
210.  
211. if( ($level1+$level2) > 0 )
212. $level = 1;
213. else
214. $level = 0;
215.  
216. mysql_query("INSERT INTO nyregg(userid, datum, ip, hostname, email, log_mail, log_ip, level) VALUES($uid, '".get_date_time()."', '$ip', '$host', '$email', 0, $ilog, $level)") or sqlerr(__FILE__, __LINE__);
217.  
218.  
219. // Regg-koll-slut
220.  
221.  
222.  
223.  
224.  
225.  
226.  
227. mysql_query("DELETE FROM invites WHERE secret = '$invitekod';") or sqlerr(__FILE__, __LINE__);
228.  
229. $passh = md5($HTTP_SERVER_VARS["REMOTE_ADDR"].$nyhash."hejsan".$HTTP_SERVER_VARS["REMOTE_ADDR"]);
230. logincookie($uid, $passh);
231.  
232.  
233.  
234.  
235.  
236. header("Refresh: 0; url=faq.php");
237.  
238.  
239. ?>