Users can sign up with more than 1 account?

[Brandon]

Hey there!

On my hotel it seems that users can sign up with more than 1 account even though its disabled? I think it might actually be infinite...
class.users:

    final public function hasClones($ip)
    {
        global $engine;
        if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1)
        {
            return true;
        }
        
        return false;
    }

So the only thing I think it could be is register.php but I also changed this and It's not working :/
regsubmit.php:

<?php
    global $users, $core, $engine;
    
    $errors = array();
    $messages = array();
    
    if(empty($_POST["registrationBean_username"]))
        $errors["registration_username"] = "<br/>Please enter a username!";
    elseif(strlen($_POST["registrationBean_username"]) > 25 || !ctype_alnum($_POST["registrationBean_username"]))
        $errors["registration_username"] = "<br/>Please enter a valid username!";
    elseif($engine->num_rows("SELECT null FROM users WHERE username = '" . $engine->secure($_POST["registrationBean_username"]) . "' LIMIT 1") != 0)
        $errors["registration_username"] = "That username is already taken!";
    elseif(!preg_match("/^\s*[a-zA-Z0-9,\s]+\s*$/", $_POST["registrationBean_username"]))
        $errors["registration_username"] = "You cant use special characters!";
    
    if(empty($_POST["registrationBean_email"]))
        $errors["registration_email"] = "<br/>Please enter an email address!";
    elseif(!preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $_POST["registrationBean_email"]))
        $errors["registration_email"] = "<br/>Please enter a valid email address!";
    elseif($engine->num_rows("SELECT null FROM users WHERE mail = '" . $engine->secure($_POST["registrationBean_email"]) . "' LIMIT 1") != 0)
        $errors["registration_email"] = "<br/>That email address is taken!";
    
    if(empty($_POST['registrationBean_password']))
        $errors["registration_password"] = "<br/>Please enter a password!";
    elseif(strlen($_POST['registrationBean_password']) < 6)
        $errors["registration_password"] = "<br/>Please enter a password with more than 6 characters!";
    
    if(empty($_POST['registrationBean_password_confirm']))
        $errors["registration_password_confirm"] = "<br/>Please enter your password again!";
    elseif(!($_POST['registrationBean_password'] === $_POST['registrationBean_password_confirm']))
        $errors["registration_password_confirm"] = "<br/>Please enter a password with more than 6 characters!";
    
    if($_POST['registrationBean_termsOfServiceSelection'] != "true")
        $errors["registration_termsofservice"] = "Please accept the terms of service.";
    
    $return = array(
        "registrationErrors" => $errors,
        "registrationMessages" => $messages);
        
    if(count($errors) == 0)
    {
        if(isset($_SESSION['ref'])) // Use Session instead of form, incase input was changed
        {
            $referrer = $engine->secure($_SESSION['ref']); // Secure Session
            if($users->nameTaken($referrer)) // Recycled function, checks if the referrer exists
            {
                if(!$engine->num_rows("SELECT * FROM users WHERE username = '{$referrer}' AND ip_last = '{$_SERVER['REMOTE_ADDR']}' OR username = '{$referrer}' AND ip_reg = '{$_SERVER['REMOTE_ADDR']}'"))
                {
                    $credits = 5000; // Amount user gets from referring
                    $engine->query("UPDATE users SET credits = credits + {$credits}, refs = refs + 1 WHERE username = '{$referrer}' LIMIT 1");
                }
            }
        }
        
        $users->addUser($engine->secure($_POST["registrationBean_username"]),$core->hashed($_POST['registrationBean_password']),$_POST["registrationBean_email"],$_CONFIG['hotel']['motto'],$_CONFIG['hotel']['credits'],$_CONFIG['hotel']['pixels'],1, $_CONFIG['hotel']['figure'], "M", 12345);
        $users->turnOn($engine->secure($_POST["registrationBean_username"]));
        $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/me";
        
        if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1)
        {       
            $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/clones";
        }
    }
    
    header('Content-type: application/json');
    echo json_encode($return);
    exit;
?>

 

[JynX]

Try replacing the hasClones with this:

final public function hasClones($ip)
    {
        global $engine;
        if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['HTTP_X_FORWARDED_FOR'] . "'") ==  1)
        {
            return true;
        }
     
        return false;
    }

OR you could try:

final public function hasClones($ip)
    {
        global $engine;
        if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['HTTP_CLIENT_IP'] . "'") ==  1)
        {
            return true;
        }
     
        return false;
    }

All I did was change the way the IP is grabbed from the user registering, you could also try in your regsubmit.php, hope I helped, if not, be sure to tell me so I can look into it.

 

[Brandon]

Hey thanks for the reply! Unfortunately no luck
I realized if I change my hasClones to the following then it shows the /clones.php file but the account is still created and if they reload the page they can access the client.

    final public function hasClones($ip)
    {
        global $engine;
        if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1)
        {
            $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/clones";
        }
        
        return false;
    }

 

[Jaden]

No, stop.

Your regsubmit.php doesn't even call the function hasClones() once.

 

[Brandon]

No, stop.

Your regsubmit.php doesn't even call the function hasClones() once.

Well that would make sense... So do you know how to add it in?

 

[Central]

Are you using Hablore's CMS?

 

[Jaden]

luckily for you, I got bored.

<?php
    global $users, $core, $engine;
    
    $errors = array();
    $messages = array();
    
    if(empty($_POST["registrationBean_username"]))
        $errors["registration_username"] = "<br/>Please enter a username!";
    elseif(strlen($_POST["registrationBean_username"]) > 25 || !ctype_alnum($_POST["registrationBean_username"]))
        $errors["registration_username"] = "<br/>Please enter a valid username!";
    elseif($engine->num_rows("SELECT null FROM users WHERE username = '" . $engine->secure($_POST["registrationBean_username"]) . "' LIMIT 1") != 0)
        $errors["registration_username"] = "That username is already taken!";
    elseif(!preg_match("/^\s*[a-zA-Z0-9,\s]+\s*$/", $_POST["registrationBean_username"]))
        $errors["registration_username"] = "You cant use special characters!";
    // Added the check here.
    // Passes null because I looked at your original function which doesn't even use the argument anyways
    elseif($users->hasClones(null))
        $errors["registration_username"] = "You've reached your maximum account limit (1).";
    
    if(empty($_POST["registrationBean_email"]))
        $errors["registration_email"] = "<br/>Please enter an email address!";
    elseif(!preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $_POST["registrationBean_email"]))
        $errors["registration_email"] = "<br/>Please enter a valid email address!";
    elseif($engine->num_rows("SELECT null FROM users WHERE mail = '" . $engine->secure($_POST["registrationBean_email"]) . "' LIMIT 1") != 0)
        $errors["registration_email"] = "<br/>That email address is taken!";
    
    if(empty($_POST['registrationBean_password']))
        $errors["registration_password"] = "<br/>Please enter a password!";
    elseif(strlen($_POST['registrationBean_password']) < 6)
        $errors["registration_password"] = "<br/>Please enter a password with more than 6 characters!";
    
    if(empty($_POST['registrationBean_password_confirm']))
        $errors["registration_password_confirm"] = "<br/>Please enter your password again!";
    elseif(!($_POST['registrationBean_password'] === $_POST['registrationBean_password_confirm']))
        $errors["registration_password_confirm"] = "<br/>Please enter a password with more than 6 characters!";
    
    if($_POST['registrationBean_termsOfServiceSelection'] != "true")
        $errors["registration_termsofservice"] = "Please accept the terms of service.";
    
    $return = array(
        "registrationErrors" => $errors,
        "registrationMessages" => $messages);
        
    if(count($errors) == 0)
    {
        if(isset($_SESSION['ref'])) // Use Session instead of form, incase input was changed
        {
            $referrer = $engine->secure($_SESSION['ref']); // Secure Session
            if($users->nameTaken($referrer)) // Recycled function, checks if the referrer exists
            {
                if(!$engine->num_rows("SELECT * FROM users WHERE username = '{$referrer}' AND ip_last = '{$_SERVER['REMOTE_ADDR']}' OR username = '{$referrer}' AND ip_reg = '{$_SERVER['REMOTE_ADDR']}'"))
                {
                    $credits = 5000; // Amount user gets from referring
                    $engine->query("UPDATE users SET credits = credits + {$credits}, refs = refs + 1 WHERE username = '{$referrer}' LIMIT 1");
                }
            }
        }
        
        $users->addUser($engine->secure($_POST["registrationBean_username"]),$core->hashed($_POST['registrationBean_password']),$_POST["registrationBean_email"],$_CONFIG['hotel']['motto'],$_CONFIG['hotel']['credits'],$_CONFIG['hotel']['pixels'],1, $_CONFIG['hotel']['figure'], "M", 12345);
        $users->turnOn($engine->secure($_POST["registrationBean_username"]));
        $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/me";
        
        if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1)
        {       
            $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/clones";
        }
    }
    
    header('Content-type: application/json');
    echo json_encode($return);
    exit;
?>

 

[Brandon]

Are you using Hablore's CMS?

Yes

luckily for you, I got bored.

<?php
    global $users, $core, $engine;
   
    $errors = array();
    $messages = array();
   
    if(empty($_POST["registrationBean_username"]))
        $errors["registration_username"] = "<br/>Please enter a username!";
    elseif(strlen($_POST["registrationBean_username"]) > 25 || !ctype_alnum($_POST["registrationBean_username"]))
        $errors["registration_username"] = "<br/>Please enter a valid username!";
    elseif($engine->num_rows("SELECT null FROM users WHERE username = '" . $engine->secure($_POST["registrationBean_username"]) . "' LIMIT 1") != 0)
        $errors["registration_username"] = "That username is already taken!";
    elseif(!preg_match("/^\s*[a-zA-Z0-9,\s]+\s*$/", $_POST["registrationBean_username"]))
        $errors["registration_username"] = "You cant use special characters!";
    // Added the check here.
    // Passes null because I looked at your original function which doesn't even use the argument anyways
    elseif($users->hasClones(null))
        $errors["registration_username"] = "You've reached your maximum account limit (1).";
   
    if(empty($_POST["registrationBean_email"]))
        $errors["registration_email"] = "<br/>Please enter an email address!";
    elseif(!preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $_POST["registrationBean_email"]))
        $errors["registration_email"] = "<br/>Please enter a valid email address!";
    elseif($engine->num_rows("SELECT null FROM users WHERE mail = '" . $engine->secure($_POST["registrationBean_email"]) . "' LIMIT 1") != 0)
        $errors["registration_email"] = "<br/>That email address is taken!";
   
    if(empty($_POST['registrationBean_password']))
        $errors["registration_password"] = "<br/>Please enter a password!";
    elseif(strlen($_POST['registrationBean_password']) < 6)
        $errors["registration_password"] = "<br/>Please enter a password with more than 6 characters!";
   
    if(empty($_POST['registrationBean_password_confirm']))
        $errors["registration_password_confirm"] = "<br/>Please enter your password again!";
    elseif(!($_POST['registrationBean_password'] === $_POST['registrationBean_password_confirm']))
        $errors["registration_password_confirm"] = "<br/>Please enter a password with more than 6 characters!";
   
    if($_POST['registrationBean_termsOfServiceSelection'] != "true")
        $errors["registration_termsofservice"] = "Please accept the terms of service.";
   
    $return = array(
        "registrationErrors" => $errors,
        "registrationMessages" => $messages);
       
    if(count($errors) == 0)
    {
        if(isset($_SESSION['ref'])) // Use Session instead of form, incase input was changed
        {
            $referrer = $engine->secure($_SESSION['ref']); // Secure Session
            if($users->nameTaken($referrer)) // Recycled function, checks if the referrer exists
            {
                if(!$engine->num_rows("SELECT * FROM users WHERE username = '{$referrer}' AND ip_last = '{$_SERVER['REMOTE_ADDR']}' OR username = '{$referrer}' AND ip_reg = '{$_SERVER['REMOTE_ADDR']}'"))
                {
                    $credits = 5000; // Amount user gets from referring
                    $engine->query("UPDATE users SET credits = credits + {$credits}, refs = refs + 1 WHERE username = '{$referrer}' LIMIT 1");
                }
            }
        }
       
        $users->addUser($engine->secure($_POST["registrationBean_username"]),$core->hashed($_POST['registrationBean_password']),$_POST["registrationBean_email"],$_CONFIG['hotel']['motto'],$_CONFIG['hotel']['credits'],$_CONFIG['hotel']['pixels'],1, $_CONFIG['hotel']['figure'], "M", 12345);
        $users->turnOn($engine->secure($_POST["registrationBean_username"]));
        $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/me";
       
        if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1)
        {      
            $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/clones";
        }
    }
   
    header('Content-type: application/json');
    echo json_encode($return);
    exit;
?>

No luck with this. I PM'd my skype so we could talk more.