· 8 years ago · Oct 01, 2017, 10:38 AM
1<?php
2require_once 'engine/init.php';
3logged_in_redirect();
4include 'layout/overall/header.php';
5require_once('config.countries.php');
6
7if (empty($_POST) === false) {
8 // $_POST['']
9 $required_fields = array('username', 'password', 'password_again', 'email', 'selected');
10 foreach($_POST as $key=>$value) {
11 if (empty($value) && in_array($key, $required_fields) === true) {
12 $errors[] = 'You need to fill in all fields.';
13 break 1;
14 }
15 }
16
17 // check errors (= user exist, pass long enough
18 if (empty($errors) === true) {
19 /* Token used for cross site scripting security */
20 if (!Token::isValid($_POST['token'])) {
21 $errors[] = 'Token is invalid.';
22 }
23
24 if ($config['use_captcha']) {
25 $captcha = (isset($_POST['g-recaptcha-response'])) ? $_POST['g-recaptcha-response'] : false;
26 if(!$captcha) {
27 $errors[] = 'Please check the the captcha form.';
28 } else {
29 $secretKey = $config['captcha_secret_key'];
30 $ip = $_SERVER['REMOTE_ADDR'];
31 // curl start
32 $curl_connection = curl_init("https://www.google.com/recaptcha/api/siteverify");
33 $post_string = "secret=".$secretKey."&response=".$captcha."&remoteip=".$ip;
34 curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
35 curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
36 curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
37 curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
38 curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
39 $response = curl_exec($curl_connection);
40 curl_close($curl_connection);
41 // Curl end
42 $responseKeys = json_decode($response,true);
43 if(intval($responseKeys["success"]) !== 1) {
44 $errors[] = 'Captcha failed.';
45 }
46 }
47 }
48
49 if (user_exist($_POST['username']) === true) {
50 $errors[] = 'Sorry, that username already exist.';
51 }
52
53 // Don't allow "default admin names in config.php" access to register.
54 $isNoob = in_array(strtolower($_POST['username']), $config['page_admin_access']) ? true : false;
55 if ($isNoob) {
56 $errors[] = 'This account name is blocked for registration.';
57 }
58 if (preg_match("/^[a-zA-Z0-9]+$/", $_POST['username']) == false) {
59 $errors[] = 'Your account name can only contain characters a-z, A-Z and 0-9.';
60 }
61 // name restriction
62 $resname = explode(" ", $_POST['username']);
63 foreach($resname as $res) {
64 if(in_array(strtolower($res), $config['invalidNameTags'])) {
65 $errors[] = 'Your username contains a restricted word.';
66 }
67 else if(strlen($res) == 1) {
68 $errors[] = 'Too short words in your name.';
69 }
70 }
71 if (strlen($_POST['username']) > 32) {
72 $errors[] = 'Your account name must be less than 33 characters.';
73 }
74 // end name restriction
75 if (strlen($_POST['password']) < 6) {
76 $errors[] = 'Your password must be at least 6 characters.';
77 }
78 if (strlen($_POST['password']) > 100) {
79 $errors[] = 'Your password must be less than 100 characters.';
80 }
81 if ($_POST['password'] !== $_POST['password_again']) {
82 $errors[] = 'Your passwords do not match.';
83 }
84 if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
85 $errors[] = 'A valid email address is required.';
86 }
87 if (user_email_exist($_POST['email']) === true) {
88 $errors[] = 'That email address is already in use.';
89 }
90 if ($_POST['selected'] != 1) {
91 $errors[] = 'You are only allowed to have an account if you accept the rules.';
92 }
93 if (validate_ip(getIP()) === false && $config['validate_IP'] === true) {
94 $errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).';
95 }
96 if (strlen($_POST['flag']) < 1) {
97 $errors[] = 'Please choose country.';
98 }
99 }
100}
101
102?>
103<h1>Register Account</h1>
104<?php
105if (isset($_GET['success']) && empty($_GET['success'])) {
106 if ($config['mailserver']['register']) {
107 ?>
108 <h1>Email authentication required</h1>
109 <p>We have sent you an email with an activation link to your submitted email address.</p>
110 <p>If you can't find the email within 5 minutes, check your <strong>junk/trash inbox (spam filter)</strong> as it may be mislocated there.</p>
111 <?php
112 } else echo 'Congratulations! Your account has been created. You may now login to create a character.';
113} elseif (isset($_GET['authenticate']) && empty($_GET['authenticate'])) {
114 // Authenticate user, fetch user id and activation key
115 $auid = (isset($_GET['u']) && (int)$_GET['u'] > 0) ? (int)$_GET['u'] : false;
116 $akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false;
117 // Find a match
118 $user = mysql_select_single("SELECT `id`, `active` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' LIMIT 1;");
119 if ($user !== false) {
120 $user = (int) $user['id'];
121 $active = (int) $user['active'];
122 // Enable the account to login
123 if ($active == 0) {
124 mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`= $user LIMIT 1;");
125 }
126 echo '<h1>Congratulations!</h1> <p>Your account has been created. You may now login to create a character.</p>';
127 } else {
128 echo '<h1>Authentication failed</h1> <p>Either the activation link is wrong, or your account is already activated.</p>';
129 }
130} else {
131 if (empty($_POST) === false && empty($errors) === true) {
132 if ($config['log_ip']) {
133 znote_visitor_insert_detailed_data(1);
134 }
135
136 //Register
137 $register_data = array(
138 'name' => $_POST['username'],
139 'password' => $_POST['password'],
140 'email' => $_POST['email'],
141 'created' => time(),
142 'ip' => getIPLong(),
143 'flag' => $_POST['flag']
144 );
145
146 user_create_account($register_data, $config['mailserver']);
147 if (!$config['mailserver']['debug']) header('Location: register.php?success');
148 exit();
149 //End register
150
151 } else if (empty($errors) === false){
152 echo '<font color="red"><b>';
153 echo output_errors($errors);
154 echo '</b></font>';
155 }
156?>
157 <form action="" method="post">
158 <ul>
159 <li>
160 Account Name:<br>
161 <input type="text" name="username">
162 </li>
163 <li>
164 Password:<br>
165 <input type="password" name="password">
166 </li>
167 <li>
168 Password again:<br>
169 <input type="password" name="password_again">
170 </li>
171 <li>
172 Email:<br>
173 <input type="text" name="email">
174 </li>
175 <li>
176 Country:<br>
177 <select name="flag">
178 <option value="">(Please choose)</option>
179 <?php
180 foreach(array('pl', 'se', 'br', 'us', 'gb', ) as $c)
181 echo '<option value="' . $c . '">' . $config['countries'][$c] . '</option>';
182
183 echo '<option value="">----------</option>';
184 foreach($config['countries'] as $code => $c)
185 echo '<option value="' . $code . '">' . $c . '</option>';
186 ?>
187 </select>
188 </li>
189 <?php
190 if ($config['use_captcha']) {
191 ?>
192 <li>
193 <div class="g-recaptcha" data-sitekey="<?php echo $config['captcha_site_key']; ?>"></div>
194 </li>
195 <?php
196 }
197 ?>
198 <li>
199 <h2>Server Rules</h2>
200 <p>The golden rule: Have fun.</p>
201 <p>If you get pwn3d, don't hate the game.</p>
202 <p>No <a href='http://en.wikipedia.org/wiki/Cheating_in_video_games' target="_blank">cheating</a> allowed.</p>
203 <p>No <a href='http://en.wikipedia.org/wiki/Video_game_bot' target="_blank">botting</a> allowed.</p>
204 <p>The staff can delete, ban, do whatever they want with your account and your <br>
205 submitted information. (Including exposing and logging your IP).</p>
206 </li>
207 <li>
208 Do you agree to follow the server rules?<br>
209 <select name="selected">
210 <option value="0">Umh...</option>
211 <option value="1">Yes.</option>
212 <option value="2">No.</option>
213 </select>
214 </li>
215 <?php
216 /* Form file */
217 Token::create();
218 ?>
219 <li>
220 <input type="submit" value="Create Account">
221 </li>
222 </ul>
223 </form>
224<?php
225}
226include 'layout/overall/footer.php';
227?>