query("SELECT 1,key,status FROM user WHERE email='" . $safe_email . "';"); $test_ar = $test_db->fetchArray(SQLITE3_NUM); $test_email = $test_ar[0]; $test_key = $test_ar[1]; $test_status_int = $test_ar[2]; if($test_email != 1){ return REGISTER_INVITE; } if($test_status_int != 0){ return REGISTER_PROHIBITED; } if($test_key != $_POST["key"] || $test_key == ""){ return REGISTER_INVITEKEY; } $doubleusername_db = $db->query("SELECT 1 FROM user WHERE name='" . $safe_name . "';"); $doubleusername_ar = $doubleusername_db->fetchArray(SQLITE3_NUM); if($doubleusername_ar[0] == 1){ return REGISTER_USERNAME; } # check for key words if($name == "login" || $name == "logout" || $name == "register" || $name == "invite" || $name == "user" || $name == "download" || $name == "password_recover" || $name == "banned" || $name == "httperror" || $name == "robots.txt" || $name == "favicon.ico" || $name == "static"){ return REGISTER_USERNAME; } $id_db = $db->query("SELECT id FROM user WHERE email='" . $safe_email . "';"); $id_ar = $id_db->fetchArray(SQLITE3_NUM); $id = $id_ar[0]; /*Generates the encrypted password and the database transaction*/ $pepper = file_get_contents("../database/pepper.txt"); $password = $cleartext_password . $pepper; $hash_password = password_hash($password, PASSWORD_DEFAULT); if($db->exec(" BEGIN TRANSACTION; UPDATE user SET name='" . $safe_name . "', password='" . $hash_password . "', invites=5, status=1, register=(SELECT strftime('%s', 'now')), color_folder='DEFAULT', color_file='DEFAULT' WHERE id=" . $id . "; INSERT INTO files (id, parent, owner, name, folder, mime, size, share, size, hash) VALUES (NULL, 0, $id, '/', 'DIRECTORY', NULL, NULL, 'PUBLIC', 0, ''); INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $safe_name. "'), (SELECT strftime('%s', 'now'))); COMMIT;") ){ $userid = user_id($db, $safe_name); $_SESSION["login"] = true; $_SESSION["username"] = $name; $_SESSION["userid"] = $userid; return REGISTER_SUCCESSFULL; } else { return REGISTER_DATABASE; } }