Pushed to v3

1 files changed, 44 insertions, 0 deletions

diff --git a/oldwww/inreg.php b/oldwww/inreg.php
new file mode 100644
index 0000000..341ba06
--- /dev/null
+++ b/oldwww/inreg.php
@@ -0,0 +1,44 @@
+<?php include('auth.php');
+
+/* Copyright Maximilian Möhring, 2013
+Licensed under the GPL. Read LICENSE for more Information.*/
+
+/*Registrierung in der Datenbank!*/
+
+$name = $_POST["name"];
+$cleartext_password = $_POST["pswd"];
+$email = $_POST["email"];
+
+$db = new SQLite3("../database/database.sqlite");
+
+	$safe_name =  SQLite3::escapeString("$name");
+	$safe_email =  SQLite3::escapeString("$email");
+
+        $email_db = $db->query("SELECT id FROM user where email='$safe_email';");
+	$name_db  = $db->query("SELECT id FROM user where name='$safe_name';");
+	$name_arr = $name_db->fetchArray(SQLITE3_NUM);
+	$email_arr = $email_db->fetchArray(SQLITE3_NUM);
+	$name_int = $name_arr[0];
+	$email_int = $email_arr[0];
+
+
+
+if ($_POST["pswd"] == "" || ($email_int > 0 && !$email == "")|| $name_int > 0){
+//echo "1$cleartext_password 2$email_int 3$name_int";
+
+header("Location: register.php?false=1");
+} else {
+
+	$salt = uniqid(mt_rand(), true);
+	$password = "$salt"."$cleartext_password";
+	$hash_password = md5($password);
+	for($i=0;$i<15000;$i++)
+		$hash_password = md5($hash_password);
+
+
+        $result = $db->exec("INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email');");
+
+	$_SESSION["username"] = $name;
+	header("Location: account.php?reg=1");
+}
+?>