Location: PHPKode > projects > H-tracker > takeconfirminvite.php
<?
//
//  H-Tracker v0.2
//    http://h-tracker.org
//    Based on TorrentTrader (http://www.torrenttrader.org)
//
//
require_once("backend/functions.php");


$id = 0 + $HTTP_GET_VARS["id"];
$md5 = $HTTP_GET_VARS["secret"];
if (!$id)
httperr();

dbconn();

$res = mysql_query("SELECT COUNT(*) FROM users") or die(mysql_error());
$arr = mysql_fetch_row($res);

$res = mysql_query("SELECT editsecret, status FROM users WHERE id = $id") or die(mysql_error());
$row = mysql_fetch_array($res);

if (!$row)
httperr();

if ($row["status"] != "pending") {
header("Refresh: 0; url=account-confirm-ok.php?type=confirmed");
exit();
}

$sec = hash_pad($row["editsecret"]);
if ($md5 != md5($sec))
httperr();
if (empty($wantusername) || empty($wantpassword))
show_error_msg("Error!", "Don't leave any fields blank.",1);
if (!mkglobal("wantusername:wantpassword:passagain"))
die();

function validusername($username)
{
if ($username == "")
return false;

// The following characters are allowed in user names
$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

for ($i = 0; $i < strlen($username); ++$i)
if (strpos($allowedchars, $username[$i]) === false)
return false;

return true;
}

function isportopen($port)
{
global $HTTP_SERVER_VARS;
$sd = @fsockopen($HTTP_SERVER_VARS["REMOTE_ADDR"], $port, $errno, $errstr, 1);
if ($sd)
{
fclose($sd);
return true;
}
else
return false;
}

if (strlen($wantusername) > 12)
show_error_msg("Error!", "Sorry, username is too long (max is 12 chars)",1);

if ($wantpassword != $passagain)
show_error_msg("Error!","The passwords didn't match! Must've typoed. Try again.",1);

if (strlen($wantpassword) < 6)
show_error_msg("Error!","Sorry, password is too short (min is 6 chars)",1);

if (strlen($wantpassword) > 40)
show_error_msg("Error!","Sorry, password is too long (max is 40 chars)",1);

if ($wantpassword == $wantusername)
show_error_msg("Error!","Sorry, password cannot be same as user name.",1);

if (!validusername($wantusername))
show_error_msg("Error!","Invalid username.",1);

// make sure user agrees to everything...
if ($HTTP_POST_VARS["rulesverify"] != "yes" || $HTTP_POST_VARS["faqverify"] != "yes" || $HTTP_POST_VARS["ageverify"] != "yes")
show_error_msg("Signup failed", "Sorry, you're not qualified to become a member of this site.",1);

$secret = mksecret();
$wantpasshash = md5($wantpassword);

$ret = mysql_query("UPDATE users SET username='$wantusername', password='$wantpasshash', status='confirmed', editsecret='', secret='$secret' WHERE id=$id");

if (!$ret) {
if (mysql_errno() == 1062)
show_error_msg("Error!","Username already exists!.",1);

}

//logincookie($id, $wantpasshash);

header("Refresh: 0; url=account-confirm-ok.php?type=confirm");


?>
Return current item: H-tracker