forked from born2c0de/ThalliumBackup-Cloud
-
Notifications
You must be signed in to change notification settings - Fork 0
/
register.php
80 lines (76 loc) · 2.8 KB
/
register.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<?php
include("includes/constants.php");
include("includes/functions.php");
$username = $_POST["username"];
$password = $_POST["password"];
$deviceID = $_POST["deviceID"];
$deviceName = $_POST["deviceName"];
$region = $_POST["region"];
if(!empty($username) && !empty($password) && !empty($deviceID) && !empty($deviceName) && !empty($region))
{
/*
connect to database
check if username exists
if username exists, check if password is correct. If not return error.
if password is correct, add deviceID and deviceName for user. If deviceID is same, don't do anything.
if username doesnt exist, create user and create device and link them. echo success
*/
$conn = mysql_connect(DB_HOST,DB_USERNAME,DB_PASSWORD) or die("Couldn't connect to server");
$db = mysql_select_db(DB_DBNAME,$conn) or die("Couldn't select database");
$query="SELECT * FROM users WHERE email = '" . $username . "'";
$result = mysql_query($query) or die("Query Failed-1");
//echo "Number of Rows : " . mysql_num_rows($result);
// If username does not exist
if(mysql_num_rows($result) == 0)
{
$ip = getRealIpAddr();
$regDate = gmdate(DATE_W3C);
$query = "INSERT INTO users(email,password,regIP,regDate,region) VALUES ('$username','$password','$ip','$regDate','$region')";
$result = mysql_query($query) or die("User Registration failed-1");
// Get uid
$query = "SELECT * FROM users WHERE email = '$username'";
$result = mysql_query($query) or die("User Registration failed-2");
if(mysql_num_rows($result) == 1)
{
$row = mysql_fetch_array($result);
$uid = $row['uid'];
}
else
{
die("User Registration failed-3");
}
// Store device
$query = "INSERT INTO devices(did,uid,deviceName) VALUES ('$deviceID','$uid','$deviceName')";
$result = mysql_query($query) or die("User Registration failed-4");
mysql_close($conn);
echo "Success";
}
else //user is probably registering a new device
{
$row = mysql_fetch_array($result);
$uid = $row['uid'];
$storedpassword = $row['password'];
// if password matches
if($password == $storedpassword)
{
$query = "SELECT * FROM devices WHERE uid = '" . $uid . "' AND did = '" . $deviceID . "'";
$result = mysql_query($query) or die("User Registration failed-5");
if(mysql_num_rows($result) == 0)
{
//this is a new device
$query = "INSERT INTO devices(did,uid,deviceName) VALUES ('$deviceID','$uid','$deviceName')";
$result = mysql_query($query) or die("User Registration failed-6");
}//else dont do anything
echo "Success";
}
else
{
echo "Error: Can't add new device. Incorrect username or password.";
}
}
}
else
{
echo "Error: Not all parameters set";
}
?>