Thread: Signup borked
View Single Post
  #1  
Old 27th December 2020, 21:50
alexdinu05 alexdinu05 is offline
Member
 
Join Date: Oct 2011
P2P
Posts: 9
Default Signup borked
Hi boy, I recently installed an old tbdev script and at registration I encounter the following problems

Click the image to open in full size.

takesignup.php
Code:
<?

require_once("include/bittorrent.php");

dbconn();

$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $maxusers)
        stderr("Error", "Sorry, user limit reached. Please try again later.");

if (!mkglobal("wantusername:wantpassword:passagain:email"))
        die();

function bark($msg) {
  stdhead();
        stdmsg("Signup failed!", $msg);
  stdfoot();
  exit;
}

function validusername($username)
{
        if ($username == "")
          return false;

        // The following characters are allowed in user names
        $allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

        for ($i = 0; $i < strlen($username); ++$i)
          if (strpos($allowedchars, $username[$i]) === false)
            return false;

        return true;
}

function isportopen($port)
{
        $sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);
        if ($sd)
        {
                fclose($sd);
                return true;
        }
        else
                return false;
}
/*
function isproxy()
{
        $ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);
        for ($i = 0; $i < count($ports); ++$i)
                if (isportopen($ports[$i])) return true;
        return false;
}
*/
if (empty($wantusername) || empty($wantpassword) || empty($email))
        bark("Don't leave any fields blank.");

if (strlen($wantusername) > 12)
        bark("Sorry, username is too long (max is 12 chars)");

if ($wantpassword != $passagain)
        bark("The passwords didn't match! Must've typoed. Try again.");

if (strlen($wantpassword) < 6)
        bark("Sorry, password is too short (min is 6 chars)");

if (strlen($wantpassword) > 40)
        bark("Sorry, password is too long (max is 40 chars)");

if ($wantpassword == $wantusername)
        bark("Sorry, password cannot be same as user name.");

if (!validemail($email))
        bark("That doesn't look like a valid email address.");

if (!validusername($wantusername))
        bark("Invalid username.");

// make sure user agrees to everything...
if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")
        stderr("Signup failed", "Sorry, you're not qualified to become a member of this site.");

// check if email addy is already in use
$a = (@mysql_fetch_row(@mysql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
if ($a[0] != 0)
  bark("The e-mail address $email is already in use.");

/*
// do simple proxy check
if (isproxy())
        bark("You appear to be connecting through a proxy server. Your organization or ISP may use a transparent caching HTTP proxy. Please try and access the site on <a href=http://torrentbits.org:81/signup.php>port 81</a> (this should bypass the proxy server). <p><b>Note:</b> if you run an Internet-accessible web server on the local machine you need to shut it down until the sign-up is complete.");
*/
$uploaded = 2147483648;
$invites = 10;
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = (!$arr[0]?"":mksecret());

$ret = mysql_query("INSERT INTO users (invites, uploaded, username, passhash, secret, editsecret, email,country, status, ". (!$arr[0]?"class, ":"") ."added) VALUES (" .
        implode(",", array_map("sqlesc", array($invites,$uploaded, $wantusername, $wantpasshash, $secret, $editsecret, $email, $country, (!$arr[0] || !ENA_EMAIL_CONFIRM?'confirmed':'pending')))).
        ", ". (!$arr[0]?UC_SYSOP.", ":""). "'". get_date_time() ."')");

		
if (!$ret) {
        if (mysql_errno() == 1062)
                bark("Username already exists!");
        bark("borked");
}

//write_log("User account $id ($wantusername) was created");

$psecret = md5($editsecret);


if($arr[0])
$id = mysql_insert_id();

$dt = sqlesc(get_date_time());
$msg = sqlesc("Salut $wantusername, si bine ai venit in cea mai mare comunitate privata din Romania. Iti recomandam sa dedici 10 minute din timpul tau pretios pentru a citi pagina de Reguli. In schimbul acestor 10 minute te vei putea bucura de luni sau ani fara griji pe site-ul nostru. Te rugam sa tii seamamacar de aceste lucruri esentiale:
\nDownload-ul pe acest site se face prin intermediul altor utilizatori care au descarcat la randul lor fisierul pe care-l doresti. De aceea este necesar ca dupa ce faci Download sa nu inchizi programul (uTorrent, Bitcomet etc.), ci sa lasi mai departe fisierele pentru a face Upload catre alti oameni care vin dupa tine. Daca toata lumea doar descarca si nimeni nu face upload, vitezele scad si la un moment dat fisierul dispare de tot. Pentru a evita acest lucru, site-ul contorizeaza upload-ul si download-ul facut de fiecare utilizator, si calculeaza Ratia, raportul upload/download. O ratie in jur de 1 sau mai mare e recomandata si indica faptul ca ai facut upload cel putin atat cat ai facut download, adica iti castigi `painea`. O ratie sub 1 indica ca esti o povara pentru comunitate, si ca alti useri muncesc sa-ti faca tie upload; evident nu incurajam acest comportament antisocial, si daca situatia continua probabil o sa ne descotorosim de tine fara retineri.\n\n
 Nu insulta alti useri sau staff-ul in forum, comentarii sau mesaje private. Nu escalada conflicte stupide, nu ne pasa cine a inceput sau onoarea cui a fost patata: daca esti certaret ai zburat de pe site-ul nostru. Fara discriminari religioase, etnice, rasiale, sexuale. Daca ai complexe de superioritate provocate de echipa ta preferata de fotbal, ai zburat. Fara reclama de nici un fel, fara cereri de filme, jocuri sau subtitrari.\n\n
Site-ul nostru nu a patruns cu forta la tine in casa, tu esti cel care se conecteaza la serverul nostru privat. Tot asa cum tu nu primesti pe oricine in casa, si noi lasam doar pe cine vrem noi sa ne utilizeze proprietatea privata. Accesul este deci un privilegiu nu un drept, privilegiu pe care-l putem retrage arbitrar oricand capriciile noastre o cer. Nici unul din conceptele asociate site-ului nostru, ca de exemplu numele de utilizator, ratia, comentariile, profilul, vechimea etc. nu iti apartin; ele sunt inregistrari in baza de date a serverului nostru privat, deci putem dispune de ele dupa bunul nostru plac. Daca te decizi sa faci o donatie, o faci din marinimie si spirit de recunostinta pentru munca noastra, fara a pretinde un serviciu la schimb. \n
\n
Aceste reguli nu sunt negociabile, daca nu le accepti poti inchide oricand contul. Multumim de colaborare !\n");


mysql_query("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id, $dt, $msg, 0)") or sqlerr(__FILE__, __LINE__);

$psecret = md5($editsecret);


//mail($email, "$SITENAME user registration confirmation", $body, "From: $SITEEMAIL", "-f$SITEEMAIL");


header("Refresh: 0; url=confirm.php?id=$id&secret=$psecret");

?>
pls help!
Reply With Quote