public function create($postdata)
{
$sth = $this->db->prepare("SELECT * FROM invites WHERE secret = ?");
$sth->bindParam(1, $postdata["inviteKey"], PDO::PARAM_STR);
$sth->execute();
$invite = $sth->fetch(PDO::FETCH_ASSOC);
if (!$invite) {
throw new Exception('Inbjudningskoden har utgått.', 412);
}
if (strlen($postdata["username"]) < 2) {
throw new Exception('Användarnamnet är för kort', 411);
}
if (strlen($postdata["username"]) > 14) {
throw new Exception('Användarnamnet är för långt', 411);
}
if (!preg_match('/^[a-z0-9][a-z0-9-_]+$/i', $postdata["username"])) {
throw new Exception('Användarnamnet ska bestå av följande tecken: A-Z 0-9', 412);
}
if (!$this->usernameIsAvailable($postdata["username"])) {
throw new Exception('Användarnamnet \'' . $postdata["username"] . '\' är upptaget', 409);
}
if (!preg_match('/^[\\w.-]+@([\\w.-]+\\.)+[a-z]{2,6}$/is', $postdata["email"])) {
throw new Exception('Ogiltig e-postadress', 412);
}
if (!$this->emailIsAvailable($postdata["email"])) {
throw new Exception('E-postadressen används redan på sidan', 409);
}
if (strlen($postdata["password"]) < 6) {
throw new Exception('Lösenordet är för kort', 411);
}
if ($postdata["password"] != $postdata["passwordAgain"]) {
throw new Exception('Lösenorden stämmer ej överrens', 412);
}
switch ($postdata["format"]) {
case 0:
$indexlist = '2, 6';
// DVDR
break;
case 3:
$indexlist = '11, 163';
// 1080p
break;
default:
$indexlist = '1, 141';
// 720p
}
$age = (int) $postdata["age"];
$gender = (int) $postdata["gender"];
$sth = $this->db->query("SELECT id FROM news WHERE announce = 1 ORDER BY id DESC LIMIT 1");
$res = $sth->fetch(PDO::FETCH_ASSOC);
if (!$res) {
$lastReadNews = 0;
} else {
$lastReadNews = $res["id"];
}
$added = date("Y-m-d H:i:s");
$passhash = $this->hashPassword($postdata["password"], $added);
$uploaded = 1073741824 * $this->gigabyteUploadedOnSignup;
$leechEnd = date('Y-m-d H:i:s', time() + 86400);
// 24h frree leech
$sth = $this->db->prepare("INSERT INTO users (username, passhash, email, passkey, invited_by, indexlist, added, gender, alder, leechstart, uploaded, lastreadnews, last_access) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())");
$sth->bindParam(1, $postdata["username"], PDO::PARAM_STR);
$sth->bindParam(2, $passhash, PDO::PARAM_STR);
$sth->bindParam(3, strtolower($postdata["email"]), PDO::PARAM_STR);
$sth->bindParam(4, md5(uniqid()), PDO::PARAM_STR);
$sth->bindParam(5, $invite["userid"], PDO::PARAM_INT);
$sth->bindParam(6, $indexlist, PDO::PARAM_INT);
$sth->bindParam(7, $added, PDO::PARAM_STR);
$sth->bindParam(8, $gender, PDO::PARAM_INT);
$sth->bindParam(9, $age, PDO::PARAM_INT);
$sth->bindParam(10, $leechEnd, PDO::PARAM_STR);
$sth->bindParam(11, $uploaded, PDO::PARAM_INT);
$sth->bindParam(12, $lastReadNews, PDO::PARAM_INT);
$sth->execute();
$userId = $this->db->lastInsertId();
$mailbox = new Mailbox($this->db);
$mailbox->sendSystemMessage($invite["userid"], "Inbjudan accepterad!", "Din inbjudan är accepterad och hen valde att registrera sig under namnet [url=/user/" . $userId . "/" . $postdata["username"] . "][b]" . $postdata["username"] . "[/b][/url].");
// Security checks
$ip = $_SERVER["REMOTE_ADDR"];
$hostname = gethostbyaddr($ip);
$sth = $this->db->query("SELECT COUNT(*) FROM iplog WHERE ip = '" . $ip . "'");
$res = $sth->fetch();
$iplogHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM inlogg WHERE ip = '" . $ip . "'");
$res = $sth->fetch();
$loginAttemptsHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM emaillog WHERE email = '" . $postdata["email"] . "' AND userid != " . $userId);
$res = $sth->fetch();
$emailLogHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM `inlogg` JOIN users ON inlogg.uid = users.id WHERE inlogg.ip = '" . $ip . "' AND enabled = 'no'");
$res = $sth->fetch();
$loginAttemptsWarningHits = $res[0];
$sth = $this->db->query("SELECT COUNT(*) FROM `iplog` JOIN users ON iplog.userid = users.id WHERE iplog.ip = '" . $ip . "' AND enabled = 'no'");
$res = $sth->fetch();
$iplogWarningHits = $res[0];
$ipHits = $iplogHits + $loginAttemptsHits;
$warninLevel = $loginAttemptsWarningHits + $iplogWarningHits;
$signups = new Signups($this->db, $this);
$signups->create($userId, $ip, $hostname, $postdata["email"], $emailLogHits, $ipHits, $warninLevel);
/* Zero means persistent invite url */
if ($invite["userid"] != 0) {
$this->db->query("DELETE FROM invites WHERE id = " . $invite["id"]);
}
}