function send_invite($resend = false)
{
global $lang, $GMailSender, $smtp_cfg, $title, $format_mail_html, $user_name, $user_id, $url_path, $mailer_type, $sql, $core;
if (!$resend) {
if (empty($_GET["invite_email"])) {
redirect("edit.php?error=1");
}
$invited = $sql["mgr"]->quote_smart($_GET["invite_email"]);
// a little XSS prevention
if ($invited != htmlspecialchars($_GET["invite_email"])) {
redirect("edit.php?error=1");
}
// make sure we're not inviting someone who already has an account here
if ($core == 1) {
$check_mail_query = "SELECT * FROM accounts WHERE email='" . $invited . "'";
} else {
$check_mail_query = "SELECT * FROM account WHERE email='" . $invited . "'";
}
$check_mail_result = $sql["logon"]->query($check_mail_query);
if ($sql["logon"]->num_rows($check_mail_result) > 0) {
redirect("edit.php?error=2");
}
// make sure we're not inviting someone who already has an invitation
$check_mail_query = "SELECT * FROM invitations WHERE invited_email='" . $invited . "'";
$check_mail_result = $sql["mgr"]->query($check_mail_query);
if ($sql["mgr"]->num_rows($check_mail_result) > 0) {
redirect("edit.php?error=2");
}
// generate a private key based on our user name and the target's email
$key = sha1($user_name . ":" . $invited);
// get the name of one of our characters
if ($core == 1) {
$char_query = "SELECT name FROM characters WHERE acct='" . $user_id . "' LIMIT 1";
} else {
$char_query = "SELECT name FROM characters WHERE account='" . $user_id . "' LIMIT 1";
}
$char_result = $sql["char"]->query($char_query);
$char = $sql["char"]->fetch_assoc($char_result);
$char = $char["name"];
// prepare our invitation message
if ($format_mail_html) {
$file_name = "lang/mail_templates/" . $lang . "/invite.tpl";
} else {
$file_name = "lang/mail_templates/" . $lang . "/invite_nohtml.tpl";
}
$fh = fopen($file_name, "r");
$subject = fgets($fh, 4096);
$body = fread($fh, filesize($file_name));
fclose($fh);
$mail = $invited;
$subject = str_replace("<title>", $title, $subject);
if ($format_mail_html) {
$body = str_replace("\n", "<br />", $body);
$body = str_replace("\r", " ", $body);
}
$body = str_replace("<username>", $user_name, $body);
$body = str_replace("<key>", $key, $body);
$body = str_replace("<title>", $title, $body);
$body = str_replace("<char>", $char, $body);
$body = str_replace("<core>", core_name($core), $body);
$server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"];
// if we aren't installed in / then append the path to $server_addr
$server_addr .= $url_path != "" ? $url_path : "";
$body = str_replace("<base_url>", $server_addr, $body);
if ($GMailSender) {
require_once "libs/mailer/authgMail_lib.php";
$fromName = $title . " Admin";
authgMail($from_mail, $fromName, $mail, $mail, $subject, $body, $smtp_cfg);
} else {
require_once "libs/mailer/class.phpmailer.php";
$mailer = new PHPMailer();
$mailer->Mailer = $mailer_type;
if ($mailer_type == "smtp") {
$mailer->Host = $smtp_cfg["host"];
$mailer->Port = $smtp_cfg["port"];
if ($smtp_cfg["user"] != "") {
$mailer->SMTPAuth = true;
$mailer->Username = $smtp_cfg["user"];
$mailer->Password = $smtp_cfg["pass"];
}
}
$mailer->WordWrap = 50;
$mailer->From = $from_mail;
$mailer->FromName = $title . " Admin";
$mailer->Subject = $subject;
$mailer->IsHTML($format_mail_html);
$mailer->Body = $body;
$mailer->AddAddress($mail);
$mailer->Send();
$mailer->ClearAddresses();
}
// create entry in invitations table
$create_query = "INSERT INTO invitations (issuer_acct_id, invited_email, invitation_key) VALUES ('" . $user_id . "', '" . $invited . "', '" . $key . "')";
$create_result = $sql["mgr"]->query($create_query);
} else {
if (empty($_GET["key"])) {
redirect("edit.php?error=1");
}
$key = $sql["mgr"]->quote_smart($_GET["key"]);
// a little XSS prevention
if ($key != htmlspecialchars($_GET["key"])) {
redirect("edit.php?error=1");
}
// get the invitation we need to resend
$invite_query = "SELECT invited_email FROM invitations WHERE invitation_key='" . $key . "'";
$invite_result = $sql["mgr"]->query($invite_query);
$invite_result = $sql["mgr"]->fetch_assoc($invite_result);
$invited = $invite_result["invited_email"];
// get the name of one of our characters
if ($core == 1) {
$char_query = "SELECT name FROM characters WHERE acct='" . $user_id . "' LIMIT 1";
} else {
$char_query = "SELECT name FROM characters WHERE account='" . $user_id . "' LIMIT 1";
}
$char_result = $sql["char"]->query($char_query);
$char = $sql["char"]->fetch_assoc($char_result);
$char = $char["name"];
// prepare our invitation message
if ($format_mail_html) {
$file_name = "lang/mail_templates/" . $lang . "/invite.tpl";
} else {
$file_name = "lang/mail_templates/" . $lang . "/invite_nohtml.tpl";
}
$fh = fopen($file_name, "r");
$subject = fgets($fh, 4096);
$body = fread($fh, filesize($file_name));
fclose($fh);
$mail = $invited;
$subject = str_replace("<title>", $title, $subject);
if ($format_mail_html) {
$body = str_replace("\n", "<br />", $body);
$body = str_replace("\r", " ", $body);
}
$body = str_replace("<username>", $user_name, $body);
$body = str_replace("<key>", $key, $body);
$body = str_replace("<title>", $title, $body);
$body = str_replace("<char>", $char, $body);
$body = str_replace("<core>", core_name($core), $body);
$server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"];
// if we aren't installed in / then append the path to $server_addr
$server_addr .= $url_path != "" ? $url_path : "";
$body = str_replace("<base_url>", $server_addr, $body);
if ($GMailSender) {
require_once "libs/mailer/authgMail_lib.php";
$fromName = $title . " Admin";
authgMail($from_mail, $fromName, $mail, $mail, $subject, $body, $smtp_cfg);
} else {
require_once "libs/mailer/class.phpmailer.php";
$mailer = new PHPMailer();
$mailer->Mailer = $mailer_type;
if ($mailer_type == "smtp") {
$mailer->Host = $smtp_cfg["host"];
$mailer->Port = $smtp_cfg["port"];
if ($smtp_cfg["user"] != "") {
$mailer->SMTPAuth = true;
$mailer->Username = $smtp_cfg["user"];
$mailer->Password = $smtp_cfg["pass"];
}
}
$mailer->WordWrap = 50;
$mailer->From = $from_mail;
$mailer->FromName = $title . " Admin";
$mailer->Subject = $subject;
$mailer->IsHTML($format_mail_html);
$mailer->Body = $body;
$mailer->AddAddress($mail);
$mailer->Send();
$mailer->ClearAddresses();
}
}
redirect("edit.php");
}
function doregister()
{
global $characters_db, $logon_db, $corem_db, $realm_id, $disable_acc_creation, $invite_only, $lang, $limit_acc_per_ip, $valid_ip_mask, $send_mail_on_creation, $create_acc_locked, $from_mail, $mailer_type, $smtp_cfg, $title, $expansion_select, $defaultoption, $GMailSender, $format_mail_html, $enable_captcha, $use_recaptcha, $recaptcha_private_key, $send_confirmation_mail_on_creation, $sql, $url_path, $initial_credits, $core;
// ArcEmu: if one account has an encrypted password all new accounts will as well
if ($core == 1) {
$pass_query = "SELECT * FROM accounts WHERE encrypted_password<>'' LIMIT 1";
$pass_result = $sql["logon"]->query($pass_query);
$arc_encrypted = $sql["logon"]->num_rows($pass_result);
}
if ($enable_captcha) {
if ($use_recaptcha) {
require_once 'libs/recaptcha/recaptchalib.php';
$resp = recaptcha_check_answer($recaptcha_private_key, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
redirect("register.php?err=13");
}
} else {
if ($_POST["security_code"] != $_SESSION["security_code"]) {
redirect("register.php?err=13");
}
}
}
if (empty($_POST["pass"]) || empty($_POST["email"]) || empty($_POST["username"])) {
redirect("register.php?err=1");
}
// if Disable Account Creation is enabled and Invitation Only is disabled then we error out
if ($disable_acc_creation && !$invite_only) {
redirect("register.php?err=4");
}
// if Invitation Only is enabled and we didn't get an Invitation Key then we error out
if ($invite_only && !isset($_POST["invitationkey"])) {
redirect("register.php?err=4");
}
if (filter_var(getenv("HTTP_X_FORWARDED_FOR"), FILTER_VALIDATE_IP)) {
$last_ip = $sql["mgr"]->quote_smart(getenv("HTTP_X_FORWARDED_FOR"));
} else {
$last_ip = $sql["mgr"]->quote_smart(getenv("REMOTE_ADDR"));
}
if (sizeof($valid_ip_mask)) {
$qFlag = 0;
$user_ip_mask = explode('.', $last_ip);
foreach ($valid_ip_mask as $mask) {
$vmask = explode('.', $mask);
$v_count = 4;
$i = 0;
foreach ($vmask as $range) {
$vmask_h = explode('-', $range);
if (isset($vmask_h[1])) {
if ($vmask_h[0] >= $user_ip_mask[$i] && $vmask_h[1] <= $user_ip_mask[$i]) {
$v_count--;
}
} else {
if ($vmask_h[0] == $user_ip_mask[$i]) {
$v_count--;
}
}
$i++;
}
if (!$v_count) {
$qFlag++;
break;
}
}
if (!$qFlag) {
redirect("register.php?err=9&usr="******"logon"]->quote_smart(trim($_POST["username"]));
$screenname = !empty($_POST["screenname"]) ? $sql["mgr"]->quote_smart(trim($_POST["screenname"])) : NULL;
$pass = $sql["logon"]->quote_smart($_POST["pass"]);
$pass1 = $sql["logon"]->quote_smart($_POST["pass1"]);
// get invitation key
$invite_key = isset($_POST["invitationkey"]) ? $sql["logon"]->quote_smart($_POST["invitationkey"]) : NULL;
// check it for XSS
if ($invite_key != htmlspecialchars($_POST["invitationkey"])) {
redirect("register.php?err=4");
}
// make sure username/pass at least 4 chars long and less than max
if (strlen($user_name) < 4 || strlen($user_name) > 15) {
redirect("register.php?err=5");
}
if ($core == 1 && !$arc_encrypted) {
if (strlen($pass) < 4 || strlen($pass) > 15) {
redirect("register.php?err=5");
}
} else {
if (strlen($pass1) < 4 || strlen($pass1) > 15) {
redirect("register.php?err=5");
}
}
// make sure screen name is at least 4 chars long and less than max
if (isset($screenname)) {
if (strlen($screenname) < 4 || strlen($screenname) > 15) {
redirect("register.php?err=5");
}
}
require_once "libs/valid_lib.php";
// make sure it doesnt contain non english chars.
if (!valid_alphabetic($user_name)) {
redirect("register.php?err=6");
}
// make sure screen name doesnt contain non english chars.
if (!valid_alphabetic($screenname)) {
redirect("register.php?err=6");
}
// make sure the mail is valid mail format
$mail = $sql["logon"]->quote_smart(trim($_POST["email"]));
if (!valid_email($mail) || strlen($mail) > 254) {
redirect("register.php?err=7");
}
// if we limit accounts per ip, we'll need to throw an error
if ($limit_acc_per_ip) {
if ($core == 1) {
$result = $sql["logon"]->query("SELECT login, email FROM accounts WHERE lastip='" . $last_ip . "'");
} else {
$result = $sql["logon"]->query("SELECT username AS login, email FROM account WHERE last_ip='" . $last_ip . "'");
}
if ($sql["logon"]->num_rows($result)) {
redirect("register.php?err=15");
}
}
// IP is in ban list
if ($core == 1) {
$result = $sql["logon"]->query("SELECT ip FROM ipbans WHERE ip='" . $last_ip . "'");
} else {
$result = $sql["logon"]->query("SELECT ip FROM ip_banned WHERE ip='" . $last_ip . "'");
}
if ($sql["logon"]->num_rows($result)) {
redirect("register.php?err=8&usr="******"logon"]->query("SELECT login, email FROM accounts WHERE email='" . $mail . "'");
} else {
$result = $sql["logon"]->query("SELECT username AS login, email FROM account WHERE email='" . $mail . "'");
}
if ($sql["logon"]->num_rows($result)) {
redirect("register.php?err=14");
}
// username check
if ($core == 1) {
$result = $sql["logon"]->query("SELECT login, email FROM accounts WHERE login='******' OR login='******'");
} else {
$result = $sql["logon"]->query("SELECT username AS login, email FROM account WHERE username='******' OR username='******'");
}
// make sure we got a valid Invitation Key
if ($invite_only) {
$check_invite_query = "SELECT * FROM invitations WHERE invited_email='" . $mail . "' AND invitation_key='" . $invite_key . "'";
$check_invite_result = $sql["mgr"]->query($check_invite_query);
$check_invite = $sql["mgr"]->num_rows($check_invite_result);
if ($check_invite == 0) {
redirect("register.php?err=17&by=" . $_POST["invitedby"] . "&key=" . $invite_key);
}
}
if ($sql["logon"]->num_rows($result)) {
// there is already someone with same account name
redirect("register.php?err=3&usr="******"SELECT * FROM config_accounts WHERE ScreenName='" . $screenname . "'";
$result = $sql["mgr"]->query($query);
if ($sql["mgr"]->num_rows($result)) {
redirect("register.php?err=3&usr="******"expansion"]) ? $sql["logon"]->quote_smart($_POST["expansion"]) : 0;
} else {
$expansion = $defaultoption;
}
// insert screen name (if we didn't get a screen name, we still need to exit registration correctly.
if ($screenname) {
$query = "INSERT INTO config_accounts (Login, ScreenName, Credits) VALUES ('" . $user_name . "', '" . $screenname . "', '" . $initial_credits . "')";
} else {
$query = "INSERT INTO config_accounts (Login, ScreenName, Credits) VALUES ('" . $user_name . "', '', '" . $initial_credits . "')";
}
$s_result = $sql["mgr"]->query($query);
if ($send_confirmation_mail_on_creation) {
// for email confirmation we save their real password to their config_accounts entry
// and a temporary (and incorrect) password into the logon database
$temppass = $pass;
$pass_gen_list = "abcdefghijklmnopqrstuvwxyz";
// generate a random, temporary pass
$pass = $pass_gen_list[rand(0, 25)];
$pass .= $pass_gen_list[rand(0, 25)];
$pass .= $pass_gen_list[rand(0, 25)];
$pass .= rand(1, 9);
$pass .= rand(1, 9);
$pass .= rand(1, 9);
$pass .= $pass_gen_list[rand(0, 25)];
// save their real password
$query = "UPDATE config_accounts SET TempPassword='******' WHERE Login='******'";
$q_result = $sql["mgr"]->query($query);
// now; we create their, temporarily crippled, account
if ($core == 1) {
$query = "INSERT INTO accounts (login, password, gm, banned, email, flags) VALUES ('" . $user_name . "', '" . $pass . "', '0', '0', '" . $mail . "', '" . $expansion . "')";
} else {
$query = "INSERT INTO account (username, sha_pass_hash, email, expansion) VALUES ('" . $user_name . "', '" . sha1(strtoupper($user_name . ":" . $pass)) . "', '" . $mail . "', '" . $expansion . "')";
}
$a_result = $sql["logon"]->query($query);
} else {
// otherwise, we just save
if ($core == 1) {
if ($arc_encrypted) {
$query = "INSERT INTO accounts (login, password, encrypted_password, gm, banned, email, flags) VALUES ('" . $user_name . "', '', '" . $pass . "', '0', '0', '" . $mail . "', '" . $expansion . "')";
} else {
$query = "INSERT INTO accounts (login, password, gm, banned, email, flags) VALUES ('" . $user_name . "', '" . $pass . "', '0', '0', '" . $mail . "', '" . $expansion . "')";
}
} else {
$query = "INSERT INTO account (username, sha_pass_hash, email, expansion) VALUES ('" . $user_name . "', '" . $pass . "', '" . $mail . "', '" . $expansion . "')";
}
$a_result = $sql["logon"]->query($query);
}
// if we got an Invitation Key then we need to remove the invitation
if (isset($invite_key)) {
$clear_invite_query = "DELETE FROM invitations WHERE invitation_key='" . $invite_key . "'";
$clear_invite_result = $sql["mgr"]->query($clear_invite_query);
}
// do referral
if ($core == 1) {
$our_acct_query = "SELECT acct AS id FROM accounts WHERE login='******'";
} else {
$our_acct_query = "SELECT id FROM account WHERE username='******'";
}
$our_acct_result = $sql["logon"]->query($our_acct_query);
$our_acct_result = $sql["logon"]->fetch_assoc($our_acct_result);
$our_acct = $our_acct_result["id"];
$referredby = isset($_POST["invitedby"]) ? $sql["logon"]->quote_smart($_POST["invitedby"]) : NULL;
$referralresult = doupdate_referral($referredby, $our_acct);
// Trinity uses a separate table for gm levels and realm access
if ($core == 3) {
$id_query = "SELECT * FROM account WHERE username='******'";
$id_result = $sql["logon"]->query($id_query);
$id_fields = $sql["logon"]->fetch_assoc($id_result);
$new_id = $id_fields["id"];
$query = "INSERT INTO account_access (id, gmlevel, RealmID) VALUES ('" . $new_id . "', '0', '-1')";
$aa_result = $sql["logon"]->query($query);
}
// compile results
if ($core != 3) {
$result = $s_result && $a_result;
} else {
$result = $s_result && $a_result && $aa_result;
}
// destroy the terms cookie
setcookie("terms", "", time() - 3600);
// set $lang global
if (empty($_POST["lang"])) {
redirect("register.php?error=1");
} else {
$lang = addslashes($_POST["lang"]);
}
// create lang cookie
if ($lang) {
setcookie("lang", $lang, time() + 60 * 60 * 24 * 30 * 6);
} else {
redirect("register.php?error=1");
}
// registration emails
if ($send_confirmation_mail_on_creation) {
// we send our confirmation message
// prepare message
if ($format_mail_html) {
$file_name = "lang/mail_templates/" . $lang . "/mail_activate.tpl";
} else {
$file_name = "lang/mail_templates/" . $lang . "/mail_activate_nohtml.tpl";
}
$fh = fopen($file_name, 'r');
$subject = fgets($fh, 4096);
$body = fread($fh, filesize($file_name));
fclose($fh);
$subject = str_replace("<title>", $title, $subject);
if ($format_mail_html) {
$body = str_replace("\n", "<br />", $body);
$body = str_replace("\r", " ", $body);
}
$body = str_replace("<core>", core_name($core), $body);
$body = str_replace("<username>", $user_name, $body);
if ($screenname) {
$body = str_replace("<screenname>", $screenname, $body);
} else {
$body = str_replace("<screenname>", "NONE GIVEN", $body);
}
$body = str_replace("<password>", $pass1, $body);
$server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"];
// if we aren't installed in / then append the path to $server_addr
$server_addr .= $url_path != "" ? $url_path : "";
$body = str_replace("<base_url>", $server_addr, $body);
if ($core == 1) {
if ($arc_encrypted) {
$body = str_replace("<key>", $temppass, $body);
} else {
$body = str_replace("<key>", sha1(strtoupper($user_name . ":" . $temppass)), $body);
}
} else {
$body = str_replace("<key>", $temppass, $body);
}
if ($GMailSender) {
require_once "libs/mailer/authgMail_lib.php";
$fromName = $title . " Admin";
authgMail($from_mail, $fromName, $mail, $mail, $subject, $body, $smtp_cfg);
} else {
require_once "libs/mailer/class.phpmailer.php";
$mailer = new PHPMailer();
$mailer->Mailer = $mailer_type;
if ($mailer_type == "smtp") {
$mailer->Host = $smtp_cfg["host"];
$mailer->Port = $smtp_cfg["port"];
if ($smtp_cfg["user"] != "") {
$mailer->SMTPAuth = true;
$mailer->Username = $smtp_cfg["user"];
$mailer->Password = $smtp_cfg["pass"];
}
}
$mailer->WordWrap = 50;
$mailer->From = $from_mail;
$mailer->FromName = $title . " Admin";
$mailer->Subject = $subject;
$mailer->IsHTML($format_mail_html);
$mailer->Body = $body;
$mailer->AddAddress($mail);
$mailer->Send();
$mailer->ClearAddresses();
}
} else {
// we only send the welcome message if we don't send the confirmation
if ($send_mail_on_creation) {
// prepare message
if ($format_mail_html) {
$file_name = "lang/mail_templates/" . $lang . "/mail_welcome.tpl";
} else {
$file_name = "lang/mail_templates/" . $lang . "/mail_welcome_nohtml.tpl";
}
$fh = fopen($file_name, 'r');
$subject = fgets($fh, 4096);
$subject = str_replace("Subject: ", "", $subject);
$subject = trim($subject);
$body = fread($fh, filesize($file_name));
fclose($fh);
$subject = str_replace("<title>", $title, $subject);
if ($format_mail_html) {
$body = str_replace("\n", "<br />", $body);
$body = str_replace("\r", "", $body);
}
$body = str_replace("<core>", core_name($core), $body);
$body = str_replace("<username>", $user_name, $body);
if ($screenname) {
$body = str_replace("<screenname>", $screenname, $body);
} else {
$body = str_replace("<screenname>", "NONE GIVEN", $body);
}
$body = str_replace("<password>", $pass1, $body);
$server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"];
// if we aren't installed in / then append the path to $server_addr
$server_addr .= $url_path != "" ? $url_path : "";
$body = str_replace("<base_url>", $server_addr, $body);
if ($GMailSender) {
require_once "libs/mailer/authgMail_lib.php";
$fromName = $title . " Admin";
authgMail($from_mail, $fromName, $mail, $mail, $subject, $body, $smtp_cfg);
} else {
require_once "libs/mailer/class.phpmailer.php";
$mailer = new PHPMailer();
$mailer->Mailer = $mailer_type;
if ($mailer_type == "smtp") {
$mailer->Host = $smtp_cfg["host"];
$mailer->Port = $smtp_cfg["port"];
if ($smtp_cfg["user"] != "") {
$mailer->SMTPAuth = true;
$mailer->Username = $smtp_cfg["user"];
$mailer->Password = $smtp_cfg["pass"];
}
}
$mailer->WordWrap = 50;
$mailer->From = $from_mail;
$mailer->FromName = $title . " Admin";
$mailer->Subject = $subject;
$mailer->IsHTML($format_mail_html);
$mailer->Body = $body;
$mailer->AddAddress($mail);
$mailer->Send();
$mailer->ClearAddresses();
}
}
}
if ($result) {
if ($referralresult) {
$appendinfo = "";
} else {
$appendinfo = "&info=1";
}
if ($send_confirmation_mail_on_creation) {
redirect("login.php?error=8" . $appendinfo);
} else {
redirect("login.php?error=6" . $appendinfo);
}
}
}
}