diff options
Diffstat (limited to 'inreg.php')
| -rw-r--r-- | inreg.php | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/inreg.php b/inreg.php new file mode 100644 index 0000000..54bbf28 --- /dev/null +++ b/inreg.php @@ -0,0 +1,40 @@ +<?php include('auth.php'); +/*Registrierung in der Datenbank!*/ + +$name = $_POST["name"]; +$cleartext_password = $_POST["pswd"]; +$email = $_POST["email"]; + +$db = new SQLite3("/var/www/jungegemeinde/database/share.db"); + + $safe_name = SQLite3::escapeString("$name"); + $safe_email = SQLite3::escapeString("$email"); + + $email_db = $db->query("SELECT id FROM user where email='$safe_email';"); + $name_db = $db->query("SELECT id FROM user where name='$safe_name';"); + $name_arr = $name_db->fetchArray(SQLITE3_NUM); + $email_arr = $email_db->fetchArray(SQLITE3_NUM); + $name_int = $name_arr[0]; + $email_int = $email_arr[0]; + + + +if ($_POST["pswd"] == "" || ($email_int > 0 && !$email == "")|| $name_int > 0){ +//echo "1$cleartext_password 2$email_int 3$name_int"; + +header("Location: register.php?false=1"); +} else { + + $salt = uniqid(mt_rand(), true); + $password = "$salt"."$cleartext_password"; + $hash_password = md5($password); + for($i=0;$i<15000;$i++) + $hash_password = md5($hash_password); + + + $result = $db->exec("INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email');"); + + $_SESSION["username"] = $name; + header("Location: account.php?reg=1"); +} +?> |