<?php// AcmlmBoard XD - User account registration page// Access: any, but

1. <?php
2. // AcmlmBoard XD - User account registration page
3. // Access: any, but meant for guests.
4. if (!defined('BLARG')) die();
5.  
6. $title = __("Register");
7. MakeCrumbs(array('' => __('Register')));
8.  
9. $sexes = array(__("Male"), __("Female"), __("N/A"));
10.  
11. if($_POST['register'])
12. {
13. if (IsProxy())
14. {
15. $err = __('Registrations from proxies are not allowed. Turn off your proxy and try again.');
16. Report("Proxy registration denied from: ".$_SERVER['REMOTE_ADDR']." (username: ".$_POST['name']." password: ".$_POST['pass']." email: ".$_POST['email']);
17. }
18. else
19. {
20. $name = $_POST['name'];
21. $cname = trim(str_replace(" ","", strtolower($name)));
22.  
23. $rUsers = Query("select name, displayname from {users}");
24. while($user = Fetch($rUsers))
25. {
26. $uname = trim(str_replace(" ", "", strtolower($user['name'])));
27. if($uname == $cname)
28. break;
29. $uname = trim(str_replace(" ", "", strtolower($user['displayname'])));
30. if($uname == $cname)
31. break;
32. }
33.  
34. $ipKnown = FetchResult("select COUNT(*) from {users} where lastip={0}", $_SERVER['REMOTE_ADDR']);
35.  
36. if (stripos($_POST['email'], '@dispostable.com') !== FALSE)
37. $err = __('Registration failed. Try again later.');
38. else if (!$cname)
39. $err = __('Enter a username and try again.');
40. elseif($uname == $cname)
41. $err = __("This user name is already taken. Please choose another.");
42. elseif($ipKnown >= 1)
43. $err = __("An account is already registered to this IP.");
44. else if(!$_POST['readFaq'])
45. $err = format(__("You really should {0}read the FAQ{1}&hellip;"), "<a href=\"".htmlspecialchars(actionLink("faq"))."\">", "</a>");
46. else if ($_POST['likesCake'])
47. $err = __("Robots not allowed.");
48. else if(strlen($_POST['pass']) < 4)
49. $err = __("Your password must be at least four characters long.");
50. else if ($_POST['pass'] !== $_POST['pass2'])
51. $err = __("The passwords you entered don't match.");
52. else if (preg_match("@^(MKDS|MK7|SM64DS|SMG|NSMB)\d*?@si", $uname))
53. $err = __("Come on, you could be a little more original with your username!");
54. }
55.  
56. if($err)
57. {
58. Alert($err, __('Error'));
59. }
60. else
61. {
62. $newsalt = Shake();
63. $sha = doHash($_POST['pass'].SALT.$newsalt);
64. $uid = FetchResult("SELECT id+1 FROM {users} WHERE (SELECT COUNT(*) FROM {users} u2 WHERE u2.id={users}.id+1)=0 ORDER BY id ASC LIMIT 1");
65. if($uid < 1) $uid = 1;
66.  
67. $rUsers = Query("insert into {users} (id, name, password, pss, primarygroup, regdate, lastactivity, lastip, email, sex, theme) values ({0}, {1}, {2}, {3}, {4}, {5}, {5}, {6}, {7}, {8}, {9})",
68. $uid, $_POST['name'], $sha, $newsalt, Settings::get('defaultGroup'), time(), $_SERVER['REMOTE_ADDR'], $_POST['email'], (int)$_POST['sex'], Settings::get("defaultTheme"));
69.  
70. //if($uid == 1)
71. // Query("update {users} set primarygroup = {0} where id = 1", Settings::get('rootGroup'));
72.  
73. Report("New user: [b]".$_POST['name']."[/] (#".$uid.") -> [g]#HERE#?uid=".$uid);
74.  
75. $user = Fetch(Query("select * from {users} where id={0}", $uid));
76. $user['rawpass'] = $_POST['pass'];
77.  
78. $bucket = "newuser"; include(BOARD_ROOT."lib/pluginloader.php");
79.  
80.  
81. $rLogUser = Query("select id, pss, password from {users} where 1");
82. $matches = array();
83.  
84. while($testuser = Fetch($rLogUser))
85. {
86. if($testuser['id'] == $user['id'])
87. continue;
88.  
89. $sha = doHash($_POST['pass'].SALT.$testuser['pss']);
90. if($testuser['password'] === $sha)
91. $matches[] = $testuser['id'];
92. }
93.  
94. if (count($matches) > 0)
95. Query("INSERT INTO {passmatches} (date,ip,user,matches) VALUES (UNIX_TIMESTAMP(),{0},{1},{2})", $_SERVER['REMOTE_ADDR'], $user['id'], implode(',',$matches));
96.  
97. // mark threads older than 15min as read
98. Query("INSERT INTO {threadsread} (id,thread,date) SELECT {0}, id, {1} FROM {threads} WHERE lastpostdate<={2} ON DUPLICATE KEY UPDATE date={1}", $uid, time(), time()-900);
99.  
100.  
101. if($_POST['autologin'])
102. {
103. $sessionID = Shake();
104. setcookie("logsession", $sessionID, 0, URL_ROOT, "", false, true);
105. Query("INSERT INTO {sessions} (id, user, autoexpire) VALUES ({0}, {1}, {2})", doHash($sessionID.SALT), $user['id'], 0);
106. die(header("Location: ".htmlspecialchars(actionLink('profile', $user['id'], '', $user['name']))));
107. }
108. else
109. die(header("Location: ".htmlspecialchars(actionLink("login"))));
110. }
111. }
112. else
113. {
114. $_POST['name'] = '';
115. $_POST['email'] = '';
116. $_POST['sex'] = 2;
117. $_POST['autologin'] = 0;
118. }
119.  
120. $fields = array(
121. 'username' => "<input type=\"text\" name=\"name\" maxlength=20 size=24 value=\"".htmlspecialchars($_POST['name'])."\" class=\"required\">",
122. 'password' => "<input type=\"password\" name=\"pass\" size=24 class=\"required\">",
123. 'password2' => "<input type=\"password\" name=\"pass2\" size=24 class=\"required\">",
124. 'email' => "<input type=\"email\" name=\"email\" value=\"".htmlspecialchars($_POST['email'])."\" maxlength=\"60\" size=24>",
125. 'sex' => MakeOptions("sex",$_POST['sex'],$sexes),
126. 'readfaq' => "<label><input type=\"checkbox\" name=\"readFaq\">".format(__("I have read the {0}FAQ{1}"), "<a href=\"".htmlspecialchars(actionLink("faq"))."\">", "</a>")."</label>",
127. 'autologin' => "<label><input type=\"checkbox\" checked=\"checked\" name=\"autologin\"".($_POST['autologin']?' checked="checked"':'').">".__("Log in afterwards")."</label>",
128.  
129. 'btnRegister' => "<input type=\"submit\" name=\"register\" value=\"".__("Register")."\">",
130. );
131.  
132. echo "<form action=\"".htmlentities(actionLink("register"))."\" method=\"post\">";
133.  
134. RenderTemplate('form_register', array('fields' => $fields));
135.  
136. echo "<span style=\"display : none;\"><input type=\"checkbox\" name=\"likesCake\"> I am a robot</span></form>";
137.  
138.  
139. function MakeOptions($fieldName, $checkedIndex, $choicesList)
140. {
141. $checks[$checkedIndex] = " checked=\"checked\"";
142. foreach($choicesList as $key=>$val)
143. $result .= format("
144. <label>
145. <input type=\"radio\" name=\"{1}\" value=\"{0}\"{2}>
146. {3}
147. </label>", $key, $fieldName, $checks[$key], $val);
148. return $result;
149. }
150.  
151. function IsProxy() {
152. if ($_SERVER['HTTP_X_FORWARDED_FOR'] && $_SERVER['HTTP_X_FORWARDED_FOR'] != $_SERVER['REMOTE_ADDR'])
153. return true;
154. $page = file_get_contents('http://api.stopforumspam.org/api?ip='.$_SERVER['REMOTE_ADDR'].'&email='.$_POST['email'].'&json&notorexit');
155. $a = json_decode($page);
156. if($a->ip->torexit == 1)
157. return true;
158. return false;
159. }
160.  
161. ?>
162. <?php
163. // AcmlmBoard XD - User account registration page
164. // Access: any, but meant for guests.
165. if (!defined('BLARG')) die();
166.  
167. $title = __("Register");
168. MakeCrumbs(array('' => __('Register')));
169.  
170. $sexes = array(__("Male"), __("Female"), __("N/A"));
171.  
172. if($_POST['register'])
173. {
174. if (IsProxy())
175. {
176. $err = __('Registrations from proxies are not allowed. Turn off your proxy and try again.');
177. Report("Proxy registration denied from: ".$_SERVER['REMOTE_ADDR']." (username: ".$_POST['name']." password: ".$_POST['pass']." email: ".$_POST['email']);
178. }
179. else
180. {
181. $name = $_POST['name'];
182. $cname = trim(str_replace(" ","", strtolower($name)));
183.  
184. $rUsers = Query("select name, displayname from {users}");
185. while($user = Fetch($rUsers))
186. {
187. $uname = trim(str_replace(" ", "", strtolower($user['name'])));
188. if($uname == $cname)
189. break;
190. $uname = trim(str_replace(" ", "", strtolower($user['displayname'])));
191. if($uname == $cname)
192. break;
193. }
194.  
195. $ipKnown = FetchResult("select COUNT(*) from {users} where lastip={0}", $_SERVER['REMOTE_ADDR']);
196.  
197. if (stripos($_POST['email'], '@dispostable.com') !== FALSE)
198. $err = __('Registration failed. Try again later.');
199. else if (!$cname)
200. $err = __('Enter a username and try again.');
201. elseif($uname == $cname)
202. $err = __("This user name is already taken. Please choose another.");
203. elseif($ipKnown >= 1)
204. $err = __("An account is already registered to this IP.");
205. else if(!$_POST['readFaq'])
206. $err = format(__("You really should {0}read the FAQ{1}&hellip;"), "<a href=\"".htmlspecialchars(actionLink("faq"))."\">", "</a>");
207. else if ($_POST['likesCake'])
208. $err = __("Robots not allowed.");
209. else if(strlen($_POST['pass']) < 4)
210. $err = __("Your password must be at least four characters long.");
211. else if ($_POST['pass'] !== $_POST['pass2'])
212. $err = __("The passwords you entered don't match.");
213. else if (preg_match("@^(MKDS|MK7|SM64DS|SMG|NSMB)\d*?@si", $uname))
214. $err = __("Come on, you could be a little more original with your username!");
215. }
216.  
217. if($err)
218. {
219. Alert($err, __('Error'));
220. }
221. else
222. {
223. $newsalt = Shake();
224. $sha = doHash($_POST['pass'].SALT.$newsalt);
225. $uid = FetchResult("SELECT id+1 FROM {users} WHERE (SELECT COUNT(*) FROM {users} u2 WHERE u2.id={users}.id+1)=0 ORDER BY id ASC LIMIT 1");
226. if($uid < 1) $uid = 1;
227.  
228. $rUsers = Query("insert into {users} (id, name, password, pss, primarygroup, regdate, lastactivity, lastip, email, sex, theme) values ({0}, {1}, {2}, {3}, {4}, {5}, {5}, {6}, {7}, {8}, {9})",
229. $uid, $_POST['name'], $sha, $newsalt, Settings::get('defaultGroup'), time(), $_SERVER['REMOTE_ADDR'], $_POST['email'], (int)$_POST['sex'], Settings::get("defaultTheme"));
230.  
231. //if($uid == 1)
232. // Query("update {users} set primarygroup = {0} where id = 1", Settings::get('rootGroup'));
233.  
234. Report("New user: [b]".$_POST['name']."[/] (#".$uid.") -> [g]#HERE#?uid=".$uid);
235.  
236. $user = Fetch(Query("select * from {users} where id={0}", $uid));
237. $user['rawpass'] = $_POST['pass'];
238.  
239. $bucket = "newuser"; include(BOARD_ROOT."lib/pluginloader.php");
240.  
241.  
242. $rLogUser = Query("select id, pss, password from {users} where 1");
243. $matches = array();
244.  
245. while($testuser = Fetch($rLogUser))
246. {
247. if($testuser['id'] == $user['id'])
248. continue;
249.  
250. $sha = doHash($_POST['pass'].SALT.$testuser['pss']);
251. if($testuser['password'] === $sha)
252. $matches[] = $testuser['id'];
253. }
254.  
255. if (count($matches) > 0)
256. Query("INSERT INTO {passmatches} (date,ip,user,matches) VALUES (UNIX_TIMESTAMP(),{0},{1},{2})", $_SERVER['REMOTE_ADDR'], $user['id'], implode(',',$matches));
257.  
258. // mark threads older than 15min as read
259. Query("INSERT INTO {threadsread} (id,thread,date) SELECT {0}, id, {1} FROM {threads} WHERE lastpostdate<={2} ON DUPLICATE KEY UPDATE date={1}", $uid, time(), time()-900);
260.  
261.  
262. if($_POST['autologin'])
263. {
264. $sessionID = Shake();
265. setcookie("logsession", $sessionID, 0, URL_ROOT, "", false, true);
266. Query("INSERT INTO {sessions} (id, user, autoexpire) VALUES ({0}, {1}, {2})", doHash($sessionID.SALT), $user['id'], 0);
267. die(header("Location: ".htmlspecialchars(actionLink('profile', $user['id'], '', $user['name']))));
268. }
269. else
270. die(header("Location: ".htmlspecialchars(actionLink("login"))));
271. }
272. }
273. else
274. {
275. $_POST['name'] = '';
276. $_POST['email'] = '';
277. $_POST['sex'] = 2;
278. $_POST['autologin'] = 0;
279. }
280.  
281. $fields = array(
282. 'username' => "<input type=\"text\" name=\"name\" maxlength=20 size=24 value=\"".htmlspecialchars($_POST['name'])."\" class=\"required\">",
283. 'password' => "<input type=\"password\" name=\"pass\" size=24 class=\"required\">",
284. 'password2' => "<input type=\"password\" name=\"pass2\" size=24 class=\"required\">",
285. 'email' => "<input type=\"email\" name=\"email\" value=\"".htmlspecialchars($_POST['email'])."\" maxlength=\"60\" size=24>",
286. 'sex' => MakeOptions("sex",$_POST['sex'],$sexes),
287. 'readfaq' => "<label><input type=\"checkbox\" name=\"readFaq\">".format(__("I have read the {0}FAQ{1}"), "<a href=\"".htmlspecialchars(actionLink("faq"))."\">", "</a>")."</label>",
288. 'autologin' => "<label><input type=\"checkbox\" checked=\"checked\" name=\"autologin\"".($_POST['autologin']?' checked="checked"':'').">".__("Log in afterwards")."</label>",
289.  
290. 'btnRegister' => "<input type=\"submit\" name=\"register\" value=\"".__("Register")."\">",
291. );
292.  
293. echo "<form action=\"".htmlentities(actionLink("register"))."\" method=\"post\">";
294.  
295. RenderTemplate('form_register', array('fields' => $fields));
296.  
297. echo "<span style=\"display : none;\"><input type=\"checkbox\" name=\"likesCake\"> I am a robot</span></form>";
298.  
299.  
300. function MakeOptions($fieldName, $checkedIndex, $choicesList)
301. {
302. $checks[$checkedIndex] = " checked=\"checked\"";
303. foreach($choicesList as $key=>$val)
304. $result .= format("
305. <label>
306. <input type=\"radio\" name=\"{1}\" value=\"{0}\"{2}>
307. {3}
308. </label>", $key, $fieldName, $checks[$key], $val);
309. return $result;
310. }
311.  
312. function IsProxy() {
313. if ($_SERVER['HTTP_X_FORWARDED_FOR'] && $_SERVER['HTTP_X_FORWARDED_FOR'] != $_SERVER['REMOTE_ADDR'])
314. return true;
315. $page = file_get_contents('http://api.stopforumspam.org/api?ip='.$_SERVER['REMOTE_ADDR'].'&email='.$_POST['email'].'&json&notorexit');
316. $a = json_decode($page);
317. if($a->ip->torexit == 1)
318. return true;
319. return false;
320. }
321.  
322. ?>