1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
<?php
/* Copyright Maximilian Möhring, 2013
Licensed under the GPL. Read LICENSE for more Information.*/
/*This file handels the registration in the database*/
if($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
$name = $_POST["name"];
$cleartext_password = $_POST["pswd"];
$second_password = $_POST["2ndpswd"];
$email = $_POST["email"];
if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
header("Refresh: 0; register?reason=password");
exit;
}
if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){
header("Refresh: 0; register?reason=encoding");
exit;
}
$db = new SQLite3("../database/sqlite.db");
$safe_name = SQLite3::escapeString("$name");
$safe_email = SQLite3::escapeString("$email");
/*Checks the validation of the registration attempt*/
$test_status_db = $db->query("SELECT status FROM user WHERE email='$safe_email';");
$test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM);
$test_status_int = $test_status_arr[0];
$test_key_db = $db->query("SELECT key FROM user WHERE email='$safe_email';");
$test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
$test_key = $test_key_arr[0];
if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){
header("Refresh: 0; /register?reason=prohibited");
exit;
} else {
/*Generates the encrypted password and the database transactions*/
$salt = uniqid(mt_rand(), true);
$password = "$salt"."$cleartext_password";
$hash_password = md5($password);
for($i=0;$i<15000;$i++)
$hash_password = md5($hash_password);
if($db->exec("
BEGIN TRANSACTION;
UPDATE user SET name='$safe_name', salt='$salt', password='$hash_password', status=1, invites=5 WHERE email='$safe_email';
CREATE TABLE $safe_name (id INTEGER PRIMARY KEY, folder INTEGER, name TEXT, type TEXT, public TEXT);
INSERT INTO $safe_name (id, folder, name, type, public) VALUES (NULL, 0, '/', 'FOLDER', 'HIDDEN');
COMMIT;")
){
if(mkdir("/var/www/files/files/$name")){
$_SESSION["login"] = true;
$_SESSION["username"] = $name;
header("Refresh: 0; /register?reason=registration");
} else {
header("Refresh: 0; /register?reason=mkdir");
}
} else {
header("Refresh: 0; /register?reason=database");
}
}
} else {
foreach ($_GET as $name => $value) {
echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
}
echo "<form method='post' action='register.php'>
<p>Name: <input type='text' name='name'></p>
<p>pswd: <input type='password' name='pswd'></p>
<p>2ndpsdw: <input type='password' name='2ndpswd'></p>
<p>key: <input type='text' name='key'></p>
<p>email: <input type='text' name='email'></p>
<p><input type='submit'></p>
</form>
";
}
|
