From 9ad44699a135c6f4c83a5eb1012327fbe40ee948 Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Fri, 10 Mar 2017 21:52:25 -0600
Subject: [PATCH] Fixed account registration bugs

Reworked the entire registration page backend to make it more user
friendly.
Fixed typo in reCAPTCHA text.  Should be working now as intended.
Fixed several SQL query functions that needed row counts.
Fixed the built in redirect function to correctly accommodate meta
redirects.
Added an option to disable the "email sent" notice on the webpage when
an email was sent.
Issue fixed #24 where SQL error was displayed when a user tried to
register an existing username.
---
 core/SDL/class.account.php                    |  26 +-
 core/common.php                               |  10 +-
 inc/account/account.activate.php              |   1 +
 inc/account/account.register.php              | 239 ++++++-------
 .../blizzlike/account/account.register.php    | 320 ++++++++----------
 5 files changed, 272 insertions(+), 324 deletions(-)

diff --git a/core/SDL/class.account.php b/core/SDL/class.account.php
index 8b45fe0..9c2fd60 100644
--- a/core/SDL/class.account.php
+++ b/core/SDL/class.account.php
@@ -353,7 +353,7 @@ function register($params, $account_extend = NULL)
                 $email_text .= 'Password: '.$password."\n";
                 $email_text .= 'This is your activation key: '.$tmp_act_key."\n";
                 $email_text .= 'CLICK HERE : '.$act_link."\n";
-                send_email($params['email'],$params['username'],'== '.(string)$Config->get('site_title').' account activation ==',$email_text);
+                send_email($params['email'], $params['username'], '== '.(string)$Config->get('site_title').' account activation ==', $email_text, false);
                 return 1;
             }
 			
@@ -495,8 +495,8 @@ function isLoggedIn()
 
     function isAvailableUsername($username)
 	{
-        $res = $this->DB->num_rows("SELECT COUNT(*) FROM `account` WHERE `username`='".$username."'");
-        if($res['COUNT(*)'] == 0) 
+        $res = $this->DB->count("SELECT id FROM `account` WHERE `username`='".$username."'");
+        if($res == 0) 
 		{
 			return TRUE; // username is available
 		}
@@ -512,8 +512,8 @@ function isAvailableUsername($username)
 
     function isAvailableEmail($email)
 	{
-        $res = $this->DB->num_rows("SELECT COUNT(*) FROM `account` WHERE `email`='".$email."'");
-        if($res['COUNT(*)'] == 0) 
+        $res = $this->DB->count("SELECT id FROM `account` WHERE `email`='".$email."'");
+        if($res == 0) 
 		{
 			return TRUE; // email is available
 		}
@@ -581,8 +581,8 @@ function isValidActivationKey($key)
 	function isBannedAccount($account_id)
 	{
 		global $DB;
-		$check = $DB->num_rows("SELECT COUNT(*) FROM `account_banned` WHERE `id`='".$account_id."' AND `active`=1");
-		if ($check['COUNT(*)'] > 0)
+		$check = $DB->count("SELECT id FROM `account_banned` WHERE `id`='".$account_id."' AND `active`=1");
+		if ($check > 0)
 		{
 			return TRUE; // Account is banned
 		}
@@ -599,8 +599,8 @@ function isBannedAccount($account_id)
 	function isBannedIp()
 	{
 		global $DB;
-		$check = $DB->num_rows("SELECT COUNT(*) FROM `ip_banned` WHERE `ip`='".$_SERVER['REMOTE_ADDR']."'");
-		if ($check['COUNT(*)'] > 0)
+		$check = $DB->count("SELECT ip FROM `ip_banned` WHERE `ip`='".$_SERVER['REMOTE_ADDR']."'");
+		if ($check > 0)
 		{
 			return TRUE; // IP is banned
 		}
@@ -934,8 +934,8 @@ function onlinelist_add()
     {
         global $user;
 
-        $result = $this->DB->num_rows("SELECT COUNT(*) FROM `mw_online` WHERE `user_id`='".$this->user['id']."'");
-        if($result['COUNT(*)'] > 0)
+        $result = $this->DB->count("SELECT id FROM `mw_online` WHERE `user_id`='".$this->user['id']."'");
+        if($result > 0)
         {
             $this->DB->query("UPDATE `mw_online` SET 
 				`user_ip`='".$this->user['ip']."',
@@ -969,8 +969,8 @@ function onlinelist_addguest()
     {
         global $user;
 
-        $result = $this->DB->num_rows("SELECT  COUNT(*) FROM `mw_online` WHERE `user_id`='0' AND `user_ip`='".$this->user['ip']."'");
-        if($result['COUNT(*)'] > 0)
+        $result = $this->DB->count("SELECT id FROM `mw_online` WHERE `user_id`='0' AND `user_ip`='".$this->user['ip']."'");
+        if($result > 0)
         {
             $this->DB->query("UPDATE `mw_online` SET 
 				`user_ip`='".$this->user['ip']."',
diff --git a/core/common.php b/core/common.php
index 61c09c7..777b73d 100644
--- a/core/common.php
+++ b/core/common.php
@@ -207,7 +207,7 @@ function print_gold($gvar)
 //===== MAIL FUNCTIONS =====//
 
 // Send Mail
-function send_email($goingto, $toname, $sbj, $messg) 
+function send_email($goingto, $toname, $sbj, $messg, $notice = true) 
 {
 	global $Config;
 	define('DISPLAY_XPM4_ERRORS', true); // display XPM4 errors
@@ -232,7 +232,7 @@ function send_email($goingto, $toname, $sbj, $messg)
 		$c = SMTP::MXconnect($h[1]); // connect to SMTP server (direct) from MX hosts list
 		$s = SMTP::Send($c, array($t), $m, $f); // send mail
 		// print result
-		if ($s) output_message('success', 'Mail Sent!');
+		if($notice)if ($s) output_message('success', 'Mail Sent!');
 		else output_message('error', print_r($_RESULT));
 		SMTP::Disconnect($c); // disconnect
 	}
@@ -245,7 +245,7 @@ function send_email($goingto, $toname, $sbj, $messg)
 		// send mail
 		$send = mail($goingto, $sbj, $mess['content'], 'From: '.$core_em.''."\n".$mess['header']);
 		// print result
-		echo $send ? output_message('success', 'Mail Sent!') : output_message('error', 'Error!');
+		if($notice)echo $send ? output_message('success', 'Mail Sent!') : output_message('error', 'Error!');
 	}
 	elseif($Config->get('email_type') == 2)	// If email type "2" (MTA Relay)
 	{
@@ -270,7 +270,7 @@ function send_email($goingto, $toname, $sbj, $messg)
 		}
 
 		// send mail relay using the '$c' resource connection
-		echo $m->Send($c) ? output_message('success', 'Mail Sent!') : output_message('error', 'Error! Please check your config and make sure you inserted your MTA info correctly.');
+		if($notice)echo $m->Send($c) ? output_message('success', 'Mail Sent!') : output_message('error', 'Error! Please check your config and make sure you inserted your MTA info correctly.');
 
 		$m->Disconnect(); // disconnect from server
 		// print_r($m->History); // optional, for debugging
@@ -304,7 +304,7 @@ function redirect($linkto,$type=0,$wait_sec=0)
 	{
         if($type==0)
 		{
-            $GLOBALS['redirect'] = '<meta http-equiv=refresh content="'.$wait_sec.';url='.$linkto.'">';
+            echo '<meta http-equiv=refresh content="'.$wait_sec.';url='.$linkto.'">';
         }
 		else
 		{
diff --git a/inc/account/account.activate.php b/inc/account/account.activate.php
index 2a51ba7..c1b39c2 100644
--- a/inc/account/account.activate.php
+++ b/inc/account/account.activate.php
@@ -55,6 +55,7 @@ function CheckKey()
 						$DB->query("UPDATE account SET locked=0 WHERE id='".$_GET['id']."' LIMIT 1");
 						$DB->query("UPDATE mw_account_extend SET activation_code=NULL WHERE account_id='".$_GET['id']."' LIMIT 1");
 						output_message('success', '<b>Account successfully activated! You may now log into the server and play.</b>');
+						redirect("?p=account&sub=login", 0, 2);
 					}
 					else
 					{
diff --git a/inc/account/account.register.php b/inc/account/account.register.php
index 25dcf30..7f8acae 100644
--- a/inc/account/account.register.php
+++ b/inc/account/account.register.php
@@ -76,171 +76,144 @@ function Register()
 {
 	global $DB, $Config, $allow_reg, $err_array, $Account, $lang;
 	
-	// Check to see if we still are allowed to register
-	if($allow_reg == TRUE)
-	{
-		// Inizialize variable, we use this after. Use this to add extensions.
-		$notreturn = FALSE;
+	// Inizialize variable, we use this after. Use this to add extensions.
+	$notreturn = FALSE;
 
-		// Extensions
-		// Each extention you see down-under will check for specific user input,
-		// In this step we set "requirements" for what user may input.
+	// Extensions
+	// Each extention you see down-under will check for specific user input,
+	// In this step we set "requirements" for what user may input.
 
-		// Ext 1 - Image verification
-		// We need to see if its enabled, and if the user put in the right code
-		if($Config->get('reg_use_recpatcha') == 1)
+	// Ext 1 - Image verification
+	// We need to see if its enabled, and if the user put in the right code
+	if($Config->get('reg_use_recaptcha') == 1)
+	{
+		$response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$Config->get('reg_recaptcha_private_key')."&response=".$_POST['g-recaptcha-response']."&remoteip=".$_SERVER['REMOTE_ADDR']), true);
+		
+		if($response['success'] != true)
 		{
-			$response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$Config->get('reg_recaptcha_private_key')."&response=".$_POST['g-recaptcha-response']."&remoteip=".$_SERVER['REMOTE_ADDR']), true);
-			
-			if($response['success'] != true)
-			{
-				$notreturn = TRUE;
-				$err_array[] = $lang['image_var_incorrect'];
-			}
+			$notreturn = TRUE;
+			$err_array[] = $lang['image_var_incorrect'];
 		}
+	}
 
-		// Ext 2 - secret questions
-		// Check if user questions are required, if so we need to check for symbols, and character lenght
-		if ($Config->get('reg_secret_questions') == 1)
+	// Ext 2 - secret questions
+	// Check if user questions are required, if so we need to check for symbols, and character lenght
+	if ($Config->get('reg_secret_questions') == 1)
+	{
+		if ($_POST['secretq1'] && $_POST['secretq2'] && $_POST['secreta1'] && $_POST['secreta2']) 
 		{
-			if ($_POST['secretq1'] && $_POST['secretq2'] && $_POST['secreta1'] && $_POST['secreta2']) 
+			if(check_for_symbols($_POST['secreta1']) || check_for_symbols($_POST['secreta2']))
 			{
-				if(check_for_symbols($_POST['secreta1']) || check_for_symbols($_POST['secreta2']))
-				{
-					$notreturn = TRUE;
-					$err_array[] = $lang['secretq_error_symbols'];
-				}
-				if($_POST['secretq1'] == $_POST['secretq2']) 
-				{
-					$notreturn = TRUE;
-					$err_array[] = $lang['secretq_error_same'];
-				}
-				if($_POST['secreta1'] == $_POST['secreta2']) 
-				{
-					$notreturn = TRUE;
-					$err_array[] = $lang['secretq_error_same'];
-				}
-				if(strlen($_POST['secreta1']) < 4 || strlen($_POST['secreta2']) < 4) 
-				{
-					$notreturn = TRUE;
-					$err_array[] = $lang['secretq_error_short'];
-				}
+				$notreturn = TRUE;
+				$err_array[] = $lang['secretq_error_symbols'];
 			}
-			else 
+			if($_POST['secretq1'] == $_POST['secretq2']) 
 			{
 				$notreturn = TRUE;
-				$err_array[] = $lang['secretq_error_empty'];
+				$err_array[] = $lang['secretq_error_same'];
+			}
+			if($_POST['secreta1'] == $_POST['secreta2']) 
+			{
+				$notreturn = TRUE;
+				$err_array[] = $lang['secretq_error_same'];
+			}
+			if(strlen($_POST['secreta1']) < 4 || strlen($_POST['secreta2']) < 4) 
+			{
+				$notreturn = TRUE;
+				$err_array[] = $lang['secretq_error_short'];
 			}
 		}
-		
-		// Ext 3 - make sure the username isnt already in use
-		if($Account->isAvailableUsername($_POST['r_login']) == FALSE)
+		else 
 		{
 			$notreturn = TRUE;
-			$err_array[] = $lang['username_taken'];
+			$err_array[] = $lang['secretq_error_empty'];
 		}
+	}
+	
+	// Ext 3 - make sure the username isnt already in use
+	if($Account->isAvailableUsername($_POST['r_login']) == FALSE)
+	{
+		$notreturn = TRUE;
+		$err_array[] = $lang['username_taken'];
+	}
+
+	// Ext 4 - make sure password is not username
+	if($_POST['r_login'] == $_POST['r_pass']) 
+	{
+		$notreturn = TRUE;
+		$err_array[] = $lang['user_pass_same'];
+	}
 
-		// Ext 4 - make sure password is not username
-		if($_POST['r_login'] == $_POST['r_pass']) 
+	// Main add into the database
+	if ($notreturn == FALSE)
+	{
+		if(!isset($_POST['secretq1']))
 		{
-			$notreturn = TRUE;
-			$err_array[] = $lang['user_pass_same'];
+			$_POST['secretq1'] = $_POST['secreta1'] = $_POST['secretq2'] = $_POST['secreta2'] = "";
 		}
-
-		// Main add into the database
-		if ($notreturn == FALSE)
+		// @$Enter is the main input arrays into the SDL
+		$Enter = $Account->register(
+			array(
+				'username' => strtoupper($_POST['r_login']),
+				'sha_pass_hash' => $Account->sha_password($_POST['r_login'],$_POST['r_pass']),
+				'sha_pass_hash2' => $Account->sha_password($_POST['r_login'],$_POST['r_cpass']),
+				'email' => $_POST['r_email'],
+				'expansion' => $_POST['r_account_type'],
+				'password' => $_POST['r_pass']
+			), 
+			array(
+				'secretq1'=> strip_if_magic_quotes($_POST['secretq1']),
+				'secreta1' => strip_if_magic_quotes($_POST['secreta1']),
+				'secretq2' => strip_if_magic_quotes($_POST['secretq2']), 
+				'secreta2' => strip_if_magic_quotes($_POST['secreta2'])
+			)
+		);
+		
+		// lets catch the return on the register function
+		if($Enter == 1) # 1 = success
 		{
-			// @$Enter is the main input arrays into the SDL
-			$Enter = $Account->register(
-				array(
-					'username' => strtoupper($_POST['r_login']),
-					'sha_pass_hash' => $Account->sha_password($_POST['r_login'],$_POST['r_pass']),
-					'sha_pass_hash2' => $Account->sha_password($_POST['r_login'],$_POST['r_cpass']),
-					'email' => $_POST['r_email'],
-					'expansion' => $_POST['r_account_type'],
-					'password' => $_POST['r_pass']
-				), 
-				array(
-					'secretq1'=> strip_if_magic_quotes($_POST['secretq1']),
-					'secreta1' => strip_if_magic_quotes($_POST['secreta1']),
-					'secretq2' => strip_if_magic_quotes($_POST['secretq2']), 
-					'secreta2' => strip_if_magic_quotes($_POST['secreta2'])
-				)
-			);
-			
-			// lets catch the return on the register function
-			if($Enter == 1) # 1 = success
-			{
-				if($Config->get('reg_invite') == 1)
-				{
-					$Account->delete_key($_POST['r_key']);
-				}
-				$reg_succ = TRUE;
-			}
-			elseif($Enter == 0) # All params are emtpy
-			{
-				$reg_succ = FALSE;
-				$err_array[] = $lang['some_params_empty'];
-			}
-			elseif($Enter == 2) # empty username
-			{
-				$reg_succ = FALSE;
-				$err_array[] = $lang['empty_param_username'];
-			}
-			elseif($Enter == 3) # passwords dont match
-			{
-				$reg_succ = FALSE;
-				$err_array[] = $lang['passwords_dont_match'];
-			}
-			elseif($Enter == 4) # empty email
+			if($Config->get('reg_invite') == 1)
 			{
-				$reg_succ = FALSE;
-				$err_array[] = $lang['empty_param_email'];
-			}
-			elseif($Enter == 5) # IP Banned
-			{
-				$reg_succ = FALSE;
-				$err_array[] = $lang['your_ip_is_banned'];
-			}
-			else # Fetal Error
-			{
-				$reg_succ = FALSE;
-				$err_array[] = "Account Creation [FATAL ERROR]: User cannot be created, likely due to incorrect database configuration.  Contact the administrator.";
+				$Account->delete_key($_GET['r_key']);
 			}
+			$reg_succ = TRUE;
 		}
-		else
+		elseif($Enter == 0) # All params are emtpy
 		{
 			$reg_succ = FALSE;
+			$err_array[] = $lang['some_params_empty'];
 		}
-		  
-		// If there were any errors, then they are outputed here
-		if($reg_succ == FALSE) 
+		elseif($Enter == 2) # empty username
 		{
-			if(!$err_array[0]) 
-			{
-				$err_array[0] = "Unknown Reason";
-			}
-			$output_error = $lang['register_failed'];
-			$output_error .= "<ul><li>";
-			$output_error .= implode("</li><li>", $err_array);
-			$output_error .= "</li></ul>";
-			output_message('error', $output_error.'Redirecting...<meta http-equiv=refresh content="8;url=?p=account&sub=register">');
+			$reg_succ = FALSE;
+			$err_array[] = $lang['empty_param_username'];
 		}
-		else # Registration was successful
+		elseif($Enter == 3) # passwords dont match
 		{
-			if((int)$Config->get('require_act_activation') == 1)
-			{
-				output_message('success', $lang['activation_email_sent']);
-			}
-			else
-			{
-				output_message('success', $lang['register_success'].'<meta http-equiv=refresh content="5;url=?p=account&sub=login">');
-			}
+			$reg_succ = FALSE;
+			$err_array[] = $lang['passwords_dont_match'];
+		}
+		elseif($Enter == 4) # empty email
+		{
+			$reg_succ = FALSE;
+			$err_array[] = $lang['empty_param_email'];
+		}
+		elseif($Enter == 5) # IP Banned
+		{
+			$reg_succ = FALSE;
+			$err_array[] = $lang['your_ip_is_banned'];
+		}
+		else # Fetal Error
+		{
+			$reg_succ = FALSE;
+			$err_array[] = "Account Creation [FATAL ERROR]: User cannot be created, likely due to incorrect database configuration.  Contact the administrator.";
 		}
 	}
 	else
 	{
-		return FALSE;
+		$reg_succ = FALSE;
 	}
+		
+	return $reg_succ; 
 }
 ?>
diff --git a/templates/blizzlike/account/account.register.php b/templates/blizzlike/account/account.register.php
index f3f3f94..f24dccd 100644
--- a/templates/blizzlike/account/account.register.php
+++ b/templates/blizzlike/account/account.register.php
@@ -1,25 +1,30 @@
 <br />
 <style media="screen" title="currentStyle" type="text/css">
 p.nm, p.wm { 
-		margin: 0.5em 0 0.5em 0; 
-		padding: 3px; }
+	margin: 0.5em 0 0.5em 0; 
+	padding: 3px;
+}
 		
-	p.nm { 
-		background-color: #FEF5DA; 
-		border-right: 1px solid #D0CBAF;
-		border-bottom: 1px solid #D0CBAF; 
-		color: #605033; }
-	
-	p.wm { 
-		background-color: #FBD8D7; 
-		border-right: 1px solid #DCBFB4;
-		border-bottom: 1px solid #DCBFB4; 
-		color: #6A0D0B; }
+p.nm { 
+	background-color: #FEF5DA; 
+	border-right: 1px solid #D0CBAF;
+	border-bottom: 1px solid #D0CBAF; 
+	color: #605033;
+}
+
+p.wm { 
+	background-color: #FBD8D7; 
+	border-right: 1px solid #DCBFB4;
+	border-bottom: 1px solid #DCBFB4; 
+	color: #6A0D0B;
+}
+
 #regform label {
 	display: block;
 	margin-top: 1em;
 	font-weight: bold;
 }
+
 p.nm, p.wm { 
 	margin: 0px;
 	margin-top: 3px;
@@ -33,188 +38,157 @@
 }
 else
 {
-	if(isset($_POST['step']) && $_POST['step'] == 3 && $allow_reg == TRUE)
-	{
-		Register();
-	}
-	elseif(isset($_POST['step']) && $_POST['step'] == 2 && $allow_reg == TRUE)
+	if($Config->get('reg_invite') == 1 && (!isset($_GET['r_key']) || !$Account->isValidRegkey($_GET['r_key'])))
 	{
+		// require invite / registration code to create an account
+		if(isset($_GET['r_key']) && !$Account->isValidRegkey($_GET['r_key']))
+		{
+			output_message('validation', $lang['bad_register_key']);
+		}
+
 		build_CommBox_Header();
 ?>
-		<div style="padding-left:8px; padding-right: 14px">
-			<form method="post" action="?p=account&amp;sub=register" name="regform" id="regform">
-				<input type="hidden" name="r_key" value="<?php echo $_POST['r_key'];?>"/>
-				<input type="hidden" name="step" value="3"/>
-				
-				<label for="r_login"><?php echo $lang['username'];?>:</label>
-				<input type="text" id="r_login" name="r_login" size="40" maxlength="16"/>
-				<p id="t_login" style="display:none;" class="wm"></p>
-
-				<label for="r_pass"><?php echo $lang['password'];?>:</label>
-				<input type="password" id="r_pass" name="r_pass" size="40" maxlength="16"/>
-				<p id="t_pass" style="display:none;" class="wm"></p>
-
-				<label for="r_cpass"><?php echo $lang['confirm_password'];?>:</label>
-				<input type="password" id="r_cpass" name="r_cpass" size="40" maxlength="16"/>
-				<p id="t_cpass" style="display:none;" class="wm"></p>
-
-				<label for="r_email"><?php echo $lang['email'];?>:</label>
-				<input type="text" id="r_email" name="r_email" size="40" maxlength="50"/>
-				<p id="t_email" style="display:none;" class="wm"></p>
-
-			<?php 
-				if ((int)$Config->get('reg_secret_questions') == 0)
-				{ ?>
-
-					<label for="secretq1"><?php echo $lang['secretq']; ?> 1:</label>
-					Q: <select id="secretq1" name="secretq1">
-					<option value="Disabled">Disabled</option>
-			<?php 
-					foreach ($secret_questions as $question)
-					{?>
-						<option value="<?php echo htmlspecialchars($question['question']); ?>"><?php echo $question['question']; ?></option>
-			<?php 	} ?>
-					</select><br />
-					A: <input type="hidden" id="secreta1" name="secreta1" size="40" maxlength="50"/>
-
-					<label for="secretq2"><?php echo $lang['secretq']; ?> 2:</label>
-					Q: <select id="secretq2" name="secretq2">
-						<option value="Disabled">Disable</option>
-			<?php 
-					foreach ($secret_questions as $question)
-					{ ?>
-						<option value="<?php echo htmlspecialchars($question['question']); ?>"><?php echo $question['question']; ?></option>
-			<?php 	} ?>
-					</select><br />
-					A: <input type="hidden" id="secreta2" name="secreta2" size="40" maxlength="50"/>
-	
-			<?php 	
-				} ?>
-
-			<?php 
-				if ($Config->get('reg_secret_questions') == 1)
-				{ ?>
-					<label for="secretq1"><?php echo $lang['secretq']; ?> 1:</label>
-					Q: <select id="secretq1" name="secretq1">
-						<option value="0">None</option>
-			<?php 
-					foreach ($secret_questions as $question)
-					{ ?>
-						<option value="<?php echo htmlspecialchars($question['question']); ?>"><?php echo $question['question']; ?></option>
-			<?php   } ?>
-					</select><br />
-					A: <input type="text" id="secreta1" name="secreta1" size="40" maxlength="50"/>
-
-					<label for="secretq2"><?php echo $lang['secretq']; ?> 2:</label>
-					Q: <select id="secretq2" name="secretq2">
-						<option value="0">None</option>
-			<?php 
-					foreach ($secret_questions as $question)
-					{ ?>
-						<option value="<?php echo htmlspecialchars($question['question']); ?>"><?php echo $question['question']; ?></option>
-			<?php 	} ?>
-					</select><br />
-					A: <input type="text" id="secreta2" name="secreta2" size="40" maxlength="50"/>
-			<?php 
-				} ?>
-
-				<label for="r_account_type"><?php echo $lang['select_expansion']; ?>:</label>
-				<select id="r_account_type" name="r_account_type">
-					<option selected="selected" value="2"><?php echo $lang['wrath'];?></option>
-					<option value="1"><?php echo $lang['burning_crusade'];?></option>
-					<option value="0"><?php echo $lang['classic'];?></option>
-				</select><br /><br />
-
-			<?php
-			if ((int)$Config->get('reg_use_recaptcha') == 1)
-			{        
-			?>
-				<div class="g-recaptcha" data-sitekey="<?php echo $Config->get('reg_recaptcha_public_key');?>"></div>
-			<?php 	
-			}
-			?>
-				<br />
-				<center>
-					<input type='image' class="button" src='<?php echo $Template['path']; ?>/images/buttons/createaccount-button2.gif' />
-				</center>
-			</form>
+		<div style="margin:4px;padding:6px 9px 6px 9px;text-align:left;">
+			<b><?php echo $lang['register_key'];?>:</b> 
+			<input type="text" id="r_key" <?php if(isset($_GET['r_key'])) echo 'value="'.htmlspecialchars($_GET['r_key']).'"';?> size="45" maxlength="50" />
 		</div>
-	<?php	
+		<div style="background:none;margin:4px;padding:6px 9px 0px 9px;text-align:center;">
+			<a href="" onclick="this.href='?p=account&amp;sub=register&amp;r_key='+document.getElementById('r_key').value">
+				<img src='<?php echo $Template['path']; ?>/images/buttons/continue-button.gif' />
+			</a>
+		</div>
+<?php
 		build_CommBox_Footer();
 	}
-	
-	// Else if step is empty (1), and require invite is disabled
-	elseif(empty($_POST['step']) && $Config->get('reg_invite') == 0 && $allow_reg == TRUE)
+	elseif(!isset($_GET['accept']) && !isset($_POST['r_login']))
 	{
+		// display the terms / conditions accept page
 		build_CommBox_Header();
 ?>
-		<form method="post" action="?p=account&amp;sub=register">
-			<input type="hidden" name="step" value="2"/>
-			<input type="hidden" name="r_key" value="0"/>
-			<div style="margin:4px;padding:6px 9px 6px 9px;text-align:left;">
-				<h2 style="margin:2px;"> <?php echo $lang['rules_agreement'] ?> </h2>
-				<div style="color: red"><?php echo $lang['warn_email'] ?></div>
-				<br/>
-				<?php include("lang/".$GLOBALS['user_cur_lang']."/rules.html"); ?>
-			</div>
-			<div style="margin:4px;padding:6px 9px 0px 9px;text-align:center;">
-				<input type='image' class="button" src="<?php echo $Template['path']; ?>/images/buttons/disagree-button.gif" name="disagree" value="1" />
-				<input type='image' class="button" src='<?php echo $Template['path']; ?>/images/buttons/agree-button.gif' />
-			</div>
-		</form>
+		<div style="margin:4px;padding:6px 9px 6px 9px;text-align:left;">
+			<h2 style="margin:2px;"> <?php echo $lang['rules_agreement'] ?> </h2>
+			<div style="color: red"><?php echo $lang['warn_email'] ?></div>
+			<br/>
+			<?php include("lang/".$GLOBALS['user_cur_lang']."/rules.html"); ?>
+		</div>
+		<div style="margin:4px;padding:6px 9px 0px 9px;text-align:center;">
+			<a href="<?= $_SERVER['REQUEST_URI'];?>&amp;accept=true"><img src="<?php echo $Template['path']; ?>/images/buttons/agree-button.gif" /></a>
+		</div>
 <?php
 		build_CommBox_Footer();
 	}
-	
-	// Else if step is 1, and require invite is enabled
-	elseif(isset($_POST['step']) && $_POST['step'] == 1 && $Config->get('reg_invite') == 1)
+	if(isset($_GET['accept']))
 	{
-		if($Account->isValidRegkey($_POST['r_key']) !== TRUE)
+		if(isset($_POST['r_login']))
 		{
-			output_message('validation', $lang['bad_register_key']);
-			$allow_reg = FALSE;
+			$reg_result = Register();
+		}
+
+		if(isset($reg_result) && $reg_result)
+		{
+			if((int)$Config->get('require_act_activation') == 1)
+			{
+				output_message('success', $lang['activation_email_sent']);
+			}
+			else
+			{
+				output_message('success', $lang['register_success'].'<meta http-equiv=refresh content="5;url=?p=account&sub=login">');
+			}
 		}
 		else
 		{
+			if(isset($_POST['r_login']))
+			{
+				if(!$err_array[0])
+				{
+					$err_array[0] = "Unknown Reason";
+				}
+				$output_error = $lang['register_failed'];
+				$output_error .= "<ul><li>";
+				$output_error .= implode("</li><li>", $err_array);
+				$output_error .= "</li></ul>";
+				output_message('error', $output_error);
+			}
+
 			build_CommBox_Header();
 ?>
-			<form method="post" action="?p=account&amp;sub=register">
-				<input type="hidden" name="step" value="2"/>
-				<input type="hidden" name="r_key" value="<?php echo $_POST['r_key'];?>"/>
-				<div style="margin:4px;padding:6px 9px 6px 9px;text-align:left;">
-					<h2 style="margin:2px;"> <?php echo $lang['rules_agreement'] ?> </h2>
-					<div style="color: red"><?php echo $lang['warn_email'] ?></div>
-					<br/>
-					<?php include("lang/".$GLOBALS['user_cur_lang']."/rules.html"); ?>
-				</div>
-				<div style="margin:4px;padding:6px 9px 0px 9px;text-align:center;">
-					<input type='image' class="button" src="<?php echo $Template['path']; ?>/images/buttons/disagree-button.gif" name="disagree" value="1" />
-					<input type='image' class="button" src='<?php echo $Template['path']; ?>/images/buttons/agree-button.gif' />
-				</div>
-			</form>
-			
-<?php		build_CommBox_Footer();
-		}
-	}
-	
-	// Else if step is empty, and require invite is enabled, user must enter the Invite Key
-	elseif(empty($_POST['step']) && $Config->get('reg_invite') == 1 && $allow_reg === TRUE)
-	{
-		build_CommBox_Header();
+	<div style="padding-left:8px; padding-right: 14px">
+		<form method="post" name="regform" id="regform">
+			<label for="r_login"><?php echo $lang['username'];?>:</label>
+			<input type="text" id="r_login" name="r_login" size="40" maxlength="16" <?php if(isset($_POST['r_login'])) echo 'value="'.htmlspecialchars($_POST['r_login']).'"';?> />
+			<p id="t_login" style="display:none;" class="wm"></p>
+
+			<label for="r_pass"><?php echo $lang['password'];?>:</label>
+			<input type="password" id="r_pass" name="r_pass" size="40" maxlength="16" />
+			<p id="t_pass" style="display:none;" class="wm"></p>
+
+			<label for="r_cpass"><?php echo $lang['confirm_password'];?>:</label>
+			<input type="password" id="r_cpass" name="r_cpass" size="40" maxlength="16" />
+			<p id="t_cpass" style="display:none;" class="wm"></p>
+
+			<label for="r_email"><?php echo $lang['email'];?>:</label>
+			<input type="text" id="r_email" name="r_email" size="40" maxlength="50" <?php if(isset($_POST['r_email'])) echo 'value="'.htmlspecialchars($_POST['r_email']).'"';?> />
+			<p id="t_email" style="display:none;" class="wm"></p>
+<?php 
+			if ($Config->get('reg_secret_questions') == 1)
+			{
 ?>
-		<form method="post" action="\?p=account&amp;sub=register">
-			<input type="hidden" name="step" value="1"/>
-			<div style="margin:4px;padding:6px 9px 6px 9px;text-align:left;">
-				<b><?php echo $lang['register_key'];?>:</b> 
-				<input type="text" name="r_key" size="45" maxlength="50"/>
-			</div>
-			<div style="background:none;margin:4px;padding:6px 9px 0px 9px;text-align:left;">
-				<input type="submit" class="button" value="Next"/>
-			</div>
-		</form>
+				<label for="secretq1"><?= $lang['secretq']; ?> 1:</label>
+				Q: <select id="secretq1" name="secretq1">
+					<option value="0">None</option>
+<?php 
+				foreach ($secret_questions as $question)
+				{
+?>
+					<option value="<?= htmlspecialchars($question['question']); ?>"><?= $question['question']; ?></option>
 <?php
-		build_CommBox_Footer();
+				}
+?>
+				</select><br />
+				A: <input type="text" id="secreta1" name="secreta1" size="40" maxlength="50" <?php if(isset($_POST['secreta1'])) echo 'value="'.htmlspecialchars($_POST['secreta1']).'"';?> />
+
+				<label for="secretq2"><?php echo $lang['secretq']; ?> 2:</label>
+				Q: <select id="secretq2" name="secretq2">
+					<option value="0">None</option>
+<?php 
+				foreach ($secret_questions as $question)
+				{
+?>
+					<option value="<?= htmlspecialchars($question['question']); ?>"><?= $question['question']; ?></option>
+<?php
+				}
+?>
+				</select><br />
+				A: <input type="text" id="secreta2" name="secreta2" size="40" maxlength="50" <?php if(isset($_POST['secreta2'])) echo 'value="'.htmlspecialchars($_POST['secreta2']).'"';?> />
+<?php 
+			}
+?>
+			<label for="r_account_type"><?php echo $lang['select_expansion']; ?>:</label>
+			<select id="r_account_type" name="r_account_type">
+				<option selected="selected" value="2"><?php echo $lang['wrath'];?></option>
+				<option value="1"><?php echo $lang['burning_crusade'];?></option>
+				<option value="0"><?php echo $lang['classic'];?></option>
+			</select><br /><br />
+<?php
+			if ((int)$Config->get('reg_use_recaptcha') == 1)
+			{
+?>
+			<div class="g-recaptcha" data-sitekey="<?php echo $Config->get('reg_recaptcha_public_key');?>"></div>
+<?php 	
+			}
+?>
+			<br />
+			<center>
+				<input type='image' class="button" src='<?php echo $Template['path']; ?>/images/buttons/createaccount-button2.gif' />
+			</center>
+		</form>
+	</div>
+<?php	
+			build_CommBox_Footer();
+		}
 	}
 }
+
 builddiv_end();
+
 ?>
\ No newline at end of file