genuineparts/funchat
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
funchat/register.php

222 lines
15 KiB
PHP
Raw Normal View History

Initial commit
2025-06-02 10:01:12 +02:00
<?php
error_reporting(E_ALL ^E_NOTICE);
// Register
$basepath='';
require_once 'core/init_core.inc.php';
$plugin->run_hook('register_begin');
$session->page_begin('Register', FALSE);
if($session->userdata['uid']!=0){
small updates
2025-06-02 13:24:40 +02:00
header('Location:https://'.$config['domain'].'/'.$config['path'].'usercp.php');
Initial commit
2025-06-02 10:01:12 +02:00
}
if($config['registring']==0){
$core->message('Accouterstellung abgeschaltet','Zur Zeit wurde die Accounterstellung deaktiviert.',TRUE,$config['path'].'/index.php',5);
}
if (isset($_COOKIE[$config["cookiename"] . "_rid"])){
$result = $db->query("SELECT `id` FROM `" . $config['prefix'] . "banned_ips` WHERE `ip` = '".$db->escape($session->ip)."'");
if ($db->num_rows ($result) <= 0){
$db->query("INSERT INTO `" . $config['prefix'] . "banned_ips` (`ip`,`date`,`reason`) VALUES ('".$session->ip."','".time()."','Autoban - Matched Cookie')");
}
$core->message('Gebannt','Es scheint als wäre deine IP aktulle von der Accounterstellung ausgeschlossen.<br /> Wenn du denkst dies sei ein Fehler bitte sende uns eine <a href="mailto:'.$config['siteemail'].'">E-Mail</a>.',TRUE,$config['path'].'/index.php',5);
}
$result = $db->query("SELECT `id` FROM `" . $config['prefix'] . "banned_ips` WHERE `ip` = '".$db->escape($session->ip)."'");
if ($db->num_rows ($result) > 0){
$row=$db->fetch_object($result);
$id=$row->id;
$session->setcookie($config['cookiename'] . '_rid', $id , time() + 60 * 60 * 24 * 365, $config['path'],$config['domain']);
$core->message('Gebannt','Es scheint als wäre deine IP aktulle von der Accounterstellung ausgeschlossen.<br /> Wenn du denkst dies sei ein Fehler bitte sende uns eine <a href="mailto:'.$config['siteemail'].'">E-Mail</a>.',TRUE,$config['path'].'/index.php',5);
}
/*if($_GET['activate']!=""){
if($_GET['regstring']!=""){
$riresult = $db->query("SELECT r.`id` FROM `" . $config['prefix'] . "register` r WHERE r.`regstring` = '".$db->escape($_GET['regstring'])."' AND r.`ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'") or die ($db->error());
if ($db->num_rows ($riresult) <= 0){
//$db->query("DELETE FROM `" . $config['prefix'] . "register` WHERE `regstring` = '".$db->escape($_GET['regstring'])."' OR `ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'");
$core->message('Sorry','The request you have made is invalid.',TRUE,$config['path'].'/index.php',5);
}
}else{
$db->query("DELETE FROM `" . $config['prefix'] . "register` WHERE `ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'");
$core->message('Sorry','The request you have made is invalid.',TRUE,$config['path'].'/index.php',5);
}
}*/
if(isset($_POST['submit']) && $_POST['openid']!='' && isset($_POST['openid'])){
$username=$session->sanitize_username($_POST['username']);
$vusername=$session->verify_username($username);
if($vusername!==TRUE){
$emsg.='<span style="color:red; font-weight:bold">'.$vusername.'</span><br />';
}
if($config['captcha']==1){
include ('thirdparty/securimage/securimage.php');
$img = new Securimage();
if(!$img->check($_POST['captcha'])){
$emsg.='<span style="color:red; font-weight:bold">Das Captcha is ung&uuml;ltig!</span><br />';
}
}
if(!preg_match('/^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){65,}@)(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22))(?:\.(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\]))$/iD',$_POST['email'])){
$emsg.='<span style="color:red; font-weight:bold">E-Mail ung&uuml;ltig!</span><br />';
}
$result = $db->query("SELECT `uid` FROM `" . $config['prefix'] . "users` WHERE `username` LIKE '".$db->escape($username)."' LIMIT 1");
if ($db->num_rows ($result) > 0){
$emsg.='<span style="color:red; font-weight:bold">Dieser Nickname ist bereits vergeben!</span><br />';
}
$result = $db->query("SELECT `uid` FROM `" . $config['prefix'] . "users` WHERE `email` LIKE '".$db->escape($_POST['email'])."' LIMIT 1");
if ($db->num_rows ($result) > 0){
$emsg.='<span style="color:red; font-weight:bold">Diese E-Mail ist bereits registriert!</span><br />';
}
if(!$emsg){
// Secure Posted Data
$active=0;
$key=$session->generate_Key(50);
$active=1;
$result = $db->query("INSERT INTO `" . $config['prefix'] . "users` (`username`,`openid_identity`,`realname`,`loginkey`,`email`,`active`,`gender`,`from`,`since`,`birthday`) VALUES ('".$db->escape($username)."','".$db->escape($_POST['openid'])."','".$db->escape($_POST['realname'])."', '".$key."', '".$db->escape($_POST['email'])."', '".$active."','".$db->escape($_POST['gender'])."','".$db->escape($_POST['from'])."','".time()."','".strtotime($db->escape($_POST['birthday']))."')");
$uid=$db->last_id();
$sdata=array('uid'=>$uid,'username'=>$db->escape($username),'openid_identity'=>$db->escape($_POST['openid']),'email'=>$db->escape($_POST['email']),'realname'=>$db->escape($_POST['realname']),'gender'=>$db->escape($_POST['gender']),'from'=>$db->escape($_POST['from']),'birthday'=>strtotime($db->escape($_POST['birthday'])));
$plugin->run_hook('register_openid_end',array('sdata'=>$sdata));
$cookiedata['uid'] = $uid;
$cookiedata['loginkey'] = $key;
$cookiedata = base64_encode($cookiedata['uid'] .'_'. $cookiedata['loginkey']);
if(isset($_POST['remember']) && $_POST['remember']){
$session->setcookie($config['cookiename'] . '_base', $cookiedata, time() + 60 * 60 * 24 * 365, $config['path'],$config['domain']);
}else{
$session->setcookie($config['cookiename'] . '_base', $cookiedata, 0, $config['path'],$config['domain']);
}
$db->query("DELETE FROM `" . $config['prefix'] . "sessions` WHERE `ip`='".$db->escape($_SERVER['REMOTE_ADDR'])."'");
$pdata=array('remember'=>$_POST['remember'],'uid'=>$data['uid'],'domain'=>$config['domain']);
$plugin->run_hook('register_openid_login',array('pdata'=>$pdata));
$core->redirect_message('Logged in','You have been successfully logged-in and will be redirected shortly.',TRUE,$config['path'].'/index.php',3);
}else{
$tpl->assign('emsg',$emsg);
$tpl->assign('captcha',$config['captcha']);
$tpl->assign('openid',$config['use_openid']);
$tpl->assign('identity',$_POST['openid']);
$tpl->assign('data',$_POST);
$content=$tpl->fetch('register.tpl');
$core->make_page($content);
}
}
$emsg=false;
If(isset($_POST['submit'])){
/*if($_GET['regstring']!=""){
$riresult = $db->query("SELECT r.`id` FROM `" . $config['prefix'] . "register` r WHERE r.`regstring` = '".$db->escape($_GET['regstring'])."' AND r.`ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'") or die ($db->error());
if ($db->num_rows ($riresult) <= 0){
//$db->query("DELETE FROM `" . $config['prefix'] . "register` WHERE `regstring` = '".$db->escape($_GET['regstring'])."' OR `ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'");
$core->message('Sorry','The request you have made is invalid.',TRUE,$config['path'].'/index.php',5);
}
}else{
$db->query("DELETE FROM `" . $config['prefix'] . "register` WHERE `ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'");
$core->message('Sorry','The request you have made is invalid.',TRUE,$config['path'].'/index.php',5);
}*/
$username=$session->sanitize_username($_POST['username']);
$vusername=$session->verify_username($username);
if($vusername!==TRUE){
$emsg.='<span style="color:red; font-weight:bold">'.$vusername.'</span><br />';
}
if(!isset($_POST['agreed']) || $_POST['agreed']==''){
$emsg.='<span style="color:red; font-weight:bold">Du musst den Nutzungsbedingungen zustimmen!</span><br />';
}
if(!isset($_POST['birthday']) || $_POST['birthday']==''){
$emsg.='<span style="color:red; font-weight:bold">Du musst dein Geburtsdatum angeben!</span><br />';
}else{
$birthday = strtotime($_POST['birthday']);
// check
// 31536000 is the number of seconds in a 365 days year.
if(time() - $birthday < 16 * 31536000) {
$emsg.='<span style="color:red; font-weight:bold">Du musst leider midnestens 16 Jahre alt sein.</span><br />';
}
}
if(!isset($_POST['password']) || $_POST['password']==''){
$emsg.='<span style="color:red; font-weight:bold">Du musst ein Passwort vergeben!</span><br />';
}elseif($_POST['password']!=$_POST['cpassword']){
$emsg.='<span style="color:red; font-weight:bold">Deine Passw&ouml;rter stimmen nicht &uuml;berein!</span><br />';
}elseif(strlen($_POST['password'])<6){
$emsg.='<span style="color:red; font-weight:bold">Dein Passwort ist zu kurz, es muss mindestens 6 Zeichen lang sein.</span><br />';
}
if($config['captcha']==1){
if(isset($_POST['g-recaptcha-response']) && $_POST['g-recaptcha-response']!=''){
$ch = curl_init();
// setze die URL und andere Optionen
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify?secret=".$config['recaptcha_secret']."&response=".$_POST['g-recaptcha-response']."&remoteip=".$functions->get_ip());
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
// führe die Aktion aus und gebe die Daten an den Browser weiter
$fh=curl_exec($ch);
// schließe den cURL-Handle und gebe die Systemresourcen frei
curl_close($ch);
if(!$fh){
$emsg.='<span style="color:red; font-weight:bold">Das Captcha is ung&uuml;ltig!</span><br />';
}else{
$response = json_decode($fh, true);
if($response["success"] !== true){
$emsg.='<span style="color:red; font-weight:bold">Das Captcha is ung&uuml;ltig!</span><br />';
}
}
}
}
if(!preg_match('/^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){65,}@)(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22))(?:\.(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\]))$/iD',$_POST['email'])){
$emsg.='<span style="color:red; font-weight:bold">Invalid E-Mail!</span><br />';
}
$result = $db->query("SELECT `uid` FROM `" . $config['prefix'] . "users` WHERE `username` LIKE '".$db->escape($username)."' LIMIT 1");
if ($db->num_rows ($result) > 0){
$emsg.='<span style="color:red; font-weight:bold">Dieser Nickname ist bereits vergeben!</span><br />';
}
$result = $db->query("SELECT `uid` FROM `" . $config['prefix'] . "users` WHERE `email` LIKE '".$db->escape($_POST['email'])."' LIMIT 1");
if ($db->num_rows ($result) > 0){
$emsg.='<span style="color:red; font-weight:bold">Diese E-Mail ist bereits registriert!</span><br />';
}
if(!$emsg){
// Secure Posted Data
$salt = $session->generate_Key(6);
$pass =hash('sha256',$db->escape($salt.$_POST['password']));
if($config['activation']=='mail'){
$key=$session->generate_Key(10);
$mail=new mail();
$mail->set_header('From',$config['sitetitle'].' <'.$config['siteemail'].'>');
$tpl->assign('username',$username);
$tpl->assign('sitename',$config['sitetitle']);
$tpl->assign('url','https://'.$config['domain'].'/'.$config['path'].'register.php?activate='.urlencode($username).'&key='.$key);
$mailbody=$tpl->fetch('register_mail.tpl');
$mail->bodytext($mailbody);
$mail->sendmail($username.' <'.$_POST['email'].'>','Dein Account auf '.$config['sitetitle']);
$active=0;
}else{
$key=$session->generate_Key(50);
$active=1;
}
$result = $db->query("INSERT INTO `" . $config['prefix'] . "users` (`username`,`realname`,`password`,`salt`,`loginkey`,`email`,`active`,`gender`,`from`,`since`,`birthday`) VALUES ('".$db->escape($username)."','".$db->escape($_POST['realname'])."','".$pass."','".$salt."','".$key."', '".$db->escape($_POST['email'])."', '".$active."','".$db->escape($_POST['gender'])."','".$db->escape($_POST['from'])."','".time()."','".strtotime($db->escape($_POST['birthday']))."')");
$uid=$db->last_id();
$sdata=array('uid'=>$uid,'username'=>$db->escape($username),'salt'=>$salt,'pwd_md5'=>hash('md5',$_POST['password']),'pwd_sha2'=>$pass,'email'=>$db->escape($_POST['email']),'realname'=>$db->escape($_POST['realname']),'gender'=>$db->escape($_POST['gender']),'from'=>$db->escape($_POST['from']),'birthday'=>strtotime($db->escape($_POST['birthday'])));
$plugin->run_hook('register_end',array('sdata'=>$sdata));
$db->query("DELETE FROM `" . $config['prefix'] . "register` WHERE `regstring` = '".$db->escape($_GET['regstring'])."' OR `ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'");
if($active==0){
$core->message('Erfolg','Dein Account wurde erstellt und wir haben Dir eine E-Mail gesendet.<br />Folge den Anweisungen in der E-Mail um deinen Account freizuschalten.',TRUE,$config['path'].'/index.php',3);
}else{
$core->message('Erfolg','Dein Account wurde erstellt und du kannst dich nun einloggen.',TRUE,$config['path'].'/index.php',3);
}
}
}elseif(isset($_GET['activate'])){
$result = $db->query("SELECT `uid` FROM `" . $config['prefix'] . "users` WHERE `username` LIKE '".$db->escape($_GET['activate'])."' AND `loginkey`='".$db->escape($_GET['key'])."' AND `active`=0 LIMIT 1");
if ($db->num_rows ($result) <= 0){
$core->message('Fehler','Dieser Account ist entweder bereits freigeschaltet oder irgendwas ist schiefgelaufen.',TRUE,$config['path'].'/index.php',3);
}else{
$key=$session->generate_Key(50);
$db->query("UPDATE `" . $config['prefix'] . "users` SET `loginkey`='".$key."',`active`=1 WHERE `username` LIKE '".$db->escape($_GET['activate'])."' AND `loginkey`='".$db->escape($_GET['key'])."' AND `active`=0 LIMIT 1");
$core->message('Danke','Dein Account wurde aktiviert! Du kannst dich nun einloggen.',TRUE,$config['path'].'/index.php',3);
}
}
$meta='<link type="text/css" rel="stylesheet" href="'.$config['path'].'js/calendar/dhtmlgoodies_calendar.css?random=20060118" media="screen"></link>
<script src="'.$config['path'].'js/calendar/dhtmlgoodies_calendar.js?random=20060118" type="text/javascript">
</script><script src=\'https://www.google.com/recaptcha/api.js\'></script>';
$tpl->assign('path','//'.$config['domain'].'/'.$config['path']);
$tpl->assign('emsg',$emsg);
$tpl->assign('regstring',$_GET['regstring']);
$tpl->assign('captcha',$config['captcha']);
$tpl->assign('sid',md5(uniqid(time())));
$tpl->assign('data',$_POST);
$content=$tpl->fetch('register.tpl');
$core->make_page($content);
?>
Reference in a new issue Copy permalink