if (empty($email)) {
stderr("Error", "No email adress, you forgot about that?");
}
if (!validemail($email)) {
stderr("Error", "That dosen't look like an email adress");
}
check_banned_emails($email);
//==Check if username or password already exists
$var_check = sql_query("SELECT id, editsecret FROM users where username="******" OR email=" . sqlesc($email)) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($var_check) == 1) {
stderr("Error", "Username or password already exists");
}
$secret = mksecret();
$passhash = make_passhash($secret, md5($password));
//$editsecret = make_passhash_login_key();
$editsecret = EMAIL_CONFIRM ? make_passhash_login_key() : "";
$res = sql_query("INSERT INTO users(username, passhash, secret, editsecret, email, added, uploaded, invites, seedbonus) VALUES (" . implode(",", array_map("sqlesc", array($username, $passhash, $secret, $editsecret, $email, TIME_NOW, $ar_check["bonus_upload"] * 1073741824, $ar_check["bonus_invites"], $ar_check["bonus_karma"]))) . ") ") or sqlerr(__FILE__, __LINE__);
if ($res) {
//==Updating promo table
$userid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
$users = empty($ar_check["users"]) ? $userid : $ar_check["users"] . "," . $userid;
sql_query("update promo set accounts_made=accounts_made+1 , users=" . sqlesc($users) . " WHERE id=" . sqlesc($ar_check["id"])) or sqlerr(__FILE__, __LINE__);
//==Email part :)
$sec = $editsecret;
$subject = $INSTALLER09['site_name'] . " user registration confirmation";
$message = "Hi!\n\t\t\t\t\t\tYou used the link from promo " . htmlsafechars($ar_check["name"]) . " and registred a new account at {$INSTALLER09['site_name']}\n\t\t\t\t\t\t\t\n\t\t\t\t\t\tTo confirm your account click the link below\n\t\t\t\t\t\t{$INSTALLER09['baseurl']}/confirm.php?id=" . (int) $userid . "&secret={$sec}\n\n\t\t\t\t\t\tWelcome and enjoy your stay \n\t\t\t\t\t\tStaff at {$INSTALLER09['site_name']}";
$headers = 'From: ' . $INSTALLER09['site_email'] . "\r\n" . 'Reply-To:' . $INSTALLER09['site_email'] . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$mail = @mail($email, $subject, $message, $headers);
stderr("Success!", "Account was created! and an email was sent to <b>" . htmlsafechars($email) . "</b>, you can use your account once you confirm the email!");
} else {
stderr("Error", "Something odd happned please retry");
if ($c[0] != 0) {
stderr("Error", "The ip " . htmlsafechars($ip) . " is already in use. We only allow one account per ip address.");
}
}
// TIMEZONE STUFF
if (isset($_POST["user_timezone"]) && preg_match('#^\\-?\\d{1,2}(?:\\.\\d{1,2})?$#', $_POST['user_timezone'])) {
$time_offset = sqlesc($_POST['user_timezone']);
} else {
$time_offset = isset($INSTALLER09['time_offset']) ? sqlesc($INSTALLER09['time_offset']) : '0';
}
// have a stab at getting dst parameter?
$dst_in_use = localtime(TIME_NOW + $time_offset * 3600, true);
// TIMEZONE STUFF END
$secret = mksecret();
$wantpasshash = make_passhash($secret, md5($wantpassword));
$editsecret = !$arr[0] ? "" : EMAIL_CONFIRM ? make_passhash_login_key() : "";
$wanthintanswer = md5($hintanswer);
$user_frees = XBT_TRACKER == true ? '0' : TIME_NOW + 14 * 86400;
check_banned_emails($email);
$ret = sql_query("INSERT INTO users (username, passhash, secret, editsecret, birthday, country, gender, stylesheet, passhint, hintanswer, email, status, ip, " . (!$arr[0] ? "class, " : "") . "added, last_access, time_offset, dst_in_use, free_switch) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $birthday, $country, $gender, $INSTALLER09['stylesheet'], $passhint, $wanthintanswer, $email, !$arr[0] || !EMAIL_CONFIRM ? 'confirmed' : 'pending', $ip))) . ", " . (!$arr[0] ? UC_SYSOP . ", " : "") . "" . TIME_NOW . "," . TIME_NOW . " , {$time_offset}, {$dst_in_use['tm_isdst']}, {$user_frees})");
$mc1->delete_value('birthdayusers');
$message = "Welcome New {$INSTALLER09['site_name']} Member : - " . htmlsafechars($wantusername) . "";
if (!$arr[0]) {
write_staffs();
}
if (!$ret) {
if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) {
stderr($lang['takesignup_user_error'], $lang['takesignup_user_exists']);
}
}
$id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
}
$email = isset($_POST["mail"]) ? $_POST["mail"] : "";
if (empty($email)) {
stderr("Error", "No email adress, you forgot about that?");
}
if (!validemail($email)) {
stderr("Error", "That dosen't look like an email adress");
}
//==Check if username or password already exists
$var_check = sql_query("SELECT id, editsecret FROM users where username="******" OR email=" . sqlesc($email)) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($var_check) == 1) {
stderr("Error", "Username or password already exists");
}
$secret = mksecret();
$passhash = make_passhash($secret, md5($password));
$editsecret = make_passhash_login_key();
$passhint = isset($_POST["passhint"]) ? $_POST["passhint"] : "";
if (empty($passhint)) {
stderr("Error", "No password hint question, you forgot about that?");
}
$hintanswer = isset($_POST["hintanswer"]) ? $_POST["hintanswer"] : "";
if (empty($hintanswer)) {
stderr("Error", "No password hint answer, you forgot about that?");
}
$wanthintanswer = md5($hintanswer);
$res = sql_query("INSERT INTO users(username, passhash, secret, editsecret, email, added, uploaded, invites, seedbonus, passhint, hintanswer) VALUES (" . implode(",", array_map("sqlesc", array($username, $passhash, $secret, $editsecret, $email, TIME_NOW, $ar_check["bonus_upload"] * 1073741824, $ar_check["bonus_invites"], $ar_check["bonus_karma"], $passhint, $wanthintanswer))) . ") ") or sqlerr(__FILE__, __LINE__);
if ($res) {
//==Updating promo table
$userid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
$users = empty($ar_check["users"]) ? $userid : $ar_check["users"] . "," . $userid;
sql_query("update promo set accounts_made=accounts_made+1 , users=" . sqlesc($users) . " WHERE id=" . sqlesc($ar_check["id"])) or sqlerr(__FILE__, __LINE__);
}
// have a stab at getting dst parameter?
$dst_in_use = localtime(TIME_NOW + $time_offset * 3600, true);
// TIMEZONE STUFF END
$select_inv = sql_query('SELECT sender, receiver, status FROM invite_codes WHERE code = ' . sqlesc($invite)) or sqlerr(__FILE__, __LINE__);
$rows = mysqli_num_rows($select_inv);
$assoc = mysqli_fetch_assoc($select_inv);
if ($rows == 0) {
stderr("Error", "Invite not found.\nPlease request a invite from one of our members.");
}
if ($assoc["receiver"] != 0) {
stderr("Error", "Invite already taken.\nPlease request a new one from your inviter.");
}
$secret = mksecret();
$wantpasshash = make_passhash($secret, md5($wantpassword));
$editsecret = !$arr[0] ? "" : make_passhash_login_key();
$wanthintanswer = md5($hintanswer);
check_banned_emails($email);
$user_frees = TIME_NOW + 14 * 86400;
$new_user = sql_query("INSERT INTO users (username, passhash, secret, passhint, hintanswer, editsecret, birthday, invitedby, email, " . (!$arr[0] ? "class, " : "") . "added, last_access, last_login, time_offset, dst_in_use, free_switch) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $birthday, $passhint, $wanthintanswer, (int) $assoc['sender'], $email))) . ", " . (!$arr[0] ? UC_SYSOP . ", " : "") . "'" . TIME_NOW . "','" . TIME_NOW . "','" . TIME_NOW . "', {$time_offset}, {$dst_in_use['tm_isdst']}, {$user_frees})");
sql_query("UPDATE usersachiev SET invited=invited+1 WHERE id =" . sqlesc($assoc['sender'])) or sqlerr(__FILE__, __LINE__);
$message = "Welcome New {$INSTALLER09['site_name']} Member : - " . htmlsafechars($wantusername) . "";
if (!$new_user) {
if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) {
stderr("Error", "Username already exists!");
}
}
//===send PM to inviter
$sender = (int) $assoc["sender"];
$added = TIME_NOW;
$msg = sqlesc("Hey there [you] ! :wave:\nIt seems that someone you invited to {$INSTALLER09['site_name']} has arrived ! :clap2: \n\n Please go to your [url={$INSTALLER09['baseurl']}/invite.php]Invite page[/url] to confirm them so they can log in.\n\ncheers\n");
