mirror of
https://git.sr.ht/~iwakuralain/text0Nly
synced 2025-07-27 07:30:31 +00:00
204 lines
6.6 KiB
PHP
204 lines
6.6 KiB
PHP
<?php
|
|
ob_start();
|
|
ini_set('session.cookie_httponly', 1);
|
|
ini_set('session.cookie_secure', 1);
|
|
header('X-Content-Type-Options: nosniff');
|
|
header('X-Frame-Options: DENY');
|
|
header('X-XSS-Protection: 1; mode=block');
|
|
header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\';');
|
|
header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
|
|
session_start();
|
|
|
|
$config = require 'config.php';
|
|
$db = new PDO(
|
|
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
|
|
$config['db']['user'],
|
|
$config['db']['pass']
|
|
);
|
|
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
|
$error = '';
|
|
$success = '';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
|
|
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
|
|
$pgp_key = filter_input(INPUT_POST, 'pgp_key', FILTER_SANITIZE_STRING);
|
|
|
|
if ($username && $password) {
|
|
if (strlen($username) > 50 || strlen($password) < 8 || !preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
|
|
$error = 'Invalid data';
|
|
} else if (strlen($pgp_key) > 4096) {
|
|
$error = 'PGP key is too long';
|
|
} else {
|
|
$stmt = $db->prepare('SELECT COUNT(*) FROM banned_usernames WHERE username = ?');
|
|
$stmt->execute([$username]);
|
|
if ($stmt->fetchColumn() > 0) {
|
|
$error = 'This username is not allowed';
|
|
} else {
|
|
$stmt = $db->prepare('SELECT COUNT(*) FROM registrations WHERE created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)');
|
|
$stmt->execute();
|
|
$count = $stmt->fetchColumn();
|
|
|
|
if ($count >= 20) {
|
|
$error = 'Registration limit exceeded';
|
|
} else {
|
|
try {
|
|
$stmt = $db->prepare('INSERT INTO users (username, password, pgp_key, login_attempts, last_attempt) VALUES (?, ?, ?, 0, NOW())');
|
|
$stmt->execute([
|
|
$username,
|
|
password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]),
|
|
$pgp_key
|
|
]);
|
|
|
|
$stmt = $db->prepare('INSERT INTO registrations () VALUES ()');
|
|
$stmt->execute();
|
|
|
|
$success = 'Registration successful';
|
|
} catch (PDOException $e) {
|
|
$error = 'Username already exists';
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
|
|
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline';">
|
|
<title>Text0Nly - Registration</title>
|
|
<style>
|
|
body {
|
|
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
|
|
margin: 0;
|
|
padding: 20px;
|
|
min-height: 100vh;
|
|
display: flex;
|
|
flex-direction: column;
|
|
align-items: center;
|
|
background: #f8f9fa;
|
|
}
|
|
.container {
|
|
width: 100%;
|
|
max-width: 400px;
|
|
background: white;
|
|
padding: 20px;
|
|
border-radius: 8px;
|
|
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
|
|
margin-top: 20px;
|
|
}
|
|
h2 {
|
|
margin: 0 0 20px 0;
|
|
text-align: center;
|
|
color: #222;
|
|
}
|
|
.form-group {
|
|
margin: 15px 0;
|
|
}
|
|
input, textarea {
|
|
width: 100%;
|
|
padding: 12px;
|
|
margin: 5px 0;
|
|
border: 1px solid #ddd;
|
|
border-radius: 4px;
|
|
box-sizing: border-box;
|
|
font-size: 16px;
|
|
}
|
|
textarea {
|
|
height: 120px;
|
|
resize: vertical;
|
|
}
|
|
button {
|
|
width: 100%;
|
|
padding: 12px;
|
|
background: #222;
|
|
color: white;
|
|
border: none;
|
|
border-radius: 4px;
|
|
cursor: pointer;
|
|
font-size: 16px;
|
|
margin-top: 10px;
|
|
}
|
|
button:hover {
|
|
background: #444;
|
|
}
|
|
.error {
|
|
color: #dc3545;
|
|
background: #fff;
|
|
padding: 10px;
|
|
border-radius: 4px;
|
|
margin-bottom: 15px;
|
|
border: 1px solid #dc3545;
|
|
}
|
|
.success {
|
|
color: #28a745;
|
|
background: #fff;
|
|
padding: 10px;
|
|
border-radius: 4px;
|
|
margin-bottom: 15px;
|
|
border: 1px solid #28a745;
|
|
}
|
|
.links {
|
|
text-align: center;
|
|
margin-top: 20px;
|
|
}
|
|
.links a {
|
|
color: #222;
|
|
text-decoration: none;
|
|
}
|
|
.links a:hover {
|
|
text-decoration: underline;
|
|
}
|
|
.requirements {
|
|
font-size: 0.9em;
|
|
color: #666;
|
|
margin: 5px 0;
|
|
}
|
|
@media (max-width: 400px) {
|
|
body {
|
|
padding: 10px;
|
|
}
|
|
.container {
|
|
padding: 15px;
|
|
}
|
|
h2 {
|
|
font-size: 1.5em;
|
|
}
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<div class="container">
|
|
<h2>Registration</h2>
|
|
<?php if ($error): ?>
|
|
<div class="error"><?= htmlspecialchars($error) ?></div>
|
|
<?php endif; ?>
|
|
<?php if ($success): ?>
|
|
<div class="success"><?= htmlspecialchars($success) ?></div>
|
|
<?php endif; ?>
|
|
|
|
<form method="post" autocomplete="off">
|
|
<div class="form-group">
|
|
<input type="text" name="username" placeholder="Username" required maxlength="50" pattern="[a-zA-Z0-9_]+" autocomplete="username">
|
|
<div class="requirements">Only letters, numbers and underscore allowed</div>
|
|
</div>
|
|
<div class="form-group">
|
|
<input type="password" name="password" placeholder="Password" required minlength="8" autocomplete="new-password">
|
|
<div class="requirements">Minimum 8 characters</div>
|
|
</div>
|
|
<div class="form-group">
|
|
<textarea name="pgp_key" placeholder="PGP key (optional)" maxlength="4096"></textarea>
|
|
</div>
|
|
<button type="submit">Register</button>
|
|
</form>
|
|
<div class="links">
|
|
<a href="index.php">Back to chat</a>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|
|
<?php ob_end_flush(); ?>
|