Bravo List - Disabling Sign Ups / Invite Only

Code:

mproved & Safer Number Key Invite System By Neptune. 

Reworked for Tbdev 09

Xhtml Valid



The files are now up to date for 2009 final revision.



/**

* @sql

*/

Code: SQL

CREATE TABLE `invite_codes` (


  `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,


  `sender` INT(10) UNSIGNED NOT NULL DEFAULT '0',


  `receiver` VARCHAR(32) NOT NULL DEFAULT '0',


  `code` VARCHAR(32) NOT NULL DEFAULT '',


  `invite_added` INT(10) NOT NULL,


  `status` enum('Pending','Confirmed') NOT NULL DEFAULT 'Pending',


  PRIMARY KEY  (`id`),


  KEY `sender` (`id`)


) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;


ALTER TABLE `users` ADD `invites` INT(10) UNSIGNED NOT NULL DEFAULT '1';


ALTER TABLE `users` ADD `invitedby` INT(10) UNSIGNED NOT NULL DEFAULT '0';


ALTER TABLE `users` ADD `invite_rights` enum('yes','no') NOT NULL DEFAULT 'yes';


ALTER TABLE `users` ADD `invitees` VARCHAR(100) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL DEFAULT '';






/**

* @file config.php

*/



add after maxusers

Code: PHP

$TBDEV['invites'] = 3500; // set this to what you want








/**

* @file userdetails.php

*/



for displaying invitees

Code: PHP

if ($CURUSER['class'] >= UC_MODERATOR && $user['invitedby'] > 0 || $user['id'] == $CURUSER['id'] && $user['invitedby'] > 0) {


       $invitedby = mysql_query('SELECT username FROM users WHERE id = ' . sqlesc($user['invitedby']));


       $invitedby2 = mysql_fetch_array($invitedby);


       $HTMLOUT .= "{$lang['userdetails_invby']}/userdetails.php?id=".$user['invitedby']."'>'".htmlspecialchars($invitedby2['username'])."'"; }







Or the old original code :

Code: PHP

if ($CURUSER["class"] >= UC_MODERATOR && $user["invites"] > 0 || $user["id"] == $CURUSER["id"] && $user["invites"] > 0)


    $HTMLOUT .="{$lang['userdetails_invites']}/invite.php'>".htmlspecialchars($user["invites"])."\n";


    if ($CURUSER["class"] >= UC_MODERATOR && $user["invitedby"] > 0 || $user["id"] == $CURUSER["id"] && $user["invitedby"] > 0)


    {


    $invitedby = mysql_query("SELECT username FROM users WHERE id=$user[invitedby]");


    $invited_by2 = mysql_fetch_assoc($invitedby);


    $HTMLOUT .="{$lang['userdetails_invby']}invited by/userdetails.php?id=$user[invitedby]'>$invited_by2[username]\n";


    }


    if ($CURUSER["class"] >= UC_MODERATOR && $user["invitees"] > 0 || $user["id"] == $CURUSER["id"] && $user["invitees"] > 0)


    {


    $compl = $user["invitees"];


    $compl_list = explode(" ", $compl);


    $arr = array();


    foreach($compl_list as $array_list)


    $arr[] = $array_list;


    $compl_arr = array_reverse($arr, TRUE);


    $f=0;


    foreach($compl_arr as $user_id)


    {


    $compl_user = mysql_query("SELECT id, username FROM users WHERE id='$user_id' and status='confirmed'");


    $compl_users = mysql_fetch_assoc($compl_user);


    if ($compl_users["id"] > 0)


    {


    $HTMLOUT .="{$lang['userdetails_invitees']}";


    $compl = $user["invitees"];


    $compl_list = explode(" ", $compl);


    $arr = array();


    foreach($compl_list as $array_list)


    $arr[] = $array_list;


    $compl_arr = array_reverse($arr, TRUE);


    $i = 0;


    foreach($compl_arr as $user_id)


    {


    $compl_user = mysql_query("SELECT id, username FROM users WHERE id='$user_id' and status='confirmed' ORDER BY username");


    $compl_users = mysql_fetch_assoc($compl_user);


    $HTMLOUT .="/userdetails.php?id=" . $compl_users["id"] . "'>" . $compl_users["username"] . " ";


    if ($i == "9")


    break;


    $i++;


    }


    $HTMLOUT .="";


    $f = 1;


    }


    if ($f == "1")


    break;


    }


    }





@File lang/en/lang_userdetails.php :

Code: PHP

'userdetails_invites' => "Invites",


'userdetails_invitees' => "Invitees",


'userdetails_invby' => 'Invited by',










/**

* @file userdetails.php

*/



staff section, set invite on or off & invite amount

Code: PHP

$HTMLOUT .= "{$lang['userdetails_invright']} .($user["invite_rights"]=="yes" ? " checked='checked'" : "") . " />{$lang['userdetails_yes']} .($user["invite_rights"]=="no" ? " checked='checked'" : "") . " />{$lang['userdetails_no']}\n";


      $HTMLOUT .= "{$lang['userdetails_invites']}]) . "' />\n";










/**

* @file lang/en/lang_userdetails.php

*/



lang_userdetails.php add 

Code: PHP

'userdetails_invright' => "Invite rights",


'userdetails_invites' => "Invites",


'userdetails_invby' => "Invited by",










/**

* @file modtask.php

*/

Code: PHP

// invite rights


      if ((isset($_POST['invite_rights'])) && (($invite_rights = $_POST['invite_rights']) != $user['invite_rights'])){


      if ($invite_rights == 'yes')


      {


      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite rights enabled by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;


      $msg = sqlesc("Your invite rights have been given back by " . htmlspecialchars($CURUSER['username']) . ". You can invite users again.");


      $added = time();


      mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);


      }


      elseif ($invite_rights == 'no'){


      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite rights disabled by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;


      $msg = sqlesc("Your invite rights have been removed by " . htmlspecialchars($CURUSER['username']) . ", probably because you invited a bad user.");


      $added = time();


      mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);


      }


      $updateset[] = "invite_rights = " . sqlesc($invite_rights);


      }


      // change invite amount


      if ((isset($_POST['invites'])) && (($invites = $_POST['invites']) != ($curinvites = $user['invites'])))


      {


      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite amount changed to ".$invites." from ".$curinvites." by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;


      $updateset[] = "invites = " . sqlesc($invites);


      }








/**

* @file bittorrent.php ~lines 906-907 to display invites

*/

Code: PHP

"$IsDonor$warn  [/logout.php'>{$lang['gl_logout']}] $member_reputation".


      "  Invites: /invite.php'>{$CURUSER['invites']}








@ file config under :

Code: PHP

$TBDEV['invites'] = 3500; // LoL Who we kiddin' here?








Add :

Code: PHP

$TBDEV['openreg'] = true; //==true=open, false = closed








@ file signup.php under :

Code: PHP

$lang = array_merge( load_language('global'), load_language('signup') );








add :

Code: PHP

if(!$TBDEV['openreg'])


    stderr('Sorry', 'Invite only - Signups are closed presently');








@ file takesignup.php under :

Code: PHP

$lang = array_merge( load_language('global'), load_language('takesignup') );








add :

Code: PHP

if(!$TBDEV['openreg'])


    stderr('Sorry', 'Invite only - Signups are closed presently');






Then save upload the 4 files to root and that should be all.



invite.php :



Code: PHP



/*


+------------------------------------------------


|   $Date$


|   $Revision$ 09 Final


|   $Invite


|   $Author$ Neptune,Bigjoos


|   $URL$


+------------------------------------------------


*/


require_once('include/bittorrent.php');


require_once('include/user_functions.php');


require_once('include/password_functions.php');


dbconn();


loggedinorreturn();


$HTMLOUT ='';


$sure ='';


$lang = array_merge( load_language('global'), load_language('invite_code') );


$do = (isset($_GET["do"]) ? $_GET["do"] : (isset($_POST["do"]) ? $_POST["do"] : ''));


$valid_actions = array('create_invite', 'delete_invite', 'confirm_account', 'view_page', 'send_email');


$do = (($do && in_array($do,$valid_actions,true)) ? $do : '') or header("Location: ?do=view_page");


/**


 * @action Main Page


 */


if ($do == 'view_page') {


$query = myysql_query('SELECT * FROM users WHERE invitedby = '.sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);


$rows = mysql_num_rows($query);


$HTMLOUT ='';


$HTMLOUT .= "




";
if(!$rows){

$HTMLOUT .= "
";
} else {

$HTMLOUT .= "







";
for ($i = 0; $i < $rows; ++$i) {

$arr = mysql_fetch_assoc($query);

if ($arr['status'] == 'pending')

$user = "
";
else

$user = "
";
if ($arr['downloaded'] > 0) {

$ratio = number_format($arr['uploaded'] / $arr['downloaded'], 3);

$ratio = "".$ratio."";

} else {

if ($arr['uploaded'] > 0) {

$ratio = 'Inf.';

}

else {

$ratio = '---';

}

}

if ($arr["status"] == 'confirmed')

$status = "{$lang['invites_confirm1']}";

else

$status = "{$lang['invites_pend']}";

$HTMLOUT .= "
".$user."";
if ($arr['status'] == 'pending') {

$HTMLOUT .= "
";
}

else

$HTMLOUT .= "
";
}

}

$HTMLOUT .= "


{$lang['invites_users']}

{$lang['invites_nousers']}


{$lang['invites_username']}
{$lang['invites_uploaded']}
{$lang['invites_downloaded']}
{$lang['invites_ratio']}
{$lang['invites_status']}
{$lang['invites_confirm']}




" . htmlspecialchars($arr['username']) . "

/userdetails.php?id=$arr[id]'>" . htmlspecialchars($arr['username']) . "" .($arr["warned"] == "yes" ? " warned.gif' border='0' alt='Warned' />" : "")." " .($arr["enabled"] == "no" ? " disabled.gif' border='0' alt='Disabled' />" : "")." " .($arr["donor"] == "yes" ? "star.gif' border='0' alt='Donor' />" : "")."















" . mksize($arr['uploaded']) . " " . mksize($arr['downloaded']) . " ".$ratio." ".$status."

]."&sender=".$CURUSER['id']."'>confirm.png' alt='confirm' title='Confirm' border='0' />


---


";


$select = mysql_query("SELECT * FROM invite_codes WHERE sender = ".$CURUSER['id']." AND status = 'Pending'") or sqlerr();


$num_row = mysql_num_rows($select);


$HTMLOUT .= ""."";
if(!$num_row) {

$HTMLOUT.= "
";
} else {

$HTMLOUT .= "
";
for ($i = 0; $i < $num_row; ++$i)

{

$fetch_assoc = mysql_fetch_assoc($select);

$HTMLOUT .= "


";
$HTMLOUT .= "

";
}

}

$HTMLOUT .= "
";
$HTMLOUT .= "
{$lang['invites_codes']}

{$lang['invites_nocodes']}

{$lang['invites_send_code']} {$lang['invites_date']} {$lang['invites_delete']} {$lang['invites_status']}




".$fetch_assoc['code']." ]."'>email.gif' border='0' alt='Email' title='Send Email' />
" . get_date($fetch_assoc['invite_added'], '', 0,1)."
]."&sender=".$CURUSER['id']."'>del.png' border='0' alt='Delete'/>
".$fetch_assoc['status']."


' style='height: 20px' />
";


print stdhead('Invites') . $HTMLOUT . stdfoot();


die;


}


/**


 * @action Create Invites


 */


elseif ($do =='create_invite') {


if ($CURUSER['invites'] <= 0)


stderr($lang['invites_error'], $lang['invites_noinvite']);


if ($CURUSER["invite_rights"] == 'no')


stderr($lang['invites_deny'], $lang['invites_disabled']);


$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);


$arr = mysql_fetch_row($res);


if ($arr[0] >= $TBDEV['invites'])


stderr($lang['invites_error'], $lang['invites_limit']);


$invite = md5(mksecret());


mysql_query('INSERT INTO invite_codes (sender, invite_added, code) VALUES ( ' . sqlesc((int)$CURUSER['id']) . ', ' . sqlesc(time()) . ', ' . sqlesc($invite) . ' )') or sqlerr(__FILE__, __LINE__);


mysql_query('UPDATE users SET invites = invites - 1 WHERE id = ' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);


header("Location: ?do=view_page");


}


/**


 * @action Send e-mail


 */


elseif ($do =='send_email') {


if ($_SERVER["REQUEST_METHOD"] == "POST") {


$email = (isset($_POST['email'])? htmlentities($_POST['email']) : '');


$invite = (isset($_POST['code'])? $_POST['code'] : '');


if (!$email) stderr($lang['invites_error'], $lang['invites_noemail']);


$check = (mysql_fetch_row(mysql_query('SELECT COUNT(*) FROM users WHERE email = ' . sqlesc($email)))) or sqlerr(__FILE__, __LINE__);


if ($check[0] != 0) stderr('Error', 'This email address is already in use!');


if (!validemail($email)) stderr($lang['invites_error'], $lang['invites_invalidemail']);


$inviter = htmlspecialchars($CURUSER['username']);


$body = <<


You have been invited to {$TBDEV['site_name']} by $inviter. They have


specified this address ($email) as your email. If you do not know this person, please ignore this email. Please do not reply.


This is a private site and you must agree to the rules before you can enter:


{$TBDEV['baseurl']}/useragreement.php


{$TBDEV['baseurl']}/rules.php


{$TBDEV['baseurl']}/faq.php


------------------------------------------------------------


To confirm your invitation, you have to follow this link and type the invite code:


{$TBDEV['baseurl']}/invite_signup.php


Invite Code: $invite


------------------------------------------------------------


After you do this, your inviter need's to confirm your account. 


We urge you to read the RULES and FAQ before you start using {$TBDEV['site_name']}.


EOD;


$sendit = mail($email, "You have been invited to {$TBDEV['site_name']}", $body, "From: {$TBDEV['site_email']}", "-f{$TBDEV['site_email']}");


if (!$sendit) stderr($lang['invites_error'], $lang['invites_unable']);


else stderr('', $lang['invites_confirmation']); }


$id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : ''));


if (!is_valid_id($id)) stderr($lang['invites_error'], $lang['invites_invalid']);


$query = mysql_query('SELECT * FROM invite_codes WHERE id = ' . sqlesc($id) . ' AND sender = ' . sqlesc($CURUSER['id']).' AND status = "Pending"') or sqlerr(__FILE__, __LINE__);


$fetch = mysql_fetch_assoc($query) or stderr($lang['invites_error'], $lang['invites_noexsist']);


$HTMLOUT .= "
E-Mail]."'  />
";


print stdhead('Invites') . $HTMLOUT . stdfoot();


}


/**


 * @action Delete Invites


 */


elseif ($do =='delete_invite') {


$id = (isset($_GET["id"]) ? (int)$_GET["id"] : (isset($_POST["id"]) ? (int)$_POST["id"] : ''));


$query = mysql_query('SELECT * FROM invite_codes WHERE id = ' . sqlesc($id) . ' AND sender = ' . sqlesc($CURUSER['id']).' AND status = "Pending"') or sqlerr(__FILE__, __LINE__);


$assoc = mysql_fetch_assoc($query);


if (!$assoc)


stderr($lang['invites_error'],$lang['invites_noexsist']);


isset($_GET['sure']) && $sure = htmlspecialchars($_GET['sure']);


if (!$sure)


stderr($lang['invites_delete1'], $lang['invites_sure'].' Click .$_SERVER['PHP_SELF'].'?do=delete_invite&id='.$id.'&sender='.$CURUSER['id'].'&sure=yes">here to delete it or here to go back.');


mysql_query('DELETE FROM invite_codes WHERE id = ' . sqlesc($id) . ' AND sender =' . sqlesc($CURUSER['id'].' AND status = "Pending"')) or sqlerr(__FILE__, __LINE__);


mysql_query('UPDATE users SET invites = invites + 1 WHERE id = '.sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);


header("Location: ?do=view_page");


}


/**


 * @action Confirm Accounts


 */


elseif ($do ='confirm_account') {


$userid = (isset($_GET["userid"]) ? (int)$_GET["userid"] : (isset($_POST["userid"]) ? (int)$_POST["userid"] : ''));


if (!is_valid_id($userid))


stderr($lang['invites_error'], $lang['invites_invalid']);


$select = mysql_query('SELECT id, username FROM users WHERE id = ' . sqlesc($userid) . ' AND invitedby = ' . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);


$assoc = mysql_fetch_assoc($select);


if (!$assoc)


stderr($lang['invites_error'], $lang['invites_errorid']);


isset($_GET['sure']) && $sure = htmlspecialchars($_GET['sure']);


if (!$sure)


stderr($lang['invites_confirm1'], $lang['invites_sure1'].' '.htmlspecialchars($assoc['username']).'\'s account? Click .$userid.'&sender='.$CURUSER['id'].'&sure=yes">here to confirm it or here to go back.');


mysql_query('UPDATE users SET status = "confirmed" WHERE id = '.sqlesc($userid).' AND invitedby = '.sqlesc($CURUSER['id']).' AND status="pending"') or sqlerr(__FILE__, __LINE__);


//==pm to new invitee/////


$msg = sqlesc("Hey there :wave:


Welcome to {$TBDEV['site_name']}!


We have made many changes to the site, and we hope you enjoy them! 


We have been working hard to make {$TBDEV['site_name']} somethin' special!


{$TBDEV['site_name']} has a strong community (just check out forums), and is a feature rich site. We hope you'll join in on all the fun!


Be sure to read the {$TBDEV['baseurl']}/rules.php]Rules and {$TBDEV['baseurl']}[/COLOR]/faq.php]FAQ before you start using the site.[/COLOR]


We are a strong friendly community here {$TBDEV['site_name']} is so much more then just torrents.


Just for kicks, we've started you out with 200.0 Karma Bonus  Points, and a couple of bonus GB to get ya started! 


so, enjoy  


cheers, 


{$TBDEV['site_name']} Staff");


$id = $assoc["id"];


$subject = sqlesc("Welcome to {$TBDEV['site_name']} !");


$added = sqlesc(time());


mysql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, $subject, $id, $msg, $added)") or sqlerr(__FILE__, __LINE__);


///////////////////end////////////


header("Location: ?do=view_page");


}


?>






invite_signup.php :



Code: [Select]


require_once('include/bittorrent.php');

require_once('include/user_functions.php');

require_once('cache/timezones.php');

require_once('include/page_verify.php');

dbconn();

get_template();



$stdfoot = array(/** include js **/'js' => array('check','jquery.pstrength-min.1.2'));



$lang = array_merge( load_language('global'), load_language('signup') );

$newpage = new page_verify(); 

$newpage->create('tkIs');



$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);

$arr = mysql_fetch_row($res);

if ($arr[0] >= $TBDEV['maxusers'])

stderr("Sorry", "The current user account limit (" . number_format($TBDEV['maxusers']) . ") has been reached. Inactive accounts are pruned all the time, please check back again later...");



if(!$TBDEV['openreg'])

    stderr('Sorry', 'Invite only - Signups are closed presently');



// TIMEZONE STUFF

        $offset = (string)$TBDEV['time_offset'];

        

        $time_select = "";

    // TIMEZONE END



$HTMLOUT='';



$HTMLOUT .= "

    ";

// Normal Entry Point...

$value = array('...','...','...','...','...','...');

$value[rand(1,count($value)-1)] = 'X';

$HTMLOUT .="

    

    

Note: You need cookies enabled to sign up or log in.


]}/take_invite_signup.php'>









";

//==Passhint

     $passhint="";

     $questions = array(

       array("id"=> "1", "question"=> "{$lang['signup_q1']}"),

         array("id"=> "2", "question"=> "{$lang['signup_q2']}"),

         array("id"=> "3", "question"=> "{$lang['signup_q3']}"),

         array("id"=> "4", "question"=> "{$lang['signup_q4']}"),

         array("id"=> "5", "question"=> "{$lang['signup_q5']}"),

         array("id"=> "6", "question"=> "{$lang['signup_q6']}"));

        foreach($questions as $sph){  

        $passhint .= "\n"; 

        }

        $HTMLOUT .= "

        








Desired username: 
Pick a password: 
Enter password again: 
Enter invite-code: 
Email address: 

The email address must be valid. The email address won't be publicly shown anywhere unless you chose to from your settings.
{$lang['signup_timez']} {$time_select}
{$lang['signup_select']} 
{$lang['signup_enter']} {$lang['signup_this_answer']}{$lang['signup_this_answer1']}
 I will read the site rules page.

 I agree to read the FAQ before asking questions.

 I am at least 18 years old.
Now click the button marked X to complete the sign up!
";

 for ($i=0; $i < count($value); $i++) {

 $HTMLOUT .= ".$value[$i]."\" class=\"btn\" />";

 }

 $HTMLOUT .= "
";



print stdhead('Invites') . $HTMLOUT . stdfoot($stdfoot);

?>

take_invite_signup.php :



Code: PHP



require_once('include/bittorrent.php');


require_once('include/user_functions.php');


require_once('include/password_functions.php');


require_once('include/page_verify.php');


dbconn();


get_template();


$lang = array_merge( load_language('global'), load_language('takesignup') );


$newpage = new page_verify();


$newpage->check('tkIs');


$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);


$arr = mysql_fetch_row($res);


if ($arr[0] >= $TBDEV['maxusers'])


stderr($lang['stderr_errorhead'], sprintf($lang['stderr_ulimit'], $TBDEV['maxusers']));


if (!mkglobal("wantusername:wantpassword:passagain:email:invite:captchaSelection:submitme:passhint:hintanswer"))


die();


if ($submitme != 'X')


  stderr('Ha Ha', 'You Missed, You plonker !');


 if(empty($captchaSelection) || $_SESSION['simpleCaptchaAnswer'] != $captchaSelection){


 header('Location: invite_signup.php');


 exit();


 }


function validusername($username) {


if ($username == "")


return false;


// The following characters are allowed in user names


$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";


for ($i = 0; $i < strlen($username); ++$i)


if (strpos($allowedchars, $username[$i]) === false)


return false;


return true;


}


if (empty($wantusername) || empty($wantpassword) || empty($email) || empty($invite) || empty($passhint) || empty($hintanswer))


stderr("Error","Don't leave any fields blank.");


if(!blacklist($wantusername))


 stderr($lang['takesignup_user_error'],sprintf($lang['takesignup_badusername'],htmlspecialchars($wantusername)));


if (strlen($wantusername) > 12)


stderr("Error","Sorry, username is too long (max is 12 chars)");


if ($wantpassword != $passagain)


stderr("Error","The passwords didn't match! Must've typoed. Try again.");


if (strlen($wantpassword) < 6)


stderr("Error","Sorry, password is too short (min is 6 chars)");


if (strlen($wantpassword) > 40)


stderr("Error","Sorry, password is too long (max is 40 chars)");


if ($wantpassword == $wantusername)


stderr("Error","Sorry, password cannot be same as user name.");


if (!validemail($email))


stderr("Error","That doesn't look like a valid email address.");


if (!validusername($wantusername))


stderr("Error","Invalid username.");


// make sure user agrees to everything...


if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")


stderr("Error","Sorry, you're not qualified to become a member of this site.");


// check if email addy is already in use


$a = (@mysql_fetch_row(mysql_query('SELECT COUNT(*) FROM users WHERE email = ' . sqlesc($email)))) or die(mysql_error());


if ($a[0] != 0)


stderr('Error', 'The e-mail address ' . htmlspecialchars($email) . ' is already in use.');


//=== check if ip addy is already in use


$c = (@mysql_fetch_row(mysql_query("select count(*) from users where ip='" . $_SERVER['REMOTE_ADDR'] . "'"))) or die(mysql_error());


if ($c[0] != 0)


stderr("Error", "The ip " . $_SERVER['REMOTE_ADDR'] . " is already in use. We only allow one account per ip address.");


// TIMEZONE STUFF


    if(isset($_POST["user_timezone"]) && preg_match('#^\-?\d{1,2}(?:\.\d{1,2})?$#', $_POST['user_timezone']))


    {


    $time_offset = sqlesc($_POST['user_timezone']);


    }


    else


    {


    $time_offset = isset($TBDEV['time_offset']) ? sqlesc($TBDEV['time_offset']) : '0'; }


    // have a stab at getting dst parameter?


    $dst_in_use = localtime(time() + ($time_offset * 3600), true);


    // TIMEZONE STUFF END


$select_inv = mysql_query('SELECT sender, receiver, status FROM invite_codes WHERE code = ' . sqlesc($invite)) or die(mysql_error());


$rows = mysql_num_rows($select_inv);


$assoc = mysql_fetch_assoc($select_inv);


if ($rows == 0)


stderr("Error","Invite not found.\nPlease request a invite from one of our members.");


if ($assoc["receiver"]!=0)


stderr("Error","Invite already taken.\nPlease request a new one from your inviter.");


    $secret = mksecret();


    $wantpasshash = make_passhash( $secret, md5($wantpassword) );


    $editsecret = ( !$arr[0] ? "" : make_passhash_login_key() );


    $wanthintanswer = md5($hintanswer);


$new_user = mysql_query("INSERT INTO users (username, passhash, secret, passhint, hintanswer, editsecret, invitedby, email, ". (!$arr[0]?"class, ":"") ."added, last_access, last_login, time_offset, dst_in_use) VALUES (" .


implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $passhint, $wanthintanswer, (int)$assoc['sender'], $email))).


", ". (!$arr[0]?UC_SYSOP.", ":""). "'".  time() ."','".  time() ."','".  time() ."', $time_offset, {$dst_in_use['tm_isdst']})");


$message = "Welcome New {$TBDEV['site_name']} Member : - " . htmlspecialchars($wantusername) . "";


if (!$new_user) {


if (mysql_errno() == 1062)


stderr("Error","Username already exists!");


stderr("Error","borked");


}


//===send PM to inviter


$sender = $assoc["sender"];


$added = sqlesc(time());


$msg = sqlesc("Hey there [you] ! :wave:\nIt seems that someone you invited to {$TBDEV['site_name']} has arrived ! :clap2: \n\n Please go to your {$TBDEV['baseurl']}/invite.php]Invite page to confirm them so they can log in.\n\ncheers\n"[/COLOR]);


$subject = sqlesc("Someone you invited has arrived!");


mysql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, $subject, $sender, $msg, $added)") or sqlerr(__FILE__, __LINE__);


//////////////end/////////////////////


$id = mysql_insert_id();


mysql_query('UPDATE invite_codes SET receiver = ' . sqlesc($id) . ', status = "Confirmed" WHERE sender = ' . sqlesc((int)$assoc['sender']). ' AND code = ' . sqlesc($invite)) or sqlerr(__FILE__, __LINE__);


write_log('User account '.htmlspecialchars($wantusername).' was created!');


autoshout($message);


stderr('Success','Signup successfull, Your inviter needs to confirm your account now before you can use your account !');


?>






lang_invite_code.php :



Code: PHP



$lang = array(


#invite errors


'invites_error' => "Error",


'invites_deny' => "Denied",


'invites_limit' => "Sorry, user limit reached. Please try again later.",


'invites_disabled' => "Your invite sending privileges has been disabled by the Staff!",


'invites_noinvite' => "No invites !",


'invites_invalidemail' => "That doesn't look like a valid email address.",


'invites_noemail' => "You must enter an email address!",


'invites_unable' => "Unable to send mail. Please contact an administrator about this error.",


'invites_confirmation' => "A confirmation email has been sent to the address you specified.",


'invites_invalid' => "Invalid ID!",


'invites_noexsist' => "This invite code does not exist.",


'invites_sure' => "Are you sure you want to delete this invite code?",


'invites_errorid' => "No user with this ID.",


'invites_sure1' => "Are you sure you want to confirm",


#invites


'invites_users' => "Invited Users",


'invites_nousers' => "No Invitees Yet",


'invites_username' => "Username",


'invites_uploaded' => "Uploaded",


'invites_downloaded' => "Downloaded",


'invites_ratio' => "Ratio",


'invites_status' => "Status",


'invites_confirm' => "Confirm",


'invites_confirm1' => "Confirmed",


'invites_pend' => "Pending",


'invites_codes' => "Created Invite Codes",


'invites_nocodes' => "You have not created any invite codes at the moment!",


'invites_date' => "Created Date",


'invites_delete' => "Delete",


'invites_create' => "Create Invite Code",


'invites_send_code' => "Send Invite Code",


'invites_delete1' => "Delete Invite",


'invites_confirm1' => "Confirmed Account",


);


?>

{$lang['invites_users']}
{$lang['invites_nousers']}
{$lang['invites_username']}	{$lang['invites_uploaded']}	{$lang['invites_downloaded']}	{$lang['invites_ratio']}	{$lang['invites_status']}	{$lang['invites_confirm']}
" . htmlspecialchars($arr['username']) . "	/userdetails.php?id=$arr[id]'>" . htmlspecialchars($arr['username']) . "" .($arr["warned"] == "yes" ? " warned.gif' border='0' alt='Warned' />" : "")." " .($arr["enabled"] == "no" ? " disabled.gif' border='0' alt='Disabled' />" : "")." " .($arr["donor"] == "yes" ? "star.gif' border='0' alt='Donor' />" : "")."
" . mksize($arr['uploaded']) . "	" . mksize($arr['downloaded']) . "	".$ratio."	".$status."	]."&sender=".$CURUSER['id']."'>confirm.png' alt='confirm' title='Confirm' border='0' />
---

{$lang['invites_codes']}
{$lang['invites_nocodes']}
{$lang['invites_send_code']}	{$lang['invites_date']}	{$lang['invites_delete']}	{$lang['invites_status']}
".$fetch_assoc['code']." ]."'>email.gif' border='0' alt='Email' title='Send Email' />	" . get_date($fetch_assoc['invite_added'], '', 0,1)."	]."&sender=".$CURUSER['id']."'>del.png' border='0' alt='Delete'/>	".$fetch_assoc['status']."
' style='height: 20px' />

{$lang['invites_users']}
{$lang['invites_nousers']}
{$lang['invites_username']}	{$lang['invites_uploaded']}	{$lang['invites_downloaded']}	{$lang['invites_ratio']}	{$lang['invites_status']}	{$lang['invites_confirm']}
" . htmlspecialchars($arr['username']) . "	/userdetails.php?id=$arr[id]'>" . htmlspecialchars($arr['username']) . "" .($arr["warned"] == "yes" ? " warned.gif' border='0' alt='Warned' />" : "")." " .($arr["enabled"] == "no" ? " disabled.gif' border='0' alt='Disabled' />" : "")." " .($arr["donor"] == "yes" ? "star.gif' border='0' alt='Donor' />" : "")."
" . mksize($arr['uploaded']) . "	" . mksize($arr['downloaded']) . "	".$ratio."	".$status."	]."&sender=".$CURUSER['id']."'>confirm.png' alt='confirm' title='Confirm' border='0' />
---

{$lang['invites_codes']}
{$lang['invites_nocodes']}
{$lang['invites_send_code']}	{$lang['invites_date']}	{$lang['invites_delete']}	{$lang['invites_status']}
".$fetch_assoc['code']." ]."'>email.gif' border='0' alt='Email' title='Send Email' />	" . get_date($fetch_assoc['invite_added'], '', 0,1)."	]."&sender=".$CURUSER['id']."'>del.png' border='0' alt='Delete'/>	".$fetch_assoc['status']."
' style='height: 20px' />