From 12734da8826299ffd24c0a15f6dbf205892d7221 Mon Sep 17 00:00:00 2001
From: root
Date: Mon, 14 Apr 2014 08:35:13 +0200
Subject: Pushed to v3

---
 www/functions/func_register.php | 61 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100755 www/functions/func_register.php

(limited to 'www/functions/func_register.php')

diff --git a/www/functions/func_register.php b/www/functions/func_register.php
new file mode 100755
index 0000000..3cb79ad
--- /dev/null
+++ b/www/functions/func_register.php
@@ -0,0 +1,61 @@
+<?php
+function register($db){
+
+	$name = $_POST["name"];
+        $cleartext_password = $_POST["pswd"];
+        $second_password = $_POST["2ndpswd"];
+        $email = $_POST["email"];
+
+        /* checking for empty password etc. */
+
+        if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
+		return REGISTER_PASSWORD;
+	}   
+
+	if(!empty($email)){
+		if(!preg_match("/[^.+@.+]/", $email)){
+			return REGISTER_EMAIL;
+		}   
+	} else {
+		$email = "";
+	}
+
+        $safe_name =  SQLite3::escapeString("$name");
+        $safe_email =  SQLite3::escapeString("$email");
+
+        /*Checks the validation of the registration attempt*/
+
+	$doubleusername_db = $db->query("SELECT 1 FROM user WHERE name='" . $safe_name . "';");
+	$doubleusername_ar = $doubleusername_db->fetchArray(SQLITE3_NUM);
+
+	if($doubleusername_ar[0] == 1){
+		return REGISTER_USERNAME;
+	}
+
+        /*Generates the encrypted password and the database transaction*/
+
+	$pepper = file_get_contents("../database/pepper.txt");
+	$password = $cleartext_password . $pepper;
+
+	$hash_password = password_hash($password, PASSWORD_DEFAULT);
+
+        if($db->exec("
+		BEGIN TRANSACTION;
+		INSERT INTO user (id, name, password, email, status, register) VALUES (NULL, '".$safe_name."', '".$hash_password."', '".$safe_email."', 1, (SELECT strftime('%s', 'now')));
+		INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $safe_name. "'), (SELECT strftime('%s', 'now')));
+                COMMIT;")
+	){
+
+		$userid = user_id($db, $safe_name);
+
+        	$_SESSION["login"] = true;
+                $_SESSION["username"] = $name;
+		$_SESSION["userid"] = $userid;
+
+		return REGISTER_SUCCESSFULL;
+
+	} else {
+		return REGISTER_DATABASE;
+	}
+
+}
-- 
cgit v1.2.3