<?require_once("include/bittorrent.php");$id = 0 + $_GET["id"];$md

1. <?
2.  
3. require_once("include/bittorrent.php");
4.  
5.  
6.  
7. $id = 0 + $_GET["id"];
8. $md5 = $_GET["secret"];
9. if (!$id)
10. httperr();
11.  
12. dbconn();
13.  
14. $res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
15. $arr = mysql_fetch_row($res);
16. if ($arr[0] >= $invites)
17. stderr("Error", "Sorry, user limit reached. Please try again later.");
18.  
19. $res = mysql_query("SELECT editsecret, status FROM users WHERE id = $id");
20. $row = mysql_fetch_array($res);
21.  
22. if (!$row)
23. httperr();
24.  
25. if ($row["status"] != "pending") {
26. header("Refresh: 0; url=../../ok.php?type=confirmed");
27. exit();
28. }
29.  
30. $sec = hash_pad($row["editsecret"]);
31. if ($md5 != md5($sec))
32. httperr();
33.  
34. if (!mkglobal("wantusername:wantpassword:passagain"))
35. die();
36.  
37. function bark($msg) {
38. stdhead();
39. stdmsg("Signup failed!", $msg);
40. stdfoot();
41. exit;
42. }
43.  
44. function validusername($username)
45. {
46. if ($username == "")
47. return false;
48.  
49. // The following characters are allowed in user names
50. $allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
51.  
52. for ($i = 0; $i < strlen($username); ++$i)
53. if (strpos($allowedchars, $username[$i]) === false)
54. return false;
55.  
56. return true;
57. }
58.  
59. function isportopen($port)
60. {
61. global $HTTP_SERVER_VARS;
62. $sd = @fsockopen($HTTP_SERVER_VARS["REMOTE_ADDR"], $port, $errno, $errstr, 1);
63. if ($sd)
64. {
65. fclose($sd);
66. return true;
67. }
68. else
69. return false;
70. }
71.  
72.  
73. if (strlen($wantusername) > 12)
74. bark("Sorry, username is too long (max is 12 chars)");
75.  
76. if ($wantpassword != $passagain)
77. bark("The passwords didn't match! Must've typoed. Try again.");
78.  
79. if (strlen($wantpassword) < 6)
80. bark("Sorry, password is too short (min is 6 chars)");
81.  
82. if (strlen($wantpassword) > 40)
83. bark("Sorry, password is too long (max is 40 chars)");
84.  
85. if ($wantpassword == $wantusername)
86. bark("Sorry, password cannot be same as user name.");
87.  
88. if (!validusername($wantusername))
89. bark("Invalid username.");
90.  
91. // make sure user agrees to everything...
92. if ($HTTP_POST_VARS["rulesverify"] != "yes" || $HTTP_POST_VARS["faqverify"] != "yes" || $HTTP_POST_VARS["ageverify"] != "yes")
93. //stderr("Signup failed", "Sorry, you're not qualified to become a member of this site.");
94.  
95.  
96.  
97. $secret = mksecret();
98. $wantpasshash = md5($secret . $wantpassword . $secret);
99.  
100. $ret = mysql_query("UPDATE users SET username='$wantusername', passhash='$wantpasshash', status='confirmed', editsecret='', secret='$secret' WHERE id=$id");
101.  
102. if (!$ret) {
103. if (mysql_errno() == 1062)
104. bark("Username already exists!");
105. bark("Database Update Failed");
106.  
107. }
108.  
109. logincookie($id, $wantpasshash);
110.  
111. header("Refresh: 0; url=../../ok.php?type=confirm");
112.  
113.  
114.  
115. ?>