| public create ( $userId, $ip, $hostname, $email, $emailLogHits, $ipHits, $warninLevel ) |
public function create($postdata)
{
$sth = $this->db->prepare("SELECT * FROM invites WHERE secret = ?");
$sth->bindParam(1, $postdata["inviteKey"], PDO::PARAM_STR);
$sth->execute();
$invite = $sth->fetch(PDO::FETCH_ASSOC);
if (!$invite) {
throw new Exception('Inbjudningskoden har utgått.', 412);
}
if (strlen($postdata["username"]) < 2) {
throw new Exception('Användarnamnet är för kort', 411);
}
if (strlen($postdata["username"]) > 14) {
throw new Exception('Användarnamnet är för långt', 411);
}
if (!preg_match('/^[a-z0-9][a-z0-9-_]+$/i', $postdata["username"])) {
throw new Exception('Användarnamnet ska bestå av följande tecken: A-Z 0-9', 412);
}
if (!$this->usernameIsAvailable($postdata["username"])) {
throw new Exception('Användarnamnet \'' . $postdata["username"] . '\' är upptaget', 409);
}
if (!preg_match('/^[\\w.-]+@([\\w.-]+\\.)+[a-z]{2,6}$/is', $postdata["email"])) {
throw new Exception('Ogiltig e-postadress', 412);
}
if (!$this->emailIsAvailable($postdata["email"])) {
throw new Exception('E-postadressen används redan på sidan', 409);
}
if (strlen($postdata["password"]) < 6) {
throw new Exception('Lösenordet är för kort', 411);
}
if ($postdata["password"] != $postdata["passwordAgain"]) {
throw new Exception('Lösenorden stämmer ej överrens', 412);
}
switch ($postdata["format"]) {
case 0:
$indexlist = '2, 6';
// DVDR
break;
case 3:
$indexlist = '11, 163';
// 1080p
break;
default:
$indexlist = '1, 141';
// 720p
}
$age = (int) $postdata["age"];
$gender = (int) $postdata["gender"];
$sth = $this->db->query("SELECT id FROM news WHERE announce = 1 ORDER BY id DESC LIMIT 1");
$res = $sth->fetch(PDO::FETCH_ASSOC);
if (!$res) {
$lastReadNews = 0;
} else {
$lastReadNews = $res["id"];
}
$added = date("Y-m-d H:i:s");
$passhash = $this->hashPassword($postdata["password"], $added);
$uploaded = 1073741824 * $this->gigabyteUploadedOnSignup;
$leechEnd = date('Y-m-d H:i:s', time() + 86400);
// 24h frree leech
$sth = $this->db->prepare("INSERT INTO users (username, passhash, email, passkey, invited_by, indexlist, added, gender, alder, leechstart, uploaded, lastreadnews, last_access) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())");
$sth->bindParam(1, $postdata["username"], PDO::PARAM_STR);
$sth->bindParam(2, $passhash, PDO::PARAM_STR);
$sth->bindParam(3, strtolower($postdata["email"]), PDO::PARAM_STR);
$sth->bindParam(4, md5(uniqid()), PDO::PARAM_STR);
$sth->bindParam(5, $invite["userid"], PDO::PARAM_INT);
$sth->bindParam(6, $indexlist, PDO::PARAM_INT);
$sth->bindParam(7, $added, PDO::PARAM_STR);
$sth->bindParam(8, $gender, PDO::PARAM_INT);
$sth->bindParam(9, $age, PDO::PARAM_INT);
$sth->bindParam(10, $leechEnd, PDO::PARAM_STR);
$sth->bindParam(11, $uploaded, PDO::PARAM_INT);
$sth->bindParam(12, $lastReadNews, PDO::PARAM_INT);
$sth->execute();
$userId = $this->db->lastInsertId();
$mailbox = new Mailbox($this->db);
$mailbox->sendSystemMessage($invite["userid"], "Inbjudan accepterad!", "Din inbjudan är accepterad och hen valde att registrera sig under namnet [url=/user/" . $userId . "/" . $postdata["username"] . "][b]" . $postdata["username"] . "[/b][/url].");
// Security checks
$ip = $_SERVER["REMOTE_ADDR"];
$hostname = gethostbyaddr($ip);
$sth = $this->db->query("SELECT COUNT(*) FROM iplog WHERE ip = '" . $ip . "'");
$res = $sth->fetch();
$iplogHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM inlogg WHERE ip = '" . $ip . "'");
$res = $sth->fetch();
$loginAttemptsHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM emaillog WHERE email = '" . $postdata["email"] . "' AND userid != " . $userId);
$res = $sth->fetch();
$emailLogHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM `inlogg` JOIN users ON inlogg.uid = users.id WHERE inlogg.ip = '" . $ip . "' AND enabled = 'no'");
$res = $sth->fetch();
$loginAttemptsWarningHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM `iplog` JOIN users ON iplog.userid = users.id WHERE iplog.ip = '" . $ip . "' AND enabled = 'no'");
$res = $sth->fetch();
$iplogWarningHits = $res[0];
$ipHits = $iplogHits + $loginAttemptsHits;
$warninLevel = $loginAttemptsWarningHits + $iplogWarningHits;
$signups = new Signups($this->db, $this);
$signups->create($userId, $ip, $hostname, $postdata["email"], $emailLogHits, $ipHits, $warninLevel);
/* Zero means persistent invite url */
if ($invite["userid"] != 0) {
$this->db->query("DELETE FROM invites WHERE id = " . $invite["id"]);
}
}
public function create($postdata)
{
$sth = $this->db->prepare("SELECT * FROM invites WHERE secret = ?");
$sth->bindParam(1, $postdata["inviteKey"], PDO::PARAM_STR);
$sth->execute();
$invite = $sth->fetch(PDO::FETCH_ASSOC);
$hashedEmail = $this->hashEmail($postdata["email"]);
if (!$invite) {
throw new Exception(L::get("INVITE_EXPIRED"), 412);
}
if (strlen($postdata["username"]) < 2) {
throw new Exception(L::get("USER_NAME_TOO_SHORT"), 411);
}
if (strlen($postdata["username"]) > 14) {
throw new Exception(L::get("USER_NAME_TOO_LONG"), 411);
}
if (!preg_match('/^[a-z0-9][a-z0-9-_]+$/i', $postdata["username"])) {
throw new Exception(L::get("USER_NAME_CHARACTER_LIMITATION", ["A-Z 0-9"]), 412);
}
if (!$this->usernameIsAvailable($postdata["username"])) {
throw new Exception(L::get("USER_NAME_OCCUPIED", [$postdata["username"]]), 409);
}
if (!preg_match('/^[\\w.-]+@([\\w.-]+\\.)+[a-z]{2,6}$/is', $postdata["email"])) {
throw new Exception(L::get("INVALID_EMAIL"), 412);
}
if (!$this->emailIsAvailable($hashedEmail)) {
throw new Exception(L::get("EMAIL_OCCUPIED"), 409);
}
if (strlen($postdata["password"]) < 6) {
throw new Exception(L::get("PASSWORD_TOO_SHORT"), 411);
}
if ($postdata["password"] != $postdata["passwordAgain"]) {
throw new Exception(L::get("PASSWORD_NOT_MATCHING"), 412);
}
if (!in_array($postdata["language"], Config::$languages)) {
$postdata["language"] = Config::DEFAULT_LANGUAGE;
}
switch ($postdata["format"]) {
case 0:
$indexlist = '2, 6';
// DVDR
break;
case 3:
$indexlist = '11, 163';
// 1080p
break;
default:
$indexlist = '1, 141';
// 720p
}
$age = (int) $postdata["age"];
$gender = (int) $postdata["gender"];
$sth = $this->db->query("SELECT id FROM news WHERE announce = 1 ORDER BY id DESC LIMIT 1");
$res = $sth->fetch(PDO::FETCH_ASSOC);
if (!$res) {
$lastReadNews = 0;
} else {
$lastReadNews = $res["id"];
}
$added = date("Y-m-d H:i:s");
$passhash = $this->hashPassword($postdata["password"]);
$uploaded = 1073741824 * User::GIGABYTE_ON_SIGNUP;
$leechEnd = date('Y-m-d H:i:s', time() + 86400);
// 24h frree leech
$sth = $this->db->prepare("INSERT INTO users (username, passhash, email, passkey, invited_by, indexlist, added, gender, alder, leechstart, uploaded, lastreadnews, last_access, anonym, language) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), 'yes', ?)");
$sth->bindParam(1, $postdata["username"], PDO::PARAM_STR);
$sth->bindParam(2, $passhash, PDO::PARAM_STR);
$sth->bindParam(3, $hashedEmail, PDO::PARAM_STR);
$sth->bindValue(4, md5(uniqid()), PDO::PARAM_STR);
$sth->bindParam(5, $invite["userid"], PDO::PARAM_INT);
$sth->bindParam(6, $indexlist, PDO::PARAM_INT);
$sth->bindParam(7, $added, PDO::PARAM_STR);
$sth->bindParam(8, $gender, PDO::PARAM_INT);
$sth->bindParam(9, $age, PDO::PARAM_INT);
$sth->bindParam(10, $leechEnd, PDO::PARAM_STR);
$sth->bindParam(11, $uploaded, PDO::PARAM_INT);
$sth->bindParam(12, $lastReadNews, PDO::PARAM_INT);
$sth->bindParam(13, $postdata["language"], PDO::PARAM_STR);
$sth->execute();
$userId = $this->db->lastInsertId();
$mailbox = new Mailbox($this->db);
if ($invite["userid"] > 0) {
$inviter = $this->get($invite["userid"]);
$mailbox->sendSystemMessage($invite["userid"], L::get("INVITE_ACCEPTED", null, $inviter["language"]), L::get("INVITE_ACCEPTED_BODY", [$userId, $postdata["username"], $postdata["username"]], $inviter["language"]));
}
// Security checks
$ip = $_SERVER["REMOTE_ADDR"];
$hostname = gethostbyaddr($ip);
$sth = $this->db->query("SELECT COUNT(*) FROM iplog WHERE ip = '" . $ip . "' AND userid != " . $userId);
$res = $sth->fetch();
$iplogHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM inlogg WHERE ip = '" . $ip . "' AND uid != " . $userId);
$res = $sth->fetch();
$loginAttemptsHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM emaillog WHERE email = '" . $hashedEmail . "' AND userid != " . $userId);
$res = $sth->fetch();
$emailLogHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM `inlogg` JOIN users ON inlogg.uid = users.id WHERE inlogg.ip = '" . $ip . "' AND enabled = 'no'");
$res = $sth->fetch();
$loginAttemptsWarningHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM `iplog` JOIN users ON iplog.userid = users.id WHERE iplog.ip = '" . $ip . "' AND enabled = 'no'");
$res = $sth->fetch();
$iplogWarningHits = $res[0];
$ipHits = $iplogHits + $loginAttemptsHits;
$warninLevel = $loginAttemptsWarningHits + $iplogWarningHits;
$signups = new Signups($this->db, $this);
$signups->create($userId, $ip, $hostname, $hashedEmail, $emailLogHits, $ipHits, $warninLevel);
/* Zero means persistent invite url */
if ($invite["userid"] != 0) {
$this->db->query("DELETE FROM invites WHERE id = " . $invite["id"]);
}
}