<?php

/* Copyright Maximilian Möhring, 2013
Licensed under the GPL. Read LICENSE for more Information.*/

/*This file handels the registration in the database*/

if($_SERVER['REQUEST_METHOD'] == 'POST') {

	session_start();

	$name = $_POST["name"];
	$cleartext_password = $_POST["pswd"];
	$second_password = $_POST["2ndpswd"];
	$email = $_POST["email"];

	if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
		header("Refresh: 0; register?reason=password");
		exit;
	}

	if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){
		header("Refresh: 0; register?reason=encoding");
		exit;
	}

	$db = new SQLite3("../database/database.db");

	$safe_name =  SQLite3::escapeString("$name");
	$safe_email =  SQLite3::escapeString("$email");

/*Checks the validation of the registration attempt*/

	$test_status_db = $db->query("SELECT status FROM secure_test WHERE new_email='$safe_email';");
	$test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM);
	$test_status_int = $test_status_arr[0];

	$test_key_db = $db->query("SELECT key FROM secure_test WHERE new_email='$safe_email';");
	$test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
	$test_key = $test_key_arr[0];

	if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){
		header("Refresh: 0; /register?reason=prohibited");
		exit;
	} else {

/*Checks if mail is already in use*/

	        $email_db = $db->query("SELECT id FROM user WHERE email='$safe_email';");
		$email_arr = $email_db->fetchArray(SQLITE3_NUM);
		$email_int = $email_arr[0];
		$name_db  = $db->query("SELECT id FROM user WHERE name='$safe_name';");
		$name_arr = $name_db->fetchArray(SQLITE3_NUM);
		$name_int = $name_arr[0];

		if (($email_int > 0 && !$email == "")|| $name_int > 0){
			header("Refresh: 0; /register?reason=duplicate");
			exit;
		} else {

/*Generates the encrypted password and the database transactions*/

			$salt = uniqid(mt_rand(), true);
			$password = "$salt"."$cleartext_password";
			$hash_password = md5($password);
			for($i=0;$i<15000;$i++)
				$hash_password = md5($hash_password);

		        if($db->exec("
				BEGIN TRANSACTION;
				INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email');
				COMMIT;")
			){
				$_SESSION["login"] = true;
				$_SESSION["username"] = $name;

				if(!$db->exec("
					BEGIN TRANSACTION;
                	                UPDATE secure_test SET status=1 WHERE new_email='$safe_email';
                        	        COMMIT;")
				){
					header("Refresh: 0; /register?reason=database");
				}

				if(!$db->exec("
					BEGIN TRANSACTION;
                	                INSERT INTO relationship (id, senpai, kohai) VALUES (NULL, (SELECT origin_name FROM secure_test WHERE new_email='$safe_email'), (SELECT id FROM user WHERE email='$safe_email'));
                        	        COMMIT;")
				){
					header("Refresh: 0; /register?reason=database");
				}

				header("Refresh: 0; /");

			} else {
				header("Refresh: 0; /register?reason=database");
			}
		}
	}
} else {
	header("Refresh: 0; /register");
	exit;
}