Bravo List
Register
Go Back   > Bravo List > Source Code > Active Trackers > Torrent Trader
Reply
  #1  
Old 11th September 2019, 20:41
BamBam0077 BamBam0077 is offline
Banned
 
Join Date: Jul 2013
P2P
Posts: 410
Default Account-Signup
Edit script, needs sqlesc in all queries to avoid any security flaws, change is a must!
SQL INJECTION +MORE
PHP Code:
<?php
//
//  TorrentTrader v2.x
//    $LastChangedDate: 2011-06-04 15:19:54 +0100 (Sat, 04 Jun 2011) $
//      $LastChangedBy: torrentialstorm $
//    
//    http://www.torrenttrader.org
//
//
require_once("backend/functions.php");
dbconn();

$username_length 15// Max username length. You shouldn't set this higher without editing the database first
$password_minlength 6;
$password_maxlength 40;

// Disable checks if we're signing up with an invite
if (!is_valid_id($_REQUEST["invite"]) || strlen($_REQUEST["secret"]) != 32) {
    
//invite only check
    
if ($site_config["INVITEONLY"]) {
        
show_error_msg(T_("INVITE_ONLY"), "<br><br><center>".T_("INVITE_ONLY_MSG")."<br><br></center>",1);
    }

    
//get max members, and check how many users there is
    
$numsitemembers get_row_count("users");
    if (
$numsitemembers >= $site_config["maxusers"])
        
show_error_msg(T_("SORRY")."..."T_("SITE_FULL_LIMIT_MSG")."".number_format($site_config["maxusers"])." ".T_("SITE_FULL_LIMIT_REACHED_MSG")." ".number_format($numsitemembers)." members",1);
} else {
    
$res mysql_query("SELECT id FROM users WHERE id = $_REQUEST[invite] AND MD5(secret) = ".sqlesc($_REQUEST["secret"]));
    
$invite_row mysql_fetch_array($res);
    if (!
$invite_row) {
        
show_error_msg(T_("ERROR"), T_("INVITE_ONLY_NOT_FOUND")." ".($site_config['signup_timeout']/86400)." days."1);
    }
}

if (
$_GET["takesignup"] == "1") {

$message == "";

function 
validusername($username) {
        
$allowedchars "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
        for (
$i 0$i strlen($username); ++$i)
            if (
strpos($allowedchars$username[$i]) === false)
            return 
false;
        return 
true;
}

    
$wantusername $_POST["wantusername"];
    
$email $_POST["email"];
    
$wantpassword $_POST["wantpassword"];
    
$passagain $_POST["passagain"];
    
$country $_POST["country"];
    
$gender $_POST["gender"];
    
$client $_POST["client"];
    
$age = (int) $_POST["age"];

  if (empty(
$wantpassword) || (empty($email) && !$invite_row) || empty($wantusername))
    
$message T_("DONT_LEAVE_ANY_FIELD_BLANK");
  elseif (
strlen($wantusername) > $username_length)
    
$message sprintf(T_("USERNAME_TOO_LONG"), $username_length);
  elseif (
$wantpassword != $passagain)
    
$message T_("PASSWORDS_NOT_MATCH");
  elseif (
strlen($wantpassword) < $password_minlength)
    
$message sprintf(T_("PASS_TOO_SHORT_2"), $password_minlength);
  elseif (
strlen($wantpassword) > $password_maxlength)
    
$message sprintf(T_("PASS_TOO_LONG_2"), $password_maxlength);
  elseif (
$wantpassword == $wantusername)
     
$message T_("PASS_CANT_MATCH_USERNAME");
  elseif (!
validusername($wantusername))
    
$message "Invalid username.";
  elseif (!
$invite_row && !validemail($email))
        
$message "That doesn't look like a valid email address.";

    if (
$message == "") {
        
// Certain checks must be skipped for invites
        
if (!$invite_row) {
            
//check email isnt banned
            
$maildomain = (substr($emailstrpos($email"@") + 1));
            
$a = (@mysql_fetch_row(@mysql_query("select count(*) from email_bans where mail_domain='$email'"))) or die(mysql_error());
            if (
$a[0] != 0)
                
$message sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);

            
$a = (@mysql_fetch_row(@mysql_query("select count(*) from email_bans where mail_domain='$maildomain'"))) or die(mysql_error());
            if (
$a[0] != 0)
                
$message sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);
      
          
// check if email addy is already in use
          
$a = (@mysql_fetch_row(@mysql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
          if (
$a[0] != 0)
            
$message sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email);
        }
//sql
       //check username isnt in use
      
$a mysql_fetch_row(@mysql_query("select count(*) from users where username='$wantusername'")) or mysql_error(__file____line__);
      if (
$a[0] != 0)
        
$message sprintf(T_("USERNAME_INUSE_S"), $wantusername); 

      
$secret mksecret(); //generate secret field

      
$wantpassword md5($wantpassword);//md5 hash the password
    
}
    
    if (
$message != "")
        
show_error_msg(T_("SIGNUP_FAILED"), $message1);

  if (
$message == "") {
        if (
$invite_row) {
            
mysql_query("UPDATE users SET username='$wantusername', password='$wantpassword', secret='$secret', status='confirmed', added='".sqlesc(get_date_time())."' WHERE id='$invite_row[id]'");
            
//send pm to new user
            
if ($site_config["WELCOMEPMON"]){
                
$dt sqlesc(get_date_time());
                
$msg sqlesc($site_config["WELCOMEPMMSG"]);
                
// sql
                
mysql_query("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $invite_row[id]$dt$msg, 0)");
            }
            
header("Refresh: 0; url=account-confirm-ok.php?type=confirm");
            die;
        }

    if (
$site_config["CONFIRMEMAIL"]) { //req confirm email true/false
        
$status "pending";
    }else{
        
$status "confirmed";
    }

    
//make first member admin
    
if ($numsitemembers == '0')
        
$signupclass '7';
    else
        
$signupclass '1';

   
$ret mysql_query("INSERT INTO users (username, password, secret, email, status, added, age, country, gender, client, stylesheet, language, class) VALUES (" .
      
implode(","array_map("sqlesc", array($wantusername$wantpassword$secret$email$statusget_date_time(), $age$country$gender$client$site_config["default_theme"], $site_config["default_language"], $signupclass))).")");

    
$id mysql_insert_id();

    
$psecret md5($secret);
    
$thishost $_SERVER["HTTP_HOST"];
    
$thisdomain preg_replace('/^www\./is'""$thishost);

    
//ADMIN CONFIRM
    
if ($site_config["ACONFIRM"]) {
        
$body T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_CREATED_YOU_WILL_HAVE_TO_WAIT")."\n\n".$site_config['SITENAME']." ".T_("ADMIN");
    }else{
//NO ADMIN CONFIRM, BUT EMAIL CONFIRM
        
$body T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_APPROVED_EMAIL")."\n\n    ".$site_config['SITEURL']."/account-confirm.php?id=$id&secret=$psecret\n\n".T_("HAS_BEEN_APPROVED_EMAIL_AFTER")."\n\n    ".T_("HAS_BEEN_APPROVED_EMAIL_DELETED")."\n\n".$site_config['SITENAME']." ".T_("ADMIN");
    }

    if (
$site_config["CONFIRMEMAIL"]){ //email confirmation is on
        
sendmail($email"Your $site_config[SITENAME] User Account"$body"From: $site_config[SITENAME]""-f$site_config[SITEEMAIL]");
        
header("Refresh: 0; url=account-confirm-ok.php?type=signup&email=" urlencode($email));
    }else{ 
//email confirmation is off
        
header("Refresh: 0; url=account-confirm-ok.php?type=noconf");
    }
    
//send pm to new user
    
if ($site_config["WELCOMEPMON"]){
        
$dt sqlesc(get_date_time());
        
$msg sqlesc($site_config["WELCOMEPMMSG"]);
        
mysql_query("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id$dt$msg, 0)");
    }

    die;
  }

}
//end takesignup
?>
<?php stdhead
(T_("SIGNUP")); ?>
<?php begin_frame
(T_("SIGNUP")); ?>
<?php 
echo T_("COOKIES"); ?>
<p>
<form method="post" action="account-signup.php?takesignup=1">
    <?php if ($invite_row) { ?>
    <input type="hidden" name="invite" value="<?php echo $_GET[invite]; ?>" />
    <input type="hidden" name="secret" value="<?php echo $_GET[secret]; ?>" />
    <?php ?>
    <table cellSpacing="0" cellPadding="2" border="0" >
            <tr>
                <td><?php echo T_("USERNAME"); ?>: <font class="small"><font color="#FF0000">*</font></td>
                <td><input type="text" size="40" name="wantusername" /></td>
            </tr>
            <tr>
                <td><?php echo T_("PASSWORD"); ?>: <font class="small"><font color="#FF0000">*</font></td>
                <td><input type="password" size="40" name="wantpassword" /></td>
            </tr>
            <tr>
                <td><?php echo T_("CONFIRM"); ?>: <font class="small"><font color="#FF0000">*</font></td>
                <td><input type="password" size="40" name="passagain" /></td>
            </tr>
            <?php if (!$invite_row) {?>
            <tr>
                <td><?php echo T_("EMAIL"); ?>: <font class="small"><font color="#FF0000">*</font></td>
                <td><input type="text" size="40" name="email"/></td>
            </tr>
            <?php ?>
            <tr>
                <td><?php echo T_("AGE"); ?>:</td>
                <td><input type="text" size="40" name="age" maxlength="3" /></td>
            </tr>
            <tr>
                <td><?php echo T_("COUNTRY"); ?>:</td>
                <td>
                    <select name="country" size="1">
                        <?php
                        $countries 
"<option value=\"0\">---- ".T_("NONE_SELECTED")." ----</option>\n";
                        
$ct_r mysql_query("SELECT id,name,domain from countries ORDER BY name") or die;
                        while (
$ct_a mysql_fetch_array($ct_r)) {
                          
$countries .= "\t\t\t\t\t\t<option value=\"$ct_a[id]\"";
                          if (
$dom == $ct_a["domain"])
                            
$countries .= " SELECTED";
                          
$countries .= ">$ct_a[name]</option>\n";
                        }
                        
?>
                        <?php echo $countries ?>
                    </select>
                </td>
            </tr>
            <tr>
                <td><?php echo T_("GENDER"); ?>:</td>
                <td>
                    <input type="radio" name="gender" value="Male"><?php echo T_("Male"); ?>
                    &nbsp;&nbsp;
                    <input type="radio" name="gender" value="Female"><?php echo T_("Female"); ?>
                </td>
            </tr>
            <tr>
                <td><?php echo T_("PREF_BITTORRENT_CLIENT"); ?>:</td>
                <td><input type="text" size="40" name="client"  maxlength="20" /></td>
            </tr>
            <tr>
                <td align="middle" colSpan="2">
                <input type="submit" value="<?php echo T_("SIGNUP"); ?>" />
              </td>
            </tr>
    </table>
</form>
<?php
//end_frame();
stdfoot();
?>
Helpful Tips: https://www.php.net/manual/en/functi...ape-string.php
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 18:13. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.