Mercurial > hg > fapweb

view register.inc.php @ 188:a49c5f15a273

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Less strict username check.
author Matti Hamalainen <ccr@tnsp.org>
date Fri, 08 Nov 2013 20:39:35 +0200
parents 1fcdc6e752f6
children 988e0ab2b77e
line wrap: on
line source

<?
//
// FAPWeb Simple Demoparty System
// Attendee registration page
// (C) Copyright 2012-2013 Tecnic Software productions (TNSP)
//
$mode = stGetRequestItem("mode", "start");

// Settings for robot check hash generator
$botCheckIDs = "aBcdefghIjklmnopqrsTuvxyz0123456";
$botCheckOPs = "bit";
$botCheckROPs = "+-*";


function stPrintFormData($button, $mode = "start")
{
  echo
  stGetFormStart("register").
  " ".stGetFormSubmitInput("continue", $button)."\n";

  stPrintFormHiddenInput("mode", $mode);
  
  foreach (array("name", "groups", "email", "oneliner", "hash", "botcheck") as $name)
    stPrintFormHiddenInput($name, stGetRequestItem($name));

  echo "</form>\n";
}


// Convert integer value to hash code
function intValueToHash($val)
{
  global $botCheckIDs;
  $str = "";
  do
  {
    $str = $botCheckIDs[$val & 31].$str;
    $val >>= 5;
  }
  while ($val > 0);
  return $str;
}


// Convert integer hash to integer value
function intHashToValue($hash)
{
  global $botCheckIDs;
  for ($val = 0, $i = 0; $i < strlen($hash); $i++)
  {
    $val *= 32;
    $n = strpos($botCheckIDs, $hash[$i]);
    if ($n !== FALSE)
      $val += $n;
    else
      return -2;
  }
  return $val;
}


// Split hash into parts
function splitHash($hash)
{
  global $botCheckOPs;
  return preg_split("/([".$botCheckOPs."])/", $hash, -1, PREG_SPLIT_DELIM_CAPTURE);
}


function hashToCheckStr($hash)
{
  global $botCheckOPs, $botCheckROPs;
  $out = "";
  
  foreach (splitHash($hash) as $val)
  {
    $i = strpos($botCheckOPs, $val);
    if ($i !== FALSE)
      $out .= " ".$botCheckROPs[$i]." ";
    else
      $out .= intHashToValue($val);
  }
  return $out;
}


function hashToAnswer($hash)
{
  eval("\$res = ".hashToCheckStr($hash).";");
  return $res;
}

// Check if user registration is available
stCheckRegistrationAvailable();

// Check if registration is enabled
if (!stChkSetting("allowRegister"))
{
  echo stGetSetting("registerNotEnabled");
}
else
if ($maxAttendeesHard > 0 && $numAttendees >= $maxAttendeesHard)
{
  echo stGetSetting("registerLimitExceeded");
}
else
if ($mode == "start")
{
  //
  // Show registration form
  //
  // Generate bot-check
  $botCheckHash =
    intValueToHash(rand(1,5)).
    $botCheckOPs[rand(0,2)].
    intValueToHash(rand(1,5)).
    $botCheckOPs[rand(0,2)].
    intValueToHash(5 * rand(1,5));

  echo
  "<h1>Registration</h1>\n".
  stGetFormStart("register").
  " ".stGetFormHiddenInput("mode", "check")."\n".
  " ".stGetFormHiddenInput("hash", $botCheckHash)."\n".
  " <table class=\"register\">\n";
  stPrintFormTextInput("Handle:", "(elite)", 20, SET_LEN_USERNAME, "name");
  stPrintFormTextInput("Group(s):", "(elite crew^supahmen)", 30, SET_LEN_GROUPS, "groups");
  stPrintFormTextInput("E-mail:", "(to be informed of location etc)", 30, SET_LEN_EMAIL, "email");
  stPrintFormTextInput("Oneliner:", "(whatever)", 30, SET_LEN_ONELINER, "oneliner");
  stPrintFormTextInput(hashToCheckStr($botCheckHash)." = ", "(I.Q. / robot check".
  //" [".hashToAnswer($botCheckHash)."]".
  ")", 20, 20, "botcheck", "autocomplete=\"off\"");
  echo
  "  <tr><td colspan=\"2\"></td><td>".stGetFormSubmitInput("register", "Register")."</td></tr>\n".
  " </table>\n".
  "</form>\n";

  echo stGetSetting("registerInfoText");
}
else
if ($mode == "check")
{
  //
  // Check the registrant's details
  //
  stChkRequestItem("name", $fake,
    array(CHK_ISGT, VT_STR, 0, "Handle / name not given."),
    array(CHK_ISLT, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters."));

  stChkRequestItem("groups", $fake,
    array(CHK_ISLT, VT_STR, SET_LEN_GROUPS, "Groups are too long, should be less than ".SET_LEN_GROUPS." characters."));

  stChkRequestItem("oneliner", $fake,
    array(CHK_ISLT, VT_STR, SET_LEN_ONELINER, "Oneliner is too long, should be less than ".SET_LEN_ONELINER." characters."));

  stChkRequestItem("hash", $hash,
    array(CHK_GTEQ, VT_STR, 0, "Invalid data."));


  $email = stGetRequestItem("email");
  if (stGetSetting("requireEMail") && strlen($email) < 4)
    stError("E-mail address not given, or it is too short.");

  if (strlen($email) > 0 && (strpos($email, "@") === FALSE || strpos($email, ".") === FALSE))
    stError("E-mail address not in proper format.");

  if (strlen($email) > SET_LEN_EMAIL)
    stError("E-mail address too long, max ".SET_LEN_EMAIL." characters.");

  $answer = stGetRequestItem("botcheck");
  if (hashToAnswer($hash) != intval($answer))
    stError("Incorrect answer to I.Q. / bot check.");

  if ($errorSet)
  {
    echo
      "<p>Following errors occured:</p>\n".
      "<ul>\n".$errorMsg."</ul>\n";
    stPrintFormData("Go back");
  }
  else
  {
    $sql = stPrepareSQL(
      "INSERT INTO attendees (regtime,name,groups,oneliner,email) VALUES (%d,%S,%S,%S,%S)",
      time(), "name", "groups", "oneliner", "email");

    if (stExecSQL($sql) !== FALSE)
    {
      echo stGetSetting("registerPostText");

      if (strlen($email) < 4)
        echo stGetSetting("registerPostNoEmail");
    }
    else
    {
      echo
        "<h1>An error occured.</h1>\n".
        "<p>Oh noes! SQL error happenstance!</p>";
    }
  }
}
?>