Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > TBDev
Reply
  #1  
Old 27th December 2020, 21:50
alexdinu05 alexdinu05 is offline
Member
 
Join Date: Oct 2011
P2P
Posts: 9
Default Signup borked
Hi boy, I recently installed an old tbdev script and at registration I encounter the following problems

Click the image to open in full size.

takesignup.php
Code:
<?

require_once("include/bittorrent.php");

dbconn();

$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $maxusers)
        stderr("Error", "Sorry, user limit reached. Please try again later.");

if (!mkglobal("wantusername:wantpassword:passagain:email"))
        die();

function bark($msg) {
  stdhead();
        stdmsg("Signup failed!", $msg);
  stdfoot();
  exit;
}

function validusername($username)
{
        if ($username == "")
          return false;

        // The following characters are allowed in user names
        $allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

        for ($i = 0; $i < strlen($username); ++$i)
          if (strpos($allowedchars, $username[$i]) === false)
            return false;

        return true;
}

function isportopen($port)
{
        $sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);
        if ($sd)
        {
                fclose($sd);
                return true;
        }
        else
                return false;
}
/*
function isproxy()
{
        $ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);
        for ($i = 0; $i < count($ports); ++$i)
                if (isportopen($ports[$i])) return true;
        return false;
}
*/
if (empty($wantusername) || empty($wantpassword) || empty($email))
        bark("Don't leave any fields blank.");

if (strlen($wantusername) > 12)
        bark("Sorry, username is too long (max is 12 chars)");

if ($wantpassword != $passagain)
        bark("The passwords didn't match! Must've typoed. Try again.");

if (strlen($wantpassword) < 6)
        bark("Sorry, password is too short (min is 6 chars)");

if (strlen($wantpassword) > 40)
        bark("Sorry, password is too long (max is 40 chars)");

if ($wantpassword == $wantusername)
        bark("Sorry, password cannot be same as user name.");

if (!validemail($email))
        bark("That doesn't look like a valid email address.");

if (!validusername($wantusername))
        bark("Invalid username.");

// make sure user agrees to everything...
if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")
        stderr("Signup failed", "Sorry, you're not qualified to become a member of this site.");

// check if email addy is already in use
$a = (@mysql_fetch_row(@mysql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
if ($a[0] != 0)
  bark("The e-mail address $email is already in use.");

/*
// do simple proxy check
if (isproxy())
        bark("You appear to be connecting through a proxy server. Your organization or ISP may use a transparent caching HTTP proxy. Please try and access the site on <a href=http://torrentbits.org:81/signup.php>port 81</a> (this should bypass the proxy server). <p><b>Note:</b> if you run an Internet-accessible web server on the local machine you need to shut it down until the sign-up is complete.");
*/
$uploaded = 2147483648;
$invites = 10;
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = (!$arr[0]?"":mksecret());

$ret = mysql_query("INSERT INTO users (invites, uploaded, username, passhash, secret, editsecret, email,country, status, ". (!$arr[0]?"class, ":"") ."added) VALUES (" .
        implode(",", array_map("sqlesc", array($invites,$uploaded, $wantusername, $wantpasshash, $secret, $editsecret, $email, $country, (!$arr[0] || !ENA_EMAIL_CONFIRM?'confirmed':'pending')))).
        ", ". (!$arr[0]?UC_SYSOP.", ":""). "'". get_date_time() ."')");

		
if (!$ret) {
        if (mysql_errno() == 1062)
                bark("Username already exists!");
        bark("borked");
}

//write_log("User account $id ($wantusername) was created");

$psecret = md5($editsecret);


if($arr[0])
$id = mysql_insert_id();

$dt = sqlesc(get_date_time());
$msg = sqlesc("Salut $wantusername, si bine ai venit in cea mai mare comunitate privata din Romania. Iti recomandam sa dedici 10 minute din timpul tau pretios pentru a citi pagina de Reguli. In schimbul acestor 10 minute te vei putea bucura de luni sau ani fara griji pe site-ul nostru. Te rugam sa tii seamamacar de aceste lucruri esentiale:
\nDownload-ul pe acest site se face prin intermediul altor utilizatori care au descarcat la randul lor fisierul pe care-l doresti. De aceea este necesar ca dupa ce faci Download sa nu inchizi programul (uTorrent, Bitcomet etc.), ci sa lasi mai departe fisierele pentru a face Upload catre alti oameni care vin dupa tine. Daca toata lumea doar descarca si nimeni nu face upload, vitezele scad si la un moment dat fisierul dispare de tot. Pentru a evita acest lucru, site-ul contorizeaza upload-ul si download-ul facut de fiecare utilizator, si calculeaza Ratia, raportul upload/download. O ratie in jur de 1 sau mai mare e recomandata si indica faptul ca ai facut upload cel putin atat cat ai facut download, adica iti castigi `painea`. O ratie sub 1 indica ca esti o povara pentru comunitate, si ca alti useri muncesc sa-ti faca tie upload; evident nu incurajam acest comportament antisocial, si daca situatia continua probabil o sa ne descotorosim de tine fara retineri.\n\n
 Nu insulta alti useri sau staff-ul in forum, comentarii sau mesaje private. Nu escalada conflicte stupide, nu ne pasa cine a inceput sau onoarea cui a fost patata: daca esti certaret ai zburat de pe site-ul nostru. Fara discriminari religioase, etnice, rasiale, sexuale. Daca ai complexe de superioritate provocate de echipa ta preferata de fotbal, ai zburat. Fara reclama de nici un fel, fara cereri de filme, jocuri sau subtitrari.\n\n
Site-ul nostru nu a patruns cu forta la tine in casa, tu esti cel care se conecteaza la serverul nostru privat. Tot asa cum tu nu primesti pe oricine in casa, si noi lasam doar pe cine vrem noi sa ne utilizeze proprietatea privata. Accesul este deci un privilegiu nu un drept, privilegiu pe care-l putem retrage arbitrar oricand capriciile noastre o cer. Nici unul din conceptele asociate site-ului nostru, ca de exemplu numele de utilizator, ratia, comentariile, profilul, vechimea etc. nu iti apartin; ele sunt inregistrari in baza de date a serverului nostru privat, deci putem dispune de ele dupa bunul nostru plac. Daca te decizi sa faci o donatie, o faci din marinimie si spirit de recunostinta pentru munca noastra, fara a pretinde un serviciu la schimb. \n
\n
Aceste reguli nu sunt negociabile, daca nu le accepti poti inchide oricand contul. Multumim de colaborare !\n");


mysql_query("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id, $dt, $msg, 0)") or sqlerr(__FILE__, __LINE__);

$psecret = md5($editsecret);


//mail($email, "$SITENAME user registration confirmation", $body, "From: $SITEEMAIL", "-f$SITEEMAIL");


header("Refresh: 0; url=confirm.php?id=$id&secret=$psecret");

?>
pls help!
Reply With Quote
  #2  
Old 27th December 2020, 21:57
DND DND is offline
VIP
 
Join Date: Dec 2008
Posts: 1,241
Default
Like you said.. It is very old. It is very unsecured also
Stop using 15 years old code
__________________
Need HELP!? I can install:

  1. Server/VPS (Debian,CentOS,Ubuntu,Fedora, FreeBSD) Optimization and ... + Modules
  2. Webserver Windows/Linux (Apache/Lighttpd/Nginx/Mysql/PhpMyAdmin/SSL) Optimization and ... + Modules
  3. Seedbox Windows/Linux (uTorrent,rTorrent,libTorrent,ruTorrent) + Modules
  4. Multiple source code engines
  5. Linux Server Administration (security, cryptography/encryption, proxy, load balancer, custom ddos firewall)
Reply With Quote
  #3  
Old 28th December 2020, 17:48
alexdinu05 alexdinu05 is offline
Member
 
Join Date: Oct 2011
P2P
Posts: 9
Default
I know that the script is old, I do not want to open a torrent site, this script was modified by me many years ago and out of nostalgia I wanted to play a little but I found that there were many errors, that's why I I wanted to solve the problem with the registration!
Reply With Quote
  #4  
Old 28th December 2020, 18:28
DND DND is offline
VIP
 
Join Date: Dec 2008
Posts: 1,241
Default
Well if it was modified by you, aren't you familiar with the script? You should know what you are doing.. but hey.. your problem is with the insert query.. A field in the query is either missing or needs removing.
__________________
Need HELP!? I can install:

  1. Server/VPS (Debian,CentOS,Ubuntu,Fedora, FreeBSD) Optimization and ... + Modules
  2. Webserver Windows/Linux (Apache/Lighttpd/Nginx/Mysql/PhpMyAdmin/SSL) Optimization and ... + Modules
  3. Seedbox Windows/Linux (uTorrent,rTorrent,libTorrent,ruTorrent) + Modules
  4. Multiple source code engines
  5. Linux Server Administration (security, cryptography/encryption, proxy, load balancer, custom ddos firewall)
Reply With Quote
  #5  
Old 28th December 2020, 18:53
xblade's Avatar
xblade xblade is offline
Cod3r
 
Join Date: Nov 2020
P2P
Posts: 239
Thumbs up
DND

call your self a coder why not just tell him

Code:
if (!$ret) {
        if (mysql_errno() == 1062)
                bark("Username already exists!");
        bark("borked");
}
Replace with

Code:
if (!$ret) {
        if (mysql_errno() == 1062)
                bark("Username already exists!");
}
Reply With Quote
  #6  
Old 28th December 2020, 18:59
DND DND is offline
VIP
 
Join Date: Dec 2008
Posts: 1,241
Default
yes. great fix.. definetly that should fix his entire problems.. lmfao..just go back under the rock you came(Napon) and stop using that talktalk connection
__________________
Need HELP!? I can install:

  1. Server/VPS (Debian,CentOS,Ubuntu,Fedora, FreeBSD) Optimization and ... + Modules
  2. Webserver Windows/Linux (Apache/Lighttpd/Nginx/Mysql/PhpMyAdmin/SSL) Optimization and ... + Modules
  3. Seedbox Windows/Linux (uTorrent,rTorrent,libTorrent,ruTorrent) + Modules
  4. Multiple source code engines
  5. Linux Server Administration (security, cryptography/encryption, proxy, load balancer, custom ddos firewall)
Reply With Quote
  #7  
Old 28th December 2020, 19:32
alexdinu05 alexdinu05 is offline
Member
 
Join Date: Oct 2011
P2P
Posts: 9
Default
Is there a problem with the host, I installed TBDev 2010 revision 464 and I have the same problem with registration ?!

Bump: Click the image to open in full size.Click the image to open in full size.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 17:04. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.