Файл: qiwi/user/reg.php
Строк: 82
<?
####### #######
# #
# by DaNzO #
# #
####### #######
include '../inc/db.php';
head();
if (isset($user['id'])){
header("Location: /index");
exit();
}
if (isset($_POST['reg'])){
function is_email($email){
return preg_match("/^([a-zA-Z0-9])+([.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(.[a-zA-Z0-9_-]+)*.([a-zA-Z]{2,6})$/", $email);
}
$login = htmlspecialchars($_POST['login']);
$pass = htmlspecialchars($_POST['pass']);
$pass2 = htmlspecialchars($_POST['pass2']);
$mail = htmlspecialchars($_POST['mail']);
$qiwi = htmlspecialchars($_POST['qiwi']);
if (!preg_match('/[0-9]+$/i',$qiwi))
{
echo '<div class="err">Ошибка в номере<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
if(mb_strlen($qiwi) > 12 OR mb_strlen($qiwi) < 11)
{
echo '<div class="err">Ошибка в длине номера QIWI<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
if(mb_strlen($pass) > 40 OR mb_strlen($pass) < 4)
{
echo '<div class="err">Ошибка в длине пароля<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
if(strlen($login) > 20 OR strlen($login) < 3)
{
echo '<div class="err">Ошибка в длине логина<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
if($pass!=$pass2)
{
echo '<div class="err">Пароли не одинаковые<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `qiwi` = '".$qiwi."' LIMIT 1;"), 0) != 0)
{
echo '<div class="err">Такой номер есть в базе<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `login` = '".$login."' LIMIT 1;"), 0) != 0)
{
echo '<div class="err">Такой логин есть в базе<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `mail` = '".$mail."' LIMIT 1;"), 0) != 0)
{
echo '<div class="err">Такой почтовой ящик есть в базе<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
if(!is_email($mail))
{
echo '<div class="err">Неправильный Email<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
if ($_SESSION['img'] != htmlspecialchars($_POST['img'])){
echo '<div class="err">Неверный код<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
$us_ref = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` ORDER BY `user`.`myref2` DESC LIMIT 1"));
$op = $us_ref['id']+1;
$us_null = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '".$op."' LIMIT 1"));
if ($us_ref['myref']=='0'){
mysql_query("INSERT INTO user (login,pass,mail,time,ref,qiwi) VALUES('$login','".md5(md5(trim($pass)))."','$mail','".time()."','$us_ref[id]','$qiwi')");
$max = mysql_fetch_array(mysql_query("SELECT MAX(id) FROM user"));
$myref = $max[0];
mysql_query("UPDATE `user` SET `myref` = '".$myref."' WHERE `id` = '$us_ref[id]'");
}elseif ($us_ref['myref2']=='0'){
mysql_query("INSERT INTO user (login,pass,mail,time,ref,qiwi) VALUES('$login','".md5(md5(trim($pass)))."','$mail','".time()."','$us_ref[id]','$qiwi')");
$max = mysql_fetch_array(mysql_query("SELECT MAX(id) FROM user"));
$myref = $max[0];
mysql_query("UPDATE `user` SET `myref2` = '".$myref."' WHERE `id` = '$us_ref[id]'");
}elseif ($us_null['myref']=='0' OR $us_null['myref2']=='0'){
if ($us_null['myref']=='0')$pole='myref'; else $pole='myref2';
mysql_query("INSERT INTO user (login,pass,mail,time,ref,qiwi) VALUES('$login','".md5(md5(trim($pass)))."','$mail','".time()."','$us_null[id]','$qiwi')");
$max = mysql_fetch_array(mysql_query("SELECT MAX(id) FROM user"));
$myref = $max[0];
mysql_query("UPDATE `user` SET `".$pole."` = '".$myref."' WHERE `id` = '$us_null[id]'");
}else{
mysql_query("INSERT INTO user (login,pass,mail,time,qiwi) VALUES('$login','".md5(md5(trim($pass)))."','$mail','".time()."','$qiwi')");
}
header("Location: /RegOk");
exit();
}
echo '<div class="menu">';
echo '
<form action="?" method="post">
Ник:<br/>
<input name="login" type="text" value="" /><br />
Пароль:<br/>
<input name="pass" type="password" value="" /><br />
Подтвердить пароль:<br/>
<input name="pass2" type="password" value="" /><br />
Email:<br/>
<input name="mail" type="text" value="@" /><br />
Номер QIWI:<br /><input name="qiwi" type="text" size="12" /><br />
<b>Формат +79101143547 (RUS) </b> <br />
Введите код: <br />
<img src="/img.php" alt="captcha"/><br />
<input type="text" name="img" /><br />
<input type="submit" name="reg" value="Далее"/>
</form>
';
echo '</div>';
foot();
?>