Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
Users can sign up with more than 1 account?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Brandon" data-source="post: 390059" data-attributes="member: 28869"><p>Hey there!</p><p></p><p>On my hotel it seems that users can sign up with more than 1 account even though its disabled? I think it might actually be infinite...</p><p><strong>class.users:</strong></p><p>[CODE] final public function hasClones($ip)</p><p> {</p><p> global $engine;</p><p> if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1)</p><p> {</p><p> return true;</p><p> }</p><p> </p><p> return false;</p><p> }</p><p> [/CODE]</p><p></p><p>So the only thing I think it could be is register.php but I also changed this and It's not working :/</p><p><strong>regsubmit.php:</strong></p><p>[CODE]<?php</p><p> global $users, $core, $engine;</p><p> </p><p> $errors = array();</p><p> $messages = array();</p><p> </p><p> if(empty($_POST["registrationBean_username"]))</p><p> $errors["registration_username"] = "<br/>Please enter a username!";</p><p> elseif(strlen($_POST["registrationBean_username"]) > 25 || !ctype_alnum($_POST["registrationBean_username"]))</p><p> $errors["registration_username"] = "<br/>Please enter a valid username!";</p><p> elseif($engine->num_rows("SELECT null FROM users WHERE username = '" . $engine->secure($_POST["registrationBean_username"]) . "' LIMIT 1") != 0)</p><p> $errors["registration_username"] = "That username is already taken!";</p><p> elseif(!preg_match("/^\s*[a-zA-Z0-9,\s]+\s*$/", $_POST["registrationBean_username"]))</p><p> $errors["registration_username"] = "You cant use special characters!";</p><p> </p><p> if(empty($_POST["registrationBean_email"]))</p><p> $errors["registration_email"] = "<br/>Please enter an email address!";</p><p> elseif(!preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $_POST["registrationBean_email"]))</p><p> $errors["registration_email"] = "<br/>Please enter a valid email address!";</p><p> elseif($engine->num_rows("SELECT null FROM users WHERE mail = '" . $engine->secure($_POST["registrationBean_email"]) . "' LIMIT 1") != 0)</p><p> $errors["registration_email"] = "<br/>That email address is taken!";</p><p> </p><p> if(empty($_POST['registrationBean_password']))</p><p> $errors["registration_password"] = "<br/>Please enter a password!";</p><p> elseif(strlen($_POST['registrationBean_password']) < 6)</p><p> $errors["registration_password"] = "<br/>Please enter a password with more than 6 characters!";</p><p> </p><p> if(empty($_POST['registrationBean_password_confirm']))</p><p> $errors["registration_password_confirm"] = "<br/>Please enter your password again!";</p><p> elseif(!($_POST['registrationBean_password'] === $_POST['registrationBean_password_confirm']))</p><p> $errors["registration_password_confirm"] = "<br/>Please enter a password with more than 6 characters!";</p><p> </p><p> if($_POST['registrationBean_termsOfServiceSelection'] != "true")</p><p> $errors["registration_termsofservice"] = "Please accept the terms of service.";</p><p> </p><p> $return = array(</p><p> "registrationErrors" => $errors,</p><p> "registrationMessages" => $messages);</p><p> </p><p> if(count($errors) == 0)</p><p> {</p><p> if(isset($_SESSION['ref'])) // Use Session instead of form, incase input was changed</p><p> {</p><p> $referrer = $engine->secure($_SESSION['ref']); // Secure Session</p><p> if($users->nameTaken($referrer)) // Recycled function, checks if the referrer exists</p><p> {</p><p> if(!$engine->num_rows("SELECT * FROM users WHERE username = '{$referrer}' AND ip_last = '{$_SERVER['REMOTE_ADDR']}' OR username = '{$referrer}' AND ip_reg = '{$_SERVER['REMOTE_ADDR']}'"))</p><p> {</p><p> $credits = 5000; // Amount user gets from referring</p><p> $engine->query("UPDATE users SET credits = credits + {$credits}, refs = refs + 1 WHERE username = '{$referrer}' LIMIT 1");</p><p> }</p><p> }</p><p> }</p><p> </p><p> $users->addUser($engine->secure($_POST["registrationBean_username"]),$core->hashed($_POST['registrationBean_password']),$_POST["registrationBean_email"],$_CONFIG['hotel']['motto'],$_CONFIG['hotel']['credits'],$_CONFIG['hotel']['pixels'],1, $_CONFIG['hotel']['figure'], "M", 12345);</p><p> $users->turnOn($engine->secure($_POST["registrationBean_username"]));</p><p> $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/me";</p><p> </p><p> if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1)</p><p> { </p><p> $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/clones";</p><p> }</p><p> }</p><p> </p><p> header('Content-type: application/json');</p><p> echo json_encode($return);</p><p> exit;</p><p>?>[/CODE]</p></blockquote><p></p>
[QUOTE="Brandon, post: 390059, member: 28869"] Hey there! On my hotel it seems that users can sign up with more than 1 account even though its disabled? I think it might actually be infinite... [B]class.users:[/B] [CODE] final public function hasClones($ip) { global $engine; if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1) { return true; } return false; } [/CODE] So the only thing I think it could be is register.php but I also changed this and It's not working :/ [B]regsubmit.php:[/B] [CODE]<?php global $users, $core, $engine; $errors = array(); $messages = array(); if(empty($_POST["registrationBean_username"])) $errors["registration_username"] = "<br/>Please enter a username!"; elseif(strlen($_POST["registrationBean_username"]) > 25 || !ctype_alnum($_POST["registrationBean_username"])) $errors["registration_username"] = "<br/>Please enter a valid username!"; elseif($engine->num_rows("SELECT null FROM users WHERE username = '" . $engine->secure($_POST["registrationBean_username"]) . "' LIMIT 1") != 0) $errors["registration_username"] = "That username is already taken!"; elseif(!preg_match("/^\s*[a-zA-Z0-9,\s]+\s*$/", $_POST["registrationBean_username"])) $errors["registration_username"] = "You cant use special characters!"; if(empty($_POST["registrationBean_email"])) $errors["registration_email"] = "<br/>Please enter an email address!"; elseif(!preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $_POST["registrationBean_email"])) $errors["registration_email"] = "<br/>Please enter a valid email address!"; elseif($engine->num_rows("SELECT null FROM users WHERE mail = '" . $engine->secure($_POST["registrationBean_email"]) . "' LIMIT 1") != 0) $errors["registration_email"] = "<br/>That email address is taken!"; if(empty($_POST['registrationBean_password'])) $errors["registration_password"] = "<br/>Please enter a password!"; elseif(strlen($_POST['registrationBean_password']) < 6) $errors["registration_password"] = "<br/>Please enter a password with more than 6 characters!"; if(empty($_POST['registrationBean_password_confirm'])) $errors["registration_password_confirm"] = "<br/>Please enter your password again!"; elseif(!($_POST['registrationBean_password'] === $_POST['registrationBean_password_confirm'])) $errors["registration_password_confirm"] = "<br/>Please enter a password with more than 6 characters!"; if($_POST['registrationBean_termsOfServiceSelection'] != "true") $errors["registration_termsofservice"] = "Please accept the terms of service."; $return = array( "registrationErrors" => $errors, "registrationMessages" => $messages); if(count($errors) == 0) { if(isset($_SESSION['ref'])) // Use Session instead of form, incase input was changed { $referrer = $engine->secure($_SESSION['ref']); // Secure Session if($users->nameTaken($referrer)) // Recycled function, checks if the referrer exists { if(!$engine->num_rows("SELECT * FROM users WHERE username = '{$referrer}' AND ip_last = '{$_SERVER['REMOTE_ADDR']}' OR username = '{$referrer}' AND ip_reg = '{$_SERVER['REMOTE_ADDR']}'")) { $credits = 5000; // Amount user gets from referring $engine->query("UPDATE users SET credits = credits + {$credits}, refs = refs + 1 WHERE username = '{$referrer}' LIMIT 1"); } } } $users->addUser($engine->secure($_POST["registrationBean_username"]),$core->hashed($_POST['registrationBean_password']),$_POST["registrationBean_email"],$_CONFIG['hotel']['motto'],$_CONFIG['hotel']['credits'],$_CONFIG['hotel']['pixels'],1, $_CONFIG['hotel']['figure'], "M", 12345); $users->turnOn($engine->secure($_POST["registrationBean_username"])); $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/me"; if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 1) { $return['registrationCompletionRedirectUrl'] = "{$_CONFIG['hotel']['url']}/clones"; } } header('Content-type: application/json'); echo json_encode($return); exit; ?>[/CODE] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
Users can sign up with more than 1 account?
Top