function checkRequestUser($db, &$request, &$record, $operation, &$roles)
{
// Generated fields
list($record["firstName"], $record["lastName"], $record["saniValid"], $trash) = DataSanitizer::formatUserNames($record["firstName"], $record["lastName"]);
if ($operation === "insert") {
$record["salt"] = generateSalt();
$record["passwordMd5"] = computePasswordMD5($record["password"], $record["salt"]);
}
$roles[] = "generator";
if ($operation === "insert") {
if (existingEmail($db, $record["officialEmail"], 0)) {
$message = "Un compte existe déjà pour l'email " . $record["officialEmail"] . ".";
echo json_encode(array("success" => false, "message" => $message));
error_log($message);
return false;
}
if (existingEmail($db, $record["alternativeEmail"], 0)) {
$message = "Un compte existe déjà pour l'email " . $record["alternativeEmail"] . ".";
echo json_encode(array("success" => false, "message" => $message));
error_log($message);
return false;
}
$record["registrationDate"] = date('Y-m-d H:i:s');
}
if (!checkUser($record)) {
error_log("checkUser false");
return false;
}
if (!$_SESSION["isAdmin"] && $operation === "update") {
$record["ID"] = $_SESSION["userID"];
$user = getUser($db);
if ($record["password"] != "") {
$oldPasswordMd5 = computePasswordMD5($record["old_password"], $user->salt);
if ($oldPasswordMd5 !== $user->passwordMd5) {
echo json_encode(array("success" => false, "message" => "mot de passe invalide"));
error_log("Invalid password");
return false;
}
$record["passwordMd5"] = computePasswordMD5($record["password"], $user->salt);
}
if ($record["alternativeEmail"] !== $user->alternativeEmail) {
$record["alternativeEmailValidated"] = "0";
}
}
// Filters
if (!$_SESSION["isAdmin"] && $operation === "update") {
// Could/should we use a filter for this ?
if ($record["officialEmail"] !== $user->officialEmail && $user->officialEmailValidated) {
error_log("impossible de modifier un email officiel validé");
return false;
}
}
return true;
}
<?php
$results = "";
if (isPostRequest()) {
$email = filter_input(INPUT_POST, 'email');
$password = filter_input(INPUT_POST, 'password');
if (!existingEmail($email, "email", "users")) {
if (createNewUser($email, $password)) {
$results = "User Registered";
} else {
$results = "Error, try again";
}
} else {
$results = 'User already exists. Sorry, please try again.';
}
}
?>
<h3>To register your account, please enter an email and password below</h3>
<br />
<?php
echo $results;
?>
<div id="register">
<form method="post" action="#">
<input name="email" type="text" value="" placeholder="Email" class="form-control"/>
function validate_email($email_input)
{
//store and sanitize the input and remove white spaces at the
//end and the beginning of it
$email = filter_var($email_input, FILTER_SANITIZE_EMAIL);
$errors = FALSE;
//check if the email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors = TRUE;
$error_messages[] = "please enter a valid email address";
} elseif (strpos($email, ',')) {
$errors = TRUE;
$error_messages[] = "please avoid character ','";
} elseif (existingEmail($email)) {
$errors = TRUE;
$error_messages[] = "you are already registered with an account";
}
//returns the email or an error message
if ($errors == TRUE) {
return $error_messages;
} else {
return $email;
}
}
