invite signup check code's owner

app/Models/Invite.php

@@ -0,0 +1,12 @@
+<?php
+
+namespace App\Models;
+
+class Invite extends NexusModel
+{
+    protected $table = 'invites';
+
+    protected $fillable = [
+        'inviter', 'invitee', 'hash', 'time_invited',
+    ];
+}

app/Models/NexusModel.php

@@ -14,7 +14,6 @@ class NexusModel extends Model
 //    protected $perPage = 2;
 
     /**
-     * 为数组 / JSON 序列化准备日期。
      *
      * @param  \DateTimeInterface  $date
      * @return string

public/takesignup.php

@@ -53,11 +53,16 @@ $inviter =  $_POST["inviter"];
 $code = unesc($_POST["hash"]);
 
 //check invite code
-	$sq = sprintf("SELECT inviter FROM invites WHERE hash ='%s'",mysql_real_escape_string($code));
+	$sq = sprintf("SELECT id, inviter FROM invites WHERE hash ='%s'",mysql_real_escape_string($code));
 	$res = sql_query($sq) or sqlerr(__FILE__, __LINE__);
 	$inv = mysql_fetch_assoc($res);
 	if (!$inv)
 		bark('invalid invite code');
+	if ($inv['inviter'] != $inviter) {
+        \App\Models\Invite::query()->where('id', $inv['id'])->delete();
+        stderr(nexus_trans('nexus.invalid_argument'), nexus_trans('invite.invalid_inviter'));
+        exit();
+    }
 
 $ip = getip();
 

resources/lang/en/invite.php

@@ -0,0 +1,5 @@
+<?php
+
+return [
+    'invalid_inviter' => 'Invalid inviter! The invite code is banned!',
+];

resources/lang/en/nexus.php

@@ -0,0 +1,5 @@
+<?php
+
+return [
+    'invalid_argument' => 'Invalid argument',
+];

resources/lang/zh_CN/invite.php

@@ -0,0 +1,5 @@
+<?php
+
+return [
+    'invalid_inviter' => '非法邀请者！此邀请码已被禁用！',
+];

resources/lang/zh_CN/nexus.php

@@ -0,0 +1,5 @@
+<?php
+
+return [
+    'invalid_argument' => '参数错误',
+];

resources/lang/zh_TW/invite.php

@@ -0,0 +1,5 @@
+<?php
+
+return [
+    'invalid_inviter' => '非法邀請者！此邀請碼已被禁用！',
+];

resources/lang/zh_TW/nexus.php

@@ -0,0 +1,5 @@
+<?php
+
+return [
+    'invalid_argument' => '參數錯誤',
+];