<?php

/* Copyright Maximilian Möhring, 2013
Licensed under the GPL. Read LICENSE for more Information.*/

/*This file handels the registration in the database*/

session_start();

$name = $_POST["name"];
$cleartext_password = $_POST["pswd"];
$second_password = $_POST["2ndpswd"];
$email = $_POST["email"];

if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"])){
	header("Refresh: 0; register.php?reason=password");
	exit;
}

$db = new SQLite3("../database/database.db");

	$safe_name =  SQLite3::escapeString("$name");
	$safe_email =  SQLite3::escapeString("$email");

/*Checks the validation of the registration attempt*/

	$test_email_db = $db->query("SELECT status FROM secure_test where email='$safe_email';");
	$test_email_arr = $test_email_db->fetchArray(SQLITE3_NUM);
	$test_email_int = test_$email_arr[0];

	$test_key_db = $db->query("SELECT key FROM secure_test where email='$safe_email';");
	$test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
	$test_key = $test_key_arr[0];

if (($test_email_int != 0 && !$email == "") || !$test_key == $_POST["key"]){
	header("Refresh: 0; register.php?reason=prohibited");
	exit;
} else {

	if ($_POST["pswd"] == ""){
		header("Refresh: 0; register.php?reason=empty");
		exit;
	} else {

/*Checks if mail is already in use*/

	        $email_db = $db->query("SELECT id FROM user where email='$safe_email';");
		$email_arr = $email_db->fetchArray(SQLITE3_NUM);
		$email_int = $email_arr[0];
		$name_db  = $db->query("SELECT id FROM user where name='$safe_name';");
		$name_arr = $name_db->fetchArray(SQLITE3_NUM);
		$name_int = $name_arr[0];

		if (($email_int > 0 && !$email == "")|| $name_int > 0){
			header("Refresh: 0; register.php?reason=duplicate");
			exit;
		} else {

/*Generates the encrypted password and the database transaction*/

			$salt = uniqid(mt_rand(), true);
			$password = "$salt"."$cleartext_password";
			$hash_password = md5($password);
			for($i=0;$i<15000;$i++)
				$hash_password = md5($hash_password);

		        $result = $db->exec("
					BEGINN TRANSACTION;
					INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email');
					COMMIT;
				       ");

			$_SESSION["username"] = $name;
			header("Refresh: 0; account.php?reg=1");
		}
	}
}
?>