48){ $err_str=$err_str."User ID Too Long!\\n"; $err_cnt++; }else if ($len<3){ $err_str=$err_str." $MSG_WARNING_USER_ID_SHORT\\n"; $err_cnt++; } if (!is_valid_user_name($user_id)){ $err_str=$err_str."User ID can only contain NUMBERs & LETTERs!\\n"; $err_cnt++; } $nick=trim($_POST['nick']); $len=strlen($nick); if ($len>20){ $err_str=$err_str."Nick Name Too Long!\\n"; $err_cnt++; }else if ($len==0) $nick=$user_id; if(has_bad_words($user_id)){ $err_str=$err_str.$MSG_USER_ID." Too Bad!\\n"; $err_cnt++; } if(has_bad_words($school)){ $err_str=$err_str.$MSG_SCHOOL." Too Bad!\\n"; $err_cnt++; } if(has_bad_words($nick)){ $err_str=$err_str.$MSG_NICK." Too Bad!\\n"; $err_cnt++; } if (strcmp($_POST['password'],$_POST['rptpassword'])!=0){ $err_str=$err_str."$MSG_WARNING_REPEAT_PASSWORD_DIFF!\\n"; $err_cnt++; } if (strlen($_POST['password'])<6){ $err_cnt++; $err_str=$err_str."$MSG_WARNING_PASSWORD_SHORT \\n"; } $len=strlen($_POST['school']); if ($len>20){ $err_str=$err_str."School Name Too Long!\\n"; $err_cnt++; } $len=strlen($_POST['email']); if ($len>100){ $err_str=$err_str."Email Too Long!\\n"; $err_cnt++; } if ($err_cnt>0){ print ""; exit(0); } $password=pwGen($_POST['password']); $sql="SELECT `user_id` FROM `users` WHERE `users`.`user_id` = ?"; $result=pdo_query($sql,$user_id); $rows_cnt=count($result); if ($rows_cnt == 1){ print ""; exit(0); } if ($domain==$DOMAIN && $OJ_NAME==$user_id){ print ""; exit(0); } $nick=(htmlspecialchars ($nick,ENT_QUOTES,"UTF-8")); $school=(htmlspecialchars ($school,ENT_QUOTES,"UTF-8")); $email=(htmlspecialchars ($email,ENT_QUOTES,"UTF-8")); $ip = ($_SERVER['REMOTE_ADDR']); if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])&&!empty(trim($_SERVER['HTTP_X_FORWARDED_FOR']))) { $REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR']; $tmp_ip = explode(',', $REMOTE_ADDR); $ip = (htmlspecialchars($tmp_ip[0], ENT_QUOTES, "UTF-8")); } else if (isset($_SERVER['HTTP_X_REAL_IP'])&&!empty(trim($_SERVER['HTTP_X_REAL_IP']))) { $REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP']; $tmp_ip = explode(',', $REMOTE_ADDR); $ip = (htmlspecialchars($tmp_ip[0], ENT_QUOTES, "UTF-8")); } // 检查IP是否已经注册过 if (isset($OJ_REG_SPEED) && $OJ_REG_SPEED > 0 ) { // 查询最近1小时内该IP地址已经注册的用户数量 $sql = "SELECT COUNT(*) FROM `users` WHERE (`ip` = ? or email = ? ) AND `reg_time` > DATE_SUB(NOW(), INTERVAL 1 HOUR)"; $result = pdo_query($sql, $ip,$email); $count = intval($result[0][0]); if ($count > $OJ_REG_SPEED ) { // 如果数量大于$OJ_REG_SPEED ,则表示该IP地址在最近1小时内已经注册过$OJ_REG_SPEED个账户 $warning="$ip 正在快速注册大量新账号,请确认是否存在攻击行为。若能确认是攻击行为,可以用sudo iptables -A INPUT -s $ip -j DROP 命令 封禁IP。"; if($OJ_ADMIN!="root@localhost") email($OJ_ADMIN,"系统警告,疑似攻击!",$warning."\n from $domain"); //只有设置好的才发送邮件 print ""; exit(0); } } if(isset($OJ_EMAIL_CONFIRM) && $OJ_EMAIL_CONFIRM) $_SESSION[$OJ_NAME.'_'.'activecode']=getToken(16); else $_SESSION[$OJ_NAME.'_'.'activecode']=""; if(isset($OJ_REG_NEED_CONFIRM)&&$OJ_REG_NEED_CONFIRM) $defunct="Y"; else $defunct="N"; $sql="INSERT INTO `users`(" ."`user_id`,`email`,`ip`,`accesstime`,`password`,`reg_time`,`nick`,`school`,`defunct`,activecode)" ."VALUES(?,?,?,NOW(),?,NOW(),?,?,?,?)"; $rows=pdo_query($sql,$user_id,$email,$ip,$password,$nick,$school,$defunct,$_SESSION[$OJ_NAME.'_'.'activecode']);// or die("Insert Error!\n"); //发送激活邮件 if (isset($OJ_EMAIL_CONFIRM) && $OJ_EMAIL_CONFIRM ) { $link= 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['REQUEST_URI'])."active.php?code=".$_SESSION[$OJ_NAME.'_'.'activecode']; email($email,"$MSG_ACTIVE_YOUR_ACCOUNT", "$MSG_CLICK_COPY $MSG_ACTIVE_YOUR_ACCOUNT $user_id :\n ".$link ); $view_errors= "
$MSG_CHECK $email $MSG_EMAIL , $MSG_CLICK_COPY $MSG_ACTIVE_YOUR_ACCOUNT"; $view_errors.="


"; require("template/".$OJ_TEMPLATE."/error.php"); exit(0); } $sql="INSERT INTO `loginlog`(user_id,password,ip,time) VALUES(?,?,?,NOW())"; pdo_query($sql,$user_id,"no save",$ip); if(!isset($OJ_REG_NEED_CONFIRM)||!$OJ_REG_NEED_CONFIRM){ $sql="SELECT `user_id` FROM `users` WHERE `users`.`user_id` = ?"; $result=pdo_query($sql,$user_id); $rows_cnt=count($result); if ($rows_cnt == 1){ $_SESSION[$OJ_NAME.'_'.'user_id']=$user_id; $sql="SELECT `rightstr` FROM `privilege` WHERE `user_id`=?"; //echo $sql."
"; $result=pdo_query($sql,$_SESSION[$OJ_NAME.'_'.'user_id']); foreach ($result as $row){ $_SESSION[$OJ_NAME.'_'.$row['rightstr']]=true; //echo $_SESSION[$OJ_NAME.'_'.$row['rightstr']]."
"; } $_SESSION[$OJ_NAME.'_'.'ac']=Array(); $_SESSION[$OJ_NAME.'_'.'sub']=Array(); if($OJ_SaaS_ENABLE && $domain==$DOMAIN) header("location:modifypage.php#MyOJ"); } } ?>