diff options
| author | root | 2014-02-16 18:19:44 +0100 |
|---|---|---|
| committer | root | 2014-02-16 18:19:44 +0100 |
| commit | ea3b8c917cd0a0b13759b697dddd6efc0cf43f6c (patch) | |
| tree | d3819d8c60365bb4143fcb7412c9e7a1ecb37581 /www/inreg.php | |
| download | files.iamfabulous.de-ea3b8c917cd0a0b13759b697dddd6efc0cf43f6c.tar.gz | |
init
Diffstat (limited to 'www/inreg.php')
| -rw-r--r-- | www/inreg.php | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/www/inreg.php b/www/inreg.php new file mode 100644 index 0000000..2e2800d --- /dev/null +++ b/www/inreg.php @@ -0,0 +1,78 @@ +<?php + +/* Copyright Maximilian Möhring, 2013 +Licensed under the GPL. Read LICENSE for more Information.*/ + +/*This file handels the registration in the database*/ + +session_start(); + +$name = $_POST["name"]; +$cleartext_password = $_POST["pswd"]; +$second_password = $_POST["2ndpswd"]; +$email = $_POST["email"]; + +if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"])){ + header("Refresh: 0; register.php?reason=password"); + exit; +} + +$db = new SQLite3("../database/database.db"); + + $safe_name = SQLite3::escapeString("$name"); + $safe_email = SQLite3::escapeString("$email"); + +/*Checks the validation of the registration attempt*/ + + $test_email_db = $db->query("SELECT status FROM secure_test where email='$safe_email';"); + $test_email_arr = $test_email_db->fetchArray(SQLITE3_NUM); + $test_email_int = test_$email_arr[0]; + + $test_key_db = $db->query("SELECT key FROM secure_test where email='$safe_email';"); + $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); + $test_key = $test_key_arr[0]; + +if (($test_email_int != 0 && !$email == "") || !$test_key == $_POST["key"]){ + header("Refresh: 0; register.php?reason=prohibited"); + exit; +} else { + + if ($_POST["pswd"] == ""){ + header("Refresh: 0; register.php?reason=empty"); + exit; + } else { + +/*Checks if mail is already in use*/ + + $email_db = $db->query("SELECT id FROM user where email='$safe_email';"); + $email_arr = $email_db->fetchArray(SQLITE3_NUM); + $email_int = $email_arr[0]; + $name_db = $db->query("SELECT id FROM user where name='$safe_name';"); + $name_arr = $name_db->fetchArray(SQLITE3_NUM); + $name_int = $name_arr[0]; + + if (($email_int > 0 && !$email == "")|| $name_int > 0){ + header("Refresh: 0; register.php?reason=duplicate"); + exit; + } else { + +/*Generates the encrypted password and the database transaction*/ + + $salt = uniqid(mt_rand(), true); + $password = "$salt"."$cleartext_password"; + $hash_password = md5($password); + for($i=0;$i<15000;$i++) + $hash_password = md5($hash_password); + + $result = $db->exec(" + BEGINN TRANSACTION; + INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email'); + COMMIT; + "); + + $_SESSION["username"] = $name; + header("Refresh: 0; account.php?reg=1"); + } + } +} +?> |