diff options
| author | root | 2014-02-17 18:41:58 +0100 |
|---|---|---|
| committer | root | 2014-02-17 18:41:58 +0100 |
| commit | 305e2b7c55ffd24a156f5788388e6d4ed2daea14 (patch) | |
| tree | 62e44e22b04f7270f8d20b9216a576f0844df6f7 /www/register.php | |
| parent | 859cd34c42c3df72dcd20ab09d508108b5be4865 (diff) | |
| download | files.iamfabulous.de-305e2b7c55ffd24a156f5788388e6d4ed2daea14.tar.gz | |
handles most of the database stuff
Diffstat (limited to 'www/register.php')
| -rw-r--r-- | www/register.php | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/www/register.php b/www/register.php new file mode 100644 index 0000000..53fb35c --- /dev/null +++ b/www/register.php @@ -0,0 +1,79 @@ +<?php + +/* Copyright Maximilian Möhring, 2013 +Licensed under the GPL. Read LICENSE for more Information.*/ + +/*This file handels the registration in the database*/ + +if($_SERVER['REQUEST_METHOD'] == 'POST') { + + session_start(); + + $name = $_POST["name"]; + $cleartext_password = $_POST["pswd"]; + $second_password = $_POST["2ndpswd"]; + $email = $_POST["email"]; + + if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ + header("Refresh: 0; register?reason=password"); + exit; + } + + if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ + header("Refresh: 0; register?reason=encoding"); + exit; + } + + $db = new SQLite3("../database/sqlite.db"); + + $safe_name = SQLite3::escapeString("$name"); + $safe_email = SQLite3::escapeString("$email"); + +/*Checks the validation of the registration attempt*/ + + $test_status_db = $db->query("SELECT status FROM user WHERE email='$safe_email';"); + $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM); + $test_status_int = $test_status_arr[0]; + + $test_key_db = $db->query("SELECT key FROM user WHERE email='$safe_email';"); + $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); + $test_key = $test_key_arr[0]; + + if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){ + header("Refresh: 0; /register?reason=prohibited"); + exit; + } else { + + +/*Generates the encrypted password and the database transactions*/ + + $salt = uniqid(mt_rand(), true); + $password = "$salt"."$cleartext_password"; + $hash_password = md5($password); + for($i=0;$i<15000;$i++) + $hash_password = md5($hash_password); + + if($db->exec("UPDATE user SET name='$safe_name', salt='$salt', password='$hash_password', status=1, invites=5 WHERE email='$safe_email';") && $db->exec("CREATE TABLE $safe_name (id INTEGER PRIMARY KEY, folder INTEGER, name TEXT, typ TEXT, public TEXT);") && $db->exec("INSERT INTO $safe_name (id, folder, name, typ, public) VALUES (NULL, 0, '/', 'FOLDER', 'HIDDEN');") + ){ + $_SESSION["login"] = true; + $_SESSION["username"] = $name; + header("Refresh: 0; /?reason=registration"); + } else { + header("Refresh: 0; /register?reason=database"); + } + } +} else { + foreach ($_GET as $name => $value) { + echo 'Name: ' . $name . ' Value: ' . $value . '<br />'; + } + +echo "<form method='post' action='register.php'> +<p>Name: <input type='text' name='name'></p> +<p>pswd: <input type='password' name='pswd'></p> +<p>2ndpsdw: <input type='password' name='2ndpswd'></p> +<p>key: <input type='text' name='key'></p> +<p>email: <input type='text' name='email'></p> +<p><input type='submit'></p> +</form> +"; +} |