Structure in functions. Stronger hash algorith for password safety, also pepper.

1 files changed, 68 insertions, 0 deletions

diff --git a/www/functions/func_invite.php b/www/functions/func_invite.php
new file mode 100644
index 0000000..864c1ad
--- /dev/null
+++ b/www/functions/func_invite.php
@@ -0,0 +1,68 @@
+<?
+function invite($db){
+        if($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+		if(!$_SESSION["login"]){
+			header("Refresh: 0; /login");
+			return false;
+		}
+
+                $name=$_SESSION["username"];
+                $safe_name = SQLite3::escapeString("$name");
+
+                $email=$_POST["email"];
+                $safe_email=SQLite3::escapeString("$email");
+
+                $invite_db = $db->query("SELECT invites FROM user WHERE name='" . $safe_name . "';");
+                $invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
+                $invite = $invite_ar[0];
+
+                if($invite > 0){ 
+
+        /*Generates the invite key => [-_0-9a-zA-Z]{11}*/
+
+                        $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
+
+                        $length = count($key_array);
+                        $key = ""; 
+
+                        for ($i=0;$i<11;$i++){
+                                $index = mt_rand(0,$length-1);
+                                $key = "$key".$key_array[$index];
+                        }   
+
+                        $id_db = $db->query("SELECT id FROM USER WHERE name=' " . $safe_name . "';");
+                        $id_ar = $id_db->fetchArray(SQLITE3_NUM);
+                        $id = $id_ar[0];
+
+        /*Generates the new user and decrease the invites*/
+
+                        $invite = $invite - 1;
+
+                        if($db->exec("
+                                BEGIN TRANSACTION;
+                                INSERT INTO user (id, name, email, senpai, key, status) VALUES (NULL, NULL, '" . $safe_email . "', '" . $id . "', '" . $key . "', 0);
+                                UPDATE user SET invites='" . $invite . "' WHERE id='" . $id . "'; 
+                                COMMIT;")
+                        ){  
+                                $subject="Welcome, you were invited to the new virtual filesystem.\nYour key is" . $key . "\nVisit files.iamfabulous.de/register to complete your registration.";
+
+                                mail($email, "Invite", $subject, "From: mail@iamfabulous.de");
+
+                                header("Refresh: 0; /invite?reason=success");
+                                return true;
+
+                        } else {
+                                header("Refresh: 0; /invite?reason=database");
+                                return false;
+                        }   
+
+                } else {
+                        header("Refresh: 0; /invite?reason=invites");
+			return false;
+		}
+	} else {
+		echo "Formular";
+		return false;
+	}
+}