aboutsummaryrefslogtreecommitdiff
path: root/www/functions/func_register.php
diff options
context:
space:
mode:
authorroot2014-04-14 08:35:13 +0200
committerroot2014-04-14 08:35:13 +0200
commit12734da8826299ffd24c0a15f6dbf205892d7221 (patch)
tree3b894dd30e332df23a564ce44e42ce164c8abd78 /www/functions/func_register.php
parent7b9d516cd3bcdb8eaa5f1eb533d71010061c681b (diff)
downloadjungegemeinde-12734da8826299ffd24c0a15f6dbf205892d7221.tar.gz
Pushed to v3
Diffstat (limited to 'www/functions/func_register.php')
-rwxr-xr-xwww/functions/func_register.php61
1 files changed, 61 insertions, 0 deletions
diff --git a/www/functions/func_register.php b/www/functions/func_register.php
new file mode 100755
index 0000000..3cb79ad
--- /dev/null
+++ b/www/functions/func_register.php
@@ -0,0 +1,61 @@
+<?php
+function register($db){
+
+ $name = $_POST["name"];
+ $cleartext_password = $_POST["pswd"];
+ $second_password = $_POST["2ndpswd"];
+ $email = $_POST["email"];
+
+ /* checking for empty password etc. */
+
+ if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
+ return REGISTER_PASSWORD;
+ }
+
+ if(!empty($email)){
+ if(!preg_match("/[^.+@.+]/", $email)){
+ return REGISTER_EMAIL;
+ }
+ } else {
+ $email = "";
+ }
+
+ $safe_name = SQLite3::escapeString("$name");
+ $safe_email = SQLite3::escapeString("$email");
+
+ /*Checks the validation of the registration attempt*/
+
+ $doubleusername_db = $db->query("SELECT 1 FROM user WHERE name='" . $safe_name . "';");
+ $doubleusername_ar = $doubleusername_db->fetchArray(SQLITE3_NUM);
+
+ if($doubleusername_ar[0] == 1){
+ return REGISTER_USERNAME;
+ }
+
+ /*Generates the encrypted password and the database transaction*/
+
+ $pepper = file_get_contents("../database/pepper.txt");
+ $password = $cleartext_password . $pepper;
+
+ $hash_password = password_hash($password, PASSWORD_DEFAULT);
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO user (id, name, password, email, status, register) VALUES (NULL, '".$safe_name."', '".$hash_password."', '".$safe_email."', 1, (SELECT strftime('%s', 'now')));
+ INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $safe_name. "'), (SELECT strftime('%s', 'now')));
+ COMMIT;")
+ ){
+
+ $userid = user_id($db, $safe_name);
+
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = $name;
+ $_SESSION["userid"] = $userid;
+
+ return REGISTER_SUCCESSFULL;
+
+ } else {
+ return REGISTER_DATABASE;
+ }
+
+}