diff options
| -rw-r--r-- | www/inreg.php | 67 |
1 files changed, 46 insertions, 21 deletions
diff --git a/www/inreg.php b/www/inreg.php index 2e2800d..70ee51b 100644 --- a/www/inreg.php +++ b/www/inreg.php @@ -12,33 +12,38 @@ $cleartext_password = $_POST["pswd"]; $second_password = $_POST["2ndpswd"]; $email = $_POST["email"]; -if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"])){ - header("Refresh: 0; register.php?reason=password"); +if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ + header("Refresh: 0; register?reason=password"); exit; } -$db = new SQLite3("../database/database.db"); +if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ + header("Refresh: 0; register?reason=encoding"); + exit; +} + +$db = new SQLite3("../database/test.db"); $safe_name = SQLite3::escapeString("$name"); $safe_email = SQLite3::escapeString("$email"); /*Checks the validation of the registration attempt*/ - $test_email_db = $db->query("SELECT status FROM secure_test where email='$safe_email';"); - $test_email_arr = $test_email_db->fetchArray(SQLITE3_NUM); - $test_email_int = test_$email_arr[0]; + $test_status_db = $db->query("SELECT status FROM secure_test where new_email='$safe_email';"); + $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM); + $test_status_int = $test_status_arr[0]; - $test_key_db = $db->query("SELECT key FROM secure_test where email='$safe_email';"); + $test_key_db = $db->query("SELECT key FROM secure_test where new_email='$safe_email';"); $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); $test_key = $test_key_arr[0]; -if (($test_email_int != 0 && !$email == "") || !$test_key == $_POST["key"]){ - header("Refresh: 0; register.php?reason=prohibited"); +if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){ + header("Refresh: 0; /register?reason=prohibited"); exit; } else { if ($_POST["pswd"] == ""){ - header("Refresh: 0; register.php?reason=empty"); + header("Refresh: 0; /register?reason=empty"); exit; } else { @@ -52,11 +57,11 @@ if (($test_email_int != 0 && !$email == "") || !$test_key == $_POST["key"]){ $name_int = $name_arr[0]; if (($email_int > 0 && !$email == "")|| $name_int > 0){ - header("Refresh: 0; register.php?reason=duplicate"); + header("Refresh: 0; /register?reason=duplicate"); exit; } else { -/*Generates the encrypted password and the database transaction*/ +/*Generates the encrypted password and the database transactions*/ $salt = uniqid(mt_rand(), true); $password = "$salt"."$cleartext_password"; @@ -64,15 +69,35 @@ if (($test_email_int != 0 && !$email == "") || !$test_key == $_POST["key"]){ for($i=0;$i<15000;$i++) $hash_password = md5($hash_password); - $result = $db->exec(" - BEGINN TRANSACTION; - INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email'); - COMMIT; - "); - - $_SESSION["username"] = $name; - header("Refresh: 0; account.php?reg=1"); + if($db->exec(" + BEGIN TRANSACTION; + INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email'); + COMMIT;") + ){ + $_SESSION["login"] = true; + $_SESSION["username"] = $name; + + if(!$db->exec(" + BEGIN TRANSACTION; + UPDATE secure_test SET status=1 WHERE new_email='$safe_email'; + COMMIT;") + ){ + header("Refresh: 0; /register?reason=database"); + } + + if(!$db->exec(" + BEGIN TRANSACTION; + INSERT INTO relationship (id, senpai, kohai) VALUES (NULL, (SELECT origin_name FROM secure_test WHERE new_email='$safe_email'), (SELECT id FROM user WHERE email='$safe_email')); + COMMIT;") + ){ + header("Refresh: 0; /register?reason=database"); + } + + header("Refresh: 0; /"); + + } else { + header("Refresh: 0; /register?reason=database"); + } } } } -?> |