MLg8YZT0

· 8 years ago · Apr 25, 2017, 08:28 PM
1<?php if(basename($_SERVER["PHP_SELF"]) == "register.php"){
2    die("403 - Access Forbidden");
3}
4if(isset($_SESSION['id'])){
5    echo "<meta http-equiv=refresh content="0; url=?base=ucp">";
6}
7else{
8echo "<h2 class="text-left">Registration</h2><hr/>";
9if (@$_POST["register"] != "1") {
10?>
11    <form action="?base=main&page=register" method="POST" role="form">
12    <div class="form-group">
13        <label for="inputUser">Username</label>
14        <input type="text" name="musername" maxlength="12" class="form-control" id="inputUser" required autocomplete="off" placeholder="Username">
15    </div>
16    <div class="form-group">
17        <label for="inputPass">Password</label>
18        <input type="password" name="mpass" maxlength="30" class="form-control" id="inputPass" required autocomplete="off" placeholder="Password">
19    </div>
20    <div class="form-group">
21        <label for="inputConfirm">Confirm Password</label>
22        <input type="password" name="mpwcheck" maxlength="30" class="form-control" id="inputConfirm" required autocomplete="off" placeholder="Confirm Password">
23    </div>
24    <div class="form-group">
25        <label for="inputEmail">Email</label>
26        <input type="email" name="memail" maxlength="50" class="form-control" id="inputEmail" required autocomplete="off" placeholder="Email">
27    </div>
28    <b>reCaptcha</b>
29    <div class="g-recaptcha" data-sitekey="YOUR SITE KEY HERE"></div>
30    <br/>
31        <input type="submit" class="btn btn-primary" name="submit" alt="Register" value="Register &raquo;"/> 
32        <input type="hidden" name="register" value="1" />
33    </form>
34    <br/>
35<?php
36} else {    
37    $getusername = $mysqli->real_escape_string($_POST["musername"]); # Get Username
38    $username = preg_replace("/[^A-Za-z0-9 ]/", '', $getusername); # Escape and Strip
39    $password = $_POST["mpass"]; # Get Password
40    $confirm_password =$_POST["mpwcheck"]; # Get Confirm Password
41    $email = $mysqli->real_escape_string($_POST["memail"]);
42    $captcha = $mysqli->real_escape_string($_POST["g-recaptcha-response"]);
43    $birth = "1990-01-01";
44    $ip = getRealIpAddr();
45    
46    $secretkey = "YOUR PRIVATE SITE KEY HERE";
47    
48    if(empty($captcha)){
49        echo ("<div class="content"><div class="contentbg registerbg"></div><div class="body_register"><div class="alert alert-danger"><b>Error:</b> Please fill in the correct ReCAPTCHA code!<br/><a href="?base=main&page=register" class="areg">&laquo; Go Back</a></div></div></div>");
50    } else {
51        $select_user_result = $mysqli->query("SELECT id FROM accounts WHERE name='".$username."' OR email='".$email."' LIMIT 1");
52        $returned = $select_user_result->num_rows;    
53        if ($returned > 0) {
54            echo ("<div class="alert alert-danger"><b>Error:</b> This username or email is already used!<br/><a href="?base=main&page=register">&laquo; Go Back</a>");
55        } else if ($password != $confirm_password) {
56            echo ("<div class="alert alert-danger">Passwords didn't match!<br/><a href="?base=main&page=register">&laquo; Go Back</a></div></div></div>");
57        } else if (strlen($password) < 4 || strlen($password) > 12) {
58            echo ("<div class="alert alert-danger">Your password must be between 4-12 characters<br/><a href="?base=main&page=register">&laquo; Go Back</a>");
59        } else if (strlen($username) < 4 || strlen($username) > 12) {
60            echo ("<div class="alert alert-danger">Your username must be between 4-12 characters<br/><a href="?base=main&page=register">&laquo; Go Back</a>");
61        } else if (!strstr($email, '@')) {
62            echo ("<div class="alert alert-danger">You have filled in a wrong email address<br/><a href="?base=main&page=register">&laquo; Go Back</a>");
63        } else {
64            $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
65            if($response.success==true) 
66            {    
67            //All data is ok
68            $password = sha1($password);
69            $insert_user_query = "INSERT INTO accounts (`name`, `password`, `ip`, `email`, `birthday`) VALUES ('".$username."', '".$password."', '".$ip."', '".$email."', '".$birth."')";
70            $mysqli->query($insert_user_query);
71            echo"
72                <div class="alert alert-success"><b>Success!</b> Please login, and head to the downloads page to get started!</div>
73            ";
74            }
75            }
76        }
77    }
78}