if (empty($email)) { stderr("Error", "No email adress, you forgot about that?"); } if (!validemail($email)) { stderr("Error", "That dosen't look like an email adress"); } check_banned_emails($email); //==Check if username or password already exists $var_check = sql_query("SELECT id, editsecret FROM users where username="******" OR email=" . sqlesc($email)) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($var_check) == 1) { stderr("Error", "Username or password already exists"); } $secret = mksecret(); $passhash = make_passhash($secret, md5($password)); //$editsecret = make_passhash_login_key(); $editsecret = EMAIL_CONFIRM ? make_passhash_login_key() : ""; $res = sql_query("INSERT INTO users(username, passhash, secret, editsecret, email, added, uploaded, invites, seedbonus) VALUES (" . implode(",", array_map("sqlesc", array($username, $passhash, $secret, $editsecret, $email, TIME_NOW, $ar_check["bonus_upload"] * 1073741824, $ar_check["bonus_invites"], $ar_check["bonus_karma"]))) . ") ") or sqlerr(__FILE__, __LINE__); if ($res) { //==Updating promo table $userid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; $users = empty($ar_check["users"]) ? $userid : $ar_check["users"] . "," . $userid; sql_query("update promo set accounts_made=accounts_made+1 , users=" . sqlesc($users) . " WHERE id=" . sqlesc($ar_check["id"])) or sqlerr(__FILE__, __LINE__); //==Email part :) $sec = $editsecret; $subject = $INSTALLER09['site_name'] . " user registration confirmation"; $message = "Hi!\n\t\t\t\t\t\tYou used the link from promo " . htmlsafechars($ar_check["name"]) . " and registred a new account at {$INSTALLER09['site_name']}\n\t\t\t\t\t\t\t\n\t\t\t\t\t\tTo confirm your account click the link below\n\t\t\t\t\t\t{$INSTALLER09['baseurl']}/confirm.php?id=" . (int) $userid . "&secret={$sec}\n\n\t\t\t\t\t\tWelcome and enjoy your stay \n\t\t\t\t\t\tStaff at {$INSTALLER09['site_name']}"; $headers = 'From: ' . $INSTALLER09['site_email'] . "\r\n" . 'Reply-To:' . $INSTALLER09['site_email'] . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $mail = @mail($email, $subject, $message, $headers); stderr("Success!", "Account was created! and an email was sent to <b>" . htmlsafechars($email) . "</b>, you can use your account once you confirm the email!"); } else { stderr("Error", "Something odd happned please retry");
if ($c[0] != 0) { stderr("Error", "The ip " . htmlsafechars($ip) . " is already in use. We only allow one account per ip address."); } } // TIMEZONE STUFF if (isset($_POST["user_timezone"]) && preg_match('#^\\-?\\d{1,2}(?:\\.\\d{1,2})?$#', $_POST['user_timezone'])) { $time_offset = sqlesc($_POST['user_timezone']); } else { $time_offset = isset($INSTALLER09['time_offset']) ? sqlesc($INSTALLER09['time_offset']) : '0'; } // have a stab at getting dst parameter? $dst_in_use = localtime(TIME_NOW + $time_offset * 3600, true); // TIMEZONE STUFF END $secret = mksecret(); $wantpasshash = make_passhash($secret, md5($wantpassword)); $editsecret = !$arr[0] ? "" : EMAIL_CONFIRM ? make_passhash_login_key() : ""; $wanthintanswer = md5($hintanswer); $user_frees = XBT_TRACKER == true ? '0' : TIME_NOW + 14 * 86400; check_banned_emails($email); $ret = sql_query("INSERT INTO users (username, passhash, secret, editsecret, birthday, country, gender, stylesheet, passhint, hintanswer, email, status, ip, " . (!$arr[0] ? "class, " : "") . "added, last_access, time_offset, dst_in_use, free_switch) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $birthday, $country, $gender, $INSTALLER09['stylesheet'], $passhint, $wanthintanswer, $email, !$arr[0] || !EMAIL_CONFIRM ? 'confirmed' : 'pending', $ip))) . ", " . (!$arr[0] ? UC_SYSOP . ", " : "") . "" . TIME_NOW . "," . TIME_NOW . " , {$time_offset}, {$dst_in_use['tm_isdst']}, {$user_frees})"); $mc1->delete_value('birthdayusers'); $message = "Welcome New {$INSTALLER09['site_name']} Member : - " . htmlsafechars($wantusername) . ""; if (!$arr[0]) { write_staffs(); } if (!$ret) { if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) { stderr($lang['takesignup_user_error'], $lang['takesignup_user_exists']); } } $id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
} $email = isset($_POST["mail"]) ? $_POST["mail"] : ""; if (empty($email)) { stderr("Error", "No email adress, you forgot about that?"); } if (!validemail($email)) { stderr("Error", "That dosen't look like an email adress"); } //==Check if username or password already exists $var_check = sql_query("SELECT id, editsecret FROM users where username="******" OR email=" . sqlesc($email)) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($var_check) == 1) { stderr("Error", "Username or password already exists"); } $secret = mksecret(); $passhash = make_passhash($secret, md5($password)); $editsecret = make_passhash_login_key(); $passhint = isset($_POST["passhint"]) ? $_POST["passhint"] : ""; if (empty($passhint)) { stderr("Error", "No password hint question, you forgot about that?"); } $hintanswer = isset($_POST["hintanswer"]) ? $_POST["hintanswer"] : ""; if (empty($hintanswer)) { stderr("Error", "No password hint answer, you forgot about that?"); } $wanthintanswer = md5($hintanswer); $res = sql_query("INSERT INTO users(username, passhash, secret, editsecret, email, added, uploaded, invites, seedbonus, passhint, hintanswer) VALUES (" . implode(",", array_map("sqlesc", array($username, $passhash, $secret, $editsecret, $email, TIME_NOW, $ar_check["bonus_upload"] * 1073741824, $ar_check["bonus_invites"], $ar_check["bonus_karma"], $passhint, $wanthintanswer))) . ") ") or sqlerr(__FILE__, __LINE__); if ($res) { //==Updating promo table $userid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; $users = empty($ar_check["users"]) ? $userid : $ar_check["users"] . "," . $userid; sql_query("update promo set accounts_made=accounts_made+1 , users=" . sqlesc($users) . " WHERE id=" . sqlesc($ar_check["id"])) or sqlerr(__FILE__, __LINE__);
} // have a stab at getting dst parameter? $dst_in_use = localtime(TIME_NOW + $time_offset * 3600, true); // TIMEZONE STUFF END $select_inv = sql_query('SELECT sender, receiver, status FROM invite_codes WHERE code = ' . sqlesc($invite)) or sqlerr(__FILE__, __LINE__); $rows = mysqli_num_rows($select_inv); $assoc = mysqli_fetch_assoc($select_inv); if ($rows == 0) { stderr("Error", "Invite not found.\nPlease request a invite from one of our members."); } if ($assoc["receiver"] != 0) { stderr("Error", "Invite already taken.\nPlease request a new one from your inviter."); } $secret = mksecret(); $wantpasshash = make_passhash($secret, md5($wantpassword)); $editsecret = !$arr[0] ? "" : make_passhash_login_key(); $wanthintanswer = md5($hintanswer); check_banned_emails($email); $user_frees = TIME_NOW + 14 * 86400; $new_user = sql_query("INSERT INTO users (username, passhash, secret, passhint, hintanswer, editsecret, birthday, invitedby, email, " . (!$arr[0] ? "class, " : "") . "added, last_access, last_login, time_offset, dst_in_use, free_switch) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $birthday, $passhint, $wanthintanswer, (int) $assoc['sender'], $email))) . ", " . (!$arr[0] ? UC_SYSOP . ", " : "") . "'" . TIME_NOW . "','" . TIME_NOW . "','" . TIME_NOW . "', {$time_offset}, {$dst_in_use['tm_isdst']}, {$user_frees})"); sql_query("UPDATE usersachiev SET invited=invited+1 WHERE id =" . sqlesc($assoc['sender'])) or sqlerr(__FILE__, __LINE__); $message = "Welcome New {$INSTALLER09['site_name']} Member : - " . htmlsafechars($wantusername) . ""; if (!$new_user) { if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) { stderr("Error", "Username already exists!"); } } //===send PM to inviter $sender = (int) $assoc["sender"]; $added = TIME_NOW; $msg = sqlesc("Hey there [you] ! :wave:\nIt seems that someone you invited to {$INSTALLER09['site_name']} has arrived ! :clap2: \n\n Please go to your [url={$INSTALLER09['baseurl']}/invite.php]Invite page[/url] to confirm them so they can log in.\n\ncheers\n");