site / submit.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "">
<html xmlns="" lang="en" xml:lang="en">
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <meta name="viewport" content="width=device-width, initial-scale=1" />
        <title> :: Sign Up</title>
        <link rel="stylesheet" href="tilde.css" type="text/css"/>
        <link rel="icon" type="image/png" href="icon.png"/>
<div id="container">
	<div id="logo">
        <img src="logo.png" alt="" /><br />
		<div id="logobyline">
			of OpenBSD Education
	<div id="navigation">
		<a href="">News</a> :: <a href="/signup">Sign Up</a> :: <a href="/coc">Code of Conduct</a> :: <a href="">Mastodon</a> :: <a href="">Wiki</a> :: <a href="">Git</a> :: <a href="/stats">Stats</a> :: <a href="">twtxt</a> :: <a href="tilde.json"><code>tilde.json</code></a>
	<div id="content">

if ($_SERVER["SERVER_NAME"] != "localhost")
	require_once "ultimate-email/support/smtp.php";
function isTaken($istaken) {
    return in_array($istaken, file("userlist", FILE_IGNORE_NEW_LINES));
function bannedUsers($name) {
    return in_array($name, [
        'abah', //same
        'abimks', //same
        'andro', //same
        'blades', //same as remy
        'bullah', //same
        'campari', //was selling eggdrop bots
        'derby', //same
        'hasbullah', //same
        'janda', //same
        'jundi', // reported by thunix as being part of a botnet
        'larasaty', //same
        'makmur', //same
        'makassar', //same
        'merc', // reactionary / troll
        'mks', //same
        'mom', //same
        'mzl', //attempted to infect Wilde with ransomware
        'naruto', //same
        'pria', //same
        'remy', //been trying to get accounts for DoS attacks
        'ripcode', //same as remy
function forbidden_name($name) {
    return in_array($name, [
$message = "";
if (isset($_REQUEST["username"]) && isset($_REQUEST["email"])) {
    // Check the name.
    $name = trim($_REQUEST["username"]);
    if ($name == "")
        $message .= "<li>please fill in your desired username</li>";
    if (strlen($name) > 32)
        $message .= "<li>username too long (32 character max)</li>";
    if (!preg_match('/^[A-Za-z][A-Za-z0-9]{2,31}$/', $name))
        $message .= "<li>username contains invalid characters (lowercase only, must start with a letter)</li>";
    if (isTaken($name) || forbidden_name($name) || bannedUsers($name))
        $message .= "<li>sorry, the username $name is unavailable</li>";

    // Check the e-mail address.
    $email = trim($_REQUEST["email"]);
    if ($email == "")
        $message .= "<li>please fill in your email address</li>";
    else {
        $result = SMTP::MakeValidEmailAddress($_REQUEST["email"]);
        if (!$result["success"])
            $message .= "<li>invalid email address: " . htmlspecialchars($result["error"]) . "</li>";
        elseif ($result["email"] != $email)
            $message .= "<li>invalid email address. did you mean:  " . htmlspecialchars($result["email"]) . "</li>";

    if ($_REQUEST["sshkey"] == "") {
        $message .= "<li>ssh key required: please create one and submit the public key</li>";

    if ($message == "") { // no validation errors

	    // remember:
	    $username = $_REQUEST["username"];
	    $email = $_REQUEST["email"];
	    $interest = $_REQUEST["interest"];
	    $sshkey = $_REQUEST["sshkey"];

        $newuserfile = fopen("newusers.dat", "a");
	    fwrite($newuserfile, "$username $email \"$sshkey\"\n\n");
        $fuzzyfile = fopen("fuzzies.log", "a");
        fwrite($fuzzyfile, "$username   $email  $interest\n");

<br /><h3>Thank you for signing up! Please allow up to 24 hours for an account to become active. If you have any questions or issues, please email <a href=""></a>.</h3>


    } else {
        <div class="alert alert-warning" role="alert">
            <br /><br /><h3>Please correct the following errors: </h3><br />