$tccell2>Registration is disabled. Please contact an admin if you have any questions.$tblend$footer"); } // Errors for display in the registration form $error = false; $errors = [ 'name' => "", 'pass' => "", 'email' => "", ]; // If true, won't show the form again on error $fatal = false; $registered = false; $name = trim($_POST['name'] ?? ""); $pass = $_POST['pass'] ?? null; $email = $_POST['email'] ?? null; if ($_POST['action'] == 'Register') { if ($name === "") { $error = "No username given."; $errors['name'] = "Required"; } if ($pass === null) { $error = "No password given."; $errors['pass'] = "Required"; } // If e-mail address is given, make sure it is an actual e-mail address if ($email !== null && !filter_var($email, FILTER_VALIDATE_EMAIL)) { $error = "Invalid e-mail address."; $errors['email'] = "Invalid"; } // Only do any of this if we don't have an issue already if (!$error) { // Simple check if the person in question is using some trash proxy // or other service to get around bans ... // Do a simple cURL request to their IP address and see if it responds. // If it does, and contains one of the usual words, throw them out the window // This used to be a surprisingly good way of catching shitters, // and it might even still work to this day $ch = curl_init(); curl_setopt ($ch,CURLOPT_URL, "http://". $_SERVER['REMOTE_ADDR']); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 3); curl_setopt ($ch, CURLOPT_TIMEOUT, 5); $file_contents = curl_exec($ch); curl_close($ch); if ( stristr($file_contents, "proxy") || stristr($file_contents, "forbidden") || stristr($file_contents, "it works") || stristr($file_contents, "anonymous") || stristr($file_contents, "filter") || stristr($file_contents, "panel") || stristr($file_contents, "apache") || stristr($file_contents, "nginx") ) { // $sql -> query("INSERT INTO `ipbans` SET `ip` = '". $_SERVER['REMOTE_ADDR'] ."', `date` = '". ctime() ."', `reason` = 'Reregistering fuckwit'"); // @xk_ircsend("1|". xk(7) ."Auto-IP banned proxy-abusing $adjectives[0] with IP ". xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) ." on registration. (Tried to register with username $name)"); // Rather than IP banning them on principle, though, give them a message // about why they're not allowed to register, just in case $error = "It appears you're trying to register through some proxy service or other anonymizing tool.
These have often been abused to get around bans, so we don't allow registering using these.
Try disabling it and registering again, or contact an administrator for help."; $fatal = true; // die("$tccell1>Thank you, $name, for registering your account.
".redirect('index.php', 'the board',0).$footer); } } // Only do this if we have no other errors already, like the proxy check if (!$error) { // Check if the username is available // FIrst, remove all spaces and other nonsense from it // @TODO This is really bad and should be fixed $username = substr(trim($name), 0, 25); $username2 = str_replace(' ', '', $username); $username2 = str_replace(' ', '', $username2); $username2 = preg_replace("' ?'si", '', $username2); $username2 = stripslashes($username2); $userid = false; // If 1, user will be registered as an admin. // This is done so the first user on the board registers as an admin $admin = 1; $users = $sql->query('SELECT id, name FROM users'); while ($user = $sql->fetch($users)) { // We found a user, so no admin for this user $admin = 0; $user['name'] = str_replace(' ', '', $user['name']); $user['name'] = str_replace(' ', '', $user['name']); if (strcasecmp($user['name'], $username2) == 0) { $userid = $user['id']; break; } } // Does anyone else have this IP address? If so, abort (unless they're an admin) $nomultis = $sql->fetchq("SELECT * FROM `users` WHERE `lastip` = '". mysql_real_escape_string($_SERVER['REMOTE_ADDR']) ."'"); if ($userid === false && $name && $pass && (!$nomultis || $isadmin)) { $currenttime = ctime(); $ipaddr = $_SERVER['REMOTE_ADDR']; $ircout['name'] = stripslashes($name); $ircout['ip'] = $ipaddr; $succ = $sql->query(" INSERT INTO `users` SET `name` = '". mysql_real_escape_string($name) ."', ". ($email !== null ? "`email` = '". mysql_real_escape_string($email) ."'," : "") ." `powerlevel` = '". ($admin ? 3 : 0) ."', `postsperpage` = '20', `threadsperpage` = '50', `lastip` = '". mysql_real_escape_string($ipaddr) ."', `layout` = '1', `scheme` = '0', `lastactivity` = '$currenttime', `regdate` = '$currenttime' "); $newuserid = mysql_insert_id(); $sql->query("UPDATE users SET `password` = '".getpwhash($pass, $newuserid)."' WHERE `id` = '$newuserid'"); $ircout['id'] = $newuserid; xk_ircout("user", $ircout['name'], $ircout); $sql->query("INSERT INTO `users_rpg` (`uid`) VALUES ('". $newuserid ."')") or print mysql_error(); print "
$tblstart$tccell1>Your new account, $name, has been registered.
".redirect('login.php', 'log in',0); $registered = true; } else { if ($userid !== false) { $error = "The username '". htmlspecialchars($name) ."' is already in use."; $errors['name'] = "In use"; } elseif ($nomultis) { $error = "You may have an account already as '$nomultis[name]'.
If this is incorrect, please contact an administrator."; $fatal = true; } else { $error = "Unknown reason. Please contact an administrator."; $fatal = true; } } print $tblend; } } if ($error) { print << $tblstart $tccellh>Error registering account $tccell1>$error $tblend HTML; } // If we didn't register and/or we don't have a fatal error, show the form if (!$registered && !$fatal) { $descbr="$smallfont
"; $namev = htmlspecialchars($name); $emailv = htmlspecialchars($email); print <<
$tblstart $tccellh colspan="2">Login information $tccell1>User name:$descbr The name you want to use on the board. $tccell2l width=50%>$inpt=name size="25" maxlength="25" id="name" value="$namev"> {$errors['name']} $tccell1>Password:$descbr Enter any password up to 32 characters in length. It can later be changed by editing your profile. $tccell2l width=50%>$inpp=pass size="25" maxlength="64"> {$errors['pass']} $tccell1>E-mail address:$descbr Your e-mail address. This will only be used for recovering your account. (optional) $tccell2l width=50%>$inpt=email size="50" maxlength="60" value="$emailv"> {$errors['email']} $tccellh colspan="2"> $tccell1> $tccell2l> $inph=action value="Register"> $inps=submit value="Register account">

Homepage: DO NOT FILL IN THIS FIELD. DOING SO WILL RESULT IN INSTANT IP-BAN. - $inpt=homepage SIZE=25 MAXLENGTH=255>

HTML; } print $footer; printtimedif($startingtime);