function registerUser($mail, $password, $db) { // Create random salt $randomSalt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); // Create salted password //$hashedPassword = hash('sha512', $password . $randomSalt); $hashedPassword = hash('sha512', $password . $randomSalt); // Create randomHash to salt mail for validation-process $randomHash = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); // Created salted mail for validation-process $validationHash = hash('sha512', $mail . $randomHash); try { $db->beginTransaction(); $stmt = $db->prepare('INSERT INTO users(user_mail, ' . 'user_hash, ' . 'user_salt, ' . 'user_validation, ' . 'user_regDate, ' . 'user_lastLogin, ' . 'user_role, ' . 'user_status, ' . 'user_newsletter) ' . 'VALUES (:mail, :hash, :salt, :validation, NOW(), NOW(), :role, :status, :newsletter)'); $stmt->execute(array(':mail' => $mail, ':hash' => $hashedPassword, ':salt' => $randomSalt, ':validation' => $validationHash, ':role' => 0, ':status' => 'pending', ':newsletter' => 1)); $lastUserId = $db->lastInsertId(); $stmt = $db->query('INSERT INTO contacts (contact_name) VALUES (NULL)'); $lastContactId = $db->lastInsertId(); $stmt = $db->prepare('INSERT INTO user_has_contacts (user_id, contact_id) VALUES (:user, :contact)'); $stmt->execute(array($lastUserId, $lastContactId)); $db->commit(); } catch (PDOException $e) { $e->getMessage(); $db->rollBack(); } if (empty($e)) { if (sendValidationMail($mail, $validationHash)) { return true; } else { return false; } } else { return false; } }
function registerUser($db) { $username = filterString($_POST['username']); $mail = filterEmail($_POST['mail']); $cmail = filterEmail($_POST['cmail']); $pass = filterPassword($_POST['password']); $cpass = filterPassword($_POST['cpassword']); $agb = filterString($_POST['cagb']); if (!isset($username) || empty($username)) { $error['username'] = 1; $error['msg']['username'] = '******'; } if (!isset($mail) || empty($mail)) { $error['mail'] = 1; $error['msg']['mail'] = 'Sie haben keine E-Mail angegeben'; } if (!isset($cmail) || empty($cmail)) { $error['cmail'] = 1; $error['msg']['cmail'] = 'Bitte bestätigen Sie Ihre E-Mail'; } if ($mail != $cmail) { $error['unequal_mail'] = 1; $error['msg']['unequal_mail'] = 'Die angegebenen Mails stimmen nicht überein'; } if (!isset($pass) || empty($pass)) { $error['pass'] = 1; $error['msg']['pass'] = '******'; } if (!isset($cpass) || empty($cpass)) { $error['cpass'] = 1; $error['msg']['cpass'] = '******'; } if ($pass != $cpass) { $error['unequal_pass'] = 1; $error['msg']['unequal_pass'] = '******'; } if (!isset($agb) || $agb != 'on') { $error['agb'] = 1; $error['msg']['agb'] = 'Bitte akzeptieren Sie unsere AGB'; } if (empty($error)) { $proofedName = checkIfExists($username, "fr_users", "user_name", $db); if ($proofedName) { $proofedMail = checkIfExists($mail, "fr_users", "user_mail", $db); if ($proofedMail) { // User wird angelegt // random salt $randomSalt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); // Create salted password //$hashedPassword = hash('sha512', $password . $randomSalt); $hashedPassword = hash('sha512', $pass . $randomSalt); // Create randomHash to salt mail for validation-process $randomHash = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); // Created salted mail for validation-process $validationHash = hash('sha512', $mail . $randomHash); try { $db->beginTransaction(); $stmt = $db->prepare('INSERT INTO fr_users(user_name,' . 'user_mail, ' . 'user_hash, ' . 'user_salt, ' . 'user_validation, ' . 'user_regDate, ' . 'user_lastLogin, ' . 'user_role, ' . 'user_status, ' . 'user_base_lang, ' . 'user_newsletter) ' . 'VALUES (:name, :mail, :hash, :salt, :validation, NOW(), NOW(), :role, :status, :base_lang, :newsletter)'); $stmt->execute(array(':name' => $username, ':mail' => $mail, ':hash' => $hashedPassword, ':salt' => $randomSalt, ':validation' => $validationHash, ':role' => 0, ':status' => 'pending', ':base_lang' => 'de', ':newsletter' => 1)); $db->commit(); } catch (PDOException $e) { $e->getMessage(); $db->rollBack(); } if (empty($e)) { $mail = sendValidationMail($mail, $validationHash); if ($mail) { header('Location:' . createUrl(array("action" => "register", "do" => "success"))); } else { $error['mail_error'] = 1; return $error; } } else { $error['db_error'] = 1; return $error; } } else { $error['mail_used'] = 1; $error['msg']['mail_used'] = 'Die eingegebe E-Mail wird bereits verwendet'; return $error; } } else { $error['name_used'] = 1; $error['msg']['username_used'] = 'Der eingegeben Nutzername wird bereits verwendet'; return $error; } } else { return $error; } }