09 Improved Safer Invite Code System

Started by Mindless, July 22, 2012, 01:35:09 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

BamBam0077

#4
November 25, 2017, 07:51:28 PM
ok this is the same as other post but this seems to be the one,

Code Select

CREATE TABLE `invites` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`sender` int(10) unsigned NOT NULL DEFAULT '0',
`reciever` int(10) unsigned NOT NULL DEFAULT '0',
`username` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`email` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`hash` varchar(32) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`invite_added` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`status` enum('pending','confirmed') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'pending',
PRIMARY KEY (`id`),
UNIQUE KEY (`hash`),
KEY `username` (`username`),
KEY `email` (`email`),
KEY `sender` (`sender`),
KEY `datestamps` (`invite_added`),
KEY `recieverid` (`reciever`,`status`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;


Enjoy!
"When Darkness Shadows Your Doubts, Deep Within Us Is Our Key, Not Success But Everything" ~ Anonymous

denede

#3
February 04, 2013, 07:59:01 PM
tried both codes to display the invitees, but none are working, for me at least.
i can see the number of invites, i can see Invited by, but i can't get to appear Invitees

Hyperion (noobKID)

#2
July 25, 2012, 07:04:39 PM
thanks alot... will try out later when i have finished my first release of my own tracker :)....

might be usefull ;)...

Mindless

#1
July 22, 2012, 01:35:09 PM
Improved & Safer Number Key Invite System By Neptune.
Reworked for Tbdev 09
Xhtml Valid

The files are now up to date for 2009 final revision.

/**
* @sql
*/
Code (sql) Select
CREATE TABLE `invite_codes` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `sender` int(10) unsigned NOT NULL default '0',
  `receiver` varchar(32) NOT NULL default '0',
  `code` varchar(32) NOT NULL default '',
  `invite_added` int(10) NOT NULL,
  `status` enum('Pending','Confirmed') NOT NULL default 'Pending',
  PRIMARY KEY  (`id`),
  KEY `sender` (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

ALTER TABLE `users` ADD `invites` int(10) unsigned NOT NULL default '1';
ALTER TABLE `users` ADD `invitedby` int(10) unsigned NOT NULL default '0';
ALTER TABLE `users` ADD `invite_rights` enum('yes','no') NOT NULL default 'yes';
ALTER TABLE `users` ADD `invitees` varchar(100) character set utf8 collate utf8_bin NOT NULL default '';

/**
* @file config.php
*/

add after maxusers
Code (php) Select
$TBDEV['invites'] = 3500; // set this to what you want


/**
* @file userdetails.php
*/

for displaying invitees
Code (php) Select
if ($CURUSER['class'] >= UC_MODERATOR && $user['invitedby'] > 0 || $user['id'] == $CURUSER['id'] && $user['invitedby'] > 0) {
       $invitedby = mysql_query('SELECT username FROM users WHERE id = ' . sqlesc($user['invitedby']));
       $invitedby2 = mysql_fetch_array($invitedby);
       $HTMLOUT .= "<tr><td class='rowhead'>{$lang['userdetails_invby']}</td><td align='left'><a href='{$TBDEV['baseurl']}/userdetails.php?id=".$user['invitedby']."'>'".htmlspecialchars($invitedby2['username'])."'</a></td></tr>"; }


Or the old original code :
Code (php) Select
if ($CURUSER["class"] >= UC_MODERATOR && $user["invites"] > 0 || $user["id"] == $CURUSER["id"] && $user["invites"] > 0)
    $HTMLOUT .="<tr><td class='rowhead'>{$lang['userdetails_invites']}</td><td align='left'><a href='{$TBDEV['baseurl']}/invite.php'>".htmlspecialchars($user["invites"])."</a></td></tr>\n";
    if ($CURUSER["class"] >= UC_MODERATOR && $user["invitedby"] > 0 || $user["id"] == $CURUSER["id"] && $user["invitedby"] > 0)
    {
    $invitedby = mysql_query("SELECT username FROM users WHERE id=$user[invitedby]");
    $invited_by2 = mysql_fetch_assoc($invitedby);
    $HTMLOUT .="<tr><td class='rowhead'>{$lang['userdetails_invby']}invited by</td><td align='left'><a href='{$TBDEV['baseurl']}/userdetails.php?id=$user[invitedby]'>$invited_by2[username]</a></td></tr>\n";
    }
    if ($CURUSER["class"] >= UC_MODERATOR && $user["invitees"] > 0 || $user["id"] == $CURUSER["id"] && $user["invitees"] > 0)
    {
    $compl = $user["invitees"];
    $compl_list = explode(" ", $compl);
    $arr = array();
    foreach($compl_list as $array_list)
    $arr[] = $array_list;
    $compl_arr = array_reverse($arr, TRUE);
    $f=0;
    foreach($compl_arr as $user_id)
    {
    $compl_user = mysql_query("SELECT id, username FROM users WHERE id='$user_id' and status='confirmed'");
    $compl_users = mysql_fetch_assoc($compl_user);
    if ($compl_users["id"] > 0)
    {
    $HTMLOUT .="<tr><td class='rowhead' width='1%'>{$lang['userdetails_invitees']}</td><td>";
    $compl = $user["invitees"];
    $compl_list = explode(" ", $compl);
    $arr = array();
    foreach($compl_list as $array_list)
    $arr[] = $array_list;
    $compl_arr = array_reverse($arr, TRUE);
    $i = 0;
    foreach($compl_arr as $user_id)
    {
    $compl_user = mysql_query("SELECT id, username FROM users WHERE id='$user_id' and status='confirmed' ORDER BY username");
    $compl_users = mysql_fetch_assoc($compl_user);
    $HTMLOUT .="<a href='{$TBDEV['baseurl']}/userdetails.php?id=" . $compl_users["id"] . "'>" . $compl_users["username"] . "</a> ";
    if ($i == "9")
    break;
    $i++;
    }
    $HTMLOUT .="</td></tr>";
    $f = 1;
    }
    if ($f == "1")
    break;
    }
    }

@File lang/en/lang_userdetails.php :
Code (php) Select
'userdetails_invites' => "Invites",
'userdetails_invitees' => "Invitees",
'userdetails_invby' => 'Invited by',



/**
* @file userdetails.php
*/

staff section, set invite on or off & invite amount
Code (php) Select
$HTMLOUT .= "<tr><td class='rowhead'>{$lang['userdetails_invright']}</td><td class='row' colspan='2' align='left'><input type='radio' name='invite_rights' value='yes'" .($user["invite_rights"]=="yes" ? " checked='checked'" : "") . " />{$lang['userdetails_yes']}<input type='radio' name='invite_rights' value='no'" .($user["invite_rights"]=="no" ? " checked='checked'" : "") . " />{$lang['userdetails_no']}</td></tr>\n";
      $HTMLOUT .= "<tr><td class='rowhead' align='right'><b>{$lang['userdetails_invites']}</b></td><td colspan='2' align='left' class='rowhead'><input type='text' size='3' name='invites' value='" . htmlspecialchars($user['invites']) . "' /></td></tr>\n";



/**
* @file lang/en/lang_userdetails.php
*/

lang_userdetails.php add
Code (php) Select
'userdetails_invright' => "Invite rights",
'userdetails_invites' => "Invites",
'userdetails_invby' => "Invited by",



/**
* @file modtask.php
*/
Code (php) Select
// invite rights
      if ((isset($_POST['invite_rights'])) && (($invite_rights = $_POST['invite_rights']) != $user['invite_rights'])){
      if ($invite_rights == 'yes')
      {
      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite rights enabled by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;
      $msg = sqlesc("Your invite rights have been given back by " . htmlspecialchars($CURUSER['username']) . ". You can invite users again.");
      $added = time();
      mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
      }
      elseif ($invite_rights == 'no'){
      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite rights disabled by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;
      $msg = sqlesc("Your invite rights have been removed by " . htmlspecialchars($CURUSER['username']) . ", probably because you invited a bad user.");
      $added = time();
      mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
      }
      $updateset[] = "invite_rights = " . sqlesc($invite_rights);
      }
     
      // change invite amount
      if ((isset($_POST['invites'])) && (($invites = $_POST['invites']) != ($curinvites = $user['invites'])))
      {
      $modcomment = get_date( time(), 'DATE', 1 ) . " - Invite amount changed to ".$invites." from ".$curinvites." by " . htmlspecialchars($CURUSER['username']) . ".\n" . $modcomment;
      $updateset[] = "invites = " . sqlesc($invites);
      }


/**
* @file bittorrent.php ~lines 906-907 to display invites
*/
Code (php) Select
"$IsDonor$warn  [<a href='{$TBDEV['baseurl']}/logout.php'>{$lang['gl_logout']}</a>] $member_reputation".
      "  Invites: <a href='{$TBDEV['baseurl']}/invite.php'>{$CURUSER['invites']}</a>


@ file config under :
Code (php) Select
$TBDEV['invites'] = 3500; // LoL Who we kiddin' here?


Add :
Code (php) Select
$TBDEV['openreg'] = true; //==true=open, false = closed


@ file signup.php under :
Code (php) Select
$lang = array_merge( load_language('global'), load_language('signup') );


add :
Code (php) Select
if(!$TBDEV['openreg'])
    stderr('Sorry', 'Invite only - Signups are closed presently');


@ file takesignup.php under :
Code (php) Select
$lang = array_merge( load_language('global'), load_language('takesignup') );


add :
Code (php) Select
if(!$TBDEV['openreg'])
    stderr('Sorry', 'Invite only - Signups are closed presently');

Then save upload the 4 files to root and that should be all.

invite.php :

Code (php) Select
<?php
/*
+------------------------------------------------
|   $Date$
|   $Revision$ 09 Final
|   $Invite
|   $Author$ Neptune,Bigjoos
|   $URL$
+------------------------------------------------
*/
require_once('include/bittorrent.php');
require_once('include/user_functions.php');
require_once('include/password_functions.php');
dbconn();
loggedinorreturn();
$HTMLOUT ='';
$sure ='';
$lang array_mergeload_language('global'), load_language('invite_code') );

$do = (isset($_GET["do"]) ? $_GET["do"] : (isset($_POST["do"]) ? $_POST["do"] : ''));   
$valid_actions = array('create_invite''delete_invite''confirm_account''view_page''send_email');
$do = (($do && in_array($do,$valid_actions,true)) ? $do '') or header("Location: ?do=view_page");

/**
 * @action Main Page
 */

if ($do == 'view_page') {
$query myysql_query('SELECT * FROM users WHERE invitedby = '.sqlesc($CURUSER['id'])) or sqlerr(__FILE____LINE__);
$rows mysql_num_rows($query);

$HTMLOUT ='';

$HTMLOUT .= "
<table border='1' width='750' cellspacing='0' cellpadding='5'>
<tr class='table'>
<td colspan='7' class='colhead'><b>{$lang['invites_users']}</b></td></tr>";

if(!$rows){
$HTMLOUT .= "<tr><td colspan='7' class='colhead'>{$lang['invites_nousers']}</td></tr>";
} else {

$HTMLOUT .= "<tr class='tableb'>
<td align='center'><b>{$lang['invites_username']}</b></td>
<td align='center'><b>{$lang['invites_uploaded']}</b></td>
<td align='center'><b>{$lang['invites_downloaded']}</b></td>
<td align='center'><b>{$lang['invites_ratio']}</b></td>
<td align='center'><b>{$lang['invites_status']}</b></td>
<td align='center'><b>{$lang['invites_confirm']}</b></td>
</tr>";

for ($i 0$i $rows; ++$i) { 
$arr mysql_fetch_assoc($query);
   
if ($arr['status'] == 'pending')
$user "<td align='center'>" htmlspecialchars($arr['username']) . "</td>";
else
$user "<td align='center'><a href='{$TBDEV['baseurl']}/userdetails.php?id=$arr[id]'>" htmlspecialchars($arr['username']) . "</a>" .($arr["warned"] == "yes" "&nbsp;<img src='{$TBDEV['pic_base_url']}warned.gif' border='0' alt='Warned' />" "")."&nbsp;" .($arr["enabled"] == "no" "&nbsp;<img src='{$TBDEV['pic_base_url']}disabled.gif' border='0' alt='Disabled' />" "")."&nbsp;" .($arr["donor"] == "yes" "<img src='{$TBDEV['pic_base_url']}star.gif' border='0' alt='Donor' />" "")."</td>";

if ($arr['downloaded'] > 0) {
$ratio number_format($arr['uploaded'] / $arr['downloaded'], 3);
$ratio "<font color='" get_ratio_color($ratio) . "'>".$ratio."</font>";
} else {
if ($arr['uploaded'] > 0) {
$ratio 'Inf.';
}
else {
$ratio '---';
}
}

if ($arr["status"] == 'confirmed')
$status "<font color='#1f7309'>{$lang['invites_confirm1']}</font>";
else
$status "<font color='#ca0226'>{$lang['invites_pend']}</font>";

$HTMLOUT .= "<tr class='tableb'>".$user."<td align='center'>" mksize($arr['uploaded']) . "</td><td align='center'>" mksize($arr['downloaded']) . "</td><td align='center'>".$ratio."</td><td align='center'>".$status."</td>";

if ($arr['status'] == 'pending') {
$HTMLOUT .= "<td align='center'><a href='?do=confirm_account&amp;userid=".$arr['id']."&amp;sender=".$CURUSER['id']."'><img src='{$TBDEV['pic_base_url']}confirm.png' alt='confirm' title='Confirm' border='0' /></a></td></tr>";

else
$HTMLOUT .= "<td align='center'>---</td></tr>";
}

}
$HTMLOUT .= "</table><br />";

$select mysql_query("SELECT * FROM invite_codes WHERE sender = ".$CURUSER['id']." AND status = 'Pending'") or sqlerr();
$num_row mysql_num_rows($select);
$HTMLOUT .= "<table border='1' width='750' cellspacing='0' cellpadding='5'>"."<tr class='tabletitle'><td colspan='6' class='colhead'><b>{$lang['invites_codes']}</b></td></tr>";

if(!$num_row) {
$HTMLOUT.= "<tr class='tableb'><td colspan='1'>{$lang['invites_nocodes']}</td></tr>"
} else {
$HTMLOUT .= "<tr class='tableb'><td><b>{$lang['invites_send_code']}</b></td><td><b>{$lang['invites_date']}</b></td><td><b>{$lang['invites_delete']}</b></td><td><b>{$lang['invites_status']}</b></td></tr>";

for ($i 0$i $num_row; ++$i)
{
$fetch_assoc mysql_fetch_assoc($select);                                  

$HTMLOUT .= "<tr class='tableb'>
<td>".$fetch_assoc['code']." <a href='?do=send_email&amp;id=".(int)$fetch_assoc['id']."'><img src='{$TBDEV['pic_base_url']}email.gif' border='0' alt='Email' title='Send Email' /></a></td>
<td>" get_date($fetch_assoc['invite_added'], ''0,1)."</td>";
$HTMLOUT .= "<td><a href='?do=delete_invite&amp;id=".$fetch_assoc['id']."&amp;sender=".$CURUSER['id']."'><img src='{$TBDEV['pic_base_url']}del.png' border='0' alt='Delete'/></a></td>
<td>".$fetch_assoc['status']."</td></tr>";
}
}

$HTMLOUT .= "<tr class='tableb'><td colspan='6' align='center'><form action='?do=create_invite' method='post'><input type='submit' value='{$lang['invites_create']}' style='height: 20px' /></form></td></tr>";
$HTMLOUT .= "</table>"
print stdhead('Invites') . $HTMLOUT stdfoot();
die;
}

/**
 * @action Create Invites
 */

elseif ($do =='create_invite') {

if ($CURUSER['invites'] <= 0)
stderr($lang['invites_error'], $lang['invites_noinvite']);

if ($CURUSER["invite_rights"] == 'no')
stderr($lang['invites_deny'], $lang['invites_disabled']);

$res mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE____LINE__);
$arr mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['invites'])
stderr($lang['invites_error'], $lang['invites_limit']);

$invite md5(mksecret());

mysql_query('INSERT INTO invite_codes (sender, invite_added, code) VALUES ( ' sqlesc((int)$CURUSER['id']) . ', ' sqlesc(time()) . ', ' sqlesc($invite) . ' )') or sqlerr(__FILE____LINE__);
mysql_query('UPDATE users SET invites = invites - 1 WHERE id = ' sqlesc($CURUSER['id'])) or sqlerr(__FILE____LINE__);

header("Location: ?do=view_page");
}

/**
 * @action Send e-mail
 */

elseif ($do =='send_email') {
   
if ($_SERVER["REQUEST_METHOD"] == "POST") {
   
$email = (isset($_POST['email'])? htmlentities($_POST['email']) : '');
$invite = (isset($_POST['code'])? $_POST['code'] : '');

if (!$emailstderr($lang['invites_error'], $lang['invites_noemail']);

$check = (mysql_fetch_row(mysql_query('SELECT COUNT(*) FROM users WHERE email = ' sqlesc($email)))) or sqlerr(__FILE____LINE__);
if ($check[0] != 0stderr('Error''This email address is already in use!');

if (!validemail($email)) stderr($lang['invites_error'], $lang['invites_invalidemail']);

$inviter htmlspecialchars($CURUSER['username']);
$body = <<<EOD
You have been invited to {$TBDEV['site_name']} by $inviter. They have
specified this address ($email) as your email. If you do not know this person, please ignore this email. Please do not reply.

This is a private site and you must agree to the rules before you can enter:

{$TBDEV['baseurl']}/useragreement.php

{$TBDEV['baseurl']}/rules.php

{$TBDEV['baseurl']}/faq.php

------------------------------------------------------------

To confirm your invitation, you have to follow this link and type the invite code:

{$TBDEV['baseurl']}/invite_signup.php

Invite Code: $invite

------------------------------------------------------------

After you do this, your inviter need's to confirm your account. 
We urge you to read the RULES and FAQ before you start using {$TBDEV['site_name']}.
EOD;
$sendit mail($email"You have been invited to {$TBDEV['site_name']}"$body"From: {$TBDEV['site_email']}""-f{$TBDEV['site_email']}"); 

if (!$senditstderr($lang['invites_error'], $lang['invites_unable']);
else stderr(''$lang['invites_confirmation']); }

$id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : ''));

if (!is_valid_id($id)) stderr($lang['invites_error'], $lang['invites_invalid']);

$query mysql_query('SELECT * FROM invite_codes WHERE id = ' sqlesc($id) . ' AND sender = ' sqlesc($CURUSER['id']).' AND status = "Pending"') or sqlerr(__FILE____LINE__);
$fetch mysql_fetch_assoc($query) or stderr($lang['invites_error'], $lang['invites_noexsist']);


$HTMLOUT .= "<form method='post' action='?do=send_email'><table border='1' cellspacing='0' cellpadding='10'>
<tr><td class='rowhead'>E-Mail</td><td><input type='text' size='40' name='email' /></td></tr><tr><td colspan='2' align='center'><input type='hidden' name='code' value='".$fetch['code']."' /></td></tr><tr><td colspan='2' align='center'><input type='submit' value='Send e-mail' class='btn' /></td></tr></table></form>";
print stdhead('Invites') . $HTMLOUT stdfoot();
}

/**
 * @action Delete Invites
 */

elseif ($do =='delete_invite') {
   
$id = (isset($_GET["id"]) ? (int)$_GET["id"] : (isset($_POST["id"]) ? (int)$_POST["id"] : ''));   

$query mysql_query('SELECT * FROM invite_codes WHERE id = ' sqlesc($id) . ' AND sender = ' sqlesc($CURUSER['id']).' AND status = "Pending"') or sqlerr(__FILE____LINE__);
$assoc mysql_fetch_assoc($query);

if (!$assoc)
stderr($lang['invites_error'],$lang['invites_noexsist']);

isset($_GET['sure']) && $sure htmlspecialchars($_GET['sure']);

if (!$sure)
stderr($lang['invites_delete1'], $lang['invites_sure'].' Click <a href="'.$_SERVER['PHP_SELF'].'?do=delete_invite&amp;id='.$id.'&amp;sender='.$CURUSER['id'].'&amp;sure=yes">here</a> to delete it or <a href="?do=view_page">here</a> to go back.');

mysql_query('DELETE FROM invite_codes WHERE id = ' sqlesc($id) . ' AND sender =' sqlesc($CURUSER['id'].' AND status = "Pending"')) or sqlerr(__FILE____LINE__);

mysql_query('UPDATE users SET invites = invites + 1 WHERE id = '.sqlesc($CURUSER['id'])) or sqlerr(__FILE____LINE__);

header("Location: ?do=view_page");
}

/**
 * @action Confirm Accounts
 */

elseif ($do ='confirm_account') {
   
$userid = (isset($_GET["userid"]) ? (int)$_GET["userid"] : (isset($_POST["userid"]) ? (int)$_POST["userid"] : ''));

if (!is_valid_id($userid))
stderr($lang['invites_error'], $lang['invites_invalid']);

$select mysql_query('SELECT id, username FROM users WHERE id = ' sqlesc($userid) . ' AND invitedby = ' sqlesc($CURUSER['id'])) or sqlerr(__FILE____LINE__);
$assoc mysql_fetch_assoc($select);

if (!$assoc)
stderr($lang['invites_error'], $lang['invites_errorid']);

isset($_GET['sure']) && $sure htmlspecialchars($_GET['sure']);

if (!$sure)
stderr($lang['invites_confirm1'], $lang['invites_sure1'].' '.htmlspecialchars($assoc['username']).'\'s account? Click <a href="?do=confirm_account&amp;userid='.$userid.'&amp;sender='.$CURUSER['id'].'&amp;sure=yes">here</a> to confirm it or <a href="?do=view_page">here</a> to go back.');

mysql_query('UPDATE users SET status = "confirmed" WHERE id = '.sqlesc($userid).' AND invitedby = '.sqlesc($CURUSER['id']).' AND status="pending"') or sqlerr(__FILE____LINE__);
//==pm to new invitee/////
$msg sqlesc("Hey there :wave:
Welcome to {$TBDEV['site_name']}!
  
We have made many changes to the site, and we hope you enjoy them! 
We have been working hard to make {$TBDEV['site_name']} somethin' special!

{$TBDEV['site_name']} has a strong community (just check out forums), and is a feature rich site. We hope you'll join in on all the fun!
 
Be sure to read the [url={$TBDEV['baseurl']}/rules.php]Rules[/url] and [url={$TBDEV['baseurl']}/faq.php]FAQ[/url] before you start using the site.
We are a strong friendly community here {$TBDEV['site_name']} is so much more then just torrents.
Just for kicks, we've started you out with 200.0 Karma Bonus  Points, and a couple of bonus GB to get ya started! 
so, enjoy  
cheers, 
{$TBDEV['site_name']} Staff");
$id $assoc["id"];
$subject sqlesc("Welcome to {$TBDEV['site_name']} !");
$added sqlesc(time());
mysql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, $subject$id$msg$added)") or sqlerr(__FILE____LINE__);
///////////////////end////////////
header("Location: ?do=view_page");
}
?>

invite_signup.php :

Code Select
<?php
require_once('include/bittorrent.php');
require_once('include/user_functions.php');
require_once('cache/timezones.php');
require_once('include/page_verify.php');
dbconn();
get_template();

$stdfoot = array(/** include js **/'js' => array('check','jquery.pstrength-min.1.2'));

$lang array_mergeload_language('global'), load_language('signup') );
$newpage = new page_verify(); 
$newpage->create('tkIs');

$res mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE____LINE__);
$arr mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['maxusers'])
stderr("Sorry""The current user account limit (" number_format($TBDEV['maxusers']) . ") has been reached. Inactive accounts are pruned all the time, please check back again later...");

if(!$TBDEV['openreg'])
    stderr('Sorry''Invite only - Signups are closed presently');

// TIMEZONE STUFF
        $offset = (string)$TBDEV['time_offset'];
        
        $time_select "<select name='user_timezone'>";
        
        foreach( $TZ as $off => $words )
        {
          if ( preg_match("/^time_(-?[\d\.]+)$/"$off$match))
          {
            $time_select .= $match[1] == $offset "<option value='{$match[1]}' selected='selected'>$words</option>\n" "<option value='{$match[1]}'>$words</option>\n";
          }
        }
        
        $time_select .= "</select>";
    // TIMEZONE END

$HTMLOUT='';

$HTMLOUT .= "
    <script type='text/javascript'>
    /*<![CDATA[*/
    $(function() {
    $('.password').pstrength();
    });
    /*]]>*/
    </script>";
// Normal Entry Point...
$value = array('...','...','...','...','...','...');
$value[rand(1,count($value)-1)] = 'X';
$HTMLOUT .="<script type='text/javascript' src='scripts/jquery.js'></script>
    <script type='text/javascript' src='scripts/jquery.simpleCaptcha-0.2.js'></script>
    <script type='text/javascript'>
     $(document).ready(function () {
     $('#captchainvite').simpleCaptcha();
    });
    </script>
<p>Note: You need cookies enabled to sign up or log in.</p>
<form method='post' action='{$TBDEV['baseurl']}/take_invite_signup.php'>
<noscript>Javascript must be enabled to login and use this site</noscript>
<table border='1' cellspacing='0' cellpadding='10'>
<tr><td align='right' class='heading'>Desired username:</td><td align='left'><input type='text' size='40' name='wantusername' id='wantusername' onblur='checkit();' /><div id='namecheck'></div></td></tr>
<tr><td align='right' class='heading'>Pick a password:</td><td align='left'><input class='password' type='password' size='40' name='wantpassword' /></td></tr>
<tr><td align='right' class='heading'>Enter password again:</td><td align='left'><input type='password' size='40' name='passagain' /></td></tr>
<tr><td align='right' class='heading'>Enter invite-code:</td><td align='left'><input type='text' size='40' name='invite' /></td></tr>
<tr valign='top'><td align='right' class='heading'>Email address:</td><td align='left'><input type='text' size='40' name='email' />
<table width='250' border='0' cellspacing='0' cellpadding='0'><tr><td class='embedded'><font class='small'>The email address must be valid. The email address won't be publicly shown anywhere unless you chose to from your settings.</font></td></tr></table></td></tr>
<tr><td align='right' class='heading'>{$lang['signup_timez']}</td><td align='left'>{$time_select}</td></tr>";
//==Passhint
     $passhint="";
     $questions = array(
       array("id"=> "1""question"=> "{$lang['signup_q1']}"),
         array("id"=> "2""question"=> "{$lang['signup_q2']}"),
         array("id"=> "3""question"=> "{$lang['signup_q3']}"),
         array("id"=> "4""question"=> "{$lang['signup_q4']}"),
         array("id"=> "5""question"=> "{$lang['signup_q5']}"),
         array("id"=> "6""question"=> "{$lang['signup_q6']}"));
        foreach($questions as $sph){  
        $passhint .= "<option value='".$sph['id']."'>".$sph['question']."</option>\n"
        }
        $HTMLOUT .= "<tr><td align='right' class='heading'>{$lang['signup_select']}</td><td align='left'><select name='passhint'>\n$passhint\n</select></td></tr>
        <tr><td align='right' class='heading'>{$lang['signup_enter']}</td><td align='left'><input type='text' size='40'  name='hintanswer' /><br /><font class='small'>{$lang['signup_this_answer']}<br />{$lang['signup_this_answer1']}</font></td></tr>
<tr><td align='right' class='heading'></td><td align='left'><input type='checkbox' name='rulesverify' value='yes' /> I will read the site rules page.<br />
<input type='checkbox' name='faqverify' value='yes' /> I agree to read the FAQ before asking questions.<br />
<input type='checkbox' name='ageverify' value='yes' /> I am at least 18 years old.</td></tr>
<tr><td class='rowhead' colspan='2' id='captchainvite'></td></tr>
<tr><td align='center' colspan='2'>Now click the button marked <strong>X</strong> to complete the sign up!</td></tr><tr>
<td colspan='2' align='center'>";
 for ($i=0$i count($value); $i++) {
 $HTMLOUT .= "<input name=\"submitme\" type=\"submit\" value=\"".$value[$i]."\" class=\"btn\" />";
 }
 $HTMLOUT .= "</td></tr></table></form>";

print stdhead('Invites') . $HTMLOUT stdfoot($stdfoot);
?>

take_invite_signup.php :

Code (php) Select
<?php
require_once('include/bittorrent.php');
require_once('include/user_functions.php');
require_once('include/password_functions.php');
require_once('include/page_verify.php');
dbconn();
get_template();

$lang array_mergeload_language('global'), load_language('takesignup') );

$newpage = new page_verify(); 
$newpage->check('tkIs');
$res mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE____LINE__);
$arr mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['maxusers'])    
stderr($lang['stderr_errorhead'], sprintf($lang['stderr_ulimit'], $TBDEV['maxusers']));

if (!mkglobal("wantusername:wantpassword:passagain:email:invite:captchaSelection:submitme:passhint:hintanswer"))
die();

if ($submitme != 'X')
  stderr('Ha Ha''You Missed, You plonker !');
  
 if(empty($captchaSelection) || $_SESSION['simpleCaptchaAnswer'] != $captchaSelection){
 header('Location: invite_signup.php');
 exit();
 }

function validusername($username) {
if ($username == "")
return false;
// The following characters are allowed in user names
$allowedchars "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i 0$i strlen($username); ++$i)
if (strpos($allowedchars$username[$i]) === false)
return false;
return true
}

if (empty($wantusername) || empty($wantpassword) || empty($email) || empty($invite) || empty($passhint) || empty($hintanswer))
stderr("Error","Don't leave any fields blank.");

if(!blacklist($wantusername))
 stderr($lang['takesignup_user_error'],sprintf($lang['takesignup_badusername'],htmlspecialchars($wantusername)));

if (strlen($wantusername) > 12)
stderr("Error","Sorry, username is too long (max is 12 chars)");

if ($wantpassword != $passagain)
stderr("Error","The passwords didn't match! Must've typoed. Try again.");

if (strlen($wantpassword) < 6)
stderr("Error","Sorry, password is too short (min is 6 chars)");

if (strlen($wantpassword) > 40)
stderr("Error","Sorry, password is too long (max is 40 chars)");

if ($wantpassword == $wantusername)
stderr("Error","Sorry, password cannot be same as user name.");

if (!validemail($email))
stderr("Error","That doesn't look like a valid email address.");

if (!validusername($wantusername))
stderr("Error","Invalid username.");

// make sure user agrees to everything...
if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")
stderr("Error","Sorry, you're not qualified to become a member of this site.");

// check if email addy is already in use
$a = (@mysql_fetch_row(mysql_query('SELECT COUNT(*) FROM users WHERE email = ' sqlesc($email)))) or die(mysql_error());
if ($a[0] != 0)
stderr('Error''The e-mail address <b>' htmlspecialchars($email) . '</b> is already in use.');

//=== check if ip addy is already in use
$c = (@mysql_fetch_row(mysql_query("select count(*) from users where ip='" $_SERVER['REMOTE_ADDR'] . "'"))) or die(mysql_error());
if ($c[0] != 0)
stderr("Error""The ip " $_SERVER['REMOTE_ADDR'] . " is already in use. We only allow one account per ip address.");

// TIMEZONE STUFF
    if(isset($_POST["user_timezone"]) && preg_match('#^\-?\d{1,2}(?:\.\d{1,2})?$#'$_POST['user_timezone']))
    {
    $time_offset sqlesc($_POST['user_timezone']);
    }
    else
    { 
    $time_offset = isset($TBDEV['time_offset']) ? sqlesc($TBDEV['time_offset']) : '0'; }
    // have a stab at getting dst parameter?
    $dst_in_use localtime(time() + ($time_offset 3600), true);
    // TIMEZONE STUFF END

$select_inv mysql_query('SELECT sender, receiver, status FROM invite_codes WHERE code = ' sqlesc($invite)) or die(mysql_error());
$rows mysql_num_rows($select_inv);
$assoc mysql_fetch_assoc($select_inv);

if ($rows == 0)
stderr("Error","Invite not found.\nPlease request a invite from one of our members.");

if ($assoc["receiver"]!=0)
stderr("Error","Invite already taken.\nPlease request a new one from your inviter.");

    $secret mksecret();
    $wantpasshash make_passhash$secretmd5($wantpassword) );
    $editsecret = ( !$arr[0] ? "" make_passhash_login_key() );
    $wanthintanswer md5($hintanswer);
$new_user mysql_query("INSERT INTO users (username, passhash, secret, passhint, hintanswer, editsecret, invitedby, email, ". (!$arr[0]?"class, ":"") ."added, last_access, last_login, time_offset, dst_in_use) VALUES (" .
implode(","array_map("sqlesc", array($wantusername$wantpasshash$secret$editsecret$passhint$wanthintanswer, (int)$assoc['sender'], $email))).
", ". (!$arr[0]?UC_SYSOP.", ":""). "'".  time() ."','".  time() ."','".  time() ."', $time_offset{$dst_in_use['tm_isdst']})");
$message "Welcome New {$TBDEV['site_name']} Member : - " htmlspecialchars($wantusername) . "";
if (!$new_user) {
if (mysql_errno() == 1062)
stderr("Error","Username already exists!");
stderr("Error","borked");
}

//===send PM to inviter
$sender $assoc["sender"];
$added sqlesc(time());
$msg sqlesc("Hey there [you] ! :wave:\nIt seems that someone you invited to {$TBDEV['site_name']} has arrived ! :clap2: \n\n Please go to your [url={$TBDEV['baseurl']}/invite.php]Invite page[/url] to confirm them so they can log in.\n\ncheers\n");
$subject sqlesc("Someone you invited has arrived!");
mysql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, $subject$sender$msg$added)") or sqlerr(__FILE____LINE__);
//////////////end/////////////////////
$id mysql_insert_id();
mysql_query('UPDATE invite_codes SET receiver = ' sqlesc($id) . ', status = "Confirmed" WHERE sender = ' sqlesc((int)$assoc['sender']). ' AND code = ' sqlesc($invite)) or sqlerr(__FILE____LINE__);
write_log('User account '.htmlspecialchars($wantusername).' was created!');
autoshout($message);
stderr('Success','Signup successfull, Your inviter needs to confirm your account now before you can use your account !');
?>

lang_invite_code.php :

Code (php) Select
<?php

$lang = array(

#invite errors
'invites_error' => "Error",
'invites_deny' => "Denied",
'invites_limit' => "Sorry, user limit reached. Please try again later.",
'invites_disabled' => "Your invite sending privileges has been disabled by the Staff!",
'invites_noinvite' => "No invites !",
'invites_invalidemail' => "That doesn't look like a valid email address.",
'invites_noemail' => "You must enter an email address!",
'invites_unable' => "Unable to send mail. Please contact an administrator about this error.",
'invites_confirmation' => "A confirmation email has been sent to the address you specified.",
'invites_invalid' => "Invalid ID!",
'invites_noexsist' => "This invite code does not exist.",
'invites_sure' => "Are you sure you want to delete this invite code?",
'invites_errorid' => "No user with this ID.",
'invites_sure1' => "Are you sure you want to confirm",

#invites
'invites_users' => "Invited Users",
'invites_nousers' => "No Invitees Yet",
'invites_username' => "Username",
'invites_uploaded' => "Uploaded",
'invites_downloaded' => "Downloaded",
'invites_ratio' => "Ratio",
'invites_status' => "Status",
'invites_confirm' => "Confirm",
'invites_confirm1' => "Confirmed",
'invites_pend' => "Pending",
'invites_codes' => "Created Invite Codes",
'invites_nocodes' => "You have not created any invite codes at the moment!",
'invites_date' => "Created Date",
'invites_delete' => "Delete",
'invites_create' => "Create Invite Code",
'invites_send_code' => "Send Invite Code",
'invites_delete1' => "Delete Invite",
'invites_confirm1' => "Confirmed Account",

);

?>
Print
Go Up Pages1
User actions