<?
extract($_POST, EXTR_SKIP); 
require_once("include/bittorrent.php");


$id = (int) $_GET["id"];
$md5 = $_GET["secret"];
if (!$id)
	httperr();

dbconn();

$res = do_mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $invites)
	stderr( _("Error"), _("Sorry, user limit reached. Please try again later.") );

$res = do_mysql_query("SELECT editsecret, status FROM users WHERE id = $id");
$row = mysql_fetch_array($res);

if (!$row)
	httperr();

if ($row["status"] != "pending") {
	header("Refresh: 0; url=../../ok.php?type=confirmed");
	exit();
}

$sec = hash_pad($row["editsecret"]);
if ($md5 != md5($sec))
	httperr();
$gender = mysql_escape_string($_POST["gender"]);
$age = (int) $_POST["age"];
if(strlen($age) > 2)
	bark( _("Wrong age!") );
if(strlen($age) >= 1){
if(!is_valid_id($age))
	bark( _("Wrong age!") );}
$website = unesc( htmlspecialchars($_POST["website"]) );
$website = mysql_escape_string($website);
if (empty($wantusername) || empty($wantpassword) || empty($gender))
	bark( _("Don't leave any fields blank.") );
if (!mkglobal("wantusername:wantpassword:passagain"))
	die();

function bark($msg) {
  stdhead();
	stdmsg(_("Signup failed!"), $msg);
  stdfoot();
  exit;
}

function validusername($username)
{
	if ($username == "")
	  return false;

	// The following characters are allowed in user names
	$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

	for ($i = 0; $i < strlen($username); ++$i)
	  if (strpos($allowedchars, $username[$i]) === false)
	    return false;

	return true;
}

function isportopen($port)
{
	global $_SERVER;
	$sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);
	if ($sd)
	{
		fclose($sd);
		return true;
	}
	else
		return false;
}


if (strlen($wantusername) > 12)
	bark( _("Sorry, username is too long (max is 12 chars)") );

if ($wantpassword != $passagain)
	bark( _("The passwords didn't match! Must've typoed. Try again.") );

if (strlen($wantpassword) < 6)
	bark( _("Sorry, password is too short (min is 6 chars)"));

if (strlen($wantpassword) > 40)
	bark( _("Sorry, password is too long (max is 40 chars)"));

if ($wantpassword == $wantusername)
	bark(_("Sorry, password cannot be same as user name."));

if (strlen($website) > 40)
	bark( _("Sorry, website url is too long (max is 40 chars)") );

if (!validusername($wantusername))
	bark( _("Invalid username.") );

// check if ip addy is already in use
$a = (@mysql_fetch_row(@do_mysql_query("select count(*) from users where ip='" . $_SERVER['REMOTE_ADDR'] . "'"))) or die(mysql_error());
if ($a[0] != 0)
 bark("The ip " . $_SERVER['REMOTE_ADDR'] . " is already in use.");

// make sure user agrees to everything...
if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")
	stderr(_("Signup failed"), _("Sorry, you're not qualified to become a member of this site.") );


$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);

$passkey= md5($wantusername.get_date_time().$wantpasshash);


$ret = do_mysql_query("UPDATE users SET username='$wantusername', gender='$gender', age='$age', website='$website', invitedate=NOW(), last_check=NOW(), passhash='$wantpasshash', status='confirmed', editsecret='', passkey='$passkey', secret='$secret', inverted_added=4294967295-UNIX_TIMESTAMP() WHERE id=$id");

if (!$ret) {
	if (mysql_errno() == 1062)
		bark( _("Username already exists!") );
	bark("$wantpasshash");

}

logincookie($id, $wantpasshash);

header("Refresh: 0; url=ok.php?type=confirm");


?>