Bravo List - View Single Post

Joe · #4 10th April 2014, 05:19

Have a try at this a sit was posted for the 09 source and I know pytn bigjjoes and pdq all used this along the way..

Code:

mproved & Safer Number Key Invite System By Neptune. 
Reworked for Tbdev 09
Xhtml Valid

The files are now up to date for 2009 final revision.

/**
* @sql
*/
Code: SQL
CREATE TABLE `invite_codes` (
  `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
  `sender` INT(10) UNSIGNED NOT NULL DEFAULT '0',
  `receiver` VARCHAR(32) NOT NULL DEFAULT '0',
  `code` VARCHAR(32) NOT NULL DEFAULT '',
  `invite_added` INT(10) NOT NULL,
  `status` enum('Pending','Confirmed') NOT NULL DEFAULT 'Pending',
  PRIMARY KEY  (`id`),
  KEY `sender` (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
ALTER TABLE `users` ADD `invites` INT(10) UNSIGNED NOT NULL DEFAULT '1';
ALTER TABLE `users` ADD `invitedby` INT(10) UNSIGNED NOT NULL DEFAULT '0';
ALTER TABLE `users` ADD `invite_rights` enum('yes','no') NOT NULL DEFAULT 'yes';
ALTER TABLE `users` ADD `invitees` VARCHAR(100) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL DEFAULT '';


/**
* @file config.php
*/

add after maxusers
Code: PHP
$TBDEV['invites'] = 3500; // set this to what you want



/**
* @file userdetails.php
*/

for displaying invitees
Code: PHP
if ($CURUSER['class'] >= UC_MODERATOR && $user['invitedby'] > 0 || $user['id'] == $CURUSER['id'] && $user['invitedby'] > 0) {
       $invitedby = mysql_query('SELECT username FROM users WHERE id = ' . sqlesc($user['invitedby']));
       $invitedby2 = mysql_fetch_array($invitedby);
       $HTMLOUT .= "<tr><td class='rowhead'>{$lang['userdetails_invby']}</td><td align='left'><a href='{$TBDEV['baseurl']}/userdetails.php?id=".$user['invitedby']."'>'".htmlspecialchars($invitedby2['username'])."'</a></td></tr>"; }



Or the old original code :
Code: PHP
if ($CURUSER["class"] >= UC_MODERATOR && $user["invites"] > 0 || $user["id"] == $CURUSER["id"] && $user["invites"] > 0)
    $HTMLOUT .="<tr><td class='rowhead'>{$lang['userdetails_invites']}</td><td align='left'><a href='{$TBDEV['baseurl']}/invite.php'>".htmlspecialchars($user["invites"])."</a></td></tr>\n";
    if ($CURUSER["class"] >= UC_MODERATOR && $user["invitedby"] > 0 || $user["id"] == $CURUSER["id"] && $user["invitedby"] > 0)
    {
    $invitedby = mysql_query("SELECT username FROM users WHERE id=$user[invitedby]");
    $invited_by2 = mysql_fetch_assoc($invitedby);
    $HTMLOUT .="<tr><td class='rowhead'>{$lang['userdetails_invby']}invited by</td><td align='left'><a href='{$TBDEV['baseurl']}/userdetails.php?id=$user[invitedby]'>$invited_by2[username]</a></td></tr>\n";
    }
    if ($CURUSER["class"] >= UC_MODERATOR && $user["invitees"] > 0 || $user["id"] == $CURUSER["id"] && $user["invitees"] > 0)
    {
    $compl = $user["invitees"];
    $compl_list = explode(" ", $compl);
    $arr = array();
    foreach($compl_list as $array_list)
    $arr[] = $array_list;
    $compl_arr = array_reverse($arr, TRUE);
    $f=0;
    foreach($compl_arr as $user_id)
    {
    $compl_user = mysql_query("SELECT id, username FROM users WHERE id='$user_id' and status='confirmed'");
    $compl_users = mysql_fetch_assoc($compl_user);
    if ($compl_users["id"] > 0)
    {
    $HTMLOUT .="<tr><td class='rowhead' width='1%'>{$lang['userdetails_invitees']}</td><td>";
    $compl = $user["invitees"];
    $compl_list = explode(" ", $compl);
    $arr = array();
    foreach($compl_list as $array_list)
    $arr[] = $array_list;
    $compl_arr = array_reverse($arr, TRUE);
    $i = 0;
    foreach($compl_arr as $user_id)
    {
    $compl_user = mysql_query("SELECT id, username FROM users WHERE id='$user_id' and status='confirmed' ORDER BY username");
    $compl_users = mysql_fetch_assoc($compl_user);
    $HTMLOUT .="<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . $compl_users["id"] . "'>" . $compl_users["username"] . "</a> ";
    if ($i == "9")
    break;
    $i++;
    }
    $HTMLOUT .="</td></tr>";
    $f = 1;
    }
    if ($f == "1")
    break;
    }
    }


@File lang/en/lang_userdetails.php :
Code: PHP
'userdetails_invites' => "Invites",
'userdetails_invitees' => "Invitees",
'userdetails_invby' => 'Invited by',




/**
* @file userdetails.php
*/

staff section, set invite on or off & invite amount
Code: PHP
$HTMLOUT .= "<tr><td class='rowhead'>{$lang['userdetails_invright']}</td><td class='row' colspan='2' align='left'><input type='radio' name='invite_rights' value='yes'" .($user["invite_rights"]=="yes" ? " checked='checked'" : "") . " />{$lang['userdetails_yes']}<input type='radio' name='invite_rights' value='no'" .($user["invite_rights"]=="no" ? " checked='checked'" : "") . " />{$lang['userdetails_no']}</td></tr>\n";
      $HTMLOUT .= "<tr><td class='rowhead' align='right'><b>{$lang['userdetails_invites']}</b></td><td colspan='2' align='left' class='rowhead'><input type='text' size='3' name='invites' value='" . htmlspecialchars($user['invites']) . "' /></td></tr>\n";




/**
* @file lang/en/lang_userdetails.php
*/

lang_userdetails.php add 
Code: PHP
'userdetails_invright' => "Invite rights",
'userdetails_invites' => "Invites",
'userdetails_invby' => "Invited by",




/**
* @file modtask.php
*/
Code: PHP
// invite rights
      if ((isset($_POST['invite_rights'])) && (($invite_rights = $_POST['invite_rights']) != $user['invite_rights'])){
      if ($invite_rights == 'yes')
      {
      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite rights enabled by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;
      $msg = sqlesc("Your invite rights have been given back by " . htmlspecialchars($CURUSER['username']) . ". You can invite users again.");
      $added = time();
      mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
      }
      elseif ($invite_rights == 'no'){
      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite rights disabled by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;
      $msg = sqlesc("Your invite rights have been removed by " . htmlspecialchars($CURUSER['username']) . ", probably because you invited a bad user.");
      $added = time();
      mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
      }
      $updateset[] = "invite_rights = " . sqlesc($invite_rights);
      }
      // change invite amount
      if ((isset($_POST['invites'])) && (($invites = $_POST['invites']) != ($curinvites = $user['invites'])))
      {
      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite amount changed to ".$invites." from ".$curinvites." by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;
      $updateset[] = "invites = " . sqlesc($invites);
      }



/**
* @file bittorrent.php ~lines 906-907 to display invites
*/
Code: PHP
"$IsDonor$warn  [<a href='{$TBDEV['baseurl']}/logout.php'>{$lang['gl_logout']}</a>] $member_reputation".
      "  Invites: <a href='{$TBDEV['baseurl']}/invite.php'>{$CURUSER['invites']}</a>



@ file config under :
Code: PHP
$TBDEV['invites'] = 3500; // LoL Who we kiddin' here?



Add :
Code: PHP
$TBDEV['openreg'] = true; //==true=open, false = closed



@ file signup.php under :
Code: PHP
$lang = array_merge( load_language('global'), load_language('signup') );



add :
Code: PHP
if(!$TBDEV['openreg'])
    stderr('Sorry', 'Invite only - Signups are closed presently');



@ file takesignup.php under :
Code: PHP
$lang = array_merge( load_language('global'), load_language('takesignup') );



add :
Code: PHP
if(!$TBDEV['openreg'])
    stderr('Sorry', 'Invite only - Signups are closed presently');


Then save upload the 4 files to root and that should be all.

invite.php :

Code: PHP
<?php
/*
+------------------------------------------------
|   $Date$
|   $Revision$ 09 Final
|   $Invite
|   $Author$ Neptune,Bigjoos
|   $URL$
+------------------------------------------------
*/
require_once('include/bittorrent.php');
require_once('include/user_functions.php');
require_once('include/password_functions.php');
dbconn();
loggedinorreturn();
$HTMLOUT ='';
$sure ='';
$lang = array_merge( load_language('global'), load_language('invite_code') );
$do = (isset($_GET["do"]) ? $_GET["do"] : (isset($_POST["do"]) ? $_POST["do"] : ''));
$valid_actions = array('create_invite', 'delete_invite', 'confirm_account', 'view_page', 'send_email');
$do = (($do && in_array($do,$valid_actions,true)) ? $do : '') or header("Location: ?do=view_page");
/**
 * @action Main Page
 */
if ($do == 'view_page') {
$query = myysql_query('SELECT * FROM users WHERE invitedby = '.sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
$rows = mysql_num_rows($query);
$HTMLOUT ='';
$HTMLOUT .= "
<table border='1' width='750' cellspacing='0' cellpadding='5'>
<tr class='table'>
<td colspan='7' class='colhead'><b>{$lang['invites_users']}</b></td></tr>";
if(!$rows){
$HTMLOUT .= "<tr><td colspan='7' class='colhead'>{$lang['invites_nousers']}</td></tr>";
} else {
$HTMLOUT .= "<tr class='tableb'>
<td align='center'><b>{$lang['invites_username']}</b></td>
<td align='center'><b>{$lang['invites_uploaded']}</b></td>
<td align='center'><b>{$lang['invites_downloaded']}</b></td>
<td align='center'><b>{$lang['invites_ratio']}</b></td>
<td align='center'><b>{$lang['invites_status']}</b></td>
<td align='center'><b>{$lang['invites_confirm']}</b></td>
</tr>";
for ($i = 0; $i < $rows; ++$i) {
$arr = mysql_fetch_assoc($query);
if ($arr['status'] == 'pending')
$user = "<td align='center'>" . htmlspecialchars($arr['username']) . "</td>";
else
$user = "<td align='center'><a href='{$TBDEV['baseurl']}/userdetails.php?id=$arr[id]'>" . htmlspecialchars($arr['username']) . "</a>" .($arr["warned"] == "yes" ? "&nbsp;<img src='{$TBDEV['pic_base_url']}warned.gif' border='0' alt='Warned' />" : "")."&nbsp;" .($arr["enabled"] == "no" ? "&nbsp;<img src='{$TBDEV['pic_base_url']}disabled.gif' border='0' alt='Disabled' />" : "")."&nbsp;" .($arr["donor"] == "yes" ? "<img src='{$TBDEV['pic_base_url']}star.gif' border='0' alt='Donor' />" : "")."</td>";
if ($arr['downloaded'] > 0) {
$ratio = number_format($arr['uploaded'] / $arr['downloaded'], 3);
$ratio = "<font color='" . get_ratio_color($ratio) . "'>".$ratio."</font>";
} else {
if ($arr['uploaded'] > 0) {
$ratio = 'Inf.';
}
else {
$ratio = '---';
}
}
if ($arr["status"] == 'confirmed')
$status = "<font color='#1f7309'>{$lang['invites_confirm1']}</font>";
else
$status = "<font color='#ca0226'>{$lang['invites_pend']}</font>";
$HTMLOUT .= "<tr class='tableb'>".$user."<td align='center'>" . mksize($arr['uploaded']) . "</td><td align='center'>" . mksize($arr['downloaded']) . "</td><td align='center'>".$ratio."</td><td align='center'>".$status."</td>";
if ($arr['status'] == 'pending') {
$HTMLOUT .= "<td align='center'><a href='?do=confirm_account&amp;userid=".$arr['id']."&amp;sender=".$CURUSER['id']."'><img src='{$TBDEV['pic_base_url']}confirm.png' alt='confirm' title='Confirm' border='0' /></a></td></tr>";
}
else
$HTMLOUT .= "<td align='center'>---</td></tr>";
}
}
$HTMLOUT .= "</table><br />";
$select = mysql_query("SELECT * FROM invite_codes WHERE sender = ".$CURUSER['id']." AND status = 'Pending'") or sqlerr();
$num_row = mysql_num_rows($select);
$HTMLOUT .= "<table border='1' width='750' cellspacing='0' cellpadding='5'>"."<tr class='tabletitle'><td colspan='6' class='colhead'><b>{$lang['invites_codes']}</b></td></tr>";
if(!$num_row) {
$HTMLOUT.= "<tr class='tableb'><td colspan='1'>{$lang['invites_nocodes']}</td></tr>";
} else {
$HTMLOUT .= "<tr class='tableb'><td><b>{$lang['invites_send_code']}</b></td><td><b>{$lang['invites_date']}</b></td><td><b>{$lang['invites_delete']}</b></td><td><b>{$lang['invites_status']}</b></td></tr>";
for ($i = 0; $i < $num_row; ++$i)
{
$fetch_assoc = mysql_fetch_assoc($select);
$HTMLOUT .= "<tr class='tableb'>
<td>".$fetch_assoc['code']." <a href='?do=send_email&amp;id=".(int)$fetch_assoc['id']."'><img src='{$TBDEV['pic_base_url']}email.gif' border='0' alt='Email' title='Send Email' /></a></td>
<td>" . get_date($fetch_assoc['invite_added'], '', 0,1)."</td>";
$HTMLOUT .= "<td><a href='?do=delete_invite&amp;id=".$fetch_assoc['id']."&amp;sender=".$CURUSER['id']."'><img src='{$TBDEV['pic_base_url']}del.png' border='0' alt='Delete'/></a></td>
<td>".$fetch_assoc['status']."</td></tr>";
}
}
$HTMLOUT .= "<tr  class='tableb'><td colspan='6' align='center'><form  action='?do=create_invite' method='post'><input type='submit'  value='{$lang['invites_create']}' style='height: 20px' /></form></td></tr>";
$HTMLOUT .= "</table>";
print stdhead('Invites') . $HTMLOUT . stdfoot();
die;
}
/**
 * @action Create Invites
 */
elseif ($do =='create_invite') {
if ($CURUSER['invites'] <= 0)
stderr($lang['invites_error'], $lang['invites_noinvite']);
if ($CURUSER["invite_rights"] == 'no')
stderr($lang['invites_deny'], $lang['invites_disabled']);
$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['invites'])
stderr($lang['invites_error'], $lang['invites_limit']);
$invite = md5(mksecret());
mysql_query('INSERT INTO invite_codes (sender, invite_added, code) VALUES ( ' . sqlesc((int)$CURUSER['id']) . ', ' . sqlesc(time()) . ', ' . sqlesc($invite) . ' )') or sqlerr(__FILE__, __LINE__);
mysql_query('UPDATE users SET invites = invites - 1 WHERE id = ' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
header("Location: ?do=view_page");
}
/**
 * @action Send e-mail
 */
elseif ($do =='send_email') {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = (isset($_POST['email'])? htmlentities($_POST['email']) : '');
$invite = (isset($_POST['code'])? $_POST['code'] : '');
if (!$email) stderr($lang['invites_error'], $lang['invites_noemail']);
$check = (mysql_fetch_row(mysql_query('SELECT COUNT(*) FROM users WHERE email = ' . sqlesc($email)))) or sqlerr(__FILE__, __LINE__);
if ($check[0] != 0) stderr('Error', 'This email address is already in use!');
if (!validemail($email)) stderr($lang['invites_error'], $lang['invites_invalidemail']);
$inviter = htmlspecialchars($CURUSER['username']);
$body = <<<EOD
You have been invited to {$TBDEV['site_name']} by $inviter. They have
specified this address ($email) as your email. If you do not know this person, please ignore this email. Please do not reply.
This is a private site and you must agree to the rules before you can enter:
{$TBDEV['baseurl']}/useragreement.php
{$TBDEV['baseurl']}/rules.php
{$TBDEV['baseurl']}/faq.php
------------------------------------------------------------
To confirm your invitation, you have to follow this link and type the invite code:
{$TBDEV['baseurl']}/invite_signup.php
Invite Code: $invite
------------------------------------------------------------
After you do this, your inviter need's to confirm your account. 
We urge you to read the RULES and FAQ before you start using {$TBDEV['site_name']}.
EOD;
$sendit = mail($email, "You have been invited to {$TBDEV['site_name']}", $body, "From: {$TBDEV['site_email']}", "-f{$TBDEV['site_email']}");
if (!$sendit) stderr($lang['invites_error'], $lang['invites_unable']);
else stderr('', $lang['invites_confirmation']); }
$id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : ''));
if (!is_valid_id($id)) stderr($lang['invites_error'], $lang['invites_invalid']);
$query = mysql_query('SELECT * FROM invite_codes WHERE id = ' . sqlesc($id) . ' AND sender = ' . sqlesc($CURUSER['id']).' AND status = "Pending"') or sqlerr(__FILE__, __LINE__);
$fetch = mysql_fetch_assoc($query) or stderr($lang['invites_error'], $lang['invites_noexsist']);
$HTMLOUT .= "<form method='post' action='?do=send_email'><table border='1' cellspacing='0' cellpadding='10'>
<tr><td  class='rowhead'>E-Mail</td><td><input type='text'  size='40' name='email' /></td></tr><tr><td  colspan='2' align='center'><input type='hidden' name='code'  value='".$fetch['code']."'  /></td></tr><tr><td colspan='2'  align='center'><input type='submit' value='Send e-mail'  class='btn' /></td></tr></table></form>";
print stdhead('Invites') . $HTMLOUT . stdfoot();
}
/**
 * @action Delete Invites
 */
elseif ($do =='delete_invite') {
$id = (isset($_GET["id"]) ? (int)$_GET["id"] : (isset($_POST["id"]) ? (int)$_POST["id"] : ''));
$query = mysql_query('SELECT * FROM invite_codes WHERE id = ' . sqlesc($id) . ' AND sender = ' . sqlesc($CURUSER['id']).' AND status = "Pending"') or sqlerr(__FILE__, __LINE__);
$assoc = mysql_fetch_assoc($query);
if (!$assoc)
stderr($lang['invites_error'],$lang['invites_noexsist']);
isset($_GET['sure']) && $sure = htmlspecialchars($_GET['sure']);
if (!$sure)
stderr($lang['invites_delete1'], $lang['invites_sure'].' Click <a href="'.$_SERVER['PHP_SELF'].'?do=delete_invite&amp;id='.$id.'&amp;sender='.$CURUSER['id'].'&amp;sure=yes">here</a> to delete it or <a href="?do=view_page">here</a> to go back.');
mysql_query('DELETE FROM invite_codes WHERE id = ' . sqlesc($id) . ' AND sender =' . sqlesc($CURUSER['id'].' AND status = "Pending"')) or sqlerr(__FILE__, __LINE__);
mysql_query('UPDATE users SET invites = invites + 1 WHERE id = '.sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
header("Location: ?do=view_page");
}
/**
 * @action Confirm Accounts
 */
elseif ($do ='confirm_account') {
$userid = (isset($_GET["userid"]) ? (int)$_GET["userid"] : (isset($_POST["userid"]) ? (int)$_POST["userid"] : ''));
if (!is_valid_id($userid))
stderr($lang['invites_error'], $lang['invites_invalid']);
$select = mysql_query('SELECT id, username FROM users WHERE id = ' . sqlesc($userid) . ' AND invitedby = ' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
$assoc = mysql_fetch_assoc($select);
if (!$assoc)
stderr($lang['invites_error'], $lang['invites_errorid']);
isset($_GET['sure']) && $sure = htmlspecialchars($_GET['sure']);
if (!$sure)
stderr($lang['invites_confirm1'], $lang['invites_sure1'].' '.htmlspecialchars($assoc['username']).'\'s account? Click <a href="?do=confirm_account&amp;userid='.$userid.'&amp;sender='.$CURUSER['id'].'&amp;sure=yes">here</a> to confirm it or <a href="?do=view_page">here</a> to go back.');
mysql_query('UPDATE users SET status = "confirmed" WHERE id = '.sqlesc($userid).' AND invitedby = '.sqlesc($CURUSER['id']).' AND status="pending"') or sqlerr(__FILE__, __LINE__);
//==pm to new invitee/////
$msg = sqlesc("Hey there :wave:
Welcome to {$TBDEV['site_name']}!
We have made many changes to the site, and we hope you enjoy them! 
We have been working hard to make {$TBDEV['site_name']} somethin' special!
{$TBDEV['site_name']} has a strong community (just check out forums), and is a feature rich site. We hope you'll join in on all the fun!
Be sure to read the {$TBDEV['baseurl']}/rules.php]Rules and {$TBDEV['baseurl']}[/COLOR]/faq.php]FAQ before you start using the site.[/COLOR]
We are a strong friendly community here {$TBDEV['site_name']} is so much more then just torrents.
Just for kicks, we've started you out with 200.0 Karma Bonus  Points, and a couple of bonus GB to get ya started! 
so, enjoy  
cheers, 
{$TBDEV['site_name']} Staff");
$id = $assoc["id"];
$subject = sqlesc("Welcome to {$TBDEV['site_name']} !");
$added = sqlesc(time());
mysql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, $subject, $id, $msg, $added)") or sqlerr(__FILE__, __LINE__);
///////////////////end////////////
header("Location: ?do=view_page");
}
?>


invite_signup.php :

Code: [Select]
<?php
require_once('include/bittorrent.php');
require_once('include/user_functions.php');
require_once('cache/timezones.php');
require_once('include/page_verify.php');
dbconn();
get_template();

$stdfoot = array(/** include js **/'js' => array('check','jquery.pstrength-min.1.2'));

$lang = array_merge( load_language('global'), load_language('signup') );
$newpage = new page_verify(); 
$newpage->create('tkIs');

$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['maxusers'])
stderr("Sorry", "The current user account limit (" . number_format($TBDEV['maxusers']) . ") has been reached. Inactive accounts are pruned all the time, please check back again later...");

if(!$TBDEV['openreg'])
    stderr('Sorry', 'Invite only - Signups are closed presently');

// TIMEZONE STUFF
        $offset = (string)$TBDEV['time_offset'];
        
        $time_select = "<select name='user_timezone'>";
        
        foreach( $TZ as $off => $words )
        {
          if ( preg_match("/^time_(-?[\d\.]+)$/", $off, $match))
          {
            $time_select .= $match[1] == $offset ? "<option value='{$match[1]}' selected='selected'>$words</option>\n" : "<option value='{$match[1]}'>$words</option>\n";
          }
        }
        
        $time_select .= "</select>";
    // TIMEZONE END

$HTMLOUT='';

$HTMLOUT .= "
    <script type='text/javascript'>
    /*<![CDATA[*/
    $(function() {
    $('.password').pstrength();
    });
    /*]]>*/
    </script>";
// Normal Entry Point...
$value = array('...','...','...','...','...','...');
$value[rand(1,count($value)-1)] = 'X';
$HTMLOUT .="<script type='text/javascript' src='scripts/jquery.js'></script>
    <script type='text/javascript' src='scripts/jquery.simpleCaptcha-0.2.js'></script>
    <script type='text/javascript'>
     $(document).ready(function () {
     $('#captchainvite').simpleCaptcha();
    });
    </script>
<p>Note: You need cookies enabled to sign up or log in.</p>
<form method='post' action='{$TBDEV['baseurl']}/take_invite_signup.php'>
<noscript>Javascript must be enabled to login and use this site</noscript>
<table border='1' cellspacing='0' cellpadding='10'>
<tr><td align='right' class='heading'>Desired username:</td><td align='left'><input type='text' size='40' name='wantusername' id='wantusername' onblur='checkit();' /><div id='namecheck'></div></td></tr>
<tr><td align='right' class='heading'>Pick a password:</td><td align='left'><input class='password' type='password' size='40' name='wantpassword' /></td></tr>
<tr><td align='right' class='heading'>Enter password again:</td><td align='left'><input type='password' size='40' name='passagain' /></td></tr>
<tr><td align='right' class='heading'>Enter invite-code:</td><td align='left'><input type='text' size='40' name='invite' /></td></tr>
<tr valign='top'><td align='right' class='heading'>Email address:</td><td align='left'><input type='text' size='40' name='email' />
<table width='250' border='0' cellspacing='0' cellpadding='0'><tr><td class='embedded'><font class='small'>The email address must be valid. The email address won't be publicly shown anywhere unless you chose to from your settings.</font></td></tr></table></td></tr>
<tr><td align='right' class='heading'>{$lang['signup_timez']}</td><td align='left'>{$time_select}</td></tr>";
//==Passhint
     $passhint="";
     $questions = array(
       array("id"=> "1", "question"=> "{$lang['signup_q1']}"),
         array("id"=> "2", "question"=> "{$lang['signup_q2']}"),
         array("id"=> "3", "question"=> "{$lang['signup_q3']}"),
         array("id"=> "4", "question"=> "{$lang['signup_q4']}"),
         array("id"=> "5", "question"=> "{$lang['signup_q5']}"),
         array("id"=> "6", "question"=> "{$lang['signup_q6']}"));
        foreach($questions as $sph){  
        $passhint .= "<option value='".$sph['id']."'>".$sph['question']."</option>\n"; 
        }
        $HTMLOUT .= "<tr><td align='right' class='heading'>{$lang['signup_select']}</td><td align='left'><select name='passhint'>\n$passhint\n</select></td></tr>
        <tr><td align='right' class='heading'>{$lang['signup_enter']}</td><td align='left'><input type='text' size='40'  name='hintanswer' /><br /><font class='small'>{$lang['signup_this_answer']}<br />{$lang['signup_this_answer1']}</font></td></tr>
<tr><td align='right' class='heading'></td><td align='left'><input type='checkbox' name='rulesverify' value='yes' /> I will read the site rules page.<br />
<input type='checkbox' name='faqverify' value='yes' /> I agree to read the FAQ before asking questions.<br />
<input type='checkbox' name='ageverify' value='yes' /> I am at least 18 years old.</td></tr>
<tr><td class='rowhead' colspan='2' id='captchainvite'></td></tr>
<tr><td align='center' colspan='2'>Now click the button marked <strong>X</strong> to complete the sign up!</td></tr><tr>
<td colspan='2' align='center'>";
 for ($i=0; $i < count($value); $i++) {
 $HTMLOUT .= "<input name=\"submitme\" type=\"submit\" value=\"".$value[$i]."\" class=\"btn\" />";
 }
 $HTMLOUT .= "</td></tr></table></form>";

print stdhead('Invites') . $HTMLOUT . stdfoot($stdfoot);
?>
take_invite_signup.php :

Code: PHP
<?php
require_once('include/bittorrent.php');
require_once('include/user_functions.php');
require_once('include/password_functions.php');
require_once('include/page_verify.php');
dbconn();
get_template();
$lang = array_merge( load_language('global'), load_language('takesignup') );
$newpage = new page_verify();
$newpage->check('tkIs');
$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['maxusers'])
stderr($lang['stderr_errorhead'], sprintf($lang['stderr_ulimit'], $TBDEV['maxusers']));
if (!mkglobal("wantusername:wantpassword:passagain:email:invite:captchaSelection:submitme:passhint:hintanswer"))
die();
if ($submitme != 'X')
  stderr('Ha Ha', 'You Missed, You plonker !');
 if(empty($captchaSelection) || $_SESSION['simpleCaptchaAnswer'] != $captchaSelection){
 header('Location: invite_signup.php');
 exit();
 }
function validusername($username) {
if ($username == "")
return false;
// The following characters are allowed in user names
$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i = 0; $i < strlen($username); ++$i)
if (strpos($allowedchars, $username[$i]) === false)
return false;
return true;
}
if (empty($wantusername) || empty($wantpassword) || empty($email) || empty($invite) || empty($passhint) || empty($hintanswer))
stderr("Error","Don't leave any fields blank.");
if(!blacklist($wantusername))
 stderr($lang['takesignup_user_error'],sprintf($lang['takesignup_badusername'],htmlspecialchars($wantusername)));
if (strlen($wantusername) > 12)
stderr("Error","Sorry, username is too long (max is 12 chars)");
if ($wantpassword != $passagain)
stderr("Error","The passwords didn't match! Must've typoed. Try again.");
if (strlen($wantpassword) < 6)
stderr("Error","Sorry, password is too short (min is 6 chars)");
if (strlen($wantpassword) > 40)
stderr("Error","Sorry, password is too long (max is 40 chars)");
if ($wantpassword == $wantusername)
stderr("Error","Sorry, password cannot be same as user name.");
if (!validemail($email))
stderr("Error","That doesn't look like a valid email address.");
if (!validusername($wantusername))
stderr("Error","Invalid username.");
// make sure user agrees to everything...
if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")
stderr("Error","Sorry, you're not qualified to become a member of this site.");
// check if email addy is already in use
$a = (@mysql_fetch_row(mysql_query('SELECT COUNT(*) FROM users WHERE email = ' . sqlesc($email)))) or die(mysql_error());
if ($a[0] != 0)
stderr('Error', 'The e-mail address <b>' . htmlspecialchars($email) . '</b> is already in use.');
//=== check if ip addy is already in use
$c = (@mysql_fetch_row(mysql_query("select count(*) from users where ip='" . $_SERVER['REMOTE_ADDR'] . "'"))) or die(mysql_error());
if ($c[0] != 0)
stderr("Error", "The ip " . $_SERVER['REMOTE_ADDR'] . " is already in use. We only allow one account per ip address.");
// TIMEZONE STUFF
    if(isset($_POST["user_timezone"]) && preg_match('#^\-?\d{1,2}(?:\.\d{1,2})?$#', $_POST['user_timezone']))
    {
    $time_offset = sqlesc($_POST['user_timezone']);
    }
    else
    {
    $time_offset = isset($TBDEV['time_offset']) ? sqlesc($TBDEV['time_offset']) : '0'; }
    // have a stab at getting dst parameter?
    $dst_in_use = localtime(time() + ($time_offset * 3600), true);
    // TIMEZONE STUFF END
$select_inv = mysql_query('SELECT sender, receiver, status FROM invite_codes WHERE code = ' . sqlesc($invite)) or die(mysql_error());
$rows = mysql_num_rows($select_inv);
$assoc = mysql_fetch_assoc($select_inv);
if ($rows == 0)
stderr("Error","Invite not found.\nPlease request a invite from one of our members.");
if ($assoc["receiver"]!=0)
stderr("Error","Invite already taken.\nPlease request a new one from your inviter.");
    $secret = mksecret();
    $wantpasshash = make_passhash( $secret, md5($wantpassword) );
    $editsecret = ( !$arr[0] ? "" : make_passhash_login_key() );
    $wanthintanswer = md5($hintanswer);
$new_user = mysql_query("INSERT INTO users (username, passhash, secret, passhint, hintanswer, editsecret, invitedby, email, ". (!$arr[0]?"class, ":"") ."added, last_access, last_login, time_offset, dst_in_use) VALUES (" .
implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $passhint, $wanthintanswer, (int)$assoc['sender'], $email))).
", ". (!$arr[0]?UC_SYSOP.", ":""). "'".  time() ."','".  time() ."','".  time() ."', $time_offset, {$dst_in_use['tm_isdst']})");
$message = "Welcome New {$TBDEV['site_name']} Member : - " . htmlspecialchars($wantusername) . "";
if (!$new_user) {
if (mysql_errno() == 1062)
stderr("Error","Username already exists!");
stderr("Error","borked");
}
//===send PM to inviter
$sender = $assoc["sender"];
$added = sqlesc(time());
$msg = sqlesc("Hey there [you] ! :wave:\nIt seems that someone you invited to {$TBDEV['site_name']} has arrived ! :clap2: \n\n Please go to your {$TBDEV['baseurl']}/invite.php]Invite page to confirm them so they can log in.\n\ncheers\n"[/COLOR]);
$subject = sqlesc("Someone you invited has arrived!");
mysql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, $subject, $sender, $msg, $added)") or sqlerr(__FILE__, __LINE__);
//////////////end/////////////////////
$id = mysql_insert_id();
mysql_query('UPDATE invite_codes SET receiver = ' . sqlesc($id) . ', status = "Confirmed" WHERE sender = ' . sqlesc((int)$assoc['sender']). ' AND code = ' . sqlesc($invite)) or sqlerr(__FILE__, __LINE__);
write_log('User account '.htmlspecialchars($wantusername).' was created!');
autoshout($message);
stderr('Success','Signup successfull, Your inviter needs to confirm your account now before you can use your account !');
?>


lang_invite_code.php :

Code: PHP
<?php
$lang = array(
#invite errors
'invites_error' => "Error",
'invites_deny' => "Denied",
'invites_limit' => "Sorry, user limit reached. Please try again later.",
'invites_disabled' => "Your invite sending privileges has been disabled by the Staff!",
'invites_noinvite' => "No invites !",
'invites_invalidemail' => "That doesn't look like a valid email address.",
'invites_noemail' => "You must enter an email address!",
'invites_unable' => "Unable to send mail. Please contact an administrator about this error.",
'invites_confirmation' => "A confirmation email has been sent to the address you specified.",
'invites_invalid' => "Invalid ID!",
'invites_noexsist' => "This invite code does not exist.",
'invites_sure' => "Are you sure you want to delete this invite code?",
'invites_errorid' => "No user with this ID.",
'invites_sure1' => "Are you sure you want to confirm",
#invites
'invites_users' => "Invited Users",
'invites_nousers' => "No Invitees Yet",
'invites_username' => "Username",
'invites_uploaded' => "Uploaded",
'invites_downloaded' => "Downloaded",
'invites_ratio' => "Ratio",
'invites_status' => "Status",
'invites_confirm' => "Confirm",
'invites_confirm1' => "Confirmed",
'invites_pend' => "Pending",
'invites_codes' => "Created Invite Codes",
'invites_nocodes' => "You have not created any invite codes at the moment!",
'invites_date' => "Created Date",
'invites_delete' => "Delete",
'invites_create' => "Create Invite Code",
'invites_send_code' => "Send Invite Code",
'invites_delete1' => "Delete Invite",
'invites_confirm1' => "Confirmed Account",
);
?>

Bump: Have a try at this a sit was posted for the 09 source and I know pytn bigjjoes and pdq all used this along the way..

Code:

mproved & Safer Number Key Invite System By Neptune. 
Reworked for Tbdev 09
Xhtml Valid

The files are now up to date for 2009 final revision.

/**
* @sql
*/
Code: SQL
CREATE TABLE `invite_codes` (
  `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
  `sender` INT(10) UNSIGNED NOT NULL DEFAULT '0',
  `receiver` VARCHAR(32) NOT NULL DEFAULT '0',
  `code` VARCHAR(32) NOT NULL DEFAULT '',
  `invite_added` INT(10) NOT NULL,
  `status` enum('Pending','Confirmed') NOT NULL DEFAULT 'Pending',
  PRIMARY KEY  (`id`),
  KEY `sender` (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
ALTER TABLE `users` ADD `invites` INT(10) UNSIGNED NOT NULL DEFAULT '1';
ALTER TABLE `users` ADD `invitedby` INT(10) UNSIGNED NOT NULL DEFAULT '0';
ALTER TABLE `users` ADD `invite_rights` enum('yes','no') NOT NULL DEFAULT 'yes';
ALTER TABLE `users` ADD `invitees` VARCHAR(100) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL DEFAULT '';


/**
* @file config.php
*/

add after maxusers
Code: PHP
$TBDEV['invites'] = 3500; // set this to what you want



/**
* @file userdetails.php
*/

for displaying invitees
Code: PHP
if ($CURUSER['class'] >= UC_MODERATOR && $user['invitedby'] > 0 || $user['id'] == $CURUSER['id'] && $user['invitedby'] > 0) {
       $invitedby = mysql_query('SELECT username FROM users WHERE id = ' . sqlesc($user['invitedby']));
       $invitedby2 = mysql_fetch_array($invitedby);
       $HTMLOUT .= "<tr><td class='rowhead'>{$lang['userdetails_invby']}</td><td align='left'><a href='{$TBDEV['baseurl']}/userdetails.php?id=".$user['invitedby']."'>'".htmlspecialchars($invitedby2['username'])."'</a></td></tr>"; }



Or the old original code :
Code: PHP
if ($CURUSER["class"] >= UC_MODERATOR && $user["invites"] > 0 || $user["id"] == $CURUSER["id"] && $user["invites"] > 0)
    $HTMLOUT .="<tr><td class='rowhead'>{$lang['userdetails_invites']}</td><td align='left'><a href='{$TBDEV['baseurl']}/invite.php'>".htmlspecialchars($user["invites"])."</a></td></tr>\n";
    if ($CURUSER["class"] >= UC_MODERATOR && $user["invitedby"] > 0 || $user["id"] == $CURUSER["id"] && $user["invitedby"] > 0)
    {
    $invitedby = mysql_query("SELECT username FROM users WHERE id=$user[invitedby]");
    $invited_by2 = mysql_fetch_assoc($invitedby);
    $HTMLOUT .="<tr><td class='rowhead'>{$lang['userdetails_invby']}invited by</td><td align='left'><a href='{$TBDEV['baseurl']}/userdetails.php?id=$user[invitedby]'>$invited_by2[username]</a></td></tr>\n";
    }
    if ($CURUSER["class"] >= UC_MODERATOR && $user["invitees"] > 0 || $user["id"] == $CURUSER["id"] && $user["invitees"] > 0)
    {
    $compl = $user["invitees"];
    $compl_list = explode(" ", $compl);
    $arr = array();
    foreach($compl_list as $array_list)
    $arr[] = $array_list;
    $compl_arr = array_reverse($arr, TRUE);
    $f=0;
    foreach($compl_arr as $user_id)
    {
    $compl_user = mysql_query("SELECT id, username FROM users WHERE id='$user_id' and status='confirmed'");
    $compl_users = mysql_fetch_assoc($compl_user);
    if ($compl_users["id"] > 0)
    {
    $HTMLOUT .="<tr><td class='rowhead' width='1%'>{$lang['userdetails_invitees']}</td><td>";
    $compl = $user["invitees"];
    $compl_list = explode(" ", $compl);
    $arr = array();
    foreach($compl_list as $array_list)
    $arr[] = $array_list;
    $compl_arr = array_reverse($arr, TRUE);
    $i = 0;
    foreach($compl_arr as $user_id)
    {
    $compl_user = mysql_query("SELECT id, username FROM users WHERE id='$user_id' and status='confirmed' ORDER BY username");
    $compl_users = mysql_fetch_assoc($compl_user);
    $HTMLOUT .="<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . $compl_users["id"] . "'>" . $compl_users["username"] . "</a> ";
    if ($i == "9")
    break;
    $i++;
    }
    $HTMLOUT .="</td></tr>";
    $f = 1;
    }
    if ($f == "1")
    break;
    }
    }


@File lang/en/lang_userdetails.php :
Code: PHP
'userdetails_invites' => "Invites",
'userdetails_invitees' => "Invitees",
'userdetails_invby' => 'Invited by',




/**
* @file userdetails.php
*/

staff section, set invite on or off & invite amount
Code: PHP
$HTMLOUT .= "<tr><td class='rowhead'>{$lang['userdetails_invright']}</td><td class='row' colspan='2' align='left'><input type='radio' name='invite_rights' value='yes'" .($user["invite_rights"]=="yes" ? " checked='checked'" : "") . " />{$lang['userdetails_yes']}<input type='radio' name='invite_rights' value='no'" .($user["invite_rights"]=="no" ? " checked='checked'" : "") . " />{$lang['userdetails_no']}</td></tr>\n";
      $HTMLOUT .= "<tr><td class='rowhead' align='right'><b>{$lang['userdetails_invites']}</b></td><td colspan='2' align='left' class='rowhead'><input type='text' size='3' name='invites' value='" . htmlspecialchars($user['invites']) . "' /></td></tr>\n";




/**
* @file lang/en/lang_userdetails.php
*/

lang_userdetails.php add 
Code: PHP
'userdetails_invright' => "Invite rights",
'userdetails_invites' => "Invites",
'userdetails_invby' => "Invited by",




/**
* @file modtask.php
*/
Code: PHP
// invite rights
      if ((isset($_POST['invite_rights'])) && (($invite_rights = $_POST['invite_rights']) != $user['invite_rights'])){
      if ($invite_rights == 'yes')
      {
      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite rights enabled by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;
      $msg = sqlesc("Your invite rights have been given back by " . htmlspecialchars($CURUSER['username']) . ". You can invite users again.");
      $added = time();
      mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
      }
      elseif ($invite_rights == 'no'){
      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite rights disabled by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;
      $msg = sqlesc("Your invite rights have been removed by " . htmlspecialchars($CURUSER['username']) . ", probably because you invited a bad user.");
      $added = time();
      mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
      }
      $updateset[] = "invite_rights = " . sqlesc($invite_rights);
      }
      // change invite amount
      if ((isset($_POST['invites'])) && (($invites = $_POST['invites']) != ($curinvites = $user['invites'])))
      {
      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite amount changed to ".$invites." from ".$curinvites." by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;
      $updateset[] = "invites = " . sqlesc($invites);
      }



/**
* @file bittorrent.php ~lines 906-907 to display invites
*/
Code: PHP
"$IsDonor$warn  [<a href='{$TBDEV['baseurl']}/logout.php'>{$lang['gl_logout']}</a>] $member_reputation".
      "  Invites: <a href='{$TBDEV['baseurl']}/invite.php'>{$CURUSER['invites']}</a>



@ file config under :
Code: PHP
$TBDEV['invites'] = 3500; // LoL Who we kiddin' here?



Add :
Code: PHP
$TBDEV['openreg'] = true; //==true=open, false = closed



@ file signup.php under :
Code: PHP
$lang = array_merge( load_language('global'), load_language('signup') );



add :
Code: PHP
if(!$TBDEV['openreg'])
    stderr('Sorry', 'Invite only - Signups are closed presently');



@ file takesignup.php under :
Code: PHP
$lang = array_merge( load_language('global'), load_language('takesignup') );



add :
Code: PHP
if(!$TBDEV['openreg'])
    stderr('Sorry', 'Invite only - Signups are closed presently');


Then save upload the 4 files to root and that should be all.

invite.php :

Code: PHP
<?php
/*
+------------------------------------------------
|   $Date$
|   $Revision$ 09 Final
|   $Invite
|   $Author$ Neptune,Bigjoos
|   $URL$
+------------------------------------------------
*/
require_once('include/bittorrent.php');
require_once('include/user_functions.php');
require_once('include/password_functions.php');
dbconn();
loggedinorreturn();
$HTMLOUT ='';
$sure ='';
$lang = array_merge( load_language('global'), load_language('invite_code') );
$do = (isset($_GET["do"]) ? $_GET["do"] : (isset($_POST["do"]) ? $_POST["do"] : ''));
$valid_actions = array('create_invite', 'delete_invite', 'confirm_account', 'view_page', 'send_email');
$do = (($do && in_array($do,$valid_actions,true)) ? $do : '') or header("Location: ?do=view_page");
/**
 * @action Main Page
 */
if ($do == 'view_page') {
$query = myysql_query('SELECT * FROM users WHERE invitedby = '.sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
$rows = mysql_num_rows($query);
$HTMLOUT ='';
$HTMLOUT .= "
<table border='1' width='750' cellspacing='0' cellpadding='5'>
<tr class='table'>
<td colspan='7' class='colhead'><b>{$lang['invites_users']}</b></td></tr>";
if(!$rows){
$HTMLOUT .= "<tr><td colspan='7' class='colhead'>{$lang['invites_nousers']}</td></tr>";
} else {
$HTMLOUT .= "<tr class='tableb'>
<td align='center'><b>{$lang['invites_username']}</b></td>
<td align='center'><b>{$lang['invites_uploaded']}</b></td>
<td align='center'><b>{$lang['invites_downloaded']}</b></td>
<td align='center'><b>{$lang['invites_ratio']}</b></td>
<td align='center'><b>{$lang['invites_status']}</b></td>
<td align='center'><b>{$lang['invites_confirm']}</b></td>
</tr>";
for ($i = 0; $i < $rows; ++$i) {
$arr = mysql_fetch_assoc($query);
if ($arr['status'] == 'pending')
$user = "<td align='center'>" . htmlspecialchars($arr['username']) . "</td>";
else
$user = "<td align='center'><a href='{$TBDEV['baseurl']}/userdetails.php?id=$arr[id]'>" . htmlspecialchars($arr['username']) . "</a>" .($arr["warned"] == "yes" ? "&nbsp;<img src='{$TBDEV['pic_base_url']}warned.gif' border='0' alt='Warned' />" : "")."&nbsp;" .($arr["enabled"] == "no" ? "&nbsp;<img src='{$TBDEV['pic_base_url']}disabled.gif' border='0' alt='Disabled' />" : "")."&nbsp;" .($arr["donor"] == "yes" ? "<img src='{$TBDEV['pic_base_url']}star.gif' border='0' alt='Donor' />" : "")."</td>";
if ($arr['downloaded'] > 0) {
$ratio = number_format($arr['uploaded'] / $arr['downloaded'], 3);
$ratio = "<font color='" . get_ratio_color($ratio) . "'>".$ratio."</font>";
} else {
if ($arr['uploaded'] > 0) {
$ratio = 'Inf.';
}
else {
$ratio = '---';
}
}
if ($arr["status"] == 'confirmed')
$status = "<font color='#1f7309'>{$lang['invites_confirm1']}</font>";
else
$status = "<font color='#ca0226'>{$lang['invites_pend']}</font>";
$HTMLOUT .= "<tr class='tableb'>".$user."<td align='center'>" . mksize($arr['uploaded']) . "</td><td align='center'>" . mksize($arr['downloaded']) . "</td><td align='center'>".$ratio."</td><td align='center'>".$status."</td>";
if ($arr['status'] == 'pending') {
$HTMLOUT .= "<td align='center'><a href='?do=confirm_account&amp;userid=".$arr['id']."&amp;sender=".$CURUSER['id']."'><img src='{$TBDEV['pic_base_url']}confirm.png' alt='confirm' title='Confirm' border='0' /></a></td></tr>";
}
else
$HTMLOUT .= "<td align='center'>---</td></tr>";
}
}
$HTMLOUT .= "</table><br />";
$select = mysql_query("SELECT * FROM invite_codes WHERE sender = ".$CURUSER['id']." AND status = 'Pending'") or sqlerr();
$num_row = mysql_num_rows($select);
$HTMLOUT .= "<table border='1' width='750' cellspacing='0' cellpadding='5'>"."<tr class='tabletitle'><td colspan='6' class='colhead'><b>{$lang['invites_codes']}</b></td></tr>";
if(!$num_row) {
$HTMLOUT.= "<tr class='tableb'><td colspan='1'>{$lang['invites_nocodes']}</td></tr>";
} else {
$HTMLOUT .= "<tr class='tableb'><td><b>{$lang['invites_send_code']}</b></td><td><b>{$lang['invites_date']}</b></td><td><b>{$lang['invites_delete']}</b></td><td><b>{$lang['invites_status']}</b></td></tr>";
for ($i = 0; $i < $num_row; ++$i)
{
$fetch_assoc = mysql_fetch_assoc($select);
$HTMLOUT .= "<tr class='tableb'>
<td>".$fetch_assoc['code']." <a href='?do=send_email&amp;id=".(int)$fetch_assoc['id']."'><img src='{$TBDEV['pic_base_url']}email.gif' border='0' alt='Email' title='Send Email' /></a></td>
<td>" . get_date($fetch_assoc['invite_added'], '', 0,1)."</td>";
$HTMLOUT .= "<td><a href='?do=delete_invite&amp;id=".$fetch_assoc['id']."&amp;sender=".$CURUSER['id']."'><img src='{$TBDEV['pic_base_url']}del.png' border='0' alt='Delete'/></a></td>
<td>".$fetch_assoc['status']."</td></tr>";
}
}
$HTMLOUT .= "<tr  class='tableb'><td colspan='6' align='center'><form  action='?do=create_invite' method='post'><input type='submit'  value='{$lang['invites_create']}' style='height: 20px' /></form></td></tr>";
$HTMLOUT .= "</table>";
print stdhead('Invites') . $HTMLOUT . stdfoot();
die;
}
/**
 * @action Create Invites
 */
elseif ($do =='create_invite') {
if ($CURUSER['invites'] <= 0)
stderr($lang['invites_error'], $lang['invites_noinvite']);
if ($CURUSER["invite_rights"] == 'no')
stderr($lang['invites_deny'], $lang['invites_disabled']);
$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['invites'])
stderr($lang['invites_error'], $lang['invites_limit']);
$invite = md5(mksecret());
mysql_query('INSERT INTO invite_codes (sender, invite_added, code) VALUES ( ' . sqlesc((int)$CURUSER['id']) . ', ' . sqlesc(time()) . ', ' . sqlesc($invite) . ' )') or sqlerr(__FILE__, __LINE__);
mysql_query('UPDATE users SET invites = invites - 1 WHERE id = ' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
header("Location: ?do=view_page");
}
/**
 * @action Send e-mail
 */
elseif ($do =='send_email') {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = (isset($_POST['email'])? htmlentities($_POST['email']) : '');
$invite = (isset($_POST['code'])? $_POST['code'] : '');
if (!$email) stderr($lang['invites_error'], $lang['invites_noemail']);
$check = (mysql_fetch_row(mysql_query('SELECT COUNT(*) FROM users WHERE email = ' . sqlesc($email)))) or sqlerr(__FILE__, __LINE__);
if ($check[0] != 0) stderr('Error', 'This email address is already in use!');
if (!validemail($email)) stderr($lang['invites_error'], $lang['invites_invalidemail']);
$inviter = htmlspecialchars($CURUSER['username']);
$body = <<<EOD
You have been invited to {$TBDEV['site_name']} by $inviter. They have
specified this address ($email) as your email. If you do not know this person, please ignore this email. Please do not reply.
This is a private site and you must agree to the rules before you can enter:
{$TBDEV['baseurl']}/useragreement.php
{$TBDEV['baseurl']}/rules.php
{$TBDEV['baseurl']}/faq.php
------------------------------------------------------------
To confirm your invitation, you have to follow this link and type the invite code:
{$TBDEV['baseurl']}/invite_signup.php
Invite Code: $invite
------------------------------------------------------------
After you do this, your inviter need's to confirm your account. 
We urge you to read the RULES and FAQ before you start using {$TBDEV['site_name']}.
EOD;
$sendit = mail($email, "You have been invited to {$TBDEV['site_name']}", $body, "From: {$TBDEV['site_email']}", "-f{$TBDEV['site_email']}");
if (!$sendit) stderr($lang['invites_error'], $lang['invites_unable']);
else stderr('', $lang['invites_confirmation']); }
$id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : ''));
if (!is_valid_id($id)) stderr($lang['invites_error'], $lang['invites_invalid']);
$query = mysql_query('SELECT * FROM invite_codes WHERE id = ' . sqlesc($id) . ' AND sender = ' . sqlesc($CURUSER['id']).' AND status = "Pending"') or sqlerr(__FILE__, __LINE__);
$fetch = mysql_fetch_assoc($query) or stderr($lang['invites_error'], $lang['invites_noexsist']);
$HTMLOUT .= "<form method='post' action='?do=send_email'><table border='1' cellspacing='0' cellpadding='10'>
<tr><td  class='rowhead'>E-Mail</td><td><input type='text'  size='40' name='email' /></td></tr><tr><td  colspan='2' align='center'><input type='hidden' name='code'  value='".$fetch['code']."'  /></td></tr><tr><td colspan='2'  align='center'><input type='submit' value='Send e-mail'  class='btn' /></td></tr></table></form>";
print stdhead('Invites') . $HTMLOUT . stdfoot();
}
/**
 * @action Delete Invites
 */
elseif ($do =='delete_invite') {
$id = (isset($_GET["id"]) ? (int)$_GET["id"] : (isset($_POST["id"]) ? (int)$_POST["id"] : ''));
$query = mysql_query('SELECT * FROM invite_codes WHERE id = ' . sqlesc($id) . ' AND sender = ' . sqlesc($CURUSER['id']).' AND status = "Pending"') or sqlerr(__FILE__, __LINE__);
$assoc = mysql_fetch_assoc($query);
if (!$assoc)
stderr($lang['invites_error'],$lang['invites_noexsist']);
isset($_GET['sure']) && $sure = htmlspecialchars($_GET['sure']);
if (!$sure)
stderr($lang['invites_delete1'], $lang['invites_sure'].' Click <a href="'.$_SERVER['PHP_SELF'].'?do=delete_invite&amp;id='.$id.'&amp;sender='.$CURUSER['id'].'&amp;sure=yes">here</a> to delete it or <a href="?do=view_page">here</a> to go back.');
mysql_query('DELETE FROM invite_codes WHERE id = ' . sqlesc($id) . ' AND sender =' . sqlesc($CURUSER['id'].' AND status = "Pending"')) or sqlerr(__FILE__, __LINE__);
mysql_query('UPDATE users SET invites = invites + 1 WHERE id = '.sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
header("Location: ?do=view_page");
}
/**
 * @action Confirm Accounts
 */
elseif ($do ='confirm_account') {
$userid = (isset($_GET["userid"]) ? (int)$_GET["userid"] : (isset($_POST["userid"]) ? (int)$_POST["userid"] : ''));
if (!is_valid_id($userid))
stderr($lang['invites_error'], $lang['invites_invalid']);
$select = mysql_query('SELECT id, username FROM users WHERE id = ' . sqlesc($userid) . ' AND invitedby = ' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
$assoc = mysql_fetch_assoc($select);
if (!$assoc)
stderr($lang['invites_error'], $lang['invites_errorid']);
isset($_GET['sure']) && $sure = htmlspecialchars($_GET['sure']);
if (!$sure)
stderr($lang['invites_confirm1'], $lang['invites_sure1'].' '.htmlspecialchars($assoc['username']).'\'s account? Click <a href="?do=confirm_account&amp;userid='.$userid.'&amp;sender='.$CURUSER['id'].'&amp;sure=yes">here</a> to confirm it or <a href="?do=view_page">here</a> to go back.');
mysql_query('UPDATE users SET status = "confirmed" WHERE id = '.sqlesc($userid).' AND invitedby = '.sqlesc($CURUSER['id']).' AND status="pending"') or sqlerr(__FILE__, __LINE__);
//==pm to new invitee/////
$msg = sqlesc("Hey there :wave:
Welcome to {$TBDEV['site_name']}!
We have made many changes to the site, and we hope you enjoy them! 
We have been working hard to make {$TBDEV['site_name']} somethin' special!
{$TBDEV['site_name']} has a strong community (just check out forums), and is a feature rich site. We hope you'll join in on all the fun!
Be sure to read the {$TBDEV['baseurl']}/rules.php]Rules and {$TBDEV['baseurl']}[/COLOR]/faq.php]FAQ before you start using the site.[/COLOR]
We are a strong friendly community here {$TBDEV['site_name']} is so much more then just torrents.
Just for kicks, we've started you out with 200.0 Karma Bonus  Points, and a couple of bonus GB to get ya started! 
so, enjoy  
cheers, 
{$TBDEV['site_name']} Staff");
$id = $assoc["id"];
$subject = sqlesc("Welcome to {$TBDEV['site_name']} !");
$added = sqlesc(time());
mysql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, $subject, $id, $msg, $added)") or sqlerr(__FILE__, __LINE__);
///////////////////end////////////
header("Location: ?do=view_page");
}
?>


invite_signup.php :

Code: [Select]
<?php
require_once('include/bittorrent.php');
require_once('include/user_functions.php');
require_once('cache/timezones.php');
require_once('include/page_verify.php');
dbconn();
get_template();

$stdfoot = array(/** include js **/'js' => array('check','jquery.pstrength-min.1.2'));

$lang = array_merge( load_language('global'), load_language('signup') );
$newpage = new page_verify(); 
$newpage->create('tkIs');

$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['maxusers'])
stderr("Sorry", "The current user account limit (" . number_format($TBDEV['maxusers']) . ") has been reached. Inactive accounts are pruned all the time, please check back again later...");

if(!$TBDEV['openreg'])
    stderr('Sorry', 'Invite only - Signups are closed presently');

// TIMEZONE STUFF
        $offset = (string)$TBDEV['time_offset'];
        
        $time_select = "<select name='user_timezone'>";
        
        foreach( $TZ as $off => $words )
        {
          if ( preg_match("/^time_(-?[\d\.]+)$/", $off, $match))
          {
            $time_select .= $match[1] == $offset ? "<option value='{$match[1]}' selected='selected'>$words</option>\n" : "<option value='{$match[1]}'>$words</option>\n";
          }
        }
        
        $time_select .= "</select>";
    // TIMEZONE END

$HTMLOUT='';

$HTMLOUT .= "
    <script type='text/javascript'>
    /*<![CDATA[*/
    $(function() {
    $('.password').pstrength();
    });
    /*]]>*/
    </script>";
// Normal Entry Point...
$value = array('...','...','...','...','...','...');
$value[rand(1,count($value)-1)] = 'X';
$HTMLOUT .="<script type='text/javascript' src='scripts/jquery.js'></script>
    <script type='text/javascript' src='scripts/jquery.simpleCaptcha-0.2.js'></script>
    <script type='text/javascript'>
     $(document).ready(function () {
     $('#captchainvite').simpleCaptcha();
    });
    </script>
<p>Note: You need cookies enabled to sign up or log in.</p>
<form method='post' action='{$TBDEV['baseurl']}/take_invite_signup.php'>
<noscript>Javascript must be enabled to login and use this site</noscript>
<table border='1' cellspacing='0' cellpadding='10'>
<tr><td align='right' class='heading'>Desired username:</td><td align='left'><input type='text' size='40' name='wantusername' id='wantusername' onblur='checkit();' /><div id='namecheck'></div></td></tr>
<tr><td align='right' class='heading'>Pick a password:</td><td align='left'><input class='password' type='password' size='40' name='wantpassword' /></td></tr>
<tr><td align='right' class='heading'>Enter password again:</td><td align='left'><input type='password' size='40' name='passagain' /></td></tr>
<tr><td align='right' class='heading'>Enter invite-code:</td><td align='left'><input type='text' size='40' name='invite' /></td></tr>
<tr valign='top'><td align='right' class='heading'>Email address:</td><td align='left'><input type='text' size='40' name='email' />
<table width='250' border='0' cellspacing='0' cellpadding='0'><tr><td class='embedded'><font class='small'>The email address must be valid. The email address won't be publicly shown anywhere unless you chose to from your settings.</font></td></tr></table></td></tr>
<tr><td align='right' class='heading'>{$lang['signup_timez']}</td><td align='left'>{$time_select}</td></tr>";
//==Passhint
     $passhint="";
     $questions = array(
       array("id"=> "1", "question"=> "{$lang['signup_q1']}"),
         array("id"=> "2", "question"=> "{$lang['signup_q2']}"),
         array("id"=> "3", "question"=> "{$lang['signup_q3']}"),
         array("id"=> "4", "question"=> "{$lang['signup_q4']}"),
         array("id"=> "5", "question"=> "{$lang['signup_q5']}"),
         array("id"=> "6", "question"=> "{$lang['signup_q6']}"));
        foreach($questions as $sph){  
        $passhint .= "<option value='".$sph['id']."'>".$sph['question']."</option>\n"; 
        }
        $HTMLOUT .= "<tr><td align='right' class='heading'>{$lang['signup_select']}</td><td align='left'><select name='passhint'>\n$passhint\n</select></td></tr>
        <tr><td align='right' class='heading'>{$lang['signup_enter']}</td><td align='left'><input type='text' size='40'  name='hintanswer' /><br /><font class='small'>{$lang['signup_this_answer']}<br />{$lang['signup_this_answer1']}</font></td></tr>
<tr><td align='right' class='heading'></td><td align='left'><input type='checkbox' name='rulesverify' value='yes' /> I will read the site rules page.<br />
<input type='checkbox' name='faqverify' value='yes' /> I agree to read the FAQ before asking questions.<br />
<input type='checkbox' name='ageverify' value='yes' /> I am at least 18 years old.</td></tr>
<tr><td class='rowhead' colspan='2' id='captchainvite'></td></tr>
<tr><td align='center' colspan='2'>Now click the button marked <strong>X</strong> to complete the sign up!</td></tr><tr>
<td colspan='2' align='center'>";
 for ($i=0; $i < count($value); $i++) {
 $HTMLOUT .= "<input name=\"submitme\" type=\"submit\" value=\"".$value[$i]."\" class=\"btn\" />";
 }
 $HTMLOUT .= "</td></tr></table></form>";

print stdhead('Invites') . $HTMLOUT . stdfoot($stdfoot);
?>
take_invite_signup.php :

Code: PHP
<?php
require_once('include/bittorrent.php');
require_once('include/user_functions.php');
require_once('include/password_functions.php');
require_once('include/page_verify.php');
dbconn();
get_template();
$lang = array_merge( load_language('global'), load_language('takesignup') );
$newpage = new page_verify();
$newpage->check('tkIs');
$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['maxusers'])
stderr($lang['stderr_errorhead'], sprintf($lang['stderr_ulimit'], $TBDEV['maxusers']));
if (!mkglobal("wantusername:wantpassword:passagain:email:invite:captchaSelection:submitme:passhint:hintanswer"))
die();
if ($submitme != 'X')
  stderr('Ha Ha', 'You Missed, You plonker !');
 if(empty($captchaSelection) || $_SESSION['simpleCaptchaAnswer'] != $captchaSelection){
 header('Location: invite_signup.php');
 exit();
 }
function validusername($username) {
if ($username == "")
return false;
// The following characters are allowed in user names
$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i = 0; $i < strlen($username); ++$i)
if (strpos($allowedchars, $username[$i]) === false)
return false;
return true;
}
if (empty($wantusername) || empty($wantpassword) || empty($email) || empty($invite) || empty($passhint) || empty($hintanswer))
stderr("Error","Don't leave any fields blank.");
if(!blacklist($wantusername))
 stderr($lang['takesignup_user_error'],sprintf($lang['takesignup_badusername'],htmlspecialchars($wantusername)));
if (strlen($wantusername) > 12)
stderr("Error","Sorry, username is too long (max is 12 chars)");
if ($wantpassword != $passagain)
stderr("Error","The passwords didn't match! Must've typoed. Try again.");
if (strlen($wantpassword) < 6)
stderr("Error","Sorry, password is too short (min is 6 chars)");
if (strlen($wantpassword) > 40)
stderr("Error","Sorry, password is too long (max is 40 chars)");
if ($wantpassword == $wantusername)
stderr("Error","Sorry, password cannot be same as user name.");
if (!validemail($email))
stderr("Error","That doesn't look like a valid email address.");
if (!validusername($wantusername))
stderr("Error","Invalid username.");
// make sure user agrees to everything...
if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")
stderr("Error","Sorry, you're not qualified to become a member of this site.");
// check if email addy is already in use
$a = (@mysql_fetch_row(mysql_query('SELECT COUNT(*) FROM users WHERE email = ' . sqlesc($email)))) or die(mysql_error());
if ($a[0] != 0)
stderr('Error', 'The e-mail address <b>' . htmlspecialchars($email) . '</b> is already in use.');
//=== check if ip addy is already in use
$c = (@mysql_fetch_row(mysql_query("select count(*) from users where ip='" . $_SERVER['REMOTE_ADDR'] . "'"))) or die(mysql_error());
if ($c[0] != 0)
stderr("Error", "The ip " . $_SERVER['REMOTE_ADDR'] . " is already in use. We only allow one account per ip address.");
// TIMEZONE STUFF
    if(isset($_POST["user_timezone"]) && preg_match('#^\-?\d{1,2}(?:\.\d{1,2})?$#', $_POST['user_timezone']))
    {
    $time_offset = sqlesc($_POST['user_timezone']);
    }
    else
    {
    $time_offset = isset($TBDEV['time_offset']) ? sqlesc($TBDEV['time_offset']) : '0'; }
    // have a stab at getting dst parameter?
    $dst_in_use = localtime(time() + ($time_offset * 3600), true);
    // TIMEZONE STUFF END
$select_inv = mysql_query('SELECT sender, receiver, status FROM invite_codes WHERE code = ' . sqlesc($invite)) or die(mysql_error());
$rows = mysql_num_rows($select_inv);
$assoc = mysql_fetch_assoc($select_inv);
if ($rows == 0)
stderr("Error","Invite not found.\nPlease request a invite from one of our members.");
if ($assoc["receiver"]!=0)
stderr("Error","Invite already taken.\nPlease request a new one from your inviter.");
    $secret = mksecret();
    $wantpasshash = make_passhash( $secret, md5($wantpassword) );
    $editsecret = ( !$arr[0] ? "" : make_passhash_login_key() );
    $wanthintanswer = md5($hintanswer);
$new_user = mysql_query("INSERT INTO users (username, passhash, secret, passhint, hintanswer, editsecret, invitedby, email, ". (!$arr[0]?"class, ":"") ."added, last_access, last_login, time_offset, dst_in_use) VALUES (" .
implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $passhint, $wanthintanswer, (int)$assoc['sender'], $email))).
", ". (!$arr[0]?UC_SYSOP.", ":""). "'".  time() ."','".  time() ."','".  time() ."', $time_offset, {$dst_in_use['tm_isdst']})");
$message = "Welcome New {$TBDEV['site_name']} Member : - " . htmlspecialchars($wantusername) . "";
if (!$new_user) {
if (mysql_errno() == 1062)
stderr("Error","Username already exists!");
stderr("Error","borked");
}
//===send PM to inviter
$sender = $assoc["sender"];
$added = sqlesc(time());
$msg = sqlesc("Hey there [you] ! :wave:\nIt seems that someone you invited to {$TBDEV['site_name']} has arrived ! :clap2: \n\n Please go to your {$TBDEV['baseurl']}/invite.php]Invite page to confirm them so they can log in.\n\ncheers\n"[/COLOR]);
$subject = sqlesc("Someone you invited has arrived!");
mysql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, $subject, $sender, $msg, $added)") or sqlerr(__FILE__, __LINE__);
//////////////end/////////////////////
$id = mysql_insert_id();
mysql_query('UPDATE invite_codes SET receiver = ' . sqlesc($id) . ', status = "Confirmed" WHERE sender = ' . sqlesc((int)$assoc['sender']). ' AND code = ' . sqlesc($invite)) or sqlerr(__FILE__, __LINE__);
write_log('User account '.htmlspecialchars($wantusername).' was created!');
autoshout($message);
stderr('Success','Signup successfull, Your inviter needs to confirm your account now before you can use your account !');
?>


lang_invite_code.php :

Code: PHP
<?php
$lang = array(
#invite errors
'invites_error' => "Error",
'invites_deny' => "Denied",
'invites_limit' => "Sorry, user limit reached. Please try again later.",
'invites_disabled' => "Your invite sending privileges has been disabled by the Staff!",
'invites_noinvite' => "No invites !",
'invites_invalidemail' => "That doesn't look like a valid email address.",
'invites_noemail' => "You must enter an email address!",
'invites_unable' => "Unable to send mail. Please contact an administrator about this error.",
'invites_confirmation' => "A confirmation email has been sent to the address you specified.",
'invites_invalid' => "Invalid ID!",
'invites_noexsist' => "This invite code does not exist.",
'invites_sure' => "Are you sure you want to delete this invite code?",
'invites_errorid' => "No user with this ID.",
'invites_sure1' => "Are you sure you want to confirm",
#invites
'invites_users' => "Invited Users",
'invites_nousers' => "No Invitees Yet",
'invites_username' => "Username",
'invites_uploaded' => "Uploaded",
'invites_downloaded' => "Downloaded",
'invites_ratio' => "Ratio",
'invites_status' => "Status",
'invites_confirm' => "Confirm",
'invites_confirm1' => "Confirmed",
'invites_pend' => "Pending",
'invites_codes' => "Created Invite Codes",
'invites_nocodes' => "You have not created any invite codes at the moment!",
'invites_date' => "Created Date",
'invites_delete' => "Delete",
'invites_create' => "Create Invite Code",
'invites_send_code' => "Send Invite Code",
'invites_delete1' => "Delete Invite",
'invites_confirm1' => "Confirmed Account",
);
?>