summaryrefslogtreecommitdiff
path: root/www/functions/func_register.php
blob: b87d81f86d7a21143325496993af779d5c1fa1d8 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

<?php
function register($db){

	$name = $_POST["username"];
        $cleartext_password = $_POST["pswd"];
        $second_password = $_POST["2ndpswd"];
        $email = $_POST["email"];

        /* checking for empty password etc. */

        if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
		return REGISTER_PASSWORD;
	}   

	if(!preg_match("/[^.+@.+]/", $email)){
		return REGISTER_EMAIL;
	}   

        $safe_name =  SQLite3::escapeString("$name");
        $safe_email =  SQLite3::escapeString("$email");

        /*Checks the validation of the registration attempt*/

        $test_db = $db->query("SELECT 1,key,status FROM user WHERE email='" . $safe_email . "';");
        $test_ar = $test_db->fetchArray(SQLITE3_NUM);
	$test_email = $test_ar[0];
        $test_key = $test_ar[1];
        $test_status_int = $test_ar[2];

	if($test_email != 1){
		return REGISTER_INVITE;
	}

        if($test_status_int != 0){
		return REGISTER_PROHIBITED;
	}

        if($test_key != $_POST["key"] || $test_key == ""){
		return REGISTER_INVITEKEY;
	}

	$doubleusername_db = $db->query("SELECT 1 FROM user WHERE name='" . $safe_name . "';");
	$doubleusername_ar = $doubleusername_db->fetchArray(SQLITE3_NUM);

	if($doubleusername_ar[0] == 1){
		return REGISTER_USERNAME;
	}

        $id_db = $db->query("SELECT id FROM user WHERE email='" . $safe_email . "';");
        $id_ar = $id_db->fetchArray(SQLITE3_NUM);
        $id = $id_ar[0];

        /*Generates the encrypted password and the database transaction*/

	$pepper = file_get_contents("../database/pepper.txt");
	$password = $cleartext_password . $pepper;

	$hash_password = password_hash($password, PASSWORD_DEFAULT);

        if($db->exec("
		BEGIN TRANSACTION;
                UPDATE user SET name='" . $safe_name . "', password='" . $hash_password . "', invites=5, status=1, register=(SELECT datetime()) WHERE id=" . $id . ";
                INSERT INTO files (id, parent, owner, name, folder, mime, size, share, size, hash) VALUES (NULL, 0, $id, '/', 'DIRECTORY', NULL, NULL, 'PUBLIC', 0, '');
		INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $safe_name. "'), (SELECT datetime()));
                COMMIT;")
	){

		$userid = user_id($db, $safe_name);

        	$_SESSION["login"] = true;
                $_SESSION["username"] = $name;
		$_SESSION["userid"] = $userid;

		return REGISTER_SUCCESSFULL;

	} else {
		return REGISTER_DATABASE;
	}

}