Gazelle/sections/user/takeinvite.php

<?

if(!$UserCount = $Cache->get_value('stats_user_count')){
	$DB->query("SELECT COUNT(ID) FROM users_main WHERE Enabled='1'");
	list($UserCount) = $DB->next_record();
	$Cache->cache_value('stats_user_count', $UserCount, 0);
}

$UserID = $LoggedUser['ID'];

//This is where we handle things passed to us
authorize();

$DB->query("SELECT can_leech FROM users_main WHERE ID = ".$UserID);
list($CanLeech) = $DB->next_record();

if($LoggedUser['RatioWatch'] ||
	!$CanLeech ||
	$LoggedUser['DisableInvites'] == '1'||
	$LoggedUser['Invites']==0 && !check_perms('site_send_unlimited_invites') ||
	($UserCount >= USER_LIMIT && USER_LIMIT != 0 && !check_perms('site_can_invite_always'))) {
		
		error(403);
}

$Email = $_POST['email'];
$Username = $LoggedUser['Username'];
$SiteName = SITE_NAME;
$SiteURL = NONSSL_SITE_URL;
$InviteExpires = time_plus(60*60*24*3); // 3 days

//MultiInvite
if(strpos($Email, '|') && check_perms('site_send_unlimited_invites')) {
	$Emails = explode('|', $Email);
} else {
	$Emails = array($Email);
}

foreach($Emails as $CurEmail){
	if (!preg_match("/^".EMAIL_REGEX."$/i", $CurEmail)) {
		if(count($Emails) > 1) {
			continue;
		} else {
			error('Invalid email.');
			header('Location: user.php?action=invite');
			die();
		}
	}
	$DB->query("SELECT Expires FROM invites WHERE InviterID = ".$LoggedUser['ID']." AND Email LIKE '".$CurEmail."'");
	if($DB->record_count() > 0) {
		error("You already have a pending invite to that address!");
		header('Location: user.php?action=invite');
		die();
	}
	$InviteKey = db_string(Users::make_secret());
		
$Message = <<<EOT
The user $Username has invited you to join $SiteName, and has specified this address ($CurEmail) as your email address. If you do not know this person, please ignore this email, and do not reply.

Please note that selling invites, trading invites, and giving invites away publicly (eg. on a forum) is strictly forbidden. If you have received your invite as a result of any of these things, do not bother signing up - you will be banned and lose your chances of ever signing up legitimately.

To confirm your invite, click on the following link:

http://$SiteURL/register.php?invite=$InviteKey

After you register, you will be able to use your account. Please take note that if you do not use this invite in the next 3 days, it will expire. We urge you to read the RULES and the wiki immediately after you join. 

Thank you,
$SiteName Staff
EOT;
	
	$DB->query("INSERT INTO invites
		(InviterID, InviteKey, Email, Expires) VALUES
		('$LoggedUser[ID]', '$InviteKey', '".db_string($CurEmail)."', '$InviteExpires')");

	if (!check_perms('site_send_unlimited_invites')) {
		$DB->query("UPDATE users_main SET Invites=GREATEST(Invites,1)-1 WHERE ID='$LoggedUser[ID]'");
		$Cache->begin_transaction('user_info_heavy_'.$LoggedUser['ID']);
		$Cache->update_row(false, array('Invites'=>'-1'));
		$Cache->commit_transaction(0);
	}
	
	Misc::send_email($CurEmail, 'You have been invited to '.SITE_NAME, $Message,'noreply');

	
}

header('Location: user.php?action=invite');
?>
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<?`

			`if(!$UserCount = $Cache->get_value('stats_user_count')){`
			`$DB->query("SELECT COUNT(ID) FROM users_main WHERE Enabled='1'");`
			`list($UserCount) = $DB->next_record();`
			`$Cache->cache_value('stats_user_count', $UserCount, 0);`
			`}`

			`$UserID = $LoggedUser['ID'];`

			`//This is where we handle things passed to us`
			`authorize();`

			`$DB->query("SELECT can_leech FROM users_main WHERE ID = ".$UserID);`
			`list($CanLeech) = $DB->next_record();`

			`if($LoggedUser['RatioWatch'] \|\|`
			`!$CanLeech \|\|`
			`$LoggedUser['DisableInvites'] == '1'\|\|`
			`$LoggedUser['Invites']==0 && !check_perms('site_send_unlimited_invites') \|\|`
			`($UserCount >= USER_LIMIT && USER_LIMIT != 0 && !check_perms('site_can_invite_always'))) {`

			`error(403);`
			`}`

			`$Email = $_POST['email'];`
			`$Username = $LoggedUser['Username'];`
			`$SiteName = SITE_NAME;`
			`$SiteURL = NONSSL_SITE_URL;`
			`$InviteExpires = time_plus(606024*3); // 3 days`

			`//MultiInvite`
			`if(strpos($Email, '\|') && check_perms('site_send_unlimited_invites')) {`
			`$Emails = explode('\|', $Email);`
			`} else {`
			`$Emails = array($Email);`
			`}`

			`foreach($Emails as $CurEmail){`
			`if (!preg_match("/^".EMAIL_REGEX."$/i", $CurEmail)) {`
			`if(count($Emails) > 1) {`
			`continue;`
			`} else {`
			`error('Invalid email.');`
			`header('Location: user.php?action=invite');`
			`die();`
			`}`
			`}`
			`$DB->query("SELECT Expires FROM invites WHERE InviterID = ".$LoggedUser['ID']." AND Email LIKE '".$CurEmail."'");`
			`if($DB->record_count() > 0) {`
			`error("You already have a pending invite to that address!");`
			`header('Location: user.php?action=invite');`
			`die();`
			`}`
Empty commit 2012-10-11 08:00:15 +00:00			`$InviteKey = db_string(Users::make_secret());`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00
			`$Message = <<<EOT`
			`The user $Username has invited you to join $SiteName, and has specified this address ($CurEmail) as your email address. If you do not know this person, please ignore this email, and do not reply.`

			`Please note that selling invites, trading invites, and giving invites away publicly (eg. on a forum) is strictly forbidden. If you have received your invite as a result of any of these things, do not bother signing up - you will be banned and lose your chances of ever signing up legitimately.`

			`To confirm your invite, click on the following link:`

			`http://$SiteURL/register.php?invite=$InviteKey`

			`After you register, you will be able to use your account. Please take note that if you do not use this invite in the next 3 days, it will expire. We urge you to read the RULES and the wiki immediately after you join.`

			`Thank you,`
			`$SiteName Staff`
			`EOT;`

			`$DB->query("INSERT INTO invites`
			`(InviterID, InviteKey, Email, Expires) VALUES`
			`('$LoggedUser[ID]', '$InviteKey', '".db_string($CurEmail)."', '$InviteExpires')");`

			`if (!check_perms('site_send_unlimited_invites')) {`
Update sphinxapi for v2 Allow indexing by column 0 in ->to_array() Only need numeric indices in 'ip_bans' key Cache keys were completely broken on the debug pages Add bbcode missing functions to staffpms Add border to improve layout of torrent pages with postmod Fix a bug where users could download anyone's snatch/upload/seedlist regardless of paranoia settings Don't escape thread titles before caching Better BBCode URL matching Fix user search by tracker IP for ocelot data Fix bug where the same thread would show up twice in the announcements forum Update tables before sending invite email to prevent sending multiple invites 2011-05-12 10:24:03 +00:00			`$DB->query("UPDATE users_main SET Invites=GREATEST(Invites,1)-1 WHERE ID='$LoggedUser[ID]'");`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$Cache->begin_transaction('user_info_heavy_'.$LoggedUser['ID']);`
			`$Cache->update_row(false, array('Invites'=>'-1'));`
			`$Cache->commit_transaction(0);`
			`}`

Empty commit 2012-10-11 08:00:15 +00:00			`Misc::send_email($CurEmail, 'You have been invited to '.SITE_NAME, $Message,'noreply');`
Update sphinxapi for v2 Allow indexing by column 0 in ->to_array() Only need numeric indices in 'ip_bans' key Cache keys were completely broken on the debug pages Add bbcode missing functions to staffpms Add border to improve layout of torrent pages with postmod Fix a bug where users could download anyone's snatch/upload/seedlist regardless of paranoia settings Don't escape thread titles before caching Better BBCode URL matching Fix user search by tracker IP for ocelot data Fix bug where the same thread would show up twice in the announcements forum Update tables before sending invite email to prevent sending multiple invites 2011-05-12 10:24:03 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00
			`}`

			`header('Location: user.php?action=invite');`
			`?>`