Untitled

<?php
require_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'include'.DIRECTORY_SEPARATOR.'bittorrent.php');
require_once(INCL_DIR.'user_functions.php');
require_once(INCL_DIR.'password_functions.php');
require_once(INCL_DIR.'page_verify.php');
dbconn();
get_template();

$lang = load_language('global');
$newpage = new page_verify();
$newpage->check('tkIs');
$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['maxusers'])
stderr($lang['stderr_errorhead'], sprintf($lang['stderr_ulimit'], $TBDEV['maxusers']));

if (!mkglobal("wantusername:wantpassword:passagain:email:invite"))
die();

function validusername($username) {
if ($username == "")
return false;
// The following characters are allowed in user names
$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i = 0; $i < strlen($username); ++$i)
if (strpos($allowedchars, $username[$i]) === false)
return false;
return true;
}

if (empty($wantusername) || empty($wantpassword) || empty($email) || empty($invite))
stderr("Error","Don't leave any fields blank.");

if(!blacklist($wantusername))
 stderr($lang['takesignup_user_error'],sprintf($lang['takesignup_badusername'],htmlspecialchars($wantusername)));

if (strlen($wantusername) > 12)
stderr("Error","Sorry, username is too long (max is 12 chars)");

if ($wantpassword != $passagain)
stderr("Error","The passwords didn't match! Must've typoed. Try again.");

if (strlen($wantpassword) < 6)
stderr("Error","Sorry, password is too short (min is 6 chars)");

if (strlen($wantpassword) > 40)
stderr("Error","Sorry, password is too long (max is 40 chars)");

if ($wantpassword == $wantusername)
stderr("Error","Sorry, password cannot be same as user name.");

if (!validemail($email))
stderr("Error","That doesn't look like a valid email address.");

if (!validusername($wantusername))
stderr("Error","Invalid username.");

// make sure user agrees to everything...
if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")
stderr("Error","Sorry, you're not qualified to become a member of this site.");

// check if email addy is already in use
$a = (@mysql_fetch_row(@mysql_query('SELECT COUNT(*) FROM users WHERE email = ' . sqlesc($email)))) or die(mysql_error());
if ($a[0] != 0)
stderr('Error', 'The e-mail address <b>' . htmlspecialchars($email) . '</b> is already in use.');

//=== check if ip addy is already in use
$c = (@mysql_fetch_row(@sql_query("select count(*) from users where ip='" . $_SERVER['REMOTE_ADDR'] . "'"))) or die(mysql_error());
if ($c[0] != 0)
stderr("Error", "The ip " . $_SERVER['REMOTE_ADDR'] . " is already in use. We only allow one account per ip address.");

$select_inv = mysql_query('SELECT sender, receiver, status FROM invite_codes WHERE code = ' . sqlesc($invite)) or die(mysql_error());
$rows = mysql_num_rows($select_inv);
$assoc = mysql_fetch_assoc($select_inv);

if ($rows == 0)
stderr("Error","Invite not found.\nPlease request a invite from one of our members.");

if ($assoc["receiver"]!=0)
stderr("Error","Invite already taken.\nPlease request a new one from your inviter.");

$secret = mksecret();
    $wantpasshash = make_passhash( $secret, md5($wantpassword) );
    $editsecret = ( !$arr[0] ? "" : make_passhash_login_key() );

$new_user = mysql_query("INSERT INTO users (username, passhash, secret, editsecret, invitedby, email, ". (!$arr[0]?"class, ":"") ."added) VALUES (" .
implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, (int)$assoc['sender'], $email))).
", ". (!$arr[0]?UC_SYSOP.", ":""). "'".  time() ."')");
if (!$new_user) {
if (mysql_errno() == 1062)
stderr("Error","Username already exists!");
stderr("Error","borked");
}
//===send PM to inviter
$sender = $assoc["sender"];
$added = sqlesc(time());
$msg = sqlesc("Hey there [you] ! :wave:\nIt seems that someone you invited to {$TBDEV['site_name']} has arrived ! :clap2: \n\n Please go to your [url={$TBDEV['baseurl']}/invite.php]Invite page[/url] to confirm them so they can log in.\n\ncheers\n");
$subject = sqlesc("Someone you invited has arrived!");
mysql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, $subject, $sender, $msg, $added)") or sqlerr(__FILE__, __LINE__);
//////////////end/////////////////////
 //==New member pm
    $msg = sqlesc("Hey there {$wantusername} ! Welcome to {$TBDEV['site_name']} ! :clap2: \n\n Please ensure your connectable before downloading or uploading any torrents\n - If your unsure then please use the forum and Faq or pm admin onsite.\n\ncheers {$TBDEV['site_name']} staff.\n");
    $subject = sqlesc("Welcome");
    sql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, $subject, $sender, $msg, $added)") or sqlerr(__FILE__, __LINE__);
    //==End new member pm
$id = mysql_insert_id();
$latestuser_cache['id']       =  (int)$id;
$latestuser_cache['username'] = $wantusername;
/** OOP **/
$mc->set('latestuser', $latestuser_cache, 0, $TBDEV['expires']['latestuser']);
mysql_query('UPDATE invite_codes SET receiver = ' . sqlesc($id) . ', status = "Confirmed" WHERE sender = ' . sqlesc((int)$assoc['sender']). ' AND code = ' . sqlesc($invite)) or sqlerr(__FILE__, __LINE__);
write_log('User account '.htmlspecialchars($wantusername).' was created!');
stderr('Error','Signup successfull', 'Your inviter needs to confirm your account now!');
?>