RevCMS Registration problem
- Thread starter Woiah
- Start date
- Thread starter
- #3
PHP:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<link rel="shortcut icon" href="/cache/images/favicon.ico" type="image/x-icon" />
<link rel="stylesheet" href="/app/tpl/skins/Cave/css/style.css" />
</head>
<body>
<body>
<div class="container">
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<div class="navbar-brand"><img src="/app/tpl/skins/Cave/img/xmas_icon1.gif"></div>
</div>
<div class="collapse navbar-collapse" >
<p class="navbar-text navbar-left"><b>
Er zijn <span class="online_count"> {online}</span> {hotelname}'s online!</b></p>
</div>
</div>
</nav>
<div class="jumbotron bg91">
<div class="text">
<br />
<br />
<br />
<div class="animated animated fadeInLeft"><a href=""><img src="/app/tpl/skins/Cave/img/XETRO.gif"></a></div>
<p class="animated animated fadeInLeft">Maak vrienden, Doe mee en val op!</p>
<p><a class="btn btn-success animated fadeInLeft" href="/register">Meld je GRATIS aan!</a></p>
</div>
</div>
<div class="row">
<div class="col-xs-12">
<?php
if($template->form->error)
{
echo '<div class="alert alert-danger" role="alert">'.$template->form->error.'</div>';
}
?>
</div>
<form action="register" method="post">
<div class="col-xs-4">
<div class="panel panel-default">
<div class="panel-heading"><h4>Username & Email</h4></div>
<div class="panel-body">
<div class="list-index">
<font color="black">
<div class="form-group">
<label for="habbo-name"><center>Gebruikersnaam</center></label><br />
<input type="text" id="habbo-name"class="form-control" size="35" value="" name="reg_username" class="text-field" maxlength="32"> <br />
<label for="email"><center>Email Adres</center></label> <br />
<input type="text" id="email" class="form-control"size="35" name="reg_email" value="" class="text-field" maxlength="48"> <br />
</div>
</font>
</div>
</div>
</div>
</div>
<div class="col-xs-4">
<div class="panel panel-default">
<div class="panel-heading"><h4>Wachtwoorden</h4></div>
<div class="form-group">
<div class="panel-body">
<div class="list-index">
<font color="black">
<div class="form-group">
<label for="password"><center>Wachtwoord</center></label> <br />
<input type="password" id="password" class="form-control"size="35" name="reg_password" value="" class="password-field" maxlength="32"> <br />
<label for="password2"><center>Herhaal wachtwoord</center></label> <br />
<input type="password" id="password2" class="form-control"size="35" name="reg_rep_password" value="" class="password-field" maxlength="32">
</font>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="col-xs-4">
<div class="panel panel-default">
<div class="panel-heading"><h4>Submit</h4></div>
<div class="panel-body">
<div class="list-index">
<font color="black">
<button name="register"type="submit" class="btn btn-primary">Registreer jouw account</button>
</font>
</div>
</div>
</div>
</div>
</div>
</form>
<div class="content">
<div>
<div class="c_box">
<div class="inner" style="text-align: center;">
<b>©</b> {hotelname} - Alle rechten voorbehouden.<br/>
<a href="/staff">Medewerkers</a> |
<a href="/av">Algemene Voorwaarden</a>
</div>
</div>
</body>
</html> <br>
</body>
- Thread starter
- #7
Code:
<?php
namespace Revolution;
if(!defined('IN_INDEX')) { die('Sorry, you cannot access this file.'); }
class users implements iUsers
{
/*-------------------------------Authenticate-------------------------------------*/
final public function isLogged()
{
if(isset($_SESSION['user']['id']))
{
return true;
}
return false;
}
/*-------------------------------Checking of submitted data-------------------------------------*/
final public function validName($username)
{
if(strlen($username) <= 25 && ctype_alnum($username))
{
return true;
}
return false;
}
final public function validEmail($email)
{
return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);
}
final public function validSecKey($seckey)
{
if(is_numeric($seckey) && strlen($seckey) == 4)
{
return true;
}
return false;
}
final public function nameTaken($username)
{
global $engine;
if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' LIMIT 1") > 0)
{
return true;
}
return false;
}
final public function emailTaken($email)
{
global $engine;
if($engine->num_rows("SELECT * FROM users WHERE mail = '" . $email . "' LIMIT 1") > 0)
{
return true;
}
return false;
}
final public function userValidation($username, $password)
{
global $engine;
if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . $password . "' LIMIT 1") > 0)
{
return true;
}
return false;
}
/*-------------------------------Stuff related to bans-------------------------------------*/
final public function isBanned($value)
{
global $engine;
if($engine->num_rows("SELECT * FROM bans WHERE value = '" . $value . "' LIMIT 1") > 0)
{
return true;
}
return false;
}
final public function getReason($value)
{
global $engine;
return $engine->result("SELECT reason FROM bans WHERE value = '" . $value . "' LIMIT 1");
}
final public function hasClones($ip)
{
global $engine;
if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 9)
{
return true;
}
return false;
}
/*-------------------------------Login or Register user-------------------------------------*/
final public function register()
{
global $core, $template, $_CONFIG;
if(isset($_POST['register']))
{
unset($template->form->error);
$template->form->setData();
if($this->validName($template->form->reg_username))
{
if(!$this->nameTaken($template->form->reg_username))
{
if($this->validEmail($template->form->reg_email))
{
if(!$this->emailTaken($template->form->reg_email))
{
if(strlen($template->form->reg_password) > 6)
{
if($template->form->reg_password == $template->form->reg_rep_password)
{
if(isset($template->form->reg_seckey))
{
if($this->validSecKey($template->form->reg_seckey))
{
//Continue
}
else
{
$template->form->error = 'Secret key must only have 4 numbers';
return;
}
}
if($this->isBanned($_SERVER['REMOTE_ADDR']) == false)
{
if(!$this->hasClones($_SERVER['REMOTE_ADDR']))
{
if(!isset($template->form->reg_gender)) { $template->form->reg_gender = 'M'; }
if(!isset($template->form->reg_figure)) { $template->form->reg_figure = $_CONFIG['hotel']['figure']; }
$this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender, $core->hashed($template->form->reg_key));
$this->turnOn($template->form->reg_username);
header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
exit;
}
else
{
$template->form->error = 'Sorry, but you cannot register twice';
}
}
else
{
$template->form->error = 'Sorry, it appears you are IP banned.<br />';
$template->form->error .= 'Reason: ' . $this->getReason($_SERVER['REMOTE_ADDR']);
return;
}
}
else
{
$template->form->error = 'Password does not match repeated password';
return;
}
}
else
{
$template->form->error = 'Password must have more than 6 characters';
return;
}
}
else
{
$template->form->error = 'Email: <b>' . $template->form->reg_email . '</b> is already registered';
return;
}
}
else
{
$template->form->error = 'Email is not valid';
return;
}
}
else
{
$template->form->error = 'Username is already registered';
return;
}
}
else
{
$template->form->error = 'Username is invalid';
return;
}
}
}
final public function login()
{
global $template, $_CONFIG, $core;
if(isset($_POST['login']))
{
$template->form->setData();
unset($template->form->error);
if($this->nameTaken($template->form->log_username))
{
if($this->isBanned($template->form->log_username) == false || $this->isBanned($_SERVER['REMOTE_ADDR']) == false)
{
if($this->userValidation($template->form->log_username, $core->hashed($template->form->log_password)))
{
$this->turnOn($template->form->log_username);
$this->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
$template->form->unsetData();
header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
exit;
}
else
{
$template->form->error = 'Details do not match';
return;
}
}
else
{
$template->form->error = 'Sorry, it appears this user is banned<br />';
$template->form->error .= 'Reason: ' . $this->getReason($template->form->log_username);
return;
}
}
else
{
$template->form->error = 'Username does not exist';
return;
}
}
}
final public function loginHK()
{
global $template, $_CONFIG, $core;
if(isset($_POST['login']))
{
$template->form->setData();
unset($template->form->error);
if(isset($template->form->username) && isset($template->form->password))
{
if($this->nameTaken($template->form->username))
{
if($this->userValidation($template->form->username, $core->hashed($template->form->password)))
{
if(($this->getInfo($_SESSION['user']['id'], 'rank')) >= 4)
{
$_SESSION["in_hk"] = true;
header("Location:".$_CONFIG['hotel']['url']."/ase/dash");
exit;
}
else
{
$template->form->error = 'Incorrect access level.';
return;
}
}
else
{
$template->form->error = 'Incorrect password.';
return;
}
}
else
{
$template->form->error = 'User does not exist.';
return;
}
}
$template->form->unsetData();
}
}
final public function help()
{
global $template, $_CONFIG;
$template->form->setData();
if(isset($template->form->help))
{
$to = $_CONFIG['hotel']['email'];
$subject = "Help from RevCMS user - " . $this->getInfo($_SESSION['user']['id'], 'username');
$body = $template->form->question;
if (mail($to, $subject, $body))
{
$template->form->error = 'Message successfully sent! We will answer you shortly!';
}
else
{
$template->form->error = 'Message delivery failed.';
}
}
}
/*-------------------------------Account settings-------------------------------------*/
final public function updateAccount()
{
global $template, $_CONFIG, $core, $engine;
if(isset($_POST['account']))
{
if(isset($_POST['acc_motto']) && strlen($_POST['acc_motto']) < 30 && $_POST['acc_motto'] != $this->getInfo($_SESSION['user']['id'], 'motto'))
{
$this->updateUser($_SESSION['user']['id'], 'motto', $engine->secure($_POST['acc_motto']));
header('Location: '.$_CONFIG['hotel']['url'].'/account');
exit;
}
else
{
$template->form->error = 'Motto is invalid.';
}
if(isset($_POST['acc_email']) && $_POST['acc_email'] != $this->getInfo($_SESSION['user']['id'], 'mail'))
{
if($this->validEmail($_POST['acc_email']))
{
$this->updateUser($_SESSION['user']['id'], 'mail', $engine->secure($_POST['acc_email']));
header('Location: '.$_CONFIG['hotel']['url'].'/account');
exit;
}
else
{
$template->form->error = 'Email is not valid';
return;
}
}
if(!empty($_POST['acc_old_password']) && !empty($_POST['acc_new_password']))
{
if($this->userValidation($this->getInfo($_SESSION['user']['id'], 'username'), $core->hashed($_POST['acc_old_password'])))
{
if(strlen($_POST['acc_new_password']) >= 8)
{
$this->updateUser($_SESSION['user']['id'], 'password', $core->hashed($_POST['acc_new_password']));
header('Location: '.$_CONFIG['hotel']['url'].'/me');
exit;
}
else
{
$template->form->error = 'New password is too short';
return;
}
}
else
{
$template->form->error = 'Current password is wrong';
return;
}
}
}
}
final public function turnOn($k)
{
$j = $this->getID($k);
$this->createSSO($j);
$_SESSION['user']['id'] = $j;
$this->cacheUser($j);
unset($j);
}
/*-------------------------------Loggin forgotten-------------------------------------*/
final public function forgotten()
{
global $template, $_CONFIG, $core;
if(isset($_POST['forgot']))
{
$template->form->setData();
unset($template->form->error);
if($this->nameTaken($template->form->for_username))
{
if(strlen($template->form->for_password) > 6)
{
if($this->getInfo($this->getID($template->form->for_username), 'seckey') == $core->hashed($template->form->for_key))
{
$this->updateUser($this->getID($template->form->for_username), 'password', $core->hashed($template->form->for_password));
$template->form->error = 'Account recovered! Go <b><a href="index">here</a></b> to login!';
return;
}
else
{
$template->form->error = 'Secret key is incorrect';
return;
}
}
else
{
$template->form->error = 'Password must have more than 6 characters.';
return;
}
}
else
{
$template->form->error = 'Username does not exist';
return;
}
}
}
/*-------------------------------Create SSO auth_ticket-------------------------------------*/
final public function createSSO($k)
{
$sessionKey = 'RevCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
$this->updateUser($k, 'auth_ticket', $sessionKey);
unset($sessionKey);
}
/*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey)
{
global $engine;
$sessionKey = 'RevCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
$engine->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $seckey . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')");
unset($sessionKey);
}
final public function deleteUser($k)
{
global $engine;
$engine->query("DELETE FROM users WHERE id = '" . $k . "' LIMIT 1");
$engine->query("DELETE FROM items WHERE userid = '" . $k . "' LIMIT 1");
$engine->query("DELETE FROM rooms WHERE ownerid = '" . $k . "' LIMIT 1");
}
final public function updateUser($k, $key, $value)
{
global $engine;
$engine->query("UPDATE users SET " . $key . " = '" . $engine->secure($value) . "' WHERE id = '" . $k . "' LIMIT 1");
$_SESSION['user'][$key] = $engine->secure($value);
}
/*-------------------------------Handling user information-------------------------------------*/
final public function cacheUser($k)
{
global $engine;
$userInfo = $engine->fetch_assoc("SELECT username, rank, motto, mail, credits, activity_points, look, auth_ticket, ip_last FROM users WHERE id = '" . $k . "' LIMIT 1");
foreach($userInfo as $key => $value)
{
$this->setInfo($key, $value);
}
}
final public function setInfo($key, $value)
{
global $engine;
$_SESSION['user'][$key] = $engine->secure($value);
}
final public function getInfo($k, $key)
{
global $engine;
if(!isset($_SESSION['user'][$key]))
{
$value = $engine->result("SELECT $key FROM users WHERE id = '" . $engine->secure($k) . "' LIMIT 1");
if($value != null)
{
$this->setInfo($key, $value);
}
}
return $_SESSION['user'][$key];
}
/*-------------------------------Get user ID or Username-------------------------------------*/
final public function getID($k)
{
global $engine;
return $engine->result("SELECT id FROM users WHERE username = '" . $engine->secure($k) . "' LIMIT 1");
}
final public function getUsername($k)
{
global $engine;
return $this->getInfo($_SESSION['user']['id'], 'username');
}
}
?>
- Jul 24, 2010
- 5,194
- 3,901
Are you using Cloudflare? If so, add this to your global.php file at the top.
PHP:
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) { $_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"]; }
JayC
Always Learning
- Aug 8, 2013
- 5,493
- 1,398
Yeah revcms default is that, try changing them to HTTP_x_FORWARDED_FOR and see what happens. If that doesn't work we will do a test and find out what is going to work for you.so it should be
$this->updateUser($_SESSION['user']['id'], 'ip_last',$_SERVER['HTTP_X_FORWARDED_FOR']
);
??
I've checked some other class.users.php and they all got the same code as i do ?
This test can be done by using multiple different $_SERVER attritbutes and finding the one that will outprint the IP address of the person visiting.
JayC
Always Learning
- Aug 8, 2013
- 5,493
- 1,398
So you tried registering 2 accounts and checking that function and comparing their IP's in the ip_last columnI changed the line you told me to and it didnt work!
JayC
Always Learning
- Aug 8, 2013
- 5,493
- 1,398
This is on a vps yes?
JayC
Always Learning
- Aug 8, 2013
- 5,493
- 1,398
There's your reason bro, it's your IP everyone gets assigned. Have a good dayIts on my home server
A server computer
