diff options
| -rw-r--r-- | www/inreg.php | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/www/inreg.php b/www/inreg.php index 70ee51b..ddbf6e2 100644 --- a/www/inreg.php +++ b/www/inreg.php @@ -5,54 +5,51 @@ Licensed under the GPL. Read LICENSE for more Information.*/ /*This file handels the registration in the database*/ -session_start(); +if($_SERVER['REQUEST_METHOD'] == 'POST') { -$name = $_POST["name"]; -$cleartext_password = $_POST["pswd"]; -$second_password = $_POST["2ndpswd"]; -$email = $_POST["email"]; + session_start(); -if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ - header("Refresh: 0; register?reason=password"); - exit; -} + $name = $_POST["name"]; + $cleartext_password = $_POST["pswd"]; + $second_password = $_POST["2ndpswd"]; + $email = $_POST["email"]; -if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ - header("Refresh: 0; register?reason=encoding"); - exit; -} + if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ + header("Refresh: 0; register?reason=password"); + exit; + } + + if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ + header("Refresh: 0; register?reason=encoding"); + exit; + } -$db = new SQLite3("../database/test.db"); + $db = new SQLite3("../database/database.db"); $safe_name = SQLite3::escapeString("$name"); $safe_email = SQLite3::escapeString("$email"); /*Checks the validation of the registration attempt*/ - $test_status_db = $db->query("SELECT status FROM secure_test where new_email='$safe_email';"); + $test_status_db = $db->query("SELECT status FROM secure_test WHERE new_email='$safe_email';"); $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM); $test_status_int = $test_status_arr[0]; - $test_key_db = $db->query("SELECT key FROM secure_test where new_email='$safe_email';"); + $test_key_db = $db->query("SELECT key FROM secure_test WHERE new_email='$safe_email';"); $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); $test_key = $test_key_arr[0]; -if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){ - header("Refresh: 0; /register?reason=prohibited"); - exit; -} else { - - if ($_POST["pswd"] == ""){ - header("Refresh: 0; /register?reason=empty"); + if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){ + header("Refresh: 0; /register?reason=prohibited"); exit; } else { /*Checks if mail is already in use*/ - $email_db = $db->query("SELECT id FROM user where email='$safe_email';"); + $email_db = $db->query("SELECT id FROM user WHERE email='$safe_email';"); $email_arr = $email_db->fetchArray(SQLITE3_NUM); $email_int = $email_arr[0]; - $name_db = $db->query("SELECT id FROM user where name='$safe_name';"); + $name_db = $db->query("SELECT id FROM user WHERE name='$safe_name';"); $name_arr = $name_db->fetchArray(SQLITE3_NUM); $name_int = $name_arr[0]; @@ -100,4 +97,7 @@ if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test } } } +} else { + header("Refresh: 0; /register"); + exit; } |