public static function create($username, $password, $repeat, $email) { /* We load the $dbConn variable as global to use it inside the function. */ global $dbConn; /* * We first need to sanitize the variables we got in order to avoid * SQL injection attacks from malicious users. */ $username = $dbConn->real_escape_string($username); $password = $dbConn->real_escape_string($password); $repeat = $dbConn->real_escape_string($repeat); $email = $dbConn->real_escape_string($email); /* We check if the two passwords match each other. */ if ($password == $repeat) { /* Check if username is empty. */ if (Validator::isEmpty($username)) { new Message(3); return; } /* We check if the user has supplied a valid email address. */ if (Validator::validateEmail($email) == false) { new Message(6); return; } /* We check for duplicate usernames. */ if (Validator::userExists($username)) { new Message(8); return; } /* We check for duplicate email address. */ if (Validator::emailExists($email)) { new Message(9); return; } /* * Check password for security. * Password security policy rules: * --------------------------------- * 1. It must contain both numbers/letters. * 2. It must be longer than 8 characters. */ if (Validator::isValidPassword($password) == false) { new Message(10); return; } /* We generate a new unique salt for the user. */ $salt = Salt::getHash(); /* * We now need to store the password as a hash and for that reason * we will use the hash function sha-256 which generates a 64 character * hash (256 bits long and uses 4 bits per character = 64 characters). * We also mix the salt with the hash so that it is harder for an * attacker to bruteforce the hash and find the correct password. */ $hashedPassword = hash("sha256", $salt . $password . $salt); /* We build our query and execute it. */ $result = $dbConn->query("INSERT INTO `accounts` VALUES ('', '{$username}', '{$hashedPassword}', '{$email}', '{$salt}', NULL, NULL);"); /* Supposing the query ran then */ if ($result) { //The account was created successfully. new Message(7, "success"); } } else { /* The two passwords don't match each other. */ new Message(5); } }