function registerFormSubmitted() { require 'include/configGlobals.php'; connectDatabase(); slashAllInputs(); //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['email'] | !$_POST['firstName'] | !$_POST['lastName']) { die('You did not complete all of the required fields'); } if (!isUsernameValid($_POST['username'])) { die('Sorry, that username is invalid. Please go back and try again.'); } // checks if the username is in use $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '******'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username ' . $_POST['username'] . ' is already in use. Please go back and try again.'); } $emailcheck = $_POST['email']; $check = mysql_query("SELECT email FROM users WHERE email = '{$emailcheck}'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the email exists it gives an error if ($check2 != 0) { die('Sorry, the email ' . $_POST['email'] . ' has already been registered. Please go back and try again.'); } $tempPassword = rand_string(16); // here we encrypt the password and add slashes if needed $hashPassword = md5($tempPassword); $hashUsername = md5($_POST['username']); $hash256Password = bin2hex(mhash(MHASH_SHA256, $tempPassword)); $hash256Username = bin2hex(mhash(MHASH_SHA256, $_POST['username'])); $creationDate = date('Y-m-d'); // now we insert it into the database $insert = "INSERT INTO users (username, pass, sha256_user, sha256_pass, fname, lname, addr1, addr2, city, state, zip, hphone, cphone, email, econtact, econtact_phone, econtact_rel, creation) VALUES (\n '" . $_POST['username'] . "',\n '" . $hashPassword . "',\n\t\t '" . $hash256Username . "',\n\t\t '" . $hash256Password . "',\n '" . $_POST['firstName'] . "',\n '" . $_POST['lastName'] . "',\n '" . $_POST['address1'] . "',\n '" . $_POST['address2'] . "',\n '" . $_POST['city'] . "',\n '" . $_POST['state'] . "',\n '" . $_POST['zipCode'] . "',\n '" . $_POST['homePhone'] . "',\n '" . $_POST['cellPhone'] . "',\n '" . $_POST['email'] . "',\n '" . $_POST['econtact'] . "',\n '" . $_POST['econtactPhone'] . "',\n '" . $_POST['econtactRel'] . "',\n '" . $creationDate . "'\n )"; $add_member = mysql_query($insert); $to = $_POST['email']; $from = $email_Administrator; $subject = 'Registered on ' . $club_Abbr . ' Online Registration Site'; $message = "--{$mime_boundary}\n"; $message .= "Content-Type: text/plain; charset=UTF-8\r\n"; $message .= "Content-Transfer-Encoding: 8bit\r\n"; $message .= 'Thank you for registering on the ' . $club_Abbr . ' Online Registration site.' . "\n" . "\n" . 'Your username is: [ ' . $usercheck . " ]\n" . 'Your temporary password is: [ ' . $tempPassword . " ]\n" . "\n" . 'Login at ' . $http_Logout . ' to change your password and register for events.' . "\n" . "\n" . 'Thank you!' . "\n" . '- ' . $club_Abbr . ' Administration' . "\n"; $message .= "--{$mime_boundary}--\n\n"; if (sendEmail($to, $from, $subject, $message) != false) { echo "<h1>Registered</h1>\n"; echo "Thank you, you have registered. An email has been sent to " . $to . " \n"; echo "with your username and temporary password. Depending on internal server traffic, this may take some time.<br><br>\n"; echo "When you receive your temporary password you may <a href=\"index.php\">login</a> to continue.\n"; } else { echo "<h1>Internal Email Error. Please contact administrator at " . $email_Administrator . "</h1>\n"; } }
if (isset($_GET['submit'])) { $errors = array(); switch ($type) { case 'user': if (!($link = db_init(true))) { break; } $result = mysqli_query($link, 'SELECT `username`, `password`, `colour` FROM `users` WHERE `id`=' . $id . ';'); if (!$result) { array_push($errors, 'MySQL error! | ' . mysqli_error()); break; } $user = @mysqli_fetch_all($result, MYSQLI_ASSOC)[0]; mysqli_free_result($result); if (isset($_POST['newusername']) && $_POST['newusername'] != $user['username']) { $errors = isUsernameValid($_POST['newusername'], $errors); if (empty($errors)) { $result = mysqli_query($link, 'SELECT `username` FROM `users` WHERE `username`=\'' . mysqli_real_escape_string($link, $_POST['newusername']) . '\';'); $found = @mysqli_fetch_all($result, MYSQLI_ASSOC); if (!empty($found)) { array_push($errors, 'Username taken!'); break; } mysqli_free_result($result); mysqli_query($link, 'UPDATE `users` SET `username`=\'' . mysqli_real_escape_string($link, $_POST['newusername']) . '\' WHERE `id`=' . $id . ';'); } } if (isset($_POST['oldpassword']) && isset($_POST['newpassword']) && $_POST['oldpassword'] != '' && $_POST['newpassword'] != '') { if ($_POST['oldpassword'] == $_POST['newpassword']) { $errors = isPasswordValid($_POST['newpassword'], $errors); }
if (isset($_SESSION['username'])) { return true; } else { return false; } } function isUsernameValid($username) { $usernameValidator = new UsernameValidator(); return $usernameValidator->isValid($username); } function isPasswordValid($password) { $passwordValidator = new PasswordValidator(); return $passwordValidator->isValid($password); } if (isLoggedIn()) { redirect('demoAccount.php'); exit; } else { if (isUsernameValid($username)) { if (isPasswordValid($password)) { redirect('demoAccount.php'); exit; } else { echo 'invalid password'; } } else { echo 'invalid username'; } }
redirect('index.php', false); die; } $CURRENT_PAGE = 'Sign up'; $PAGE_TITLE = PAGE_DEFAULT_TITLE . ' | Sign up'; $NAVBAR = NAVBAR_MINIMAL; require_once 'header.php'; if (isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password'])) { $errors = array(); $username = $_POST['username']; $email = $_POST['email']; $password = $_POST['password']; $colour = $_POST['colour']; while (1) { // USERNAME $errors = isUsernameValid($username, $errors); // EMAIL if (CONF_EMAIL_STRICT) { if (strlen($email) < 3) { array_push($errors, 'Email address too short!'); break; } if (strlen($email) > 128) { array_push($errors, 'Email address too long!'); break; } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { array_push($errors, 'Invalid email address!'); break; } }