Code:
<?php
//
// TorrentTrader v2.x
// $LastChangedDate: 2012-09-27 22:15:34 +0100 (Thu, 27 Sep 2012) $
// $LastChangedBy: torrenttrader $
//
// http://www.torrenttrader.org
//
//
require_once("backend/functions.php");
dbconn();
$username_length = 15; // Max username length. You shouldn't set this higher without editing the database first
$password_minlength = 6;
$password_maxlength = 40;
// Disable checks if we're signing up with an invite
if (!is_valid_id($_REQUEST["invite"]) || strlen($_REQUEST["secret"]) != 32) {
//invite only check
if ($site_config["INVITEONLY"]) {
show_error_msg(T_("INVITE_ONLY"), "<br /><br /><center>".T_("INVITE_ONLY_MSG")."<br /><br /></center>",1);
}
//get max members, and check how many users there is
$numsitemembers = get_row_count("users");
if ($numsitemembers >= $site_config["maxusers"])
show_error_msg(T_("SORRY")."...", T_("SITE_FULL_LIMIT_MSG") . number_format($site_config["maxusers"])." ".T_("SITE_FULL_LIMIT_REACHED_MSG")." ".number_format($numsitemembers)." members",1);
} else {
$res = SQL_Query_exec("SELECT id FROM users WHERE id = $_REQUEST[invite] AND MD5(secret) = ".sqlesc($_REQUEST["secret"]));
$invite_row = mysqli_fetch_assoc($res);
if (!$invite_row) {
show_error_msg(T_("ERROR"), T_("INVITE_ONLY_NOT_FOUND")." ".($site_config['signup_timeout']/86400)." days.", 1);
}
}
if ($_GET["takesignup"] == "1") {
if ($site_config["ipcheck"] && $site_config["accountmax"] > "0") {
$ip = $_SERVER['REMOTE_ADDR'];
$ipc = SQL_Query_exec("SELECT COUNT(ip) FROM users WHERE ip = '$ip'");
$ipq = mysqli_result($ipc, 0);
if ($ipq >= $site_config["accountmax"])
show_error_msg("Error","Only allows $site_config[accountmax] account per IP. If you would like to create a new account, please contact a staff member via PM or IRC.<br><br> The error was: maximum account count($site_config[accountmax]) Exceeded for $ip($ipq), cannot proceed with signup.",1);
}
$message == "";
function validusername($username) {
$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i = 0; $i < strlen($username); ++$i)
if (strpos($allowedchars, $username[$i]) === false)
return false;
return true;
}
$wantusername = $_POST["wantusername"];
$email = $_POST["email"];
$wantpassword = $_POST["wantpassword"];
$passagain = $_POST["passagain"];
$country = $_POST["country"];
$gender = $_POST["gender"];
$client = $_POST["client"];
$age = (int) $_POST["age"];
if (empty($wantpassword) || (empty($email) && !$invite_row) || empty($wantusername))
$message = T_("DONT_LEAVE_ANY_FIELD_BLANK");
elseif (strlen($wantusername) > $username_length)
$message = sprintf(T_("USERNAME_TOO_LONG"), $username_length);
elseif ($wantpassword != $passagain)
$message = T_("PASSWORDS_NOT_MATCH");
elseif (strlen($wantpassword) < $password_minlength)
$message = sprintf(T_("PASS_TOO_SHORT_2"), $password_minlength);
elseif (strlen($wantpassword) > $password_maxlength)
$message = sprintf(T_("PASS_TOO_LONG_2"), $password_maxlength);
elseif ($wantpassword == $wantusername)
$message = T_("PASS_CANT_MATCH_USERNAME");
elseif (!validusername($wantusername))
$message = "Invalid username.";
elseif (!$invite_row && !validemail($email))
$message = "That doesn't look like a valid email address.";
if ($message == "") {
// Certain checks must be skipped for invites
if (!$invite_row) {
//check email isnt banned
$maildomain = (substr($email, strpos($email, "@") + 1));
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain='$email'")));
if ($a[0] != 0)
$message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain LIKE '%$maildomain%'")));
if ($a[0] != 0)
$message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);
// check if email addy is already in use
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where email='$email'")));
if ($a[0] != 0)
$message = sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email);
}
//check username isnt in use
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where username='$wantusername'")));
if ($a[0] != 0)
$message = sprintf(T_("USERNAME_INUSE_S"), $wantusername);
$secret = mksecret(); //generate secret field
$wantpassword = passhash($wantpassword);// hash the password
}
if ($message != "")
show_error_msg(T_("SIGNUP_FAILED"), $message, 1);
if ($message == "") {
if ($invite_row) {
SQL_Query_exec("UPDATE users SET username=".sqlesc($wantusername).", password=".sqlesc($wantpassword).", secret=".sqlesc($secret).", status='confirmed', added='".get_date_time()."' WHERE id=$invite_row[id]");
//send pm to new user
if ($site_config["WELCOMEPMON"]){
$dt = sqlesc(get_date_time());
$msg = sqlesc($site_config["WELCOMEPMMSG"]);
SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $invite_row[id], $dt, $msg, 0)");
}
header("Refresh: 0; url=account-confirm-ok.php?type=confirm");
die;
}
if ($site_config["CONFIRMEMAIL"]) { //req confirm email true/false
$status = "pending";
}else{
$status = "confirmed";
}
//make first member admin
if ($numsitemembers == '0')
$signupclass = '7';
else
$signupclass = '1';
SQL_Query_exec("INSERT INTO users (username, password, secret, email, status, added, last_access, age, country, gender, client, stylesheet, language, class, ip) VALUES (" .
implode(",", array_map("sqlesc", array($wantusername, $wantpassword, $secret, $email, $status, get_date_time(), get_date_time(), $age, $country, $gender, $client, $site_config["default_theme"], $site_config["default_language"], $signupclass, getip()))).")");
$id = ((is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
$psecret = md5($secret);
$thishost = $_SERVER["HTTP_HOST"];
$thisdomain = preg_replace('/^www\./is', "", $thishost);
//ADMIN CONFIRM
if ($site_config["ACONFIRM"]) {
$body = T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_CREATED_YOU_WILL_HAVE_TO_WAIT")."\n\n".$site_config['SITENAME']." ".T_("ADMIN");
}else{//NO ADMIN CONFIRM, BUT EMAIL CONFIRM
$body = T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_APPROVED_EMAIL")."\n\n ".$site_config['SITEURL']."/account-confirm.php?id=$id&secret=$psecret\n\n".T_("HAS_BEEN_APPROVED_EMAIL_AFTER")."\n\n ".T_("HAS_BEEN_APPROVED_EMAIL_DELETED")."\n\n".$site_config['SITENAME']." ".T_("ADMIN");
}
if ($site_config["CONFIRMEMAIL"]){ //email confirmation is on
sendmail($email, "Your $site_config[SITENAME] User Account", $body, "", "-f$site_config[SITEEMAIL]");
header("Refresh: 0; url=account-confirm-ok.php?type=signup&email=" . urlencode($email));
}else{ //email confirmation is off
header("Refresh: 0; url=account-confirm-ok.php?type=noconf");
}
//send pm to new user
if ($site_config["WELCOMEPMON"]){
$dt = sqlesc(get_date_time());
$msg = sqlesc($site_config["WELCOMEPMMSG"]);
SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id, $dt, $msg, 0)");
}
die;
}
}//end takesignup
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="author" content="Kodinger">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>TTCE-Signup</title>
<link rel="stylesheet" type="text/css" href="../login/bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="../login/css/my-login.css">
</head>
<body class="my-login-page">
<section class="h-100">
<div class="container h-100">
<div class="row justify-content-md-center h-100">
<div class="card-wrapper">
<div class="brand">
<img src="../login/img/logo.jpg">
</div>
<div class="card fat">
<div class="card-body">
<h4 class="card-title">Signup</h4>
<form method="post" action="account-signup.php?takesignup=1">
<?php if ($invite_row) { ?>
<input type="hidden" name="invite" class="form-control" value="<?php echo $_GET["invite"]; ?>" />
<input type="hidden" name="secret" class="form-control" value="<?php echo htmlspecialchars($_GET["secret"]); ?>" />
<?php } ?>
<div class="form-group">
<label for="username"><?php echo T_("USERNAME"); ?></label>
<input id="username" type="text" class="form-control" name="wantusername" required autofocus>
</div>
<div class="form-group">
<label for="password"><?php echo T_("PASSWORD"); ?></label>
<input id="password" type="password" class="form-control" name="wantpassword" required data-eye>
</div>
<div class="form-group">
<label for="password2"><?php echo T_("CONFIRM"); ?></label>
<input id="password2" type="password" class="form-control" name="passagain" required data-eye>
</div>
<?php if (!$invite_row) {?>
<div class="form-group">
<label for="email"><?php echo T_("EMAIL"); ?></label>
<input id="email" type="text" class="form-control" name="email" required autofocus>
</div>
<?php } ?>
<div class="form-group">
<label for="age"><?php echo T_("AGE"); ?></label>
<input id="age" type="text" class="form-control" name="age" maxlength="3" required autofocus>
</div>
<div class="form-group">
<label for="country"><?php echo T_("COUNTRY"); ?> </label>
<select name="country" id="country" class="form-control" size="1">
<?php
$countries = "<option value=\"0\">---- ".T_("NONE_SELECTED")." ----</option>\n";
$ct_r = SQL_Query_exec("SELECT id,name,domain from countries ORDER BY name");
while ($ct_a = mysqli_fetch_assoc($ct_r)) {
$countries .= "<option value=\"$ct_a[id]\">$ct_a[name]</option>\n";
}
?>
<?php echo $countries; ?>
</select>
</div>
<div class="form-group">
<label for="gender"><?php echo T_("GENDER"); ?></label>
<select name="gender" id="gender" class="form-control" size="1">
<option>Male</option>
<option>Female</option>
</select>
</div>
<div class="form-group">
<label for="client"><?php echo T_("PREF_BITTORRENT_CLIENT"); ?></label>
<input id="client" type="text" class="form-control" name="client" maxlength="20" required autofocus>
</div>
<div class="form-group no-margin">
<button type="submit" class="btn btn-primary btn-block">
Signup
</button>
</div>
<div class="margin-top20 text-center">
Have an account? <a href="../account-login.php">Login</a>
</div>
</form>
</div>
</div>
<div class="footer">
Copyright © 2017 — TTCE
</div>
</div>
</div>
</div>
</section>
<script src="../login/js/jquery.min.js"></script>
<script src="../login/bootstrap/js/bootstrap.min.js"></script>
<script src="../login/js/my-login.js"></script>
</body>
</html>