inreg.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

<?php include('auth.php');

/* Copyright Maximilian Möhring, 2013
Licensed under the GPL. Read LICENSE for more Information.*/

/*Registrierung in der Datenbank!*/

$name = $_POST["name"];
$cleartext_password = $_POST["pswd"];
$email = $_POST["email"];

$db = new SQLite3("../database/share.db");

	$safe_name =  SQLite3::escapeString("$name");
	$safe_email =  SQLite3::escapeString("$email");

        $email_db = $db->query("SELECT id FROM user where email='$safe_email';");
	$name_db  = $db->query("SELECT id FROM user where name='$safe_name';");
	$name_arr = $name_db->fetchArray(SQLITE3_NUM);
	$email_arr = $email_db->fetchArray(SQLITE3_NUM);
	$name_int = $name_arr[0];
	$email_int = $email_arr[0];


if ($_POST["pswd"] == "" || ($email_int > 0 && !$email == "")|| $name_int > 0){
//echo "1$cleartext_password 2$email_int 3$name_int";

header("Location: register.php?false=1");
} else {

	$salt = uniqid(mt_rand(), true);
	$password = "$salt"."$cleartext_password";
	$hash_password = md5($password);
	for($i=0;$i<15000;$i++)
		$hash_password = md5($hash_password);


        $result = $db->exec("INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email');");

	$_SESSION["username"] = $name;
	header("Location: account.php?reg=1");
}
?>