· 9 years ago · Dec 02, 2016, 05:50 PM
1<?php
2/**
3 * Allows the creation of new user accounts.
4 *
5 * @copyright (C) 2008-2012 PunBB, partially based on code (C) 2008-2009 FluxBB.org
6 * @license http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
7 * @package PunBB
8 */
9if (!defined('FORUM_ROOT'))
10 define('FORUM_ROOT', './');
11require FORUM_ROOT.'include/common.php';
12($hook = get_hook('rg_start')) ? eval($hook) : null;
13// If we are logged in, we shouldn't be here
14if (!$forum_user['is_guest'])
15{
16 header('Location: '.forum_link($forum_url['index']));
17 exit;
18}
19// Load the profile.php language file
20require FORUM_ROOT.'lang/'.$forum_user['language'].'/profile.php';
21if ($forum_config['o_regs_allow'] == '0')
22 message($lang_profile['No new regs']);
23$errors = array();
24// User pressed the cancel button
25if (isset($_GET['cancel']))
26 redirect(forum_link($forum_url['index']), $lang_profile['Reg cancel redirect']);
27// User pressed agree but failed to tick checkbox
28else if (isset($_GET['agree']) && !isset($_GET['req_agreement']))
29 redirect(forum_link($forum_url['index']), $lang_profile['Reg cancel redirect']);
30// Show the rules
31else if ($forum_config['o_rules'] == '1' && !isset($_GET['agree']) && !isset($_POST['form_sent']))
32{
33 // Setup form
34 $forum_page['group_count'] = $forum_page['item_count'] = $forum_page['fld_count'] = 0;
35 // Setup breadcrumbs
36 $forum_page['crumbs'] = array(
37 array($forum_config['o_board_title'], forum_link($forum_url['index'])),
38 array($lang_common['Register'], forum_link($forum_url['register'])),
39 $lang_common['Rules']
40 );
41 ($hook = get_hook('rg_rules_pre_header_load')) ? eval($hook) : null;
42 define('FORUM_PAGE', 'rules-register');
43 require FORUM_ROOT.'header.php';
44 // START SUBST - <!-- forum_main -->
45 ob_start();
46 ($hook = get_hook('rg_rules_output_start')) ? eval($hook) : null;
47 $forum_page['set_count'] = $forum_page['fld_count'] = 0;
48?>
49 <div class="main-head">
50 <h2 class="hn"><span><?php echo sprintf($lang_profile['Register at'], $forum_config['o_board_title']) ?></span></h2>
51 </div>
52 <div class="main-subhead">
53 <h2 class="hn"><span><?php echo $lang_profile['Reg rules head'] ?></span></h2>
54 </div>
55 <div class="main-content main-frm">
56 <div id="rules-content" class="ct-box user-box">
57 <?php echo $forum_config['o_rules_message'] ?>
58 </div>
59 <form class="frm-form" method="get" accept-charset="utf-8" action="<?php echo forum_link($forum_url['register']) ?>">
60<?php ($hook = get_hook('rg_rules_pre_group')) ? eval($hook) : null; ?>
61 <div class="frm-group group<?php echo ++$forum_page['group_count'] ?>">
62<?php ($hook = get_hook('rg_rules_pre_agree_checkbox')) ? eval($hook) : null; ?>
63 <div class="sf-set set<?php echo ++$forum_page['item_count'] ?>">
64 <div class="sf-box checkbox">
65 <span class="fld-input"><input type="checkbox" id="fld<?php echo ++$forum_page['fld_count'] ?>" name="req_agreement" value="1" required /></span>
66 <label for="fld<?php echo $forum_page['fld_count'] ?>"><span><?php echo $lang_profile['Agreement'] ?></span> <?php echo $lang_profile['Agreement label'] ?></label>
67 </div>
68 </div>
69<?php ($hook = get_hook('rg_rules_pre_group_end')) ? eval($hook) : null; ?>
70 </div>
71<?php ($hook = get_hook('rg_rules_group_end')) ? eval($hook) : null; ?>
72 <div class="frm-buttons">
73 <span class="submit primary"><input type="submit" name="agree" value="<?php echo $lang_profile['Agree'] ?>" /></span>
74 <span class="cancel"><input type="submit" name="cancel" value="<?php echo $lang_common['Cancel'] ?>" formnovalidate /></span>
75 </div>
76 </form>
77 </div>
78<?php
79 ($hook = get_hook('rg_rules_end')) ? eval($hook) : null;
80 $tpl_temp = forum_trim(ob_get_contents());
81 $tpl_main = str_replace('<!-- forum_main -->', $tpl_temp, $tpl_main);
82 ob_end_clean();
83 // END SUBST - <!-- forum_main -->
84 require FORUM_ROOT.'footer.php';
85}
86else if (isset($_POST['form_sent']))
87{
88 ($hook = get_hook('rg_register_form_submitted')) ? eval($hook) : null;
89 // Check that someone from this IP didn't register a user within the last hour (DoS prevention)
90 $query = array(
91 'SELECT' => 'COUNT(u.id)',
92 'FROM' => 'users AS u',
93 'WHERE' => 'u.registration_ip=\''.$forum_db->escape(get_remote_address()).'\' AND u.registered>'.(time() - 3600)
94 );
95 ($hook = get_hook('rg_register_qr_check_register_flood')) ? eval($hook) : null;
96 $result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
97 if ($forum_db->result($result) > 0)
98 {
99 $errors[] = $lang_profile['Registration flood'];
100 }
101 // Did everything go according to plan so far?
102 if (empty($errors))
103 {
104 $username = forum_trim($_POST['req_username']);
105 $email1 = strtolower(forum_trim($_POST['req_email1']));
106 if ($forum_config['o_regs_verify'] == '1')
107 {
108 $password1 = random_key(8, true);
109 $password2 = $password1;
110 }
111 else
112 {
113 $password1 = forum_trim($_POST['req_password1']);
114 $password2 = ($forum_config['o_mask_passwords'] == '1') ? forum_trim($_POST['req_password2']) : $password1;
115 }
116 // Validate the username
117 $errors = array_merge($errors, validate_username($username));
118 // ... and the password
119 if (utf8_strlen($password1) < 4)
120 $errors[] = $lang_profile['Pass too short'];
121 else if ($password1 != $password2)
122 $errors[] = $lang_profile['Pass not match'];
123 // ... and the e-mail address
124 if (!defined('FORUM_EMAIL_FUNCTIONS_LOADED'))
125 require FORUM_ROOT.'include/email.php';
126 if (!is_valid_email($email1))
127 $errors[] = $lang_profile['Invalid e-mail'];
128 // Check if it's a banned e-mail address
129 $banned_email = is_banned_email($email1);
130 if ($banned_email && $forum_config['p_allow_banned_email'] == '0')
131 $errors[] = $lang_profile['Banned e-mail'];
132 // Clean old unverified registrators - delete older than 72 hours
133 $query = array(
134 'DELETE' => 'users',
135 'WHERE' => 'group_id='.FORUM_UNVERIFIED.' AND activate_key IS NOT NULL AND registered < '.(time() - 259200)
136 );
137 ($hook = get_hook('rg_register_qr_delete_unverified')) ? eval($hook) : null;
138 $forum_db->query_build($query) or error(__FILE__, __LINE__);
139 // Check if someone else already has registered with that e-mail address
140 $dupe_list = array();
141 $query = array(
142 'SELECT' => 'u.username',
143 'FROM' => 'users AS u',
144 'WHERE' => 'u.email=\''.$forum_db->escape($email1).'\''
145 );
146 ($hook = get_hook('rg_register_qr_check_email_dupe')) ? eval($hook) : null;
147 $result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
148 while ($cur_dupe = $forum_db->fetch_assoc($result))
149 {
150 $dupe_list[] = $cur_dupe['username'];
151 }
152 if (!empty($dupe_list) && empty($errors))
153 {
154 if ($forum_config['p_allow_dupe_email'] == '0')
155 $errors[] = $lang_profile['Dupe e-mail'];
156 }
157 ($hook = get_hook('rg_register_end_validation')) ? eval($hook) : null;
158 // Did everything go according to plan so far?
159 if (empty($errors))
160 {
161 // Make sure we got a valid language string
162 if (isset($_POST['language']))
163 {
164 $language = preg_replace('#[\.\\\/]#', '', $_POST['language']);
165 if (!file_exists(FORUM_ROOT.'lang/'.$language.'/common.php'))
166 message($lang_common['Bad request']);
167 }
168 else
169 $language = $forum_config['o_default_lang'];
170 $initial_group_id = ($forum_config['o_regs_verify'] == '0') ? $forum_config['o_default_user_group'] : FORUM_UNVERIFIED;
171 $salt = random_key(12);
172 $password_hash = forum_hash($password1, $salt);
173 // Validate timezone and DST
174 $timezone = (isset($_POST['timezone'])) ? floatval($_POST['timezone']) : $forum_config['o_default_timezone'];
175 // Validate timezone — on error use default value
176 if (($timezone > 14.0) || ($timezone < -12.0)) {
177 $timezone = $forum_config['o_default_timezone'];
178 }
179 // DST
180 $dst = (isset($_POST['dst']) && intval($_POST['dst']) === 1) ? 1 : $forum_config['o_default_dst'];
181 // Insert the new user into the database. We do this now to get the last inserted id for later use.
182 $user_info = array(
183 'username' => $username,
184 'group_id' => $initial_group_id,
185 'salt' => $salt,
186 'password' => $password1,
187 'password_hash' => $password_hash,
188 'email' => $email1,
189 'email_setting' => $forum_config['o_default_email_setting'],
190 'timezone' => $timezone,
191 'dst' => $dst,
192 'language' => $language,
193 'style' => $forum_config['o_default_style'],
194 'registered' => time(),
195 'registration_ip' => get_remote_address(),
196 'activate_key' => ($forum_config['o_regs_verify'] == '1') ? '\''.random_key(8, true).'\'' : 'NULL',
197 'require_verification' => ($forum_config['o_regs_verify'] == '1'),
198 'notify_admins' => ($forum_config['o_regs_report'] == '1')
199 );
200 ($hook = get_hook('rg_register_pre_add_user')) ? eval($hook) : null;
201 add_user($user_info, $new_uid);
202 // If we previously found out that the e-mail was banned
203 if ($banned_email && $forum_config['o_mailing_list'] != '')
204 {
205 $mail_subject = 'Alert - Banned e-mail detected';
206 $mail_message = 'User \''.$username.'\' registered with banned e-mail address: '.$email1."\n\n".'User profile: '.forum_link($forum_url['user'], $new_uid)."\n\n".'-- '."\n".'Forum Mailer'."\n".'(Do not reply to this message)';
207 ($hook = get_hook('rg_register_banned_email')) ? eval($hook) : null;
208 forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message);
209 }
210 // If we previously found out that the e-mail was a dupe
211 if (!empty($dupe_list) && $forum_config['o_mailing_list'] != '')
212 {
213 $mail_subject = 'Alert - Duplicate e-mail detected';
214 $mail_message = 'User \''.$username.'\' registered with an e-mail address that also belongs to: '.implode(', ', $dupe_list)."\n\n".'User profile: '.forum_link($forum_url['user'], $new_uid)."\n\n".'-- '."\n".'Forum Mailer'."\n".'(Do not reply to this message)';
215 ($hook = get_hook('rg_register_dupe_email')) ? eval($hook) : null;
216 forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message);
217 }
218 ($hook = get_hook('rg_register_pre_login_redirect')) ? eval($hook) : null;
219 // Must the user verify the registration or do we log him/her in right now?
220 if ($forum_config['o_regs_verify'] == '1')
221 {
222 message(sprintf($lang_profile['Reg e-mail'], '<a href="mailto:'.forum_htmlencode($forum_config['o_admin_email']).'">'.forum_htmlencode($forum_config['o_admin_email']).'</a>'));
223 }
224 else
225 {
226 // Remove cache file with forum stats
227 if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
228 {
229 require FORUM_ROOT.'include/cache.php';
230 }
231 clean_stats_cache();
232 }
233 $expire = time() + $forum_config['o_timeout_visit'];
234 forum_setcookie($cookie_name, base64_encode($new_uid.'|'.$password_hash.'|'.$expire.'|'.sha1($salt.$password_hash.forum_hash($expire, $salt))), $expire);
235 redirect(forum_link($forum_url['index']), $lang_profile['Reg complete']);
236 }
237 }
238}
239// Setup form
240$forum_page['group_count'] = $forum_page['item_count'] = $forum_page['fld_count'] = 0;
241$forum_page['form_action'] = forum_link($forum_url['register']).'?action=register';
242// Setup form information
243$forum_page['frm_info'] = array();
244if ($forum_config['o_regs_verify'] != '0')
245 $forum_page['frm_info']['email'] = '<p class="warn">'.$lang_profile['Reg e-mail info'].'</p>';
246// Setup breadcrumbs
247$forum_page['crumbs'] = array(
248 array($forum_config['o_board_title'], forum_link($forum_url['index'])),
249 sprintf($lang_profile['Register at'], $forum_config['o_board_title'])
250);
251// Load JS for timezone detection
252$forum_loader->add_js('https://www.google.com/recaptcha/api.js');
253$forum_loader->add_js($base_url.'/include/js/min/punbb.timezone.min.js');
254$forum_loader->add_js('PUNBB.timezone.detect_on_register_form();', array('type' => 'inline'));
255($hook = get_hook('rg_register_pre_header_load')) ? eval($hook) : null;
256define('FORUM_PAGE', 'register');
257require FORUM_ROOT.'header.php';
258// START SUBST - <!-- forum_main -->
259ob_start();
260($hook = get_hook('rg_register_output_start')) ? eval($hook) : null;
261?>
262 <div class="main-head">
263 <h2 class="hn"><span><?php echo sprintf($lang_profile['Register at'], $forum_config['o_board_title']) ?></span></h2>
264 </div>
265 <div class="main-content main-frm">
266<?php
267 if (!empty($forum_page['frm_info'])):
268?>
269 <div class="ct-box info-box">
270 <?php echo implode("\n\t\t\t", $forum_page['frm_info'])."\n" ?>
271 </div>
272<?php
273 endif;
274 // If there were any errors, show them
275 if (!empty($errors))
276 {
277 $forum_page['errors'] = array();
278 foreach ($errors as $cur_error)
279 $forum_page['errors'][] = '<li class="warn"><span>'.$cur_error.'</span></li>';
280 ($hook = get_hook('rg_pre_register_errors')) ? eval($hook) : null;
281?>
282 <div class="ct-box error-box">
283 <h2 class="warn hn"><span><?php echo $lang_profile['Register errors'] ?></span></h2>
284 <ul class="error-list">
285 <?php echo implode("\n\t\t\t\t", $forum_page['errors'])."\n" ?>
286 </ul>
287 </div>
288<?php
289 }
290?>
291 <div id="req-msg" class="req-warn ct-box error-box">
292 <p class="important"><?php echo $lang_common['Required warn'] ?></p>
293 </div>
294 <form class="frm-form frm-suggest-username" id="afocus" method="post" accept-charset="utf-8" action="<?php echo $forum_page['form_action'] ?>" autocomplete="off">
295 <div class="hidden">
296 <input type="hidden" name="form_sent" value="1" />
297 <input type="hidden" name="csrf_token" value="<?php echo generate_form_token($forum_page['form_action']) ?>" />
298 <input type="hidden" name="timezone" id="register_timezone" value="<?php echo forum_htmlencode($forum_config['o_default_timezone']) ?>" />
299 <input type="hidden" name="dst" id="register_dst" value="<?php echo forum_htmlencode($forum_config['o_default_dst']) ?>" />
300 </div>
301<?php ($hook = get_hook('rg_register_pre_group')) ? eval($hook) : null; ?>
302 <div class="frm-group group<?php echo ++$forum_page['group_count'] ?>">
303<?php ($hook = get_hook('rg_register_pre_email')) ? eval($hook) : null; ?>
304 <div class="sf-set set<?php echo ++$forum_page['item_count'] ?>">
305 <div class="sf-box text required">
306 <label for="fld<?php echo ++$forum_page['fld_count'] ?>"><span><?php echo $lang_profile['E-mail'] ?></span> <small><?php echo $lang_profile['E-mail help'] ?></small></label><br />
307 <span class="fld-input"><input type="email" data-suggest-role="email" id="fld<?php echo $forum_page['fld_count'] ?>" name="req_email1" value="<?php echo(isset($_POST['req_email1']) ? forum_htmlencode($_POST['req_email1']) : '') ?>" size="35" maxlength="80" required spellcheck="false" /></span>
308 </div>
309 </div>
310<?php ($hook = get_hook('rg_register_pre_username')) ? eval($hook) : null; ?>
311 <div class="sf-set set<?php echo ++$forum_page['item_count']; if ($forum_config['o_regs_verify'] == '0') echo ' prepend-top'; ?>">
312 <div class="sf-box text required">
313 <label for="fld<?php echo ++$forum_page['fld_count'] ?>"><span><?php echo $lang_profile['Username'] ?></span> <small><?php echo $lang_profile['Username help'] ?></small></label><br />
314 <span class="fld-input"><input type="text" data-suggest-role="username" id="fld<?php echo $forum_page['fld_count'] ?>" name="req_username" value="<?php echo(isset($_POST['req_username']) ? forum_htmlencode($_POST['req_username']) : '') ?>" size="35" maxlength="25" required spellcheck="false" /></span>
315 </div>
316 </div>
317<?php ($hook = get_hook('rg_register_pre_password')) ? eval($hook) : null; ?>
318<?php if ($forum_config['o_regs_verify'] == '0'): ?>
319 <div class="sf-set set<?php echo ++$forum_page['item_count'] ?>">
320 <div class="sf-box text required">
321 <label for="fld<?php echo ++$forum_page['fld_count'] ?>"><span><?php echo $lang_profile['Password'] ?></span> <small><?php echo $lang_profile['Password help'] ?></small></label><br />
322 <span class="fld-input"><input type="<?php echo($forum_config['o_mask_passwords'] == '1' ? 'password' : 'text') ?>" id="fld<?php echo $forum_page['fld_count'] ?>" name="req_password1" size="35" value="<?php if (isset($_POST['req_password1'])) echo forum_htmlencode($_POST['req_password1']); ?>" required autocomplete="off" /></span>
323 </div>
324 </div>
325 <?php ($hook = get_hook('rg_register_pre_confirm_password')) ? eval($hook) : null; ?>
326 <?php if ($forum_config['o_mask_passwords'] == '1'): ?>
327 <div class="sf-set set<?php echo ++$forum_page['item_count'] ?>">
328 <div class="sf-box text required">
329 <label for="fld<?php echo ++$forum_page['fld_count'] ?>"><span><?php echo $lang_profile['Confirm password'] ?></span> <small><?php echo $lang_profile['Confirm password help'] ?></small></label><br />
330 <span class="fld-input"><input type="password" id="fld<?php echo $forum_page['fld_count'] ?>" name="req_password2" size="35" value="<?php if (isset($_POST['req_password2'])) echo forum_htmlencode($_POST['req_password2']); ?>" required autocomplete="off" /></span>
331 </div>
332 </div>
333 <?php endif; ?>
334<?php endif; ?>
335<?php ($hook = get_hook('rg_register_pre_email_confirm')) ? eval($hook) : null;
336 $languages = array();
337 $d = dir(FORUM_ROOT.'lang');
338 while (($entry = $d->read()) !== false)
339 {
340 if ($entry != '.' && $entry != '..' && is_dir(FORUM_ROOT.'lang/'.$entry) && file_exists(FORUM_ROOT.'lang/'.$entry.'/common.php'))
341 $languages[] = $entry;
342 }
343 $d->close();
344 ($hook = get_hook('rg_register_pre_language')) ? eval($hook) : null;
345?>
346 <div class="g-recaptcha" data-sitekey="your_site_key"></div>
347<?php // Only display the language selection box if there's more than one language available
348 if (count($languages) > 1)
349 {
350 natcasesort($languages);
351?>
352 <div class="sf-set set<?php echo ++$forum_page['item_count'] ?>">
353 <div class="sf-box select">
354 <label for="fld<?php echo ++$forum_page['fld_count'] ?>"><span><?php echo $lang_profile['Language'] ?></span></label><br />
355 <span class="fld-input"><select id="fld<?php echo $forum_page['fld_count'] ?>" name="language">
356<?php
357 $select_lang = isset($_POST['language']) ? $_POST['language'] : $forum_config['o_default_lang'];
358 foreach ($languages as $lang)
359 {
360 if ($select_lang == $lang)
361 echo "\t\t\t\t\t\t".'<option value="'.$lang.'" selected="selected">'.$lang.'</option>'."\n";
362 else
363 echo "\t\t\t\t\t\t".'<option value="'.$lang.'">'.$lang.'</option>'."\n";
364 }
365?>
366 </select></span>
367 </div>
368 </div>
369<?php
370 }
371 ($hook = get_hook('rg_register_pre_group_end')) ? eval($hook) : null;
372?>
373 </div>
374<?php ($hook = get_hook('rg_register_group_end')) ? eval($hook) : null; ?>
375 <div class="frm-buttons">
376 <span class="submit primary"><input type="submit" name="register" value="<?php echo $lang_profile['Register'] ?>" /></span>
377 </div>
378 </form>
379 </div>
380<?php
381function isValid()
382
383 {
384
385 try {
386
387
388
389 $url = 'https://www.google.com/recaptcha/api/siteverify';
390
391 $data = ['secret' => '[secret_key]',
392
393 'response' => $_POST['g-recaptcha-response'],
394
395 'remoteip' => $_SERVER['REMOTE_ADDR']];
396
397
398
399 $options = [
400
401 'http' => [
402
403 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
404
405 'method' => 'POST',
406
407 'content' => http_build_query($data)
408
409 ]
410
411 ];
412
413
414
415 $context = stream_context_create($options);
416
417 $result = file_get_contents($url, false, $context);
418
419 return json_decode($result)->success;
420
421 }
422
423 catch (Exception $e) {
424
425 return null;
426
427 }
428
429 }
430($hook = get_hook('rg_end')) ? eval($hook) : null;
431$tpl_temp = forum_trim(ob_get_contents());
432$tpl_main = str_replace('<!-- forum_main -->', $tpl_temp, $tpl_main);
433ob_end_clean();
434// END SUBST - <!-- forum_main -->
435require FORUM_ROOT.'footer.php';