php - KELLEY MURO

<?php
session_start();
include_once("settings.php");
//print($_POST["username"]);
//Check potential errors with the received data
if(!isset($_POST["username"]))
Error("No username set");
if(!isset($_POST["password"]))
Error("No password set");
if(!isset($_POST["verify_password"]))
Error("The password was not verified");
if($_POST["password"] != $_POST["verify_password"])
Error("The passwords did not match");
if(!preg_match('/[A-Z]/', $_POST["password"]))
Error("Password must contain at last one capital letter");
if(!preg_match('/[a-z]/', $_POST["password"]))
Error("Password must contain at last one lowercase letter");
if(!preg_match('/[0-9]/', $_POST["password"]))
Error("Password must contain at last one number");
if(!isset($_POST["email"]))
Error("No email value given");
if(!isset($_POST["firstname"]))
Error("No first name set");
if(!isset($_POST["lastname"]))
Error("No last name set");
if(!isset($_POST["phone"]))
Error("No phone number set");
//Database Connection
$connection = new mysqli($dbAddr, $dbUser, $dbPass, $dbName);
//Database sanitization
$username = mysqli_real_escape_string($connection, $_POST["username"]);
$password = mysqli_real_escape_string($connection, $_POST["password"]);
$verify_password = mysqli_real_escape_string($connection, $_POST["verify_password"]);
$password = hash_hmac('sha512', $password, '!p09dk4');	//Random salt for security
$email = mysqli_real_escape_string($connection, $_POST["email"]);
$firstname = mysqli_real_escape_string($connection, $_POST["firstname"]);
$lastname = mysqli_real_escape_string($connection, $_POST["lastname"]);
$phone = mysqli_real_escape_string($connection, $_POST["phone"]);
if(isset($_POST["salon"]))
{
if($_POST["salon"] == "")
Error("Please give us a Salon Name");
if(!isset($_POST["address"]))
Error("No address was set");
$salon = mysqli_real_escape_string($connection, $_POST["salon"]);
$address = mysqli_real_escape_string($connection, $_POST["address"]);
$website = mysqli_real_escape_string($connection, $_POST["website"]);
$instagram = mysqli_real_escape_string($connection, $_POST["instagram"]);
}
$registered = date("y-m-d");
$result = $connection->query("SELECT * FROM accounts WHERE username = '" . $username . "'");
if ($result->num_rows > 0)
Error("The username was taken");
//Check if the email was already registered and verified
$result = $connection->query("SELECT * FROM emails WHERE email = '" . $email . "' AND verified = 1");
if ($result->num_rows > 0)
Error("That email was already registered");
//Don't allow a user to register an email that has already been verified by another user
$query = "INSERT INTO accounts (username, password, firstname, lastname, registered) VALUES ('" . $username . "', '" . $password . "', '" . $firstname . "', '" . $lastname . "', '" . $registered . "')";
$connection->query($query);
$account_id = $connection->insert_id;
$hash = hash_hmac('sha512', $email, '!p09dk4');
$query = "INSERT INTO emails (account_id, email, hash, verified) VALUES ('" . $account_id . "', '" . $email . "', '" . $hash . "', '0')";
$connection->query($query);
$hash = hash_hmac('sha512', $phone, '!d09dk4');
$query = "INSERT INTO phones (account_id, phone, hash, verified) VALUES ('" . $account_id . "', '" . $email . "', '" . $hash . "', '0')";
$connection->query($query);
if(isset($_POST["salon"]))
{
$query = "INSERT INTO salons (account_id, name, email, address, phone, website, instagram) VALUES ('" . $account_id . "', '" . $salon . "', '" . $email . "', '" . $address . "', '" . $phone . "', '" . $website . "', '" . $instagram . "')";
}
else
{
$query = "INSERT INTO clients (account_id) VALUES ('" . $account_id . "')";
}
echo "Thank you for creating an account with us " . $firstname . " we're happy to help ";
echo "<br />";
echo "Please check " . $email . " for an email verification link";
echo "<br />";
echo "Please check " . $phone . " for an 6 digit phone verification number";
echo "<br />";
$connection->query($query);
$connection->close();
?>

100

101

102

103

104

105

106

107

<?php

session_start();

include_once("settings.php");

//print($_POST["username"]);

//Check potential errors with the received data

if(!isset($_POST["username"]))

Error("No username set");

if(!isset($_POST["password"]))

Error("No password set");

if(!isset($_POST["verify_password"]))

Error("The password was not verified");

if($_POST["password"] != $_POST["verify_password"])

Error("The passwords did not match");

if(!preg_match('/[A-Z]/', $_POST["password"]))

Error("Password must contain at last one capital letter");

if(!preg_match('/[a-z]/', $_POST["password"]))

Error("Password must contain at last one lowercase letter");

if(!preg_match('/[0-9]/', $_POST["password"]))

Error("Password must contain at last one number");

if(!isset($_POST["email"]))

Error("No email value given");

if(!isset($_POST["firstname"]))

Error("No first name set");

if(!isset($_POST["lastname"]))

Error("No last name set");

if(!isset($_POST["phone"]))

Error("No phone number set");

//Database Connection

$connection = new mysqli($dbAddr, $dbUser, $dbPass, $dbName);

//Database sanitization

$username = mysqli_real_escape_string($connection, $_POST["username"]);

$password = mysqli_real_escape_string($connection, $_POST["password"]);

$verify_password = mysqli_real_escape_string($connection, $_POST["verify_password"]);

$password = hash_hmac('sha512', $password, '!p09dk4'); //Random salt for security

$email = mysqli_real_escape_string($connection, $_POST["email"]);

$firstname = mysqli_real_escape_string($connection, $_POST["firstname"]);

$lastname = mysqli_real_escape_string($connection, $_POST["lastname"]);

$phone = mysqli_real_escape_string($connection, $_POST["phone"]);

if(isset($_POST["salon"]))

{

if($_POST["salon"] == "")

Error("Please give us a Salon Name");

if(!isset($_POST["address"]))

Error("No address was set");

$salon = mysqli_real_escape_string($connection, $_POST["salon"]);

$address = mysqli_real_escape_string($connection, $_POST["address"]);

$website = mysqli_real_escape_string($connection, $_POST["website"]);

$instagram = mysqli_real_escape_string($connection, $_POST["instagram"]);

}

$registered = date("y-m-d");

$result = $connection->query("SELECT * FROM accounts WHERE username = '" . $username . "'");

if ($result->num_rows > 0)

Error("The username was taken");

//Check if the email was already registered and verified

$result = $connection->query("SELECT * FROM emails WHERE email = '" . $email . "' AND verified = 1");

if ($result->num_rows > 0)

Error("That email was already registered");

//Don't allow a user to register an email that has already been verified by another user

$query = "INSERT INTO accounts (username, password, firstname, lastname, registered) VALUES ('" . $username . "', '" . $password . "', '" . $firstname . "', '" . $lastname . "', '" . $registered . "')";

$connection->query($query);

$account_id = $connection->insert_id;

$hash = hash_hmac('sha512', $email, '!p09dk4');

$query = "INSERT INTO emails (account_id, email, hash, verified) VALUES ('" . $account_id . "', '" . $email . "', '" . $hash . "', '0')";

$connection->query($query);

$hash = hash_hmac('sha512', $phone, '!d09dk4');

$query = "INSERT INTO phones (account_id, phone, hash, verified) VALUES ('" . $account_id . "', '" . $email . "', '" . $hash . "', '0')";

$connection->query($query);

if(isset($_POST["salon"]))

{

$query = "INSERT INTO salons (account_id, name, email, address, phone, website, instagram) VALUES ('" . $account_id . "', '" . $salon . "', '" . $email . "', '" . $address . "', '" . $phone . "', '" . $website . "', '" . $instagram . "')";

}

else

{

$query = "INSERT INTO clients (account_id) VALUES ('" . $account_id . "')";

}

echo "Thank you for creating an account with us " . $firstname . " we're happy to help ";

echo "<br />";

echo "Please check " . $email . " for an email verification link";

echo "<br />";

echo "Please check " . $phone . " for an 6 digit phone verification number";

echo "<br />";

$connection->query($query);

$connection->close();