function valEmail($email, $req = false)
{
if ($req == TRUE && $email == NULL) {
echo "Error: phone number field is missing";
exit;
} else {
if (!filterEmail($email)) {
echo "Error: invalid email address";
exit;
} else {
$email = trim($email);
return $email;
}
//end inner if
}
//end outer if
}
// Sicherheitsfunktionen für POST
if ($registerSubmit) {
$mail = filter_input(INPUT_POST, 'mail');
$mailConfirm = filter_input(INPUT_POST, 'mailC');
$pw = filter_input(INPUT_POST, 'password');
$pwConfirm = filter_input(INPUT_POST, 'passwordC');
$agb = filter_input(INPUT_POST, 'agb');
// Error - array
$registerErrors = [];
// check mail
if (empty($mail)) {
$registerErrors['mail'][] = 'Bitte geben Sie Ihre E-Mail Adresse an.';
} elseif (!checkMail($_POST['mail'], $db)) {
$registerErrors['mail'][] = 'Diese E-Mail Adresse wird bereits verwendet.';
}
if (!filterEmail($mail)) {
$registerErrors['mail'][] = 'Die angegebene E-Mail Adresse ist ungültig.';
}
if (empty($mailConfirm)) {
$registerErrors['mailConfirm'][] = 'Bitte bestätigen die Ihre E-Mail Adresse.';
}
if ($mail !== $mailConfirm) {
$registerErrors['mailConfirm'][] = 'Die E-Mail Adresse stimmen nicht überein.';
}
// PASSWORD
if (empty($pw)) {
$registerErrors['password'][] = 'Bitte geben Sie ein Passwort ein.';
} elseif (!filterPassword($pw)) {
$registerErrors['password'][] = 'Ihr Passwort muss mind. sechs Zeichen lang und einen Groß-, einen Kleinbuchstaben, sowie mind. eine Zahl enthalten.';
}
if (empty($pwConfirm)) {
function registerUser($db)
{
$username = filterString($_POST['username']);
$mail = filterEmail($_POST['mail']);
$cmail = filterEmail($_POST['cmail']);
$pass = filterPassword($_POST['password']);
$cpass = filterPassword($_POST['cpassword']);
$agb = filterString($_POST['cagb']);
if (!isset($username) || empty($username)) {
$error['username'] = 1;
$error['msg']['username'] = '******';
}
if (!isset($mail) || empty($mail)) {
$error['mail'] = 1;
$error['msg']['mail'] = 'Sie haben keine E-Mail angegeben';
}
if (!isset($cmail) || empty($cmail)) {
$error['cmail'] = 1;
$error['msg']['cmail'] = 'Bitte bestätigen Sie Ihre E-Mail';
}
if ($mail != $cmail) {
$error['unequal_mail'] = 1;
$error['msg']['unequal_mail'] = 'Die angegebenen Mails stimmen nicht überein';
}
if (!isset($pass) || empty($pass)) {
$error['pass'] = 1;
$error['msg']['pass'] = '******';
}
if (!isset($cpass) || empty($cpass)) {
$error['cpass'] = 1;
$error['msg']['cpass'] = '******';
}
if ($pass != $cpass) {
$error['unequal_pass'] = 1;
$error['msg']['unequal_pass'] = '******';
}
if (!isset($agb) || $agb != 'on') {
$error['agb'] = 1;
$error['msg']['agb'] = 'Bitte akzeptieren Sie unsere AGB';
}
if (empty($error)) {
$proofedName = checkIfExists($username, "fr_users", "user_name", $db);
if ($proofedName) {
$proofedMail = checkIfExists($mail, "fr_users", "user_mail", $db);
if ($proofedMail) {
// User wird angelegt
// random salt
$randomSalt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Create salted password
//$hashedPassword = hash('sha512', $password . $randomSalt);
$hashedPassword = hash('sha512', $pass . $randomSalt);
// Create randomHash to salt mail for validation-process
$randomHash = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Created salted mail for validation-process
$validationHash = hash('sha512', $mail . $randomHash);
try {
$db->beginTransaction();
$stmt = $db->prepare('INSERT INTO fr_users(user_name,' . 'user_mail, ' . 'user_hash, ' . 'user_salt, ' . 'user_validation, ' . 'user_regDate, ' . 'user_lastLogin, ' . 'user_role, ' . 'user_status, ' . 'user_base_lang, ' . 'user_newsletter) ' . 'VALUES (:name, :mail, :hash, :salt, :validation, NOW(), NOW(), :role, :status, :base_lang, :newsletter)');
$stmt->execute(array(':name' => $username, ':mail' => $mail, ':hash' => $hashedPassword, ':salt' => $randomSalt, ':validation' => $validationHash, ':role' => 0, ':status' => 'pending', ':base_lang' => 'de', ':newsletter' => 1));
$db->commit();
} catch (PDOException $e) {
$e->getMessage();
$db->rollBack();
}
if (empty($e)) {
$mail = sendValidationMail($mail, $validationHash);
if ($mail) {
header('Location:' . createUrl(array("action" => "register", "do" => "success")));
} else {
$error['mail_error'] = 1;
return $error;
}
} else {
$error['db_error'] = 1;
return $error;
}
} else {
$error['mail_used'] = 1;
$error['msg']['mail_used'] = 'Die eingegebe E-Mail wird bereits verwendet';
return $error;
}
} else {
$error['name_used'] = 1;
$error['msg']['username_used'] = 'Der eingegeben Nutzername wird bereits verwendet';
return $error;
}
} else {
return $error;
}
}
function send_login_trouble_email($name, $from, $login_code, $message)
{
$to = "*****@*****.**";
$name = filterName($name);
$from = filterEmail($from);
$subject = "[Login Trouble] " . $name . " (" . $from . ") is having login trouble";
$message = wordwrap(filterOther($message), 70, "\r\n");
$login_code = filterOther($login_code);
$message = $name . " is having trouble logging in with code " . $login_code . "\r\nMessage:\r\n" . $message;
$headers = "From: " . $from . "\r\n" . "Reply-To: " . $from . "\r\n";
return mail($to, $subject, $message, $headers);
}