Note: if you run an Internet-accessible web server on the local machine you need to shut it down until the sign-up is complete."); $res = sql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_row($res); */ $secret = mksecret(); //$wantpasshash = md5($secret . $wantpassword . $secret); $wantpasshash = hash('sha256', $secret . $wantpassword); $editsecret = ($verification == 'admin' ? '' : $secret); $invite_count = (int) $invite_count; $passkey = md5($wantusername.date("Y-m-d H:i:s").$wantpasshash); $wantusername = sqlesc($wantusername); $wantpasshash = sqlesc($wantpasshash); $secret = sqlesc($secret); $editsecret = sqlesc($editsecret); $send_email = $email; $email = sqlesc($email); $country = sqlesc($country); $gender = sqlesc($gender); $sitelangid = sqlesc(get_langid_from_langcookie()); $authKey = sqlesc(mksecret()); $res_check_user = sql_query("SELECT * FROM users WHERE username = " . $wantusername); if(mysql_num_rows($res_check_user) == 1) bark($lang_takesignup['std_username_exists']); $ret = sql_query("INSERT INTO users (username, passhash, passkey, secret, auth_key, editsecret, email, country, gender, status, class, invites, ".($type == 'invite' ? "invited_by," : "")." added, last_access, lang, stylesheet".($showschool == 'yes' ? ", school" : "").", uploaded) VALUES (" . $wantusername . "," . $wantpasshash . "," . sqlesc($passkey) . "," . $secret . "," . $authKey. "," . $editsecret . "," . $email . "," . $country . "," . $gender . ", 'pending', ".$defaultclass_class.",". $invite_count .", ".($type == 'invite' ? "'$inviter'," : "") ." '". date("Y-m-d H:i:s") ."' , " . " '". date("Y-m-d H:i:s") ."' , ".$sitelangid . ",".$defcss.($showschool == 'yes' ? ",".$school : "").",".($iniupload_main > 0 ? $iniupload_main : 0).")") or sqlerr(__FILE__, __LINE__); $id = mysql_insert_id(); $userInfo = \App\Models\User::query()->find($id, \App\Models\User::$commonFields); fire_event("user_created", $userInfo); $tmpInviteCount = get_setting('main.tmp_invite_count'); if ($tmpInviteCount > 0) { $userRep = new \App\Repositories\UserRepository(); $userRep->addTemporaryInvite(null, $id, 'increment', $tmpInviteCount, 7); } $dt = date("Y-m-d H:i:s"); $subject = $lang_takesignup['msg_subject'].$SITENAME."!"; $siteName = \App\Models\Setting::getSiteName(); $msg = \App\Models\MessageTemplate::forRegisterWelcome($userInfo->lang, ['username' => $userInfo->username]); if (empty($msg)) { $msg = $lang_takesignup['msg_congratulations'].$wantusername.sprintf($lang_takesignup['msg_you_are_a_member'],$siteName, $siteName); } \App\Models\Message::add([ 'sender' => 0, 'receiver' => $id, 'subject' => $subject, 'added' => $dt, 'msg' => $msg, ]); //write_log("User account $id ($wantusername) was created"); $res = sql_query("SELECT passhash, secret, editsecret, status FROM users WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__); $row = mysql_fetch_assoc($res); $psecret = md5($row['secret']); $ip = getip(); $usern = htmlspecialchars($wantusername); $title = $SITENAME.$lang_takesignup['mail_title']; $confirmUrl = getSchemeAndHttpHost() . "/confirm.php?id=$id&secret=$psecret"; $confirmResendUrl = getSchemeAndHttpHost() . "/confirm_resend.php"; $mailTwo = sprintf($lang_takeinvite['mail_two'], $siteName); $mailFive = sprintf($lang_takeinvite['mail_five'], $siteName, $siteName, $REPORTMAIL, $siteName); $body = << {$lang_takesignup['mail_this_link']}
$confirmUrl {$lang_takesignup['mail_four_1']} {$lang_takesignup['mail_here']}
$confirmResendUrl
{$mailFive} EOD; if ($type == 'invite') { //don't forget to delete confirmed invitee's hash code from table invites //sql_query("DELETE FROM invites WHERE hash = '".mysql_real_escape_string($code)."'"); // set invalid $update = [ 'valid' => \App\Models\Invite::VALID_NO, 'invitee_register_uid' => $id, 'invitee_register_email' => $_POST['email'], 'invitee_register_username' => $_POST['wantusername'], ]; \App\Models\Invite::query()->where('id', $inv['id'])->update($update); $dt = date("Y-m-d H:i:s"); $locale = get_user_locale($inviter); $subject = nexus_trans("user.msg_invited_user_has_registered", [], $locale); $msg = nexus_trans("user.msg_user_you_invited", [],$locale).$wantusername.nexus_trans("user.msg_has_registered", [], $locale); //sql_query("UPDATE users SET uploaded = uploaded + 10737418240 WHERE id = $inviter"); //add 10GB to invitor's uploading credit \App\Models\Message::add([ 'sender' => 0, 'receiver' => $inviter, 'subject' => $subject, 'added' => $dt, 'msg' => $msg, ]); $Cache->delete_value('user_'.$inviter.'_unread_message_count'); $Cache->delete_value('user_'.$inviter.'_inbox_count'); } if ($verification == 'admin'){ if ($type == 'invite') header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=inviter"); else header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=adminactivate"); } elseif ($verification == 'automatic' || $smtptype == 'none'){ header("Location: " . get_protocol_prefix() . "$BASEURL/confirm.php?id=$id&secret=$psecret"); } else{ sent_mail($send_email,$SITENAME,$SITEEMAIL,$title,$body,"signup",false,false,''); header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=signup&email=" . rawurlencode($send_email)); } ?>