Trinity-Mangos Registration PHP Script - Rel: 160226.0704

<?php
    /*
        A simple mangos/trinity registration engine
        This is the engine only. Use it as a snippet or
        include it as an iframe.

        If you don't know what to edit
        or change, don't ask or use - it get more complicated
        from here - especially if you are running a server

        DEFINITIONS:
            - TM    : trinity and mangos

        FEATURES:
            - simple php (or as easy as I could make it)
            - self-contained file
            - checks existing (ofc)
            - checks for banned
            - auto inserts ip (not perfect but works) TM do this automatically later.
            - creates join date
            - fills both emails

        ADMIN:
            You will have to adjust the INSERT if you are using MANGOS as this script is
            written with TRINITY in use.

        Coded by: FrostByte (send thank you to klyxmaster[]gmail if you find this useful!)
        Rel:  160226.0704

        UPDATES:
            - 160226
                o Added captcha
                o Missing "set realmlist..." Fixed
            - 160225
                o released script
    */


    /*
        change these
    */
    date_default_timezone_set('America/Chicago');
    $server     = array (
        'host'          => 'localhost',
        'user'          => 'root',
        'pass'          => 'root',
        'realmd'        => 'auth',                  // usually Trinity: auth, Mangos: realmd
        'xpac'          => '2',                     // 0:vanilla, 1:TBC, 2:WotLK, 3:Cata, 4:MoP etc...
        'servername'    => 'FrostByte',
        'email'         => 'optional@thismail.com',
        'realmlist'     => 'mycoolwow.domain.net' // this is what user's will be told to set the realmlist.wtf to
    );

    /*
        If everything above is correct, this should go through smoothly
    */
    @mysql_connect($server['host'], $server['user'], $server['pass']) or
        die('Unable to connect to SQL server');
    @mysql_select_db($server['realmd']) or
        die('Unable to connect to '.$server["realmd"].' database!');

    $errorTxt = '';

    /*
        various functions
        -----^-----^-----^-----^-----^-----^-----^-----^-----^-----^-----^-----
    */
    /** clean up some strings nothing fancy **/
    function clean($text)
    {
        return mysql_real_escape_string($text);
    }

    /** decent ip finder **/
    function userIP()
    {
        if (!empty($_SERVER['HTTP_CLIENT_IP'])) :
            $ip = $_SERVER['HTTP_CLIENT_IP'];
        elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) :
            $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
        else :
            $ip = $_SERVER['REMOTE_ADDR'];
        endif;

        return $ip;
    }

    /** simple query routine **/
    function query($sql)
    {
        $query = @mysql_query($sql) or die("Bad query string: <br/>$sql<br/>".mysql_error());
        return $query;
    }

    function wowPW($username, $password)
    {
        return SHA1($username.':'.$password);
    }

    /*
        process the form
        -----^-----^-----^-----^-----^-----^-----^-----^-----^-----^-----^-----
    */
    if( isset($_POST['username']) ):

        /** get and clean up some form vars **/
        $username       = strtoupper( clean($_POST['username']) );
        $password       = strtoupper( clean($_POST['password']) );
        $pw2            = strtoupper( clean($_POST['password2']) );
        $email          = clean($_POST['email']);
        $ip             = $_POST['ip'];
        $time           = $_POST['time'];
        $captchaAnswer  = $_POST['captchaAnswer'];
        $captcha        = $_POST['captcha'];

        /** see if any part of the account exist **/
        $result = query("SELECT * FROM `account` WHERE `username` = '$username' LIMIT 1");
        if( mysql_num_rows($result) > 0 ): $errorTxt .= 'This name is in use!<br/>'; endif;

        $result = query("SELECT * FROM `account` WHERE `email` = '$email' LIMIT 1");
        if( mysql_num_rows($result) > 0 ): $errorTxt .= 'That email is already registered!<br/>'; endif;

        $result = query("SELECT * FROM `account` WHERE `last_ip` = '$ip' LIMIT 1");
        if( mysql_num_rows($result) > 0 ): $errorTxt .= 'That IP is in use!<br/>'; endif;

        /** matching pw? **/
        if ( $password != $pw2 ): $errorTxt .= 'Confirmation password does not match.'; endif;

        /** correct captcha **/
        if ( $captcha != $captchaAnswer ): $errorTxt .= 'Captcha answer incorrect.'; endif;

        /** if all is good errorTxt will still be NULL  **/
        if( empty($errorTxt) ):
            $time = date("Y-m-d H:i:s", $time);
            $password = wowPW($username, $password);

            $insert = "INSERT INTO `account`
            (
                username,
                sha_hash_pass,
                email,
                reg_email,
                joindate,
                last_ip,
                last_attempt_ip,
                expansion

            ) VALUES (
                '$username',
                '$password',
                '$email',
                '$email',
                '$time',
                '$ip',
                '$ip',
                ".$server['xpac']."
            )";

            /**
                I check every applicant before haphazardly letting the system add them. Adjust / comment out
                the following as needed
            **/
            /*
            file_put_contents($username.'.sql',$insert);        // comment out this line to use below
            echo 'Your account was created successfully. A staff member will review it shortly and update it to play. <br/>
                You will be notified by email (one you provided) when updated. If you are unable to access it after <br/>6hrs (rare),
                please email <a href="mailto:'.$server['email'].'">'.$server['email'].'</a> to expidite it.<br/><br/>Thank you!';

           */
            file_put_contents('new_users/'.$username.'.sql',$insert);        // save it in case something goes wrong
            query($insert);                                                 // uncomment this line to add instantly

            echo 'Your account here has been created successfully!<br/>
                    You will need to edit your c:/[wowfolder]/data/enUS/realmlist.wtf file. <br/>
                    replace its contents with the following:
                    <center><h2>set realmlist '.$server['realmlist'].'</h2></center>
                    To play: use the WOW.EXE, <font color="red">NEVER USE THE LAUNCHER</font><br/><br/>
                    If you have any questions, post in the forums
            ';

            die;

        endif; // errorTxt = NULL
    endif; // form check

?>
<center>

    <form method="post" action="register.php">
        <?='<h2><font color="white">'.$server['servername'].' Registration</font></h2>';?>
        <?php

            if( !empty($errorTxt) ):
                echo "<p><font color='red'><b>$errorTxt</b></font></p>";
            endif;

            // captcha basic -
            $v1 = rand(1,10);
            $v2 = rand(1,10);
            $an = $v1 + $v2;

        ?>
        <input required type="text" placeholder="Desired Login ID" name="username" /><br/>
        <input required type="password" placeholder="Password" name="password" /><br/>
        <input required type="password" placeholder="Verify PW" name="password2" /><br/>
        <input required type="email" placeholder="Valid Email" name="email" /><br/>
        <font color="white"><?="$v1 + $v2";?> = </font><input required type="text" name="captchaAnswer" placeholder="answer" size="5"/><br/>

        <input type="hidden" name="captcha" value="<?=$an;?>" />
        <input type="hidden" name="ip" value="<?=userIp();?>" />
        <input type="hidden" name="time" value="<?=time();?>" /><br/>
        <input type="submit" value="Signup" />
    </form>

</center>