200 lines
14 KiB
PHP
200 lines
14 KiB
PHP
<?php
|
|
error_reporting(E_ALL ^E_NOTICE);
|
|
// Register
|
|
$basepath='';
|
|
require_once 'core/init_core.inc.php';
|
|
$plugin->run_hook('register_begin');
|
|
$session->page_begin('Register', FALSE);
|
|
if($session->userdata['uid']!=0){
|
|
header('Location:https://'.$config['domain'].'/'.$config['path'].'usercp.php');
|
|
}
|
|
if($config['registring']==0){
|
|
$core->message('Accouterstellung abgeschaltet','Zur Zeit wurde die Accounterstellung deaktiviert.',TRUE,$config['path'].'/index.php',5);
|
|
}
|
|
if (isset($_COOKIE[$config["cookiename"] . "_rid"])){
|
|
$result = $db->query("SELECT `id` FROM `" . $config['prefix'] . "banned_ips` WHERE `ip` = '".$db->escape($session->ip)."'");
|
|
if ($db->num_rows ($result) <= 0){
|
|
$db->query("INSERT INTO `" . $config['prefix'] . "banned_ips` (`ip`,`date`,`reason`) VALUES ('".$session->ip."','".time()."','Autoban - Matched Cookie')");
|
|
}
|
|
$core->message('Gebannt','Es scheint als wäre deine IP aktulle von der Accounterstellung ausgeschlossen.<br> Wenn du denkst dies sei ein Fehler bitte sende uns eine <a href="mailto:'.$config['siteemail'].'">E-Mail</a>.',TRUE,$config['path'].'/index.php',5);
|
|
}
|
|
$result = $db->query("SELECT `id` FROM `" . $config['prefix'] . "banned_ips` WHERE `ip` = '".$db->escape($session->ip)."'");
|
|
if ($db->num_rows ($result) > 0){
|
|
$row=$db->fetch_object($result);
|
|
$id=$row->id;
|
|
$session->setcookie($config['cookiename'] . '_rid', $id , time() + 60 * 60 * 24 * 365, $config['path'],$config['domain']);
|
|
$core->message('Gebannt','Es scheint als wäre deine IP aktulle von der Accounterstellung ausgeschlossen.<br> Wenn du denkst dies sei ein Fehler bitte sende uns eine <a href="mailto:'.$config['siteemail'].'">E-Mail</a>.',TRUE,$config['path'].'/index.php',5);
|
|
}
|
|
/*if($_GET['activate']!=""){
|
|
if($_GET['regstring']!=""){
|
|
$riresult = $db->query("SELECT r.`id` FROM `" . $config['prefix'] . "register` r WHERE r.`regstring` = '".$db->escape($_GET['regstring'])."' AND r.`ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'") or die ($db->error());
|
|
if ($db->num_rows ($riresult) <= 0){
|
|
//$db->query("DELETE FROM `" . $config['prefix'] . "register` WHERE `regstring` = '".$db->escape($_GET['regstring'])."' OR `ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'");
|
|
$core->message('Sorry','The request you have made is invalid.',TRUE,$config['path'].'/index.php',5);
|
|
}
|
|
}else{
|
|
$db->query("DELETE FROM `" . $config['prefix'] . "register` WHERE `ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'");
|
|
$core->message('Sorry','The request you have made is invalid.',TRUE,$config['path'].'/index.php',5);
|
|
}
|
|
}*/
|
|
if(isset($_POST['submit']) && $_POST['openid']!='' && isset($_POST['openid'])){
|
|
$username=$session->sanitize_username($_POST['username']);
|
|
$vusername=$session->verify_username($username);
|
|
if($vusername!==TRUE){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$vusername.'</span><br>';
|
|
}
|
|
if($config['captcha']!=0){
|
|
if(!$captcha->validate($_POST)){
|
|
$emsg.='<span style="color:red; font-weight:bold">Das Captcha is ungültig!</span><br>';
|
|
}
|
|
}
|
|
if(!preg_match('/^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){65,}@)(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22))(?:\.(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\]))$/iD',$_POST['email'])){
|
|
$emsg.='<span style="color:red; font-weight:bold">E-Mail ungültig!</span><br />';
|
|
}
|
|
$result = $db->query("SELECT `uid` FROM `" . $config['prefix'] . "users` WHERE `username` LIKE '".$db->escape($username)."' LIMIT 1");
|
|
if ($db->num_rows ($result) > 0){
|
|
$emsg.='<span style="color:red; font-weight:bold">Dieser Nickname ist bereits vergeben!</span><br>';
|
|
}
|
|
$result = $db->query("SELECT `uid` FROM `" . $config['prefix'] . "users` WHERE `email` LIKE '".$db->escape($_POST['email'])."' LIMIT 1");
|
|
if ($db->num_rows ($result) > 0){
|
|
$emsg.='<span style="color:red; font-weight:bold">Diese E-Mail ist bereits registriert!</span><br>';
|
|
}
|
|
if(!$emsg){
|
|
// Secure Posted Data
|
|
$active=0;
|
|
$key=$session->generate_Key(50);
|
|
$active=1;
|
|
$result = $db->query("INSERT INTO `" . $config['prefix'] . "users` (`username`,`openid_identity`,`realname`,`loginkey`,`email`,`active`,`gender`,`from`,`since`,`birthday`) VALUES ('".$db->escape($username)."','".$db->escape($_POST['openid'])."','".$db->escape($_POST['realname'])."', '".$key."', '".$db->escape($_POST['email'])."', '".$active."','".$db->escape($_POST['gender'])."','".$db->escape($_POST['from'])."','".time()."','".strtotime($db->escape($_POST['birthday']))."')");
|
|
$uid=$db->last_id();
|
|
$sdata=array('uid'=>$uid,'username'=>$db->escape($username),'openid_identity'=>$db->escape($_POST['openid']),'email'=>$db->escape($_POST['email']),'realname'=>$db->escape($_POST['realname']),'gender'=>$db->escape($_POST['gender']),'from'=>$db->escape($_POST['from']),'birthday'=>strtotime($db->escape($_POST['birthday'])));
|
|
$plugin->run_hook('register_openid_end',array($sdata));
|
|
$cookiedata['uid'] = $uid;
|
|
$cookiedata['loginkey'] = $key;
|
|
$cookiedata = base64_encode($cookiedata['uid'] .'_'. $cookiedata['loginkey']);
|
|
if(isset($_POST['remember']) && $_POST['remember']){
|
|
$session->setcookie($config['cookiename'] . '_base', $cookiedata, time() + 60 * 60 * 24 * 365, $config['path'],$config['domain']);
|
|
}else{
|
|
$session->setcookie($config['cookiename'] . '_base', $cookiedata, 0, $config['path'],$config['domain']);
|
|
}
|
|
$db->query("DELETE FROM `" . $config['prefix'] . "sessions` WHERE `ip`='".$db->escape($_SERVER['REMOTE_ADDR'])."'");
|
|
$pdata=array('remember'=>$_POST['remember'],'uid'=>$data['uid'],'domain'=>$config['domain']);
|
|
$plugin->run_hook('register_openid_login',array($pdata));
|
|
$core->redirect_message('Logged in','You have been successfully logged-in and will be redirected shortly.',TRUE,$config['path'].'/index.php',3);
|
|
}else{
|
|
$tpl->assign('emsg',$emsg);
|
|
$tpl->assign('captcha',$captcha->getCaptcha());
|
|
$tpl->assign('openid',$config['use_openid']);
|
|
$tpl->assign('identity',$_POST['openid']);
|
|
$tpl->assign('data',$_POST);
|
|
$content=$tpl->fetch('register.tpl');
|
|
$core->make_page($content);
|
|
}
|
|
}
|
|
$emsg=false;
|
|
If(isset($_POST['submit'])){
|
|
/*if($_GET['regstring']!=""){
|
|
$riresult = $db->query("SELECT r.`id` FROM `" . $config['prefix'] . "register` r WHERE r.`regstring` = '".$db->escape($_GET['regstring'])."' AND r.`ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'") or die ($db->error());
|
|
if ($db->num_rows ($riresult) <= 0){
|
|
//$db->query("DELETE FROM `" . $config['prefix'] . "register` WHERE `regstring` = '".$db->escape($_GET['regstring'])."' OR `ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'");
|
|
$core->message('Sorry','The request you have made is invalid.',TRUE,$config['path'].'/index.php',5);
|
|
}
|
|
}else{
|
|
$db->query("DELETE FROM `" . $config['prefix'] . "register` WHERE `ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'");
|
|
$core->message('Sorry','The request you have made is invalid.',TRUE,$config['path'].'/index.php',5);
|
|
}*/
|
|
$username=$session->sanitize_username($_POST['username']);
|
|
$vusername=$session->verify_username($username);
|
|
if($vusername!==TRUE){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$vusername.'</span><br>';
|
|
}
|
|
if(!isset($_POST['agreed']) || $_POST['agreed']==''){
|
|
$emsg.='<span style="color:red; font-weight:bold">Du musst den Nutzungsbedingungen zustimmen!</span><br>';
|
|
}
|
|
if(!isset($_POST['birthday']) || $_POST['birthday']==''){
|
|
$emsg.='<span style="color:red; font-weight:bold">Du musst dein Geburtsdatum angeben!</span><br>';
|
|
}else{
|
|
$birthday = strtotime($_POST['birthday']);
|
|
|
|
// check
|
|
// 31536000 is the number of seconds in a 365 days year.
|
|
if(time() - $birthday < 16 * 31536000) {
|
|
$emsg.='<span style="color:red; font-weight:bold">Du musst leider mindestens 16 Jahre alt sein.</span><br>';
|
|
}
|
|
}
|
|
if(!isset($_POST['password']) || $_POST['password']==''){
|
|
$emsg.='<span style="color:red; font-weight:bold">Du musst ein Passwort vergeben!</span><br>';
|
|
}elseif($_POST['password']!=$_POST['cpassword']){
|
|
$emsg.='<span style="color:red; font-weight:bold">Deine Passwörter stimmen nicht überein!</span><br>';
|
|
}elseif(strlen($_POST['password'])<6){
|
|
$emsg.='<span style="color:red; font-weight:bold">Dein Passwort ist zu kurz, es muss mindestens 6 Zeichen lang sein.</span><br>';
|
|
}
|
|
if($config['captcha']!=0){
|
|
if(!$captcha->validate($_POST)){
|
|
$emsg.='<span style="color:red; font-weight:bold">Das Captcha is ungültig!</span><br>';
|
|
}
|
|
}
|
|
if(!preg_match('/^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){65,}@)(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22))(?:\.(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\]))$/iD',$_POST['email'])){
|
|
$emsg.='<span style="color:red; font-weight:bold">Invalid E-Mail!</span><br />';
|
|
}
|
|
$result = $db->query("SELECT `uid` FROM `" . $config['prefix'] . "users` WHERE `username` LIKE '".$db->escape($username)."' LIMIT 1");
|
|
if ($db->num_rows ($result) > 0){
|
|
$emsg.='<span style="color:red; font-weight:bold">Dieser Nickname ist bereits vergeben!</span><br />';
|
|
}
|
|
$result = $db->query("SELECT `uid` FROM `" . $config['prefix'] . "users` WHERE `email` LIKE '".$db->escape($_POST['email'])."' LIMIT 1");
|
|
if ($db->num_rows ($result) > 0){
|
|
$emsg.='<span style="color:red; font-weight:bold">Diese E-Mail ist bereits registriert!</span><br />';
|
|
}
|
|
if(!$emsg){
|
|
// Secure Posted Data
|
|
$salt = $session->generate_Key(6);
|
|
$pass =hash('sha256',$db->escape($salt.$_POST['password']));
|
|
if($config['activation']=='mail'){
|
|
$key=$session->generate_Key(10);
|
|
$mail=new mail();
|
|
$mail->set_header('From','=?UTF-8?B?'.base64_encode($config['sitetitle']).'?='.' <'.$config['siteemail'].'>');
|
|
$tpl->assign('username',$username);
|
|
$tpl->assign('sitename',$config['sitetitle']);
|
|
$tpl->assign('url','https://'.$config['domain'].'/'.$config['path'].'register.php?activate='.urlencode($username).'&key='.$key);
|
|
$mailbody=$tpl->fetch('register_mail.tpl');
|
|
$mail->bodytext($mailbody);
|
|
$mail->sendmail($username.' <'.$_POST['email'].'>','Dein Account auf '.$config['sitetitle']);
|
|
$active=0;
|
|
}else{
|
|
$key=$session->generate_Key(50);
|
|
$active=1;
|
|
}
|
|
$result = $db->query("INSERT INTO `" . $config['prefix'] . "users` (`username`,`realname`,`password`,`salt`,`loginkey`,`email`,`active`,`gender`,`from`,`since`,`birthday`) VALUES ('".$db->escape($username)."','".$db->escape($_POST['realname'])."','".$pass."','".$salt."','".$key."', '".$db->escape($_POST['email'])."', '".$active."','".$db->escape($_POST['gender'])."','".$db->escape($_POST['from'])."','".time()."','".strtotime($db->escape($_POST['birthday']))."')");
|
|
$uid=$db->last_id();
|
|
$sdata=array('uid'=>$uid,'username'=>$db->escape($username),'salt'=>$salt,'pwd_md5'=>hash('md5',$_POST['password']),'pwd_sha2'=>$pass,'email'=>$db->escape($_POST['email']),'realname'=>$db->escape($_POST['realname']),'gender'=>$db->escape($_POST['gender']),'from'=>$db->escape($_POST['from']),'birthday'=>strtotime($db->escape($_POST['birthday'])));
|
|
$plugin->run_hook('register_end',array($sdata));
|
|
$db->query("DELETE FROM `" . $config['prefix'] . "register` WHERE `regstring` = '".$db->escape($_GET['regstring'])."' OR `ip` = '".$db->escape($_SERVER['REMOTE_ADDR'])."'");
|
|
if($active==0){
|
|
$core->message('Erfolg','Dein Account wurde erstellt und wir haben Dir eine E-Mail gesendet.<br />Folge den Anweisungen in der E-Mail um deinen Account freizuschalten.',TRUE,$config['path'].'/index.php',3);
|
|
}else{
|
|
$core->message('Erfolg','Dein Account wurde erstellt und du kannst dich nun einloggen.',TRUE,$config['path'].'/index.php',3);
|
|
}
|
|
|
|
}
|
|
}elseif(isset($_GET['activate'])){
|
|
$result = $db->query("SELECT `uid` FROM `" . $config['prefix'] . "users` WHERE `username` LIKE '".$db->escape($_GET['activate'])."' AND `loginkey`='".$db->escape($_GET['key'])."' AND `active`=0 LIMIT 1");
|
|
if ($db->num_rows ($result) <= 0){
|
|
$core->message('Fehler','Dieser Account ist entweder bereits freigeschaltet oder irgendwas ist schiefgelaufen.',TRUE,$config['path'].'/index.php',3);
|
|
}else{
|
|
$key=$session->generate_Key(50);
|
|
$db->query("UPDATE `" . $config['prefix'] . "users` SET `loginkey`='".$key."',`active`=1 WHERE `username` LIKE '".$db->escape($_GET['activate'])."' AND `loginkey`='".$db->escape($_GET['key'])."' AND `active`=0 LIMIT 1");
|
|
$core->message('Danke','Dein Account wurde aktiviert! Du kannst dich nun einloggen.',TRUE,$config['path'].'/index.php',3);
|
|
}
|
|
}
|
|
$meta='<link type="text/css" rel="stylesheet" href="'.$config['path'].'js/calendar/dhtmlgoodies_calendar.css?random=20060118" media="screen"></link>
|
|
<script src="'.$config['path'].'js/calendar/dhtmlgoodies_calendar.js?random=20060118" type="text/javascript">
|
|
</script>';
|
|
$dcap = $captcha->getCaptcha();
|
|
$tpl->assign('path','//'.$config['domain'].'/'.$config['path']);
|
|
$tpl->assign('emsg',$emsg);
|
|
$tpl->assign('regstring',$_GET['regstring']);
|
|
$tpl->assign('captcha',$dcap);
|
|
$tpl->assign('sid',md5(uniqid(time())));
|
|
$tpl->assign('data',$_POST);
|
|
$content=$tpl->fetch('register.tpl');
|
|
$core->make_page($content);
|
|
?>
|