public static function addPending($username, $password, $email) { //Error checking/validation... if (!User::validateUsername($username)) { throw new UserInvalidUsernameException($username); } if (!User::validatePassword($password)) { throw new UserInvalidPasswordException($password); } if (!User::validateEmail($email)) { throw new UserInvalidEmailException($email); } if (!User::availableUsername($username)) { throw new UserUnavailableUsernameException($username); } if (!User::availableEmail($email)) { throw new UserUnavailableEmailException($email); } //Main code follows... $salt = User::generateSalt(); $confirmCode = User::generateConfirmCode(); $db = User::getDB(); $query = $db->prepare('INSERT INTO usersPending(username, password, salt, email, date, confirmCode) VALUES(:username, :password, :salt, :email, :date, :confirmCode)'); $query->bindParam(':username', $username, PDO::PARAM_STR); $query->bindParam(':password', User::processPassword($password, $salt), PDO::PARAM_STR); $query->bindParam(':salt', $salt, PDO::PARAM_LOB); //is LOB right..? $query->bindParam(':email', $email, PDO::PARAM_STR); $query->bindParam(':date', time(), PDO::PARAM_STR); $query->bindParam(':confirmCode', hash(User::config('hash_algorithm'), $confirmCode), PDO::PARAM_STR); $query->execute(); //Send confirm email... $body = User::config('confirm_body_template'); $body = str_replace('[id]', $db->lastInsertId(), $body); $body = str_replace('[code]', $confirmCode, $body); mail($email, User::config('confirm_subject'), $body, 'From: ' . User::config('confirm_from')); }