PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ] ); // Check if affiliate exists and is active $stmt = $adminPdo->prepare("SELECT * FROM affiliates WHERE affiliate_code = ? AND status = 'active'"); $stmt->execute([$affiliate_code]); $affiliate = $stmt->fetch(); if ($affiliate) { // Track the click (only if not already tracked in this session) if (!isset($_SESSION['affiliate_tracked_' . $affiliate['id']])) { $trackStmt = $adminPdo->prepare(" INSERT INTO affiliate_signups (affiliate_id, ip_address, user_agent, clicked_at) VALUES (?, ?, ?, NOW()) "); $trackStmt->execute([ $affiliate['id'], $_SERVER['REMOTE_ADDR'] ?? null, $_SERVER['HTTP_USER_AGENT'] ?? null ]); $_SESSION['affiliate_tracked_' . $affiliate['id']] = true; $_SESSION['affiliate_signup_id'] = $adminPdo->lastInsertId(); } $affiliate_signup_id = $_SESSION['affiliate_signup_id'] ?? null; } } catch (Exception $e) { logError('Affiliate tracking error: ' . $e->getMessage()); } } // ===== END AFFILIATE TRACKING CODE ===== $errors = []; $success_message = ''; $form_data = []; // ===== ANTI-BOT: Generate CSRF token ===== if (!isset($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); } // Reset form timing on page load (GET), not POST if ($_SERVER['REQUEST_METHOD'] !== 'POST') { $_SESSION['form_loaded_at'] = time(); } // ===== ANTI-BOT: reCAPTCHA v3 config ===== $recaptcha_site_key = defined('RECAPTCHA_SITE_KEY') ? RECAPTCHA_SITE_KEY : ''; $recaptcha_secret_key = defined('RECAPTCHA_SECRET_KEY') ? RECAPTCHA_SECRET_KEY : ''; // Handle form submission if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Initialize database try { $db = new Database(); $pdo = $db->getConnection(); } catch (Exception $e) { logError('Database connection failed in signup.php: ' . $e->getMessage()); $errors[] = 'System error. Please try again later.'; } if (empty($errors)) { $clientIP = $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? ''; $honeypotTriggered = false; // ===== ANTI-BOT CHECK 1: Honeypot field ===== if (!empty($_POST['website_url'])) { // Bots fill hidden fields - silently reject $honeypotTriggered = true; logError('Honeypot triggered on signup', ['ip' => $clientIP, 'ua' => $userAgent]); // Log the attempt try { $pdo->prepare("INSERT INTO registration_attempts (ip_address, email, attempt_type, success, user_agent, honeypot_triggered) VALUES (?, ?, 'registration', 0, ?, 1)") ->execute([$clientIP, $_POST['email'] ?? '', $userAgent]); } catch (Exception $e) {} // Show fake success to not alert the bot $success_message = 'Registration successful! We\'ve sent a verification link to your email address. Please check your inbox and click the link to activate your account.'; $form_data = []; } // ===== ANTI-BOT CHECK 2: CSRF token ===== if (!$honeypotTriggered) { $submittedToken = $_POST['csrf_token'] ?? ''; if (empty($submittedToken) || !hash_equals($_SESSION['csrf_token'], $submittedToken)) { $errors[] = 'Security validation failed. Please refresh the page and try again.'; logError('CSRF token mismatch on signup', ['ip' => $clientIP]); } } // ===== ANTI-BOT CHECK 3: Time-based detection (form filled too fast) ===== if (!$honeypotTriggered && empty($errors)) { $formLoadedAt = $_SESSION['form_loaded_at'] ?? time(); $timeTaken = time() - $formLoadedAt; if ($timeTaken < 3) { // Human can't fill the form in under 3 seconds $errors[] = 'Please take your time filling out the form.'; logError('Form submitted too quickly', ['ip' => $clientIP, 'seconds' => $timeTaken]); try { $pdo->prepare("INSERT INTO registration_attempts (ip_address, attempt_type, success, user_agent) VALUES (?, 'registration', 0, ?)") ->execute([$clientIP, $userAgent]); } catch (Exception $e) {} } } // ===== ANTI-BOT CHECK 4: IP blocklist ===== if (!$honeypotTriggered && empty($errors)) { try { $stmt = $pdo->prepare("SELECT id FROM ip_blocklist WHERE ip_address = ? AND (expires_at IS NULL OR expires_at > NOW())"); $stmt->execute([$clientIP]); if ($stmt->fetch()) { $errors[] = 'Registration is temporarily unavailable from your network. Please contact support.'; logError('Blocked IP attempted signup', ['ip' => $clientIP]); } } catch (Exception $e) {} } // ===== ANTI-BOT CHECK 5: Rate limiting (max 3 attempts per IP per hour) ===== if (!$honeypotTriggered && empty($errors)) { try { $stmt = $pdo->prepare("SELECT COUNT(*) as cnt FROM registration_attempts WHERE ip_address = ? AND attempt_type = 'registration' AND created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)"); $stmt->execute([$clientIP]); $attempts = $stmt->fetch(); if ($attempts && $attempts['cnt'] >= 3) { $errors[] = 'Too many registration attempts. Please try again later.'; logError('Rate limit exceeded on signup', ['ip' => $clientIP, 'attempts' => $attempts['cnt']]); // Auto-block IP for 2 hours if 5+ attempts if ($attempts['cnt'] >= 5) { try { $pdo->prepare("INSERT IGNORE INTO ip_blocklist (ip_address, reason, blocked_by, expires_at) VALUES (?, 'Excessive registration attempts', 'system', DATE_ADD(NOW(), INTERVAL 2 HOUR))") ->execute([$clientIP]); } catch (Exception $e) {} } } } catch (Exception $e) {} } // ===== ANTI-BOT CHECK 6: IP duplicate registration (max 1 account per IP) ===== if (!$honeypotTriggered && empty($errors)) { try { $stmt = $pdo->prepare("SELECT COUNT(*) as cnt FROM users WHERE signup_ip = ? AND created_at > DATE_SUB(NOW(), INTERVAL 24 HOUR)"); $stmt->execute([$clientIP]); $ipSignups = $stmt->fetch(); if ($ipSignups && $ipSignups['cnt'] >= 1) { $errors[] = 'Only one registration is allowed per network within 24 hours. If you believe this is an error, please contact support@relevantreflex.com.'; logError('Duplicate IP registration blocked', ['ip' => $clientIP, 'existing_count' => $ipSignups['cnt']]); try { $pdo->prepare("INSERT INTO registration_attempts (ip_address, email, attempt_type, success, user_agent) VALUES (?, ?, 'registration', 0, ?)") ->execute([$clientIP, $_POST['email'] ?? '', $userAgent]); } catch (Exception $e) {} } } catch (Exception $e) {} } // ===== ANTI-BOT CHECK 7: reCAPTCHA v3 verification ===== if (!$honeypotTriggered && empty($errors) && !empty($recaptcha_secret_key)) { $recaptchaResponse = $_POST['g-recaptcha-response'] ?? ''; if (empty($recaptchaResponse)) { $errors[] = 'Security verification failed. Please try again.'; } else { $verifyUrl = 'https://www.google.com/recaptcha/api/siteverify'; $response = file_get_contents($verifyUrl . '?' . http_build_query([ 'secret' => $recaptcha_secret_key, 'response' => $recaptchaResponse, 'remoteip' => $clientIP ])); $recaptchaResult = json_decode($response, true); $captchaScore = $recaptchaResult['score'] ?? 0; if (!($recaptchaResult['success'] ?? false) || $captchaScore < 0.3) { $errors[] = 'Security verification failed. If you are not a robot, please try again.'; logError('reCAPTCHA failed', ['ip' => $clientIP, 'score' => $captchaScore]); try { $pdo->prepare("INSERT INTO registration_attempts (ip_address, attempt_type, success, user_agent, captcha_score) VALUES (?, 'registration', 0, ?, ?)") ->execute([$clientIP, $userAgent, $captchaScore]); } catch (Exception $e) {} } } } // Get and sanitize form data $email = isset($_POST['email']) ? sanitize($_POST['email']) : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $gender = isset($_POST['gender']) ? sanitize($_POST['gender']) : ''; $dateOfBirth = isset($_POST['date_of_birth']) ? sanitize($_POST['date_of_birth']) : ''; $postcode = isset($_POST['postcode']) ? sanitize($_POST['postcode']) : ''; $privacyAccepted = isset($_POST['privacy_policy']) ? true : false; // Store form data for repopulating form on error $form_data = [ 'email' => $email, 'gender' => $gender, 'date_of_birth' => $dateOfBirth, 'postcode' => $postcode ]; // Validation if (empty($email)) { $errors[] = 'Email is required.'; } if (empty($password)) { $errors[] = 'Password is required.'; } if (empty($gender)) { $errors[] = 'Gender is required.'; } if (empty($dateOfBirth)) { $errors[] = 'Date of birth is required.'; } if (empty($postcode)) { $errors[] = 'Postcode is required.'; } if (!$privacyAccepted) { $errors[] = 'You must agree to the Privacy Policy and Terms & Conditions.'; } // Validate email format if (!empty($email) && !validateEmail($email)) { $errors[] = 'Please provide a valid email address.'; } // Validate password strength if (!empty($password) && !validatePassword($password)) { $errors[] = 'Password must be at least 8 characters long.'; } // Validate gender if (!empty($gender) && !in_array($gender, ['Male', 'Female'])) { $errors[] = 'Please select a valid gender.'; } // Validate date of birth if (!empty($dateOfBirth) && !validateDateOfBirth($dateOfBirth)) { $errors[] = 'You must be at least 18 years old to register.'; } // Validate postcode if (!empty($postcode) && !validatePostcode($postcode)) { $errors[] = 'Please provide a valid 6-digit postal code.'; } // If no validation errors, proceed with registration if (empty($errors)) { try { // Check if email already exists $stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?"); $stmt->execute([$email]); if ($stmt->rowCount() > 0) { $errors[] = 'An account with this email address already exists. Please try logging in or use a different email.'; } else { // Hash the password $hashedPassword = hashPassword($password); // Start transaction $pdo->beginTransaction(); // Insert new user (with signup IP) $stmt = $pdo->prepare(" INSERT INTO users (email, password, gender, date_of_birth, postcode, signup_ip, email_verified, status, created_at) VALUES (?, ?, ?, ?, ?, ?, 0, 'inactive', NOW()) "); $stmt->execute([$email, $hashedPassword, $gender, $dateOfBirth, $postcode, $clientIP]); $userId = $pdo->lastInsertId(); // Generate verification token $verificationToken = generateSecureToken(); $expiresAt = date('Y-m-d H:i:s', strtotime('+' . TOKEN_EXPIRY_HOURS . ' hours')); // Insert verification token $stmt = $pdo->prepare(" INSERT INTO email_verifications (user_id, token, expires_at, created_at) VALUES (?, ?, ?, NOW()) "); $stmt->execute([$userId, $verificationToken, $expiresAt]); // Commit transaction $pdo->commit(); // ===== Log successful registration attempt ===== try { $pdo->prepare("INSERT INTO registration_attempts (ip_address, email, attempt_type, success, user_agent) VALUES (?, ?, 'registration', 1, ?)") ->execute([$clientIP, $email, $userAgent]); } catch (Exception $e) {} // Regenerate CSRF token $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); // ===== UPDATE AFFILIATE TRACKING ===== if ($affiliate && $affiliate_signup_id && $adminPdo) { try { $updateStmt = $adminPdo->prepare(" UPDATE affiliate_signups SET panel_user_id = ?, email = ?, signup_completed = 1, signed_up_at = NOW(), reward_amount = ? WHERE id = ? "); $updateStmt->execute([ $userId, $email, $affiliate['signup_reward'], $affiliate_signup_id ]); // Update affiliate total signups $adminPdo->exec("UPDATE affiliates SET total_signups = total_signups + 1 WHERE id = " . intval($affiliate['id'])); logError('Affiliate signup tracked', [ 'user_id' => $userId, 'affiliate_code' => $affiliate_code, 'email' => $email ]); } catch (Exception $e) { logError('Failed to update affiliate tracking: ' . $e->getMessage()); } } // ===== END UPDATE AFFILIATE TRACKING ===== // Send verification email $emailHandler = new EmailHandler(); $emailSent = $emailHandler->sendVerificationEmail($email, $verificationToken); if ($emailSent) { logError('User registered successfully', [ 'user_id' => $userId, 'email' => $email, 'verification_token_sent' => true, 'affiliate_code' => $affiliate_code ?? null ]); $success_message = 'Registration successful! We\'ve sent a verification link to your email address. Please check your inbox and click the link to activate your account.'; $form_data = []; // Clear form data on success } else { // Registration was successful but email failed logError('User registered but email verification failed', [ 'user_id' => $userId, 'email' => $email ]); $success_message = 'Registration successful! However, we encountered an issue sending the verification email. Please contact support at support@relevantreflex.com to activate your account.'; $form_data = []; } } } catch (PDOException $e) { // Rollback transaction on error if ($pdo->inTransaction()) { $pdo->rollback(); } logError('Database error during registration', [ 'error' => $e->getMessage(), 'email' => $email ]); $errors[] = 'Registration failed due to a system error. Please try again later.'; } catch (Exception $e) { // Rollback transaction on error if ($pdo->inTransaction()) { $pdo->rollback(); } logError('General error during registration', [ 'error' => $e->getMessage(), 'email' => $email ]); $errors[] = 'An unexpected error occurred. Please try again later.'; } } } } ?> Sign Up - Relevant Reflex Paid Online Surveys India

Register as a Survey Taker for FREE!

Furnish some of your basic information below and start making money online through Paid Surveys.

🎉 Partner Signup
Referred by:
0): ?>
🎁 Earn ₹ bonus on email & Mobile phone verification!
Minimum 8 characters
We care about your privacy. By sharing your personal data you will be able to get research opportunities targeted to your interests, help to improve products and services and earn rewards for participation
What's Next?

Check your email inbox and click the verification link to activate your account.

Go to Login Page

Didn't receive the email? Check your spam/junk folder. If it's not there, click below to resend.