Location: PHPKode > projects > H-tracker > account-signup.php
<?
//
//  H-Tracker v0.2
//    http://h-tracker.org
//    Based on TorrentTrader (http://www.torrenttrader.org)
//
//
require_once("backend/functions.php"); 
dbconn();
if($CURUSER){
show_error_msg("Error", "Already Logged");
}


//invite only check
if ($site_config["INVITEONLY"]){
	show_error_msg("Invite only", "<br><br><center>Sorry this site has disabled user registration, the only way to register is via a invite from a existing member.<br><br></center>",1);
}

//get max members, and check how many users there is
$numsitemembers = get_row_count("users");
if ($numsitemembers >= $site_config["maxsiteusers"])
	show_error_msg("Sorry...", "The site is full!<br>The limit of ".number_format($site_config["maxsiteusers"])." users have been reached.<br>HOWEVER, user accounts expire all the time so please check back again later!<BR><BR>There is currently ".number_format($numsitemembers)." members",1);


if ($takesignup == "1"){  

//check if IP is already a peer
if ($site_config["ipcheck"] && $site_config["accountmax"] > "0") {
$ip = $_SERVER['REMOTE_ADDR'];
$ipc = mysql_query("SELECT COUNT(ip) FROM users WHERE ip = '$ip'") or die (mysql_error());
$ipq = mysql_result($ipc, 0);
if ($ipq >= $site_config["accountmax"])
show_error_msg("Error","$site_config[SITENAME] only allows $site_config[accountmax] account per IP. If you would like to create a new account, please contact a staff member via PM or IRC.<br><br> The error was: <font color=red>maximum account count($site_config[accountmax]) exceeded for $ip($ipq), cannot proceed with signup.</font>",1);
}

$message == "";

function validusername($username) {
		$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
		for ($i = 0; $i < strlen($username); ++$i)
			if (strpos($allowedchars, $username[$i]) === false)
			return false;
		return true;
}

	//Setup Error Messages
  if (empty($wantpassword) || empty($email) || empty($wantusername) || empty($age))
	$message = "Don't leave any required field blank.";
  if (strlen($wantusername) > 12)
	$message = "Sorry, username is too long (max is 12 chars)";
  if ($wantpassword != $passagain)
	$message = "The passwords didn't match! Must be the same. Try again.";
  if (strlen($wantpassword) < 6)
	$message = "Sorry, password is too short (min is 6 chars)";
  if (strlen($wantpassword) > 40)
	$message = "Sorry, password is too long (max is 40 chars)";
  if ($wantpassword == $wantusername)
 	$message = "Sorry, password cannot be same as user name.";
  if (!validemail($email))
	$message = "That doesn't look like a valid email address.";
  if (!validusername($wantusername))
	$message = "Invalid username.";
   $b = get_row_count("captcha", "WHERE imagehash = ".sqlesc($_POST["imagehash"])." AND imagestring = ".sqlesc($_POST["imagestring"]));
   mysql_query("DELETE FROM captcha WHERE imagehash = ".sqlesc($_POST["imagehash"])) or die(mysql_error());
if ($b == 0)
	$message = "You have entered the wrong confirmation code.";
if ($message == "") {
	//check email isnt banned
	$maildomain = (substr($email, strpos($email, "@")+1));
    $a = (@mysql_fetch_row(@mysql_query("select count(*) from email_bans where mail_domain='$email'"))) or die(mysql_error());
	if ($a[0] != 0)
		$message = "The e-mail address $email is Banned All Been A Member And Banned.";
	$a = (@mysql_fetch_row(@mysql_query("select count(*) from email_bans where mail_domain='$maildomain'"))) or die(mysql_error());if ($a[0] != 0)
	$message = "The e-mail address $email is Banned Due To Being A Free Provider Address.";
  
  // check if email addy is already in use
  $a = (@mysql_fetch_row(@mysql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
  if ($a[0] != 0)
    $message = "The e-mail address $email is already in use.";

   //check username isnt in use
  $a = (@mysql_fetch_row(@mysql_query("select count(*) from users where username='$wantusername'"))) or die(mysql_error());
  if ($a[0] != 0)
    $message = "The username $wantusername is already in use."; 

  $secret = mksecret(); //generate secret field

  $wantpassword = md5($wantpassword);//md5 hash the password
}
	if ($message != "")
	show_error_msg("Signup Failed", $message,1); 
 
  if ($message == "") {

	if ($site_config["CONFIRMEMAIL"]){//req confirm email true/false
		$status = "pending";
	}else{
		$status = "confirmed";
	}

	//make first member admin
	if ($numsitemembers == '0')
		$signupclass = '7';
	else
		$signupclass = '1';

   $ret = mysql_query("INSERT INTO users (username, password, secret, email, status, added, age, country, gender, client, stylesheet, language, class) VALUES (" .
	  implode(",", array_map("sqlesc", array($wantusername, $wantpassword, $secret, $email, $status, get_date_time(), $age, $country, $gender, $client, $site_config["default_theme"], $site_config["default_language"], $signupclass))).")");

    $id = mysql_insert_id();

    $psecret = md5($secret);
    $thishost = $_SERVER["HTTP_HOST"];
    $thisdomain = preg_replace('/^www\./is', "", $thishost);

	//ADMIN CONFIRM
	if ($site_config["ACONFIRM"]) {
		$body = "Your account at ".$site_config['SITENAME']." has been created.\n\nYou will have to wait for the approval of an admin before you can use your new account.\n\n".$site_config['SITENAME']." Admin";
	}else{//NO ADMIN CONFIRM, BUT EMAIL CONFIRM
		$body = "Your account at ".$site_config['SITENAME']." has been : APPROVED\n\nTo confirm your user registration, you have to follow this link:\n\n	".$site_config['SITEURL']."/account-confirm.php?id=$id&secret=$psecret\n\nAfter you do this, you will be able to use your new account.\n\n	If you fail to do this, your account will be deleted within a few days.\n\n".$site_config['SITENAME']." Admin";
	}
      
	if ($site_config["CONFIRMEMAIL"]){ //email confirmation is on
		ini_set("sendmail_from", "");
		mail($email, "Your ".$site_config['SITENAME']." User Account", $body, "From: ".$site_config['SITENAME']." <".$site_config['SITEEMAIL'].">");
		header("Refresh: 0; url=account-confirm-ok.php?type=signup&email=" . urlencode($email));
	}else{ //email confirmation is off 
		header("Refresh: 0; url=account-confirm-ok.php?type=noconf");
	}

	//send pm to new user
	if ($site_config["WELCOMEPMON"]){
		$dt = sqlesc(get_date_time());
		$msg = sqlesc($site_config["WELCOMEPMMSG"]);
		mysql_query("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id, $dt, $msg, 0)");
	}

    die;
  }

}//end takesignup



stdhead("Signup");
begin_frame("Signup");
?>  
<? echo "" . COOKIES . "";?>
<p>
<form method="post" action="account-signup.php?takesignup=1">
	<table cellSpacing="0" cellPadding="2" border="0" align="center">
			<tr>
				<td align="right">Username: <font class="small"><font color="#FF0000">*</font></td>
				<td><input type="text" size="40" name="wantusername" title="Choose a username"></td>
			</tr>
			<tr>
				<td align="right">Password: <font class="small"><font color="#FF0000">*</font></td>
				<td><input type="password" size="40" name="wantpassword" title="Your password"></td>
			</tr>
			<tr>
				<td align="right">Confirm: <font class="small"><font color="#FF0000">*</font></td>
				<td><input type="password" size="40" name="passagain" title="The same password"></td>
			</tr>
			<tr>
				<td align="right">Email: <font class="small"><font color="#FF0000">*</font></td>
				<td><input type="text" size="40" name="email" title="Your real email"></td>
			</tr>
<?if ($site_config['CAPTCHAON']){?>
			<tr>
				<td align="right">Security Code: <font class="small"></td>
<?
include_once("backend/captcha.php");
$hash = create_captcha();
print("<td><img id=\"captcha\" src=\"captcha.php?imagehash=$hash\" alt=\"Captcha\" /><input type=\"hidden\" name=\"imagehash\" value=\"$hash\" />&nbsp;<a href='javascript:location.reload()'><img src='/images/reload.gif' border='0' height='16' width='16' alt='' title='Refresh Security Code' /></a><br /><font color=\"red\">Code is case sensetive.</font><input type=\"hidden\" name=\"imagehash\" value=\"$hash\" />");
?>
                  </td></tr>
			<tr>
				<td align="right">Confirmation Security Code: <font class="small"><font color="#FF0000">*</font></td>
                  <td><input type="text" name="imagestring" size="20" value="" title="Enter security code"/></td>
                  </tr>
<?}?>

			<tr>
				<td align="right">Age:<font class="small"><font color="#FF0000">*</font></td>
				<td><input type="text" size="20" name="age" maxlength="2" title="Your real age"/></td>
			</tr>
			<tr>
				<td align="right">Country:</td>
				<td>
					<select name="country" size="1">
						<?php
						$countries = "<option value=\"0\">---- None selected ----</option>\n";
						$ct_r = mysql_query("SELECT id,name,domain from countries ORDER BY name") or die;
						while ($ct_a = mysql_fetch_array($ct_r)) {
						  $countries .= "\t\t\t\t\t\t<option value=\"$ct_a[id]\"";
						  if ($dom == $ct_a["domain"])
						    $countries .= " SELECTED";
						  $countries .= ">$ct_a[name]</option>\n"; 
						}
						?>
						<?=$countries ?>
					</select>
				</td>
			</tr>
			<tr>
				<td align="right">Gender:</td>
				<td>
					<input type="radio" name="gender" value="Male"><img src="images/users/male.png">Male
					&nbsp;&nbsp;
					<input type="radio" name="gender" value="Female"><img src="images/users/female.png">Female
				</td>
			</tr>
			<tr>
				<td align="center" colSpan="2">
                <input type="submit" value="Sign Up" />
              </td>
			</tr>
	</table>
</form> 
<?
end_frame();
stdfoot();
?>
Return current item: H-tracker