blob: 2e2800df8a1cb8350168148b380c3613d1c3c31c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
<?php
/* Copyright Maximilian Möhring, 2013
Licensed under the GPL. Read LICENSE for more Information.*/
/*This file handels the registration in the database*/
session_start();
$name = $_POST["name"];
$cleartext_password = $_POST["pswd"];
$second_password = $_POST["2ndpswd"];
$email = $_POST["email"];
if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"])){
header("Refresh: 0; register.php?reason=password");
exit;
}
$db = new SQLite3("../database/database.db");
$safe_name = SQLite3::escapeString("$name");
$safe_email = SQLite3::escapeString("$email");
/*Checks the validation of the registration attempt*/
$test_email_db = $db->query("SELECT status FROM secure_test where email='$safe_email';");
$test_email_arr = $test_email_db->fetchArray(SQLITE3_NUM);
$test_email_int = test_$email_arr[0];
$test_key_db = $db->query("SELECT key FROM secure_test where email='$safe_email';");
$test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
$test_key = $test_key_arr[0];
if (($test_email_int != 0 && !$email == "") || !$test_key == $_POST["key"]){
header("Refresh: 0; register.php?reason=prohibited");
exit;
} else {
if ($_POST["pswd"] == ""){
header("Refresh: 0; register.php?reason=empty");
exit;
} else {
/*Checks if mail is already in use*/
$email_db = $db->query("SELECT id FROM user where email='$safe_email';");
$email_arr = $email_db->fetchArray(SQLITE3_NUM);
$email_int = $email_arr[0];
$name_db = $db->query("SELECT id FROM user where name='$safe_name';");
$name_arr = $name_db->fetchArray(SQLITE3_NUM);
$name_int = $name_arr[0];
if (($email_int > 0 && !$email == "")|| $name_int > 0){
header("Refresh: 0; register.php?reason=duplicate");
exit;
} else {
/*Generates the encrypted password and the database transaction*/
$salt = uniqid(mt_rand(), true);
$password = "$salt"."$cleartext_password";
$hash_password = md5($password);
for($i=0;$i<15000;$i++)
$hash_password = md5($hash_password);
$result = $db->exec("
BEGINN TRANSACTION;
INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email');
COMMIT;
");
$_SESSION["username"] = $name;
header("Refresh: 0; account.php?reg=1");
}
}
}
?>
|
