-
Notifications
You must be signed in to change notification settings - Fork 0
/
signup.php
122 lines (115 loc) · 4.57 KB
/
signup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
//<!--Start session-->
session_start();
include('connection.php');
/*ini_set('SMTP', "server.com");
ini_set('smtp_port', "465");
ini_set('sendmail_from', "somyasbharti@gmail.com");*/
//<!--Check user inputs-->
// <!--Define error messages-->
global $errors;
$headers = 'From: somyasbharti@gmail.com' . "\r\n".
'MIME-Version: 1.0'."\r\n".
'Content-Type: text/html; charset=utf-8';
$missingUsername = '<p><strong>Please enter a username!</strong></p>';
$missingEmail = '<p><strong>Please enter your email address!</strong></p>';
$invalidEmail = '<p><strong>Please enter a valid email address!</strong></p>';
$missingPassword = '<p><strong>Please enter a Password!</strong></p>';
$invalidPassword = '<p><strong>Your password should be at least 6 characters long and inlcude one capital letter and one number!</strong></p>';
$differentPassword = '<p><strong>Passwords don\'t match!</strong></p>';
$missingPassword2 = '<p><strong>Please confirm your password</strong></p>';
// <!--Get username, email, password, password2-->
//Get username
if(empty($_POST["username"])){
$errors .= $missingUsername;
}else{
$username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
}
//Get email
if(empty($_POST["email"])){
$errors .= $missingEmail;
}else{
$email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL);
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$errors .= $invalidEmail;
}
}
//Get passwords
if(empty($_POST["password"])){
$errors .= $missingPassword;
}elseif(!(strlen($_POST["password"])>6
and preg_match('/[A-Z]/',$_POST["password"])
and preg_match('/[0-9]/',$_POST["password"])
)
){
$errors .= $invalidPassword;
}else{
$password = filter_var($_POST["password"], FILTER_SANITIZE_STRING);
if(empty($_POST["password2"])){
$errors .= $missingPassword2;
}else{
$password2 = filter_var($_POST["password2"], FILTER_SANITIZE_STRING);
if($password !== $password2){
$errors .= $differentPassword;
}
}
}
//If there are any errors print error
if($errors){
$resultMessage = '<div class="alert alert-danger">' . $errors .'</div>';
echo $resultMessage;
exit;
}
//no errors
//Prepare variables for the queries
$username = mysqli_real_escape_string($link, $username);
$email = mysqli_real_escape_string($link, $email);
$password = mysqli_real_escape_string($link, $password);
//$password = md5($password);
$password = hash('sha256', $password);
//128 bits -> 32 characters
//256 bits -> 64 characters
//If username exists in the users table print error
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = mysqli_query($link, $sql);
if(!$result){
echo '<div class="alert alert-danger">Error running the query!</div>';
// echo '<div class="alert alert-danger">' . mysqli_error($link) . '</div>';
exit;
}
$results = mysqli_num_rows($result);
if($results){
echo '<div class="alert alert-danger">That username is already registered. Do you want to log in?</div>'; exit;
}
//If email exists in the users table print error
$sql = "SELECT * FROM users WHERE email = '$email'";
$result = mysqli_query($link, $sql);
if(!$result){
echo '<div class="alert alert-danger">Error running the query!</div>'; exit;
}
$results = mysqli_num_rows($result);
if($results){
echo '<div class="alert alert-danger">That email is already registered. Do you want to log in?</div>'; exit;
}
//Create a unique activation code
$activationKey = bin2hex(openssl_random_pseudo_bytes(16));
//byte: unit of data = 8 bits
//bit: 0 or 1
//16 bytes = 16*8 = 128 bits
//(2*2*2*2)*2*2*2*2*...*2
//16*16*...*16
//32 characters
//Insert user details and activation code in the users table
$sql = "INSERT INTO users (`username`, `email`, `password`, `activation`) VALUES ('$username', '$email', '$password', '$activationKey')";
$result = mysqli_query($link, $sql);
if(!$result){
echo '<div class="alert alert-danger">There was an error inserting the users details in the database!</div>';
exit;
}
//Send the user an email with a link to activate.php with their email and activation code
$message = "Please click on this link to activate your account:\n\n";
$message .= "http://localhost/project/activate.php?email=" . urlencode($email) . "&key1=$activationKey";
if(mail($email, 'Confirm your Registration', $message, 'From:'.'somyasbharti@gmail.com',$headers)){
echo "<div class='alert alert-success'>Thank for your registring! A confirmation email has been sent to $email. Please click on the activation link to activate your account.</div>";
}
?>