1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
<?php
function register($db){
$name = $_POST["name"];
$cleartext_password = $_POST["pswd"];
$second_password = $_POST["2ndpswd"];
$email = $_POST["email"];
/* checking for empty password etc. */
if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
return REGISTER_PASSWORD;
}
if(!empty($email)){
if(!preg_match("/[^.+@.+]/", $email)){
return REGISTER_EMAIL;
}
} else {
$email = "";
}
$safe_name = SQLite3::escapeString(htmlentities($name));
$safe_email = SQLite3::escapeString(htmlentities($email));
/*Checks the validation of the registration attempt*/
$doubleusername_db = $db->query("SELECT 1 FROM user WHERE name='" . $safe_name . "';");
$doubleusername_ar = $doubleusername_db->fetchArray(SQLITE3_NUM);
if($doubleusername_ar[0] == 1){
return REGISTER_USERNAME;
}
/*Generates the encrypted password and the database transaction*/
$pepper = file_get_contents("../database/pepper.txt");
$password = $cleartext_password . $pepper;
$hash_password = password_hash($password, PASSWORD_DEFAULT);
if($db->exec("
BEGIN TRANSACTION;
INSERT INTO user (id, name, password, email, status, register) VALUES (NULL, '".$safe_name."', '".$hash_password."', '".$safe_email."', 1, (SELECT strftime('%s', 'now')));
INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $safe_name. "'), (SELECT strftime('%s', 'now')));
COMMIT;")
){
$userid = user_id($db, $safe_name);
$_SESSION["login"] = true;
$_SESSION["username"] = $safe_name;
$_SESSION["userid"] = $userid;
return REGISTER_SUCCESSFULL;
} else {
return REGISTER_DATABASE;
}
}
|
