diff options
| -rw-r--r-- | www/inreg.php | 103 |
1 files changed, 0 insertions, 103 deletions
diff --git a/www/inreg.php b/www/inreg.php deleted file mode 100644 index ddbf6e2..0000000 --- a/www/inreg.php +++ /dev/null @@ -1,103 +0,0 @@ -<?php - -/* Copyright Maximilian Möhring, 2013 -Licensed under the GPL. Read LICENSE for more Information.*/ - -/*This file handels the registration in the database*/ - -if($_SERVER['REQUEST_METHOD'] == 'POST') { - - session_start(); - - $name = $_POST["name"]; - $cleartext_password = $_POST["pswd"]; - $second_password = $_POST["2ndpswd"]; - $email = $_POST["email"]; - - if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ - header("Refresh: 0; register?reason=password"); - exit; - } - - if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ - header("Refresh: 0; register?reason=encoding"); - exit; - } - - $db = new SQLite3("../database/database.db"); - - $safe_name = SQLite3::escapeString("$name"); - $safe_email = SQLite3::escapeString("$email"); - -/*Checks the validation of the registration attempt*/ - - $test_status_db = $db->query("SELECT status FROM secure_test WHERE new_email='$safe_email';"); - $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM); - $test_status_int = $test_status_arr[0]; - - $test_key_db = $db->query("SELECT key FROM secure_test WHERE new_email='$safe_email';"); - $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); - $test_key = $test_key_arr[0]; - - if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){ - header("Refresh: 0; /register?reason=prohibited"); - exit; - } else { - -/*Checks if mail is already in use*/ - - $email_db = $db->query("SELECT id FROM user WHERE email='$safe_email';"); - $email_arr = $email_db->fetchArray(SQLITE3_NUM); - $email_int = $email_arr[0]; - $name_db = $db->query("SELECT id FROM user WHERE name='$safe_name';"); - $name_arr = $name_db->fetchArray(SQLITE3_NUM); - $name_int = $name_arr[0]; - - if (($email_int > 0 && !$email == "")|| $name_int > 0){ - header("Refresh: 0; /register?reason=duplicate"); - exit; - } else { - -/*Generates the encrypted password and the database transactions*/ - - $salt = uniqid(mt_rand(), true); - $password = "$salt"."$cleartext_password"; - $hash_password = md5($password); - for($i=0;$i<15000;$i++) - $hash_password = md5($hash_password); - - if($db->exec(" - BEGIN TRANSACTION; - INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email'); - COMMIT;") - ){ - $_SESSION["login"] = true; - $_SESSION["username"] = $name; - - if(!$db->exec(" - BEGIN TRANSACTION; - UPDATE secure_test SET status=1 WHERE new_email='$safe_email'; - COMMIT;") - ){ - header("Refresh: 0; /register?reason=database"); - } - - if(!$db->exec(" - BEGIN TRANSACTION; - INSERT INTO relationship (id, senpai, kohai) VALUES (NULL, (SELECT origin_name FROM secure_test WHERE new_email='$safe_email'), (SELECT id FROM user WHERE email='$safe_email')); - COMMIT;") - ){ - header("Refresh: 0; /register?reason=database"); - } - - header("Refresh: 0; /"); - - } else { - header("Refresh: 0; /register?reason=database"); - } - } - } -} else { - header("Refresh: 0; /register"); - exit; -} |