Login/After signup problem

Started by theilya2, January 24, 2014, 11:13:25 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Mindless

#11
So is that your working files posted, I don't see takeprofileedit.php, bittorrent.php ? I'll look at it shortly but post all the related code not snips, I need to see how its been modified. We shall not go back to default code whocares, makes it weaker and easy to exploit, 09 needs cookies secured and passhash & modtask at a minimum,  was me that updated probably 90 % of Tbdev mods to 09 and I've posted it all here for everyone's use and I know 09 like the back of my hand lol, secure yer cookies 2 is the topic and the modtask one is stickied.

whocares

my only idea would be if you still have the instructions for the secure cookie stuff you go back and remove that so its back to the default cookie that tbdev used.

If you completely disable the cookie system none off your users will be able to login.
Unless stated otherwise code is untested

theilya2

so have any solution for my problems?

if i diseable cookies will be a problem?

whocares

What I ended up looking at is the function in bittorrent.php that checks the cookie, since there was a difference between what takelogin was doing and takesignup in creating the session cookie.  This showed that they were already trying to use the secure mod

Code (php) Select
if (get_mycookie('pass') !== md5($row["passhash"].$_SERVER["REMOTE_ADDR"]))
    return;

So I thought it would be easier to just change the takesignup.php to use that secure mod instead of changing the others to not.  Obviously that didn't work.
Unless stated otherwise code is untested

Mindless

Quote from: whocares on January 25, 2014, 02:24:13 PM
Not going to guarantee this is going to work but

in takesignup.php replace
Code (php) Select
else
      logincookie($id, $wantpasshash);

with
Code (php) Select
//else
      //logincookie($id, $wantpasshash);
      else {
        $passh = md5($wantpasshash.$_SERVER["REMOTE_ADDR"]);
        logincookie($id, $passh);
      }


This may fix some problems but I'm certain

Your posting code that's part of a cookie mod to secure cookies, will never work and just create more hassle, the hint is in his first post, its on registration, so you look at takesignup.php because that is what inserts the new user, that's where the failure is, or his description of the error is very poor and not accurate to what is actually happening.

Rich

Does everything work if you put the files back to their original state before you made any changes to them?

theilya2

still have this problem
2. again part of people have access to login and when they clicks on the navbar or some torrent page they thrown to the login page

whocares

Not going to guarantee this is going to work but

in takesignup.php replace
Code (php) Select
else
      logincookie($id, $wantpasshash);

with
Code (php) Select
//else
      //logincookie($id, $wantpasshash);
      else {
        $passh = md5($wantpasshash.$_SERVER["REMOTE_ADDR"]);
        logincookie($id, $passh);
      }


This may fix some problems but I'm certain
Unless stated otherwise code is untested

theilya2


function userlogin() {
    global $TBDEV;
    unset($GLOBALS["CURUSER"]);

    $ip = getip();
$nip = ip2long($ip);

    require_once "cache/bans_cache.php";
    if(count($bans) > 0)
    {
      foreach($bans as $k) {
        if($nip >= $k['first'] && $nip <= $k['last']) {
        header("HTTP/1.0 403 Forbidden");
        print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address.</body></html>\n";
        exit();
        }
      }
      unset($bans);
    }
    if (!$TBDEV['site_online'] || !get_mycookie('uid') || !get_mycookie('pass')|| !get_mycookie('hashv') )
       return;
    $id = 0 + get_mycookie('uid');
    if (!$id OR (strlen( get_mycookie('pass') ) != 32) OR (get_mycookie('hashv') != hashit($id,get_mycookie('pass'))))
       return;
    $res = mysql_query("SELECT * FROM users WHERE id = $id AND enabled='yes' AND status = 'confirmed'");// or die(mysql_error());
    $row = mysql_fetch_assoc($res);
    if (!$row)
        return;
    //$sec = hash_pad($row["secret"]);
    if (get_mycookie('pass') !== md5($row["passhash"].$_SERVER["REMOTE_ADDR"]))
    return;
    mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE id=" . $row["id"]);// or die(mysql_error());
    $row['ip'] = $ip;
if ($row["class"]>=UC_MODERATOR){
        $allowed_ID =  $TBDEV['allowed_staff']['id'];
        if (!in_array(((int)$row["id"]),$allowed_ID,true)){
        $msg = "Fake Account Detected: Username: ".$row["username"]." - UserID: ".$row["id"]." - UserIP : ".getip();
        write_log($msg);

whocares

in your bittorrent.php there should be a function that starts

function userlogin() {
    global $TBDEV;
    unset($GLOBALS["CURUSER"]);

   

and ends like
mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE id=" . $row["id"]);// or die(mysql_error());
    $row['ip'] = $ip;
    $GLOBALS["CURUSER"] = $row;
}


can you post that entire function here?
Unless stated otherwise code is untested

theilya2

#1
Hello
i have some strange problems
1. part of people after registration trying to login and they get the error
"username or password incorrect" but thats correct i tryed too and i get this error and sometimes i check in db if they users are there and i didnt see them

2. again part of people have access to login and when they clicks on the navbar or some torrent page they thrown to the login page


i will be happy if someone take a look inside the files


login.php

<?php
/*
+------------------------------------------------
|   TBDev.net BitTorrent Tracker PHP
|   =============================================
|   by CoLdFuSiOn
|   (c) 2003 - 2009 TBDev.Net
|   http://www.tbdev.net
|   =============================================
|   svn: http://sourceforge.net/projects/tbdevnet/
|   Licence Info: GPL
+------------------------------------------------
|   $Date$
|   $Revision$
|   $Author$
|   $URL$
+------------------------------------------------
*/
require_once "include/bittorrent.php" ;

    
ini_set('session.use_trans_sid''0');

    
$lang array_mergeload_language('global'), load_language('login') );
    
    
// Begin the session
    
session_start();
    
/*if (isset($_SESSION['captcha_time']))
    (time() - $_SESSION['captcha_time'] < 10) ? exit("{$lang['login_spam']}") : NULL;*/

    
$HTMLOUT '';

    unset(
$returnto);
    
/*if (!empty($_GET["returnto"])) {
      $returnto = $_GET["returnto"];
      if (!isset($_GET["nowarn"])) 
      {
        $HTMLOUT .= "<h1>{$lang['login_not_logged_in']}</h1>\n";
        $HTMLOUT .= "{$lang['login_error']}";
      }
    }*/


    /*$HTMLOUT .= "<script type='text/javascript' src='captcha/captcha.js'></script>

    <form method='post' action='takelogin.php'>
    <p>Note: You need cookies enabled to log in.</p>
    <table border='0' cellpadding='5'>
      <tr>
        <td class='rowhead'>{$lang['login_username']}</td>
        <td align='left'><input type='text' size='40' name='username' /></td>
      </tr>
      <tr>
        <td class='rowhead'>{$lang['login_password']}</td>
        <td align='left'><input type='password' size='40' name='password' /></td>
      </tr>
    <!--<tr><td class='rowhead'>{$lang['login_duration']}</td><td align='left'><input type='checkbox' name='logout' value='yes' checked='checked' />{$lang['login_15mins']}</td></tr>-->
      <tr>
        <td>&nbsp;</td>
        <td>
          <div id='captchaimage'>
          <a href='login.php' onclick=\"refreshimg(); return false;\" title='{$lang['login_refresh']}'>
          <img class='cimage' src='captcha/GD_Security_image.php?".TIME_NOW."' alt='{$lang['login_captcha']}' />
          </a>
          </div>
         </td>
      </tr>
      <tr>
          <td class='rowhead'>{$lang['login_pin']}</td>
          <td>
            <input type='text' maxlength='6' name='captcha' id='captcha' onblur='check(); return false;'/>
          </td>
      </tr>
      <tr>
        <td colspan='2' align='center'>
          <input type='submit' value='{$lang['login_login']}' class='btn' />
        </td>
      </tr>
    </table>";*/

    
if (isset($_GET["error"]) && !empty($_GET["error"]))
    {
        
$error strip_tags(htmlspecialchars($_GET["error"]));
        if (
$error == 1
            
$error "שם משתמש או סיסמא אינם תקינים";
        elseif (
$error == 2)
            
$error "חשבונך באתר בוטל!";
    }
    
    
$HTMLOUT .= "<script type='text/javascript' src='captcha/captcha.js'></script>
        <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">

<html dir='rtl' xmlns='http://www.w3.org/1999/xhtml'>
<head>

<meta name='generator' content='TBDev.net' />
<meta http-equiv='Content-Language' content='he-il' />
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />

<title>DownLand :: Log In</title>
<link rel='stylesheet' href='
{$TBDEV['stylesheet']}' type='text/css' />
<script type='text/javascript' src='./scripts/jquery-1.10.2.js'></script>
<script type='text/javascript' src='./scripts/scripts.js'></script>
                        
<script type='text/javascript' src='./scripts/java_klappe.js'></script>
<script type='text/javascript' src='/lightbox/js/jquery-1.10.2.min.js'></script>
<script type='text/javascript' src='/lightbox/js/lightbox-2.6.min.js'></script>
<link type='text/css' rel='stylesheet' href='/lightbox/css/lightbox.css' />
</head>
            <body style='background-image: url(images/topbg.jpg); overflow: hidden'>
                <form method='post' action='takelogin.php'>
                <div id='loginblock'>
                 <table>
                  <tr>
                   <td><input type='text' name='username' placeholder='שם משתמש' autocomplete='off' /></td>
                  </tr>
                  <tr>
                   <td><input type='password' name='password' placeholder='סיסמא' /></td>
                  </tr>
                  <tr>
                   <td style='padding-top: 5px'>
                    <div id='captchaimage'>
                    <a href='login.php' onclick=\"refreshimg(); return false;\" title='
{$lang['login_refresh']}'>
                    <img src='captcha/GD_Security_image.php?"
.TIME_NOW."' alt='{$lang['login_captcha']}' />
                    </a>
                    </div>
                   </td>
                  </tr>
                  <tr>
                   <td><input style='text-transform: uppercase;' maxlength='6' type='text' name='captcha' id='captcha' onblur='check(); return false;' placeholder='קוד אבטחה' autocomplete='off' /></td>
                  </tr>
                  <tr>
                   <td><input type='submit' value='התחבר' /></td>
                  </tr>
                 </table>
                </div>
                </form>
            </body>
        </html>
        "
;

    
/*if (isset($returnto))
      $HTMLOUT .= "<input type='hidden' name='returnto' value='" . htmlentities($returnto) . "' />\n";*/


    /*$HTMLOUT .= "</form>
    {$lang['login_signup']}";*/


    
print $HTMLOUT stdfoot("login");
    
//print stdhead("{$lang['login_login_btn']}") . $HTMLOUT . stdfoot();

?>


takelogin.php

<?php
/*
+------------------------------------------------
|   TBDev.net BitTorrent Tracker PHP
|   =============================================
|   by CoLdFuSiOn
|   (c) 2003 - 2009 TBDev.Net
|   http://www.tbdev.net
|   =============================================
|   svn: http://sourceforge.net/projects/tbdevnet/
|   Licence Info: GPL
+------------------------------------------------
|   $Date$
|   $Revision$
|   $Author$
|   $URL$
+------------------------------------------------
*/
require_once 'include/bittorrent.php';
require_once 
"include/password_functions.php";

    if (!
mkglobal('username:password:captcha'))
      die();
      
    
session_start();
      if(empty(
$captcha) || $_SESSION['captcha_id'] != strtoupper($captcha)){
          
header('Location: login.php');
          exit();
    }

    
dbconn();
    
    
$lang array_mergeload_language('global'), load_language('takelogin') );


    
$res mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " sqlesc($username) . " AND status = 'confirmed'");
    
$row mysql_fetch_assoc($res);

    if (!
$row)
      
stderr($lang['tlogin_failed'], 'שם משתמש או סיסמא אינם נכונים<br /><br /><a class=\'a\' href=\'login.php\'>חזור</a>'"login");
    
    if (
$row['passhash'] != make_passhash$row['secret'], md5($password) ) )
    
//if ($row['passhash'] != md5($row['secret'] . $password))
      
stderr($lang['tlogin_failed'], 'שם משתמש או סיסמא אינם נכונים<br /><br /><a class=\'a\' href=\'login.php\'>חזור</a>'"login");

    if (
$row['enabled'] == 'no')
      
stderr($lang['tlogin_failed'], "חשבונך באתר מבוטל""login");

    
//logincookie($row['id'], $row['passhash']);
$passh md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);
    
logincookie($row["id"], $passh);


//$returnto = str_replace('&amp;', '&', htmlspecialchars($_POST['returnto']));
//$returnto = $_POST['returnto'];
    //if (!empty($returnto))
      //header("Location: ".$returnto);
    //else
      
header("Location: {$TBDEV['baseurl']}/my.php");

?>


signup.php
<?php
/*
+------------------------------------------------
|   TBDev.net BitTorrent Tracker PHP
|   =============================================
|   by CoLdFuSiOn
|   (c) 2003 - 2009 TBDev.Net
|   http://www.tbdev.net
|   =============================================
|   svn: http://sourceforge.net/projects/tbdevnet/
|   Licence Info: GPL
+------------------------------------------------
|   $Date$
|   $Revision$
|   $Author$
|   $URL$
+------------------------------------------------
*/
require_once "include/bittorrent.php";
require_once 
ROOT_PATH."/cache/timezones.php";

dbconn();
    
    if( isset(
$CURUSER) )
      exit();
    
    
ini_set('session.use_trans_sid''0');

    
$lang array_mergeload_language('global'), load_language('signup') );

if(!$TBDEV['openreg'])
            
stderr('Sorry''ההרשמה לאתר דורשת הזמנה!'"login");
    
    
// Begin the session
    
session_start();
    
/*if (isset($_SESSION['captcha_time']))
    (time() - $_SESSION['captcha_time'] < 10) ? exit($lang['captcha_spam']) : NULL;*/
    
    
$HTMLOUT '';
    
    
$res mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE____LINE__);
    
$arr mysql_fetch_row($res);
    if (
$arr[0] >= $TBDEV['maxusers'])
      
stderr($lang['stderr_errorhead'], sprintf($lang['stderr_ulimit'], $TBDEV['maxusers']));

    
// TIMEZONE STUFF
        
$offset = (string)$TBDEV['time_offset'];
        
        
$time_select "<select name='user_timezone'>";
        
        foreach( 
$TZ as $off => $words )
        {
          if ( 
preg_match("/^time_(-?[\d\.]+)$/"$off$match))
          {
            
$time_select .= $match[1] == $offset "<option value='{$match[1]}' selected='selected'>$words</option>\n" "<option value='{$match[1]}'>$words</option>\n";
          }
        }
        
        
$time_select .= "</select>";
    
// TIMEZONE END
        
    


    
$thistime time();

    
$HTMLOUT .= "<script type='text/javascript' src='captcha/captcha.js'></script>
        <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">

<html dir='rtl' xmlns='http://www.w3.org/1999/xhtml'>
<head>

<meta name='generator' content='TBDev.net' />
<meta http-equiv='Content-Language' content='he-il' />
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />

<title>DownLand :: Log In</title>
<link rel='stylesheet' href='
{$TBDEV['stylesheet']}' type='text/css' />
<script type='text/javascript' src='./scripts/jquery-1.10.2.js'></script>
<script type='text/javascript' src='./scripts/scripts.js'></script>
                        
<script type='text/javascript' src='./scripts/java_klappe.js'></script>
<script type='text/javascript' src='/lightbox/js/jquery-1.10.2.min.js'></script>
<script type='text/javascript' src='/lightbox/js/lightbox-2.6.min.js'></script>
<link type='text/css' rel='stylesheet' href='/lightbox/css/lightbox.css' />
</head>
            <body style='background-image: url(images/topbg.jpg); overflow: hidden'>

    <form method='post' action='takesignup.php' style='padding: 10%'>
<div id='loginblock' style='margin-top: 0'>
    <table>
    <tr><td><input type='text'  name='wantusername' placeholder='שם משתמש' autocomplete='off' /></td></tr>
    <tr><td><input type='password'  name='wantpassword' placeholder='סיסמא' autocomplete='off' /></td></tr>
    <tr><td><input type='password'  name='passagain' placeholder='סיסמא בשנית' autocomplete='off' /></td></tr>
    <tr valign='top'><td><input type='text'  name='email' placeholder='אימייל' autocomplete='off' /></td></tr>
    <!--<tr><td align='left'>
{$time_select}</td></tr>-->
      <tr>
        <td>
          <div id='captchaimage'>
          <a href='signup.php' onclick=\"refreshimg(); return false;\" title='
{$lang['captcha_refresh']}'>
          <img class='cimage' src='captcha/GD_Security_image.php?
$thistime' alt='{$lang['captcha_image_alt']}' />
          </a>
          </div>
         </td>
      </tr>
      <tr>
          <td>
            <input style='text-transform: uppercase;' type='text' maxlength='6' name='captcha' id='captcha' onblur='check(); return false;' autocomplete='off' />
          </td>
      </tr>
    <tr><td style='padding:3px 0 5px 0'>
<input type='hidden' name='rulesverify' value='yes' />
    <input type='checkbox' name='faqverify' value='yes' id='faqv' /> <label for='faqv' style='color: white; font-size: 13px'>אני מתחייב לקרוא את השו\"ת</label>
    <input type='hidden' name='ageverify' value='yes' />
</td></tr>
    <tr>
<td align='center'><input type='hidden' name='user_timezone' value='2' /><input type='submit' value='
{$lang['signup_btn']}' /></td></tr>
    </table>
</div>
    </form>
</body>
</html>"
;

/*    $HTMLOUT .= "<script type='text/javascript' src='captcha/captcha.js'></script>
        <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">

<html dir='rtl' xmlns='http://www.w3.org/1999/xhtml'>
<head>

<meta name='generator' content='TBDev.net' />
<meta http-equiv='Content-Language' content='he-il' />
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />

<title>DownLand :: Log In</title>
<link rel='stylesheet' href='{$TBDEV['stylesheet']}' type='text/css' />
<script type='text/javascript' src='./scripts/jquery-1.10.2.js'></script>
<script type='text/javascript' src='./scripts/scripts.js'></script>
                        
<script type='text/javascript' src='./scripts/java_klappe.js'></script>
<script type='text/javascript' src='/lightbox/js/jquery-1.10.2.min.js'></script>
<script type='text/javascript' src='/lightbox/js/lightbox-2.6.min.js'></script>
<link type='text/css' rel='stylesheet' href='/lightbox/css/lightbox.css' />
</head>
            <body style='background-image: url(images/topbg.jpg); overflow: hidden'>
                <form method='post' action='takelogin.php' style='padding: 10%'>
                <div id='loginblock' style='margin-top: 0'>
                 <table>
                  <tr>
                   <td><input type='text' name='wantusername' placeholder='שם משתמש' autocomplete='off' /></td>
                  </tr>
                  <tr>
                   <td><input type='password' name='wantpassword' placeholder='סיסמא' /></td>
                  </tr>
                  <tr>
                   <td><input type='password' name='passagain' placeholder='הסיסמא בשנית' /></td>
                  </tr>
                  <tr>
                   <td><input type='text' name='email' placeholder='אימייל' /></td>
                  </tr>
                  <tr>
                   <td style='padding-top: 5px'>
                    <div id='captchaimage'>
                    <a href='login.php' onclick=\"refreshimg(); return false;\" title='{$lang['captcha_refresh']}'>
                    <img src='captcha/GD_Security_image.php?".TIME_NOW."' alt='{$lang['captcha_image_alt']}' />
                    </a>
                    </div>
                   </td>
                  </tr>
                  <tr>
                   <td><input style='text-transform: uppercase;' maxlength='6' type='text' name='captcha' id='captcha' onblur='check(); return false;' placeholder='קוד אבטחה' autocomplete='off' /></td>
                  </tr>
                  <tr>
                   <td><input type='hidden' name='user_timezone' value='2' />
   <input type='submit' value='הרשם' /></td>
                  </tr>
                 </table>
                </div>
                </form>
            </body>
        </html>
        ";*/


    
print $HTMLOUT stdfoot("login");

?>


takesignup.php
<?php
/*
+------------------------------------------------
|   TBDev.net BitTorrent Tracker PHP
|   =============================================
|   by CoLdFuSiOn
|   (c) 2003 - 2009 TBDev.Net
|   http://www.tbdev.net
|   =============================================
|   svn: http://sourceforge.net/projects/tbdevnet/
|   Licence Info: GPL
+------------------------------------------------
|   $Date$
|   $Revision$
|   $Author$
|   $URL$
+------------------------------------------------
*/

require_once "include/bittorrent.php";
require_once 
"include/password_functions.php";

dbconn();

    
$lang array_mergeload_language('global'), load_language('takesignup') );
    
    
$res mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE____LINE__);
    
$arr mysql_fetch_row($res);
    
    if (
$arr[0] >= $TBDEV['maxusers'])
      
stderr($lang['takesignup_error'], $lang['takesignup_limit']);

//if (!mkglobal("wantusername:wantpassword:passagain:email:captcha"))
// die();
    
foreach( array('wantusername','wantpassword','passagain','email','captcha') as $x )
    {
      if( !isset(
$_POST$x ]) )
      {
        
stderr($lang['takesignup_user_error'], $lang['takesignup_form_data']);
      }
      
      ${
$x} = $_POST$x ];
    }

    
session_start();
    
    if(empty(
$captcha) || $_SESSION['captcha_id'] != strtoupper($captcha))
    {
        
header('Location: signup.php');
        exit();
    }


function 
validusername($username)
  {
    global 
$lang;
    
    if (
$username == "")
      return 
false;
    
    
$namelength strlen($username);
    
    if( (
$namelength 3) OR ($namelength 32) )
    {
      
stderr($lang['takesignup_user_error'], $lang['takesignup_username_length']);
    }
    
// The following characters are allowed in user names
    
$allowedchars $lang['takesignup_allowed_chars'];
    
    for (
$i 0$i $namelength; ++$i)
    {
  if (strpos($allowedchars$username[$i]) === false)
    return false;
    }
    
    return 
true;
  }
/*
function isportopen($port)
{
$sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);
if ($sd)
{
fclose($sd);
return true;
}
else
return false;
}

function isproxy()
{
$ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);
for ($i = 0; $i < count($ports); ++$i)
if (isportopen($ports[$i])) return true;
return false;
}
*/
    
if (empty($wantusername) || empty($wantpassword) || empty($email))
      
stderr($lang['takesignup_user_error'], $lang['takesignup_blank']);
    
    if (
$wantpassword != $passagain)
      
stderr($lang['takesignup_user_error'], $lang['takesignup_nomatch']);

    if (
strlen($wantpassword) < 6)
      
stderr($lang['takesignup_user_error'], $lang['takesignup_pass_short']);

    if (
strlen($wantpassword) > 40)
      
stderr($lang['takesignup_user_error'], $lang['takesignup_pass_long']);

    if (
$wantpassword == $wantusername)
      
stderr($lang['takesignup_user_error'], $lang['takesignup_same']);

    if (!
validemail($email))
      
stderr($lang['takesignup_user_error'], $lang['takesignup_validemail']);

    if (!
validusername($wantusername))
      
stderr($lang['takesignup_user_error'], $lang['takesignup_invalidname']);

    
// make sure user agrees to everything...
    
if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")
      
stderr($lang['takesignup_failed'], $lang['takesignup_qualify']);

    
// check if email addy is already in use
    
$a = (@mysql_fetch_row(@mysql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
    if (
$a[0] != 0)
      
stderr($lang['takesignup_user_error'], $lang['takesignup_email_used']);

    
// TIMEZONE STUFF
    
if(isset($_POST["user_timezone"]) && preg_match('#^\-?\d{1,2}(?:\.\d{1,2})?$#'$_POST['user_timezone']))
    {
    
$time_offset sqlesc($_POST['user_timezone']);
    }
    else
    { 
$time_offset = isset($TBDEV['time_offset']) ? sqlesc($TBDEV['time_offset']) : '0'; }
    
// have a stab at getting dst parameter?
    
$dst_in_use localtime(time() + ($time_offset 3600), true);
    
// TIMEZONE STUFF END

    
$secret mksecret();
    
$wantpasshash make_passhash$secretmd5($wantpassword) );
    
$editsecret = ( !$arr[0] ? "" make_passhash_login_key() );

    
$ret mysql_query("INSERT INTO users (username, passhash, secret, editsecret, email, status, ". (!$arr[0]?"class, ":"") ."added, time_offset, dst_in_use) VALUES (" .
implode(","array_map("sqlesc", array($wantusername$wantpasshash$secret$editsecret$email, (!$arr[0]?'confirmed':'pending')))).
", ". (!$arr[0]?UC_SYSOP.", ":""). ""time() ." , $time_offset{$dst_in_use['tm_isdst']})");

    if (!
$ret
    {
      if (
mysql_errno() == 1062)
        
stderr($lang['takesignup_user_error'], $lang['takesignup_user_exists']);
      
stderr($lang['takesignup_user_error'], $lang['takesignup_fatal_error']);
    }

    
$id mysql_insert_id();

//write_log("User account $id ($wantusername) was created");

    
$psecret $editsecret//md5($editsecret);

    
$body str_replace(array('<#SITENAME#>''<#USEREMAIL#>''<#IP_ADDRESS#>''<#REG_LINK#>'),
                        array(
$TBDEV['site_name'], $email$_SERVER['REMOTE_ADDR'], "{$TBDEV['baseurl']}/confirm.php?id=$id&secret=$psecret"),
                        
$lang['takesignup_email_body']);

    if(
$arr[0])
      
mail($email"{$TBDEV['site_name']} {$lang['takesignup_confirm']}"$body"{$lang['takesignup_from']} {$TBDEV['site_email']}");
    else 
      
logincookie($id$wantpasshash);

    
header("Refresh: 0; url=ok.php?type=". (!$arr[0]?"sysop":("signup&email=" urlencode($email))));

?>