polr/handle-register.php

<?php

require_once('lib-password.php'); //password hashing lib - crpypt forward compat
require_once('lib-core.php');
require_once('helpers/helper-mailsend.php');
$sgmail = new sgmail();


$isemail = filteremail($_POST['email']);

if (!$isemail) {
    require_once 'layout-headerlg.php';
    echo "Please enter a valid email. <br><br><a href='register.php'>Go Back</a>";
    require_once 'layout-footerlg.php';
    die(); //prevent user from registering
}
if ((strlen($_POST['username']) > 15) || (strlen($_POST['password']) > 25) || (strlen($_POST['email']) > 50)) {
    require_once 'layout-headerlg.php';
    echo "Your username must not be over 15 characters, password must be under 25 characters but over 6 characters, and email must be under 50 charcaters. <br><br><a href='register.php'>Go Back</a>";
    require_once 'layout-footerlg.php';
    die(); //prevent user from registering
}
if (strlen($_POST['username']) == 0 || strlen($_POST['password']) < 4 || strlen($_POST['email']) == 0) {
    require_once 'layout-headerlg.php';
    echo "Fields may not be left blank, password must be over 4 characters. <br><br><a href='register.php'>Go Back</a>";
    require_once 'layout-footerlg.php';
    die(); //prevent user from registering
}
if (!ctype_alnum($_POST['username'])) {
    require_once 'layout-headerlg.php';
    echo "Your username must be alphanumerical (numbers and letters only). <br><br><a href='register.php'>Go Back</a>";
    require_once 'layout-footerlg.php';
    die(); //prevent user from registering
}
/*
  if ($_POST['tos']!='accept') {
  require_once 'layout-headerlg.php';
  echo "You must accept the <a href='tos.php'>Terms of Service</a> in order to register.<br><br><a href='register.php'>Go Back</a>";
  require_once 'layout-footerlg.php';
  die();
  }
 */

$salt = mcrypt_create_iv(23, MCRYPT_DEV_URANDOM); //create salt
$rstr = mcrypt_create_iv(23, MCRYPT_DEV_URANDOM);

$reg = array("username" => $mysqli->real_escape_string($_POST['username']),"email" => $mysqli->real_escape_string($_POST['email']), "password" => $mysqli->real_escape_string($_POST['password']), "rkey" => sha1($mysqli->real_escape_string($_POST['username']) . date('zjDygs') . $rstr));

//check if already exists
$ireg;
$ireg['1'] = sqlex('auth', 'email', 'username', $reg['username']);
$ireg['2'] = sqlex('auth', 'username', 'email', $reg['email']);
$ireg['3'] = sqlfetch('auth', 'valid', 'email', $reg['email']);


if (($ireg['1'] == true || $ireg['2'] == true) && $ireg['3'] == 1) {
    require_once 'layout-headerlg.php';
    echo "Username/email already in use. <br><br><a href='register.php'>Go Back</a>";
    require_once 'layout-footerlg.php';
    die(); //prevent user from registering
}

$opts = array(
    'cost' => 10,
    'salt' => $salt
);
$hashed = password_hash($reg['password'], PASSWORD_BCRYPT, $opts);
$reg['password'] = $hashed;


if ($regtype == "free") {
    $active = "1";
}
else {
    $active = "0";
}

//$qr = "INSERT INTO `auth` (username,email,password,rkey,valid,ip) VALUES ('{$reg['username']}','{$reg['email']}','{$hashed}','{$reg['rkey']}','{$active}', '{$ip}');";
//$rr = $mysqli->query($qr) or showerror();
$qp = "INSERT INTO `auth` (username,email,password,rkey,valid,ip) VALUES (?,?,?,?,?,?)";
$st = $mysqli->prepare($qp) or showerror();
$st->bind_param('ssssss', $reg['username'], $reg['email'], $hashed, $reg['rkey'], $active, $ip) or showerror();
$st->execute() or showerror();

if ($regtype == 'email') {
    $sglink = "http://{$wsa}/activate.php?key=" . $reg['rkey'] . '&user=' . $reg['username'];
    $sgmsg = "Please validate your {$wsn} Account by clicking the link below or pasting it into your browser:<br>"
            . '<a href="' . $sglink . '">' . $sglink . '</a>'
            . "<br><br>If you did not register at {$wsn} (<a href='//{$wsa}'>{$wsn}</a>), please disregard this email."
            . "<br>";
    $to = $reg['email'];
    $sm = $sgmail->sendmail($to, 'Polr Account Validation', $sgmsg);


    require_once 'layout-headerlg.php';
    echo "Thanks for registering. Check your email for an activation link. You must activate your account before logging in (top right corner)";
    require_once 'layout-footerlg.php';
    die();
}
else {
    require_once 'layout-headerlg.php';
    echo "Thanks for registering. You may now login (top right corner)";
    require_once 'layout-footerlg.php';
    die();
}
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`<?php`

Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once('lib-password.php'); //password hashing lib - crpypt forward compat`
			`require_once('lib-core.php');`
Clean code, add public/private interface settings 2015-01-10 01:19:21 +01:00			`require_once('helpers/helper-mailsend.php');`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`$sgmail = new sgmail();`


			`$isemail = filteremail($_POST['email']);`

			`if (!$isemail) {`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-headerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`echo "Please enter a valid email. <br><br><a href='register.php'>Go Back</a>";`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-footerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`die(); //prevent user from registering`
			`}`
			`if ((strlen($_POST['username']) > 15) \|\| (strlen($_POST['password']) > 25) \|\| (strlen($_POST['email']) > 50)) {`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-headerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`echo "Your username must not be over 15 characters, password must be under 25 characters but over 6 characters, and email must be under 50 charcaters. <br><br><a href='register.php'>Go Back</a>";`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-footerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`die(); //prevent user from registering`
			`}`
			`if (strlen($_POST['username']) == 0 \|\| strlen($_POST['password']) < 4 \|\| strlen($_POST['email']) == 0) {`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-headerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`echo "Fields may not be left blank, password must be over 4 characters. <br><br><a href='register.php'>Go Back</a>";`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-footerlg.php';`
prepare reg statements 2014-11-08 23:37:31 +01:00			`die(); //prevent user from registering`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`}`
			`if (!ctype_alnum($_POST['username'])) {`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-headerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`echo "Your username must be alphanumerical (numbers and letters only). <br><br><a href='register.php'>Go Back</a>";`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-footerlg.php';`
prepare reg statements 2014-11-08 23:37:31 +01:00			`die(); //prevent user from registering`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`}`
			`/*`
			`if ($_POST['tos']!='accept') {`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-headerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`echo "You must accept the <a href='tos.php'>Terms of Service</a> in order to register.<br><br><a href='register.php'>Go Back</a>";`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-footerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`die();`
			`}`
			`*/`

			`$salt = mcrypt_create_iv(23, MCRYPT_DEV_URANDOM); //create salt`
			`$rstr = mcrypt_create_iv(23, MCRYPT_DEV_URANDOM);`

inter-referencing 2014-06-27 16:15:33 +02:00			`$reg = array("username" => $mysqli->real_escape_string($_POST['username']),"email" => $mysqli->real_escape_string($_POST['email']), "password" => $mysqli->real_escape_string($_POST['password']), "rkey" => sha1($mysqli->real_escape_string($_POST['username']) . date('zjDygs') . $rstr));`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00
			`//check if already exists`
finally Finally, this son of a bitch multiple-account bug is fixed. 2014-06-27 16:35:52 +02:00			`$ireg;`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`$ireg['1'] = sqlex('auth', 'email', 'username', $reg['username']);`
			`$ireg['2'] = sqlex('auth', 'username', 'email', $reg['email']);`
finally Finally, this son of a bitch multiple-account bug is fixed. 2014-06-27 16:35:52 +02:00			`$ireg['3'] = sqlfetch('auth', 'valid', 'email', $reg['email']);`
don't vardump 2014-06-27 16:37:20 +02:00
finally Finally, this son of a bitch multiple-account bug is fixed. 2014-06-27 16:35:52 +02:00
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00
			`if (($ireg['1'] == true \|\| $ireg['2'] == true) && $ireg['3'] == 1) {`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-headerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`echo "Username/email already in use. <br><br><a href='register.php'>Go Back</a>";`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-footerlg.php';`
prepare reg statements 2014-11-08 23:37:31 +01:00			`die(); //prevent user from registering`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`}`

fix compatibility issue with php5.3 2014-08-09 23:49:14 +02:00			`$opts = array(`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`'cost' => 10,`
			`'salt' => $salt`
fix compatibility issue with php5.3 2014-08-09 23:49:14 +02:00			`);`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`$hashed = password_hash($reg['password'], PASSWORD_BCRYPT, $opts);`
			`$reg['password'] = $hashed;`



fix overlapping variables 2014-06-22 00:57:08 +02:00			`if ($regtype == "free") {`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`$active = "1";`
prepare reg statements 2014-11-08 23:37:31 +01:00			`}`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`else {`
			`$active = "0";`
			`}`

prepare reg statements 2014-11-08 23:37:31 +01:00			//$qr = "INSERT INTO `auth` (username,email,password,rkey,valid,ip) VALUES ('{$reg['username']}','{$reg['email']}','{$hashed}','{$reg['rkey']}','{$active}', '{$ip}');";
			`//$rr = $mysqli->query($qr) or showerror();`
fix prepared statement 2014-11-08 23:40:56 +01:00			$qp = "INSERT INTO `auth` (username,email,password,rkey,valid,ip) VALUES (?,?,?,?,?,?)";
prepare reg statements 2014-11-08 23:37:31 +01:00			`$st = $mysqli->prepare($qp) or showerror();`
fix typo parse error 2014-11-08 23:44:21 +01:00			`$st->bind_param('ssssss', $reg['username'], $reg['email'], $hashed, $reg['rkey'], $active, $ip) or showerror();`
prepare reg statements 2014-11-08 23:37:31 +01:00			`$st->execute() or showerror();`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00
prepare reg statements 2014-11-08 23:37:31 +01:00			`if ($regtype == 'email') {`
Generificaiton of email verification 2014-11-08 13:45:05 +01:00			`$sglink = "http://{$wsa}/activate.php?key=" . $reg['rkey'] . '&user=' . $reg['username'];`
			`$sgmsg = "Please validate your {$wsn} Account by clicking the link below or pasting it into your browser:<br>"`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`. '<a href="' . $sglink . '">' . $sglink . '</a>'`
Generificaiton of email verification 2014-11-08 13:45:05 +01:00			`. "<br><br>If you did not register at {$wsn} (<a href='//{$wsa}'>{$wsn}</a>), please disregard this email."`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`. "<br>";`
			`$to = $reg['email'];`
			`$sm = $sgmail->sendmail($to, 'Polr Account Validation', $sgmsg);`


Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-headerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`echo "Thanks for registering. Check your email for an activation link. You must activate your account before logging in (top right corner)";`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-footerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`die();`
			`}`
			`else {`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-headerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`echo "Thanks for registering. You may now login (top right corner)";`
Refactor filenames, and clean up some code 2014-12-28 20:52:06 +01:00			`require_once 'layout-footerlg.php';`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`die();`
			`}`