1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
<?php session_start(); include_once("settings.php"); //print($_POST["username"]); //Check potential errors with the received data if(!isset($_POST["username"])) Error("No username set"); if(!isset($_POST["password"])) Error("No password set"); if(!isset($_POST["verify_password"])) Error("The password was not verified"); if($_POST["password"] != $_POST["verify_password"]) Error("The passwords did not match"); if(!preg_match('/[A-Z]/', $_POST["password"])) Error("Password must contain at last one capital letter"); if(!preg_match('/[a-z]/', $_POST["password"])) Error("Password must contain at last one lowercase letter"); if(!preg_match('/[0-9]/', $_POST["password"])) Error("Password must contain at last one number"); if(!isset($_POST["email"])) Error("No email value given"); if(!isset($_POST["firstname"])) Error("No first name set"); if(!isset($_POST["lastname"])) Error("No last name set"); if(!isset($_POST["phone"])) Error("No phone number set"); //Database Connection $connection = new mysqli($dbAddr, $dbUser, $dbPass, $dbName); //Database sanitization $username = mysqli_real_escape_string($connection, $_POST["username"]); $password = mysqli_real_escape_string($connection, $_POST["password"]); $verify_password = mysqli_real_escape_string($connection, $_POST["verify_password"]); $password = hash_hmac('sha512', $password, '!p09dk4'); //Random salt for security $email = mysqli_real_escape_string($connection, $_POST["email"]); $firstname = mysqli_real_escape_string($connection, $_POST["firstname"]); $lastname = mysqli_real_escape_string($connection, $_POST["lastname"]); $phone = mysqli_real_escape_string($connection, $_POST["phone"]); if(isset($_POST["salon"])) { if($_POST["salon"] == "") Error("Please give us a Salon Name"); if(!isset($_POST["address"])) Error("No address was set"); $salon = mysqli_real_escape_string($connection, $_POST["salon"]); $address = mysqli_real_escape_string($connection, $_POST["address"]); $website = mysqli_real_escape_string($connection, $_POST["website"]); $instagram = mysqli_real_escape_string($connection, $_POST["instagram"]); } $registered = date("y-m-d"); $result = $connection->query("SELECT * FROM accounts WHERE username = '" . $username . "'"); if ($result->num_rows > 0) Error("The username was taken"); //Check if the email was already registered and verified $result = $connection->query("SELECT * FROM emails WHERE email = '" . $email . "' AND verified = 1"); if ($result->num_rows > 0) Error("That email was already registered"); //Don't allow a user to register an email that has already been verified by another user $query = "INSERT INTO accounts (username, password, firstname, lastname, registered) VALUES ('" . $username . "', '" . $password . "', '" . $firstname . "', '" . $lastname . "', '" . $registered . "')"; $connection->query($query); $account_id = $connection->insert_id; $hash = hash_hmac('sha512', $email, '!p09dk4'); $query = "INSERT INTO emails (account_id, email, hash, verified) VALUES ('" . $account_id . "', '" . $email . "', '" . $hash . "', '0')"; $connection->query($query); $hash = hash_hmac('sha512', $phone, '!d09dk4'); $query = "INSERT INTO phones (account_id, phone, hash, verified) VALUES ('" . $account_id . "', '" . $email . "', '" . $hash . "', '0')"; $connection->query($query); if(isset($_POST["salon"])) { $query = "INSERT INTO salons (account_id, name, email, address, phone, website, instagram) VALUES ('" . $account_id . "', '" . $salon . "', '" . $email . "', '" . $address . "', '" . $phone . "', '" . $website . "', '" . $instagram . "')"; } else { $query = "INSERT INTO clients (account_id) VALUES ('" . $account_id . "')"; } echo "Thank you for creating an account with us " . $firstname . " we're happy to help "; echo "<br />"; echo "Please check " . $email . " for an email verification link"; echo "<br />"; echo "Please check " . $phone . " for an 6 digit phone verification number"; echo "<br />"; $connection->query($query); $connection->close(); ?> |