diff options
Diffstat (limited to 'www/register.php')
| -rw-r--r-- | www/register.php | 86 |
1 files changed, 0 insertions, 86 deletions
diff --git a/www/register.php b/www/register.php deleted file mode 100644 index c9de638..0000000 --- a/www/register.php +++ /dev/null @@ -1,86 +0,0 @@ -<?php - -/* Copyright Maximilian Möhring, 2013 -Licensed under the GPL. Read LICENSE for more Information.*/ - -/*This file handels the registration in the database*/ - -if($_SERVER['REQUEST_METHOD'] == 'POST') { - - session_start(); - - $name = $_POST["name"]; - $cleartext_password = $_POST["pswd"]; - $second_password = $_POST["2ndpswd"]; - $email = $_POST["email"]; - - if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ - header("Refresh: 0; register?reason=password"); - exit; - } - - if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ - header("Refresh: 0; register?reason=encoding"); - exit; - } - - $db = new SQLite3("../database/sqlite.db"); - - $safe_name = SQLite3::escapeString("$name"); - $safe_email = SQLite3::escapeString("$email"); - -/*Checks the validation of the registration attempt*/ - - $test_status_db = $db->query("SELECT status FROM user WHERE email='$safe_email';"); - $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM); - $test_status_int = $test_status_arr[0]; - - $test_key_db = $db->query("SELECT key FROM user WHERE email='$safe_email';"); - $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); - $test_key = $test_key_arr[0]; - - if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){ - header("Refresh: 0; /register?reason=prohibited"); - exit; - } else { - - $id_db = $db->query("SELECT id FROM user WHERE email='$safe_email';"); - $id_ar = $id_db->fetchArray(SQLITE3_NUM); - $id = $id_ar[0]; - -/*Generates the encrypted password and the database transactions*/ - - $salt = uniqid(mt_rand(), true); - $password = "$salt"."$cleartext_password"; - $hash_password = md5($password); - for($i=0;$i<15000;$i++) - $hash_password = md5($hash_password); - - if($db->exec(" - BEGIN TRANSACTION; - UPDATE user SET name='$safe_name', salt='$salt', password='$hash_password', invites=5, status=1, register=(SELECT datetime()) WHERE id=$id; - INSERT INTO files (id, parent, owner, name, folder, mime, size, share, extra) VALUES (NULL, 0, $id, '/', 'DIRECTORY', NULL, NULL, 'PUBLIC', NULL); - COMMIT;") - ){ - $_SESSION["login"] = true; - $_SESSION["username"] = $name; - header("Refresh: 0; /register?reason=registration"); - } else { - header("Refresh: 0; /register?reason=database"); - } - } -} else { - foreach ($_GET as $name => $value) { - echo 'Name: ' . $name . ' Value: ' . $value . '<br />'; - } - -echo "<form method='post' action='register.php'> -<p>Name: <input type='text' name='name'></p> -<p>pswd: <input type='password' name='pswd'></p> -<p>2ndpsdw: <input type='password' name='2ndpswd'></p> -<p>key: <input type='text' name='key'></p> -<p>email: <input type='text' name='email'></p> -<p><input type='submit'></p> -</form> -"; -} |