登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

Blood.Cold/nexusphp

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
克隆/下载
takesignup.php 8.46 KB
一键复制 编辑 原始数据 按行查看 历史
xiaomlove 提交于 2020-12-26 01:42 . init
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213
<?php

require_once("include/bittorrent.php");

dbconn();

cur_user_check ();

require_once(get_langfile_path("",true));

require_once(get_langfile_path("", false, get_langfolder_cookie()));



function bark($msg) {

	global $lang_takesignup;

	stdhead();

	stdmsg($lang_takesignup['std_signup_failed'], $msg);

	stdfoot();

	exit;

}



$type = $_POST['type'];

if ($type == 'invite'){

registration_check();

failedloginscheck ("Invite Signup");

if ($iv == "yes")

	check_code ($_POST['imagehash'], $_POST['imagestring'],'signup.php?type=invite&invitenumber='.htmlspecialchars($_POST['hash']));

}

else{

registration_check("normal");

failedloginscheck ("Signup");

if ($iv == "yes")

	check_code ($_POST['imagehash'], $_POST['imagestring']);

}



function isportopen($port)

{

	$sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);

	if ($sd)

	{

		fclose($sd);

		return true;

	}

	else

		return false;

}



function isproxy()

{

	$ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);

	for ($i = 0; $i < count($ports); ++$i)

		if (isportopen($ports[$i])) return true;

	return false;

}

if ($type=='invite')

{

$inviter =  $_POST["inviter"];

	int_check($inviter);

$code = unesc($_POST["hash"]);



//check invite code

	$sq = sprintf("SELECT inviter FROM invites WHERE hash ='%s'",mysql_real_escape_string($code));

	$res = sql_query($sq) or sqlerr(__FILE__, __LINE__);

	$inv = mysql_fetch_assoc($res);

	if (!$inv)

		bark('invalid invite code');



$ip = getip();





$res = sql_query("SELECT username FROM users WHERE id = $inviter") or sqlerr(__FILE__, __LINE__);

$arr = mysql_fetch_assoc($res);

$invusername = $arr[username];

}



if (!mkglobal("wantusername:wantpassword:passagain:email"))

	die();



$email = htmlspecialchars(trim($email));

$email = safe_email($email);

if (!check_email($email))

	bark($lang_takesignup['std_invalid_email_address']);

	

if(EmailBanned($email))

    bark($lang_takesignup['std_email_address_banned']);



if(!EmailAllowed($email))

    bark($lang_takesignup['std_wrong_email_address_domains'].allowedemails());



$country = $_POST["country"];

	int_check($country);



if ($showschool == 'yes'){

$school = $_POST["school"];

int_check($school);

}



$gender =  htmlspecialchars(trim($_POST["gender"])); 

$allowed_genders = array("Male","Female","male","female");

if (!in_array($gender, $allowed_genders, true))

	bark($lang_takesignup['std_invalid_gender']);

	

if (empty($wantusername) || empty($wantpassword) || empty($email) || empty($country) || empty($gender))

	bark($lang_takesignup['std_blank_field']);



	

if (strlen($wantusername) > 12)

	bark($lang_takesignup['std_username_too_long']);



if ($wantpassword != $passagain)

	bark($lang_takesignup['std_passwords_unmatched']);



if (strlen($wantpassword) < 6)

	bark($lang_takesignup['std_password_too_short']);



if (strlen($wantpassword) > 40)

	bark($lang_takesignup['std_password_too_long']);



if ($wantpassword == $wantusername)

	bark($lang_takesignup['std_password_equals_username']);



if (!validemail($email))

	bark($lang_takesignup['std_wrong_email_address_format']);



if (!validusername($wantusername))

	bark($lang_takesignup['std_invalid_username']);

	

// make sure user agrees to everything...

if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")

	stderr($lang_takesignup['std_signup_failed'], $lang_takesignup['std_unqualified']);



// check if email addy is already in use

$a = (@mysql_fetch_row(@sql_query("select count(*) from users where email='".mysql_real_escape_string($email)."'"))) or sqlerr(__FILE__, __LINE__);

if ($a[0] != 0)

  bark($lang_takesignup['std_email_address'].$email.$lang_takesignup['std_in_use']);

  

/*

// do simple proxy check

if (isproxy())

	bark("You appear to be connecting through a proxy server. Your organization or ISP may use a transparent caching HTTP proxy. Please try and access the site on <a href="." . get_protocol_prefix() . "$BASEURL.":81/signup.php>port 81</a> (this should bypass the proxy server). <p><b>Note:</b> if you run an Internet-accessible web server on the local machine you need to shut it down until the sign-up is complete.");



$res = sql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);

$arr = mysql_fetch_row($res);

*/



$secret = mksecret();

$wantpasshash = md5($secret . $wantpassword . $secret);

$editsecret = ($verification == 'admin' ? '' : $secret);

$invite_count = (int) $invite_count;



$wantusername = sqlesc($wantusername);

$wantpasshash = sqlesc($wantpasshash);

$secret = sqlesc($secret);

$editsecret = sqlesc($editsecret);

$send_email = $email;

$email = sqlesc($email);

$country = sqlesc($country);

$gender = sqlesc($gender);

$sitelangid = sqlesc(get_langid_from_langcookie());



$res_check_user = sql_query("SELECT * FROM users WHERE username = " . $wantusername);



if(mysql_num_rows($res_check_user) == 1)

  bark($lang_takesignup['std_username_exists']);



$ret = sql_query("INSERT INTO users (username, passhash, secret, editsecret, email, country, gender, status, class, invites, ".($type == 'invite' ? "invited_by," : "")." added, last_access, lang, stylesheet".($showschool == 'yes' ? ", school" : "").", uploaded) VALUES (" . $wantusername . "," . $wantpasshash . "," . $secret . "," . $editsecret . "," . $email . "," . $country . "," . $gender . ", 'pending', ".$defaultclass_class.",". $invite_count .", ".($type == 'invite' ? "'$inviter'," : "") ." '". date("Y-m-d H:i:s") ."' , " . " '". date("Y-m-d H:i:s") ."' , ".$sitelangid . ",".$defcss.($showschool == 'yes' ? ",".$school : "").",".($iniupload_main > 0 ? $iniupload_main : 0).")") or sqlerr(__FILE__, __LINE__);

$id = mysql_insert_id();

$dt = sqlesc(date("Y-m-d H:i:s"));

$subject = sqlesc($lang_takesignup['msg_subject'].$SITENAME."!");

$msg = sqlesc($lang_takesignup['msg_congratulations'].htmlspecialchars($wantusername).$lang_takesignup['msg_you_are_a_member']);

sql_query("INSERT INTO messages (sender, receiver, subject, added, msg) VALUES(0, $id, $subject, $dt, $msg)") or sqlerr(__FILE__, __LINE__);



//write_log("User account $id ($wantusername) was created");

$res = sql_query("SELECT passhash, secret, editsecret, status FROM users WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);

$row = mysql_fetch_assoc($res);

$psecret = md5($row['secret']);

$ip = getip();

$usern = htmlspecialchars($wantusername);

$title = $SITENAME.$lang_takesignup['mail_title'];

$body = <<<EOD

{$lang_takesignup['mail_one']}$usern{$lang_takesignup['mail_two']}($email){$lang_takesignup['mail_three']}$ip{$lang_takesignup['mail_four']}

<b><a href="javascript:void(null)" onclick="window.open('http://$BASEURL/confirm.php?id=$id&secret=$psecret')">

{$lang_takesignup['mail_this_link']} </a></b><br />

http://$BASEURL/confirm.php?id=$id&secret=$psecret

{$lang_takesignup['mail_four_1']}

<b><a href="javascript:void(null)" onclick="window.open('http://$BASEURL/confirm_resend.php')">{$lang_takesignup['mail_here']}</a></b><br />

http://$BASEURL/confirm_resend.php

<br />

{$lang_takesignup['mail_five']}

EOD;



if ($type == 'invite')

{

//don't forget to delete confirmed invitee's hash code from table invites

sql_query("DELETE FROM invites WHERE hash = '".mysql_real_escape_string($code)."'");

$dt = sqlesc(date("Y-m-d H:i:s"));

$subject = sqlesc($lang_takesignup_target[get_user_lang($inviter)]['msg_invited_user_has_registered']);

$msg = sqlesc($lang_takesignup_target[get_user_lang($inviter)]['msg_user_you_invited'].$usern.$lang_takesignup_target[get_user_lang($inviter)]['msg_has_registered']);

//sql_query("UPDATE users SET uploaded = uploaded + 10737418240 WHERE id = $inviter"); //add 10GB to invitor's uploading credit

sql_query("INSERT INTO messages (sender, receiver, subject, added, msg) VALUES(0, $inviter, $subject, $dt, $msg)") or sqlerr(__FILE__, __LINE__);

$Cache->delete_value('user_'.$inviter.'_unread_message_count');

$Cache->delete_value('user_'.$inviter.'_inbox_count');

}



if ($verification == 'admin'){

	if ($type == 'invite')

	header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=inviter");

	else

	header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=adminactivate");

}

elseif ($verification == 'automatic' || $smtptype == 'none'){

	header("Location: " . get_protocol_prefix() . "$BASEURL/confirm.php?id=$id&secret=$psecret");

}

else{

	sent_mail($send_email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"signup",false,false,'',get_email_encode(get_langfolder_cookie()));

	header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=signup&email=" . rawurlencode($send_email));

}



?>
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/scruixin_Blood/nexusphp.git
[email protected]:scruixin_Blood/nexusphp.git
scruixin_Blood
nexusphp
nexusphp
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部