create() public méthode

public create ( $userId, $ip, $hostname, $email, $emailLogHits, $ipHits, $warninLevel )
Exemple #1
0
 public function create($postdata)
 {
     $sth = $this->db->prepare("SELECT * FROM invites WHERE secret = ?");
     $sth->bindParam(1, $postdata["inviteKey"], PDO::PARAM_STR);
     $sth->execute();
     $invite = $sth->fetch(PDO::FETCH_ASSOC);
     if (!$invite) {
         throw new Exception('Inbjudningskoden har utgått.', 412);
     }
     if (strlen($postdata["username"]) < 2) {
         throw new Exception('Användarnamnet är för kort', 411);
     }
     if (strlen($postdata["username"]) > 14) {
         throw new Exception('Användarnamnet är för långt', 411);
     }
     if (!preg_match('/^[a-z0-9][a-z0-9-_]+$/i', $postdata["username"])) {
         throw new Exception('Användarnamnet ska bestå av följande tecken: A-Z 0-9', 412);
     }
     if (!$this->usernameIsAvailable($postdata["username"])) {
         throw new Exception('Användarnamnet \'' . $postdata["username"] . '\' är upptaget', 409);
     }
     if (!preg_match('/^[\\w.-]+@([\\w.-]+\\.)+[a-z]{2,6}$/is', $postdata["email"])) {
         throw new Exception('Ogiltig e-postadress', 412);
     }
     if (!$this->emailIsAvailable($postdata["email"])) {
         throw new Exception('E-postadressen används redan på sidan', 409);
     }
     if (strlen($postdata["password"]) < 6) {
         throw new Exception('Lösenordet är för kort', 411);
     }
     if ($postdata["password"] != $postdata["passwordAgain"]) {
         throw new Exception('Lösenorden stämmer ej överrens', 412);
     }
     switch ($postdata["format"]) {
         case 0:
             $indexlist = '2, 6';
             // DVDR
             break;
         case 3:
             $indexlist = '11, 163';
             // 1080p
             break;
         default:
             $indexlist = '1, 141';
             // 720p
     }
     $age = (int) $postdata["age"];
     $gender = (int) $postdata["gender"];
     $sth = $this->db->query("SELECT id FROM news WHERE announce = 1 ORDER BY id DESC LIMIT 1");
     $res = $sth->fetch(PDO::FETCH_ASSOC);
     if (!$res) {
         $lastReadNews = 0;
     } else {
         $lastReadNews = $res["id"];
     }
     $added = date("Y-m-d H:i:s");
     $passhash = $this->hashPassword($postdata["password"], $added);
     $uploaded = 1073741824 * $this->gigabyteUploadedOnSignup;
     $leechEnd = date('Y-m-d H:i:s', time() + 86400);
     // 24h frree leech
     $sth = $this->db->prepare("INSERT INTO users (username, passhash, email, passkey, invited_by, indexlist, added, gender, alder, leechstart, uploaded, lastreadnews, last_access) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())");
     $sth->bindParam(1, $postdata["username"], PDO::PARAM_STR);
     $sth->bindParam(2, $passhash, PDO::PARAM_STR);
     $sth->bindParam(3, strtolower($postdata["email"]), PDO::PARAM_STR);
     $sth->bindParam(4, md5(uniqid()), PDO::PARAM_STR);
     $sth->bindParam(5, $invite["userid"], PDO::PARAM_INT);
     $sth->bindParam(6, $indexlist, PDO::PARAM_INT);
     $sth->bindParam(7, $added, PDO::PARAM_STR);
     $sth->bindParam(8, $gender, PDO::PARAM_INT);
     $sth->bindParam(9, $age, PDO::PARAM_INT);
     $sth->bindParam(10, $leechEnd, PDO::PARAM_STR);
     $sth->bindParam(11, $uploaded, PDO::PARAM_INT);
     $sth->bindParam(12, $lastReadNews, PDO::PARAM_INT);
     $sth->execute();
     $userId = $this->db->lastInsertId();
     $mailbox = new Mailbox($this->db);
     $mailbox->sendSystemMessage($invite["userid"], "Inbjudan accepterad!", "Din inbjudan är accepterad och hen valde att registrera sig under namnet [url=/user/" . $userId . "/" . $postdata["username"] . "][b]" . $postdata["username"] . "[/b][/url].");
     // Security checks
     $ip = $_SERVER["REMOTE_ADDR"];
     $hostname = gethostbyaddr($ip);
     $sth = $this->db->query("SELECT COUNT(*) FROM iplog WHERE ip = '" . $ip . "'");
     $res = $sth->fetch();
     $iplogHits = $res[0];
     $sth = $this->db->query("SELECT COUNT(*) FROM inlogg WHERE ip = '" . $ip . "'");
     $res = $sth->fetch();
     $loginAttemptsHits = $res[0];
     $sth = $this->db->query("SELECT COUNT(*) FROM emaillog WHERE email = '" . $postdata["email"] . "' AND userid != " . $userId);
     $res = $sth->fetch();
     $emailLogHits = $res[0];
     $sth = $this->db->query("SELECT COUNT(*) FROM `inlogg` JOIN users ON inlogg.uid = users.id WHERE inlogg.ip = '" . $ip . "' AND enabled = 'no'");
     $res = $sth->fetch();
     $loginAttemptsWarningHits = $res[0];
     $sth = $this->db->query("SELECT COUNT(*) FROM `iplog` JOIN users ON iplog.userid = users.id WHERE iplog.ip = '" . $ip . "' AND enabled = 'no'");
     $res = $sth->fetch();
     $iplogWarningHits = $res[0];
     $ipHits = $iplogHits + $loginAttemptsHits;
     $warninLevel = $loginAttemptsWarningHits + $iplogWarningHits;
     $signups = new Signups($this->db, $this);
     $signups->create($userId, $ip, $hostname, $postdata["email"], $emailLogHits, $ipHits, $warninLevel);
     /* Zero means persistent invite url */
     if ($invite["userid"] != 0) {
         $this->db->query("DELETE FROM invites WHERE id = " . $invite["id"]);
     }
 }
Exemple #2
0
 public function create($postdata)
 {
     $sth = $this->db->prepare("SELECT * FROM invites WHERE secret = ?");
     $sth->bindParam(1, $postdata["inviteKey"], PDO::PARAM_STR);
     $sth->execute();
     $invite = $sth->fetch(PDO::FETCH_ASSOC);
     $hashedEmail = $this->hashEmail($postdata["email"]);
     if (!$invite) {
         throw new Exception(L::get("INVITE_EXPIRED"), 412);
     }
     if (strlen($postdata["username"]) < 2) {
         throw new Exception(L::get("USER_NAME_TOO_SHORT"), 411);
     }
     if (strlen($postdata["username"]) > 14) {
         throw new Exception(L::get("USER_NAME_TOO_LONG"), 411);
     }
     if (!preg_match('/^[a-z0-9][a-z0-9-_]+$/i', $postdata["username"])) {
         throw new Exception(L::get("USER_NAME_CHARACTER_LIMITATION", ["A-Z 0-9"]), 412);
     }
     if (!$this->usernameIsAvailable($postdata["username"])) {
         throw new Exception(L::get("USER_NAME_OCCUPIED", [$postdata["username"]]), 409);
     }
     if (!preg_match('/^[\\w.-]+@([\\w.-]+\\.)+[a-z]{2,6}$/is', $postdata["email"])) {
         throw new Exception(L::get("INVALID_EMAIL"), 412);
     }
     if (!$this->emailIsAvailable($hashedEmail)) {
         throw new Exception(L::get("EMAIL_OCCUPIED"), 409);
     }
     if (strlen($postdata["password"]) < 6) {
         throw new Exception(L::get("PASSWORD_TOO_SHORT"), 411);
     }
     if ($postdata["password"] != $postdata["passwordAgain"]) {
         throw new Exception(L::get("PASSWORD_NOT_MATCHING"), 412);
     }
     if (!in_array($postdata["language"], Config::$languages)) {
         $postdata["language"] = Config::DEFAULT_LANGUAGE;
     }
     switch ($postdata["format"]) {
         case 0:
             $indexlist = '2, 6';
             // DVDR
             break;
         case 3:
             $indexlist = '11, 163';
             // 1080p
             break;
         default:
             $indexlist = '1, 141';
             // 720p
     }
     $age = (int) $postdata["age"];
     $gender = (int) $postdata["gender"];
     $sth = $this->db->query("SELECT id FROM news WHERE announce = 1 ORDER BY id DESC LIMIT 1");
     $res = $sth->fetch(PDO::FETCH_ASSOC);
     if (!$res) {
         $lastReadNews = 0;
     } else {
         $lastReadNews = $res["id"];
     }
     $added = date("Y-m-d H:i:s");
     $passhash = $this->hashPassword($postdata["password"]);
     $uploaded = 1073741824 * User::GIGABYTE_ON_SIGNUP;
     $leechEnd = date('Y-m-d H:i:s', time() + 86400);
     // 24h frree leech
     $sth = $this->db->prepare("INSERT INTO users (username, passhash, email, passkey, invited_by, indexlist, added, gender, alder, leechstart, uploaded, lastreadnews, last_access, anonym, language) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), 'yes', ?)");
     $sth->bindParam(1, $postdata["username"], PDO::PARAM_STR);
     $sth->bindParam(2, $passhash, PDO::PARAM_STR);
     $sth->bindParam(3, $hashedEmail, PDO::PARAM_STR);
     $sth->bindValue(4, md5(uniqid()), PDO::PARAM_STR);
     $sth->bindParam(5, $invite["userid"], PDO::PARAM_INT);
     $sth->bindParam(6, $indexlist, PDO::PARAM_INT);
     $sth->bindParam(7, $added, PDO::PARAM_STR);
     $sth->bindParam(8, $gender, PDO::PARAM_INT);
     $sth->bindParam(9, $age, PDO::PARAM_INT);
     $sth->bindParam(10, $leechEnd, PDO::PARAM_STR);
     $sth->bindParam(11, $uploaded, PDO::PARAM_INT);
     $sth->bindParam(12, $lastReadNews, PDO::PARAM_INT);
     $sth->bindParam(13, $postdata["language"], PDO::PARAM_STR);
     $sth->execute();
     $userId = $this->db->lastInsertId();
     $mailbox = new Mailbox($this->db);
     if ($invite["userid"] > 0) {
         $inviter = $this->get($invite["userid"]);
         $mailbox->sendSystemMessage($invite["userid"], L::get("INVITE_ACCEPTED", null, $inviter["language"]), L::get("INVITE_ACCEPTED_BODY", [$userId, $postdata["username"], $postdata["username"]], $inviter["language"]));
     }
     // Security checks
     $ip = $_SERVER["REMOTE_ADDR"];
     $hostname = gethostbyaddr($ip);
     $sth = $this->db->query("SELECT COUNT(*) FROM iplog WHERE ip = '" . $ip . "' AND userid != " . $userId);
     $res = $sth->fetch();
     $iplogHits = $res[0];
     $sth = $this->db->query("SELECT COUNT(*) FROM inlogg WHERE ip = '" . $ip . "' AND uid != " . $userId);
     $res = $sth->fetch();
     $loginAttemptsHits = $res[0];
     $sth = $this->db->query("SELECT COUNT(*) FROM emaillog WHERE email = '" . $hashedEmail . "' AND userid != " . $userId);
     $res = $sth->fetch();
     $emailLogHits = $res[0];
     $sth = $this->db->query("SELECT COUNT(*) FROM `inlogg` JOIN users ON inlogg.uid = users.id WHERE inlogg.ip = '" . $ip . "' AND enabled = 'no'");
     $res = $sth->fetch();
     $loginAttemptsWarningHits = $res[0];
     $sth = $this->db->query("SELECT COUNT(*) FROM `iplog` JOIN users ON iplog.userid = users.id WHERE iplog.ip = '" . $ip . "' AND enabled = 'no'");
     $res = $sth->fetch();
     $iplogWarningHits = $res[0];
     $ipHits = $iplogHits + $loginAttemptsHits;
     $warninLevel = $loginAttemptsWarningHits + $iplogWarningHits;
     $signups = new Signups($this->db, $this);
     $signups->create($userId, $ip, $hostname, $hashedEmail, $emailLogHits, $ipHits, $warninLevel);
     /* Zero means persistent invite url */
     if ($invite["userid"] != 0) {
         $this->db->query("DELETE FROM invites WHERE id = " . $invite["id"]);
     }
 }