<?php
require '../../phpinclude/init.php';
// get, check and clean inputs
$email = check_text_input($_POST['email'], 1, 255, "Email", "/public/signin.php?err");
$password = check_text_input($_POST['password'], 1, 32, "Password", "/public/signin.php?err");
dbconnect(0);
// email exists?
$result = doSQL("select userID, password from users where email=?;", $email) or die("ERR");
if (!is_array($result)) {
// error, email inexistent
header("Location: /public/signin.php?err=1");
exit;
}
// get password
$row = $result[0];
// check hash
$passwordok = 0;
if (crypt($password, $row['password']) === $row['password']) {
$passwordok = 1;
}
if ($passwordok == 0) {
// error, password wrong
header("Location: /public/signin.php?err=1");
exit;
}
// sign in
sessionstart($row['userID']);
header("Location: /account/index.php?signin=1");
function setsecurevariable($vn,$vv) {
if(!isset($_SESSION)) sessionstart();
$_SESSION[$vn]=$vv;
return $vv;
}
do_err($erraddr3, "Email in use");
}
// check username still available
$result = doSQL("select * from users where username=?;", $username) or do_err($erraddr1, "Database Error");
if (is_array($result)) {
// no, exists, quit
do_err($erraddr1, "Username in use");
}
// check recaptcha
$rcc = $_POST["rcc"];
$rcr = $_POST["rcr"];
$rch = base64_decode($_POST["rch"]);
$rcstr = $_SERVER["REMOTE_ADDR"] . "836429" . $rcc . "7364528" . $rcr;
if (!(crypt($rcstr, $rch) === $rch)) {
do_err($erraddrrc, "The reCAPTCHA was wrong " . $rcerr);
}
// hash password
// create a random salt
$salt = "\$2y\$10\$" . bin2hex(openssl_random_pseudo_bytes(22));
// Hash the password with the salt
$hash = crypt($password, $salt);
// insert user
$result = doSQL("insert into users (username, password, email) values (?, ?, ?);", $username, $hash, $email) or do_err($erraddr3, "Database Error");
$nid = $db->insert_id;
// signin
sessionstart($nid);
// jump
header('Location: ../account/index.php?signup=1');
?>
//////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////↓メイン/////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if (isset($_POST['page'])) {
$page = $_POST['page'];
} else {
$page = 1;
}
if (isset($_POST['mode'])) {
$mode = $_POST['mode'];
} else {
$mode = "input";
}
if (!isset($_SESSION['name'])) {
sessionstart();
session_to_value();
} else {
//echo($_COOKIE['PHPSESSID'] . "<br>");
//echo($mode . "<br>");
//echo($page . "<br>");
session_to_value();
post_to_value();
valuecheck();
//echo($mode . "<br>");
//echo($page . "<br>");
}
value_to_session();
showscreen();
//0:input,1:error,3:revise
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////