function custom_register()
{
// Validate du lieu nhap vao
if (isset($_POST['submit'])) {
register_validate($_POST['username'], $_POST['password'], $_POST['email']);
}
// Xu ly du lieu truoc khi nhap vao
global $username, $password, $email;
$username = sanitize_user($_POST['username']);
$password = esc_attr($_POST['password']);
$email = sanitize_email($_POST['email']);
// Xu ly dang ky
register_complete($username, $password, $email);
// Hien thi form dang ky
register_form($username, $password, $email);
}
function register()
{
global $db, $fullsite, $cla_cid, $cla_nid, $cla_site;
$register_success = false;
$email = __post('email');
$password = __post('password');
$re_password = __post('re_password');
$full_name = __post('full_name');
$province_id = __post('province_id');
$hospital_id = __post('hospital_id');
$hospital_name = __post('hospital_name');
$department_id = __post('department_id');
if ($password == $re_password && $email != '' && $full_name != '') {
$user_info = get_user_info($email);
if (is_array($user_info)) {
$msg = "Email đã tồn tại. Vui lòng kiểm tra lại thông tin.";
} else {
if ($hospital_id == 0 && $hospital_name != '') {
$sSQLHospital = "insert into ntk_hospital (province_id,name,`status`,`order`) \n\t\t\t\t\tvalues(" . $province_id . ",N'" . $hospital_name . "',1,1000) ";
$result = $db->query($sSQLHospital, true, "Query failed");
$sSQLHospitalId = "select * from ntk_hospital where name = N'" . $hospital_name . "' order by id desc limit 0,1 ";
$result = $db->query($sSQLHospitalId, true, "Query failed");
if ($aRHospital = $db->fetchByAssoc($result)) {
$hospital_id = (int) $aRHospital['id'];
}
}
$password = md5($password);
$sql = " insert into ntk_users(email,password,full_name,province_id,department_id,hospital_id)\n\t\t\t\t\tvalues('" . $email . "','" . $password . "',N'" . $full_name . "'," . (int) $province_id . "," . (int) $department_id . "," . (int) $hospital_id . ")\n\t\t\t\t";
$result = $db->query($sql, true, "Query failed");
$user_info = get_user_info($email);
if (is_array($user_info)) {
$msg = "Đăng ký thành công.";
$_SESSION[_PLATFORM_]['is_login'] = true;
$_SESSION[_PLATFORM_]['USER_INFO'] = $user_info;
$register_success = true;
}
}
} else {
$msg = "Đăng ký không thành công. Vui lòng kiểm tra lại thông tin.";
}
register_form($msg, $register_success);
}
} else {
event_log_log('classic_reg_form_sign_up');
/* Input from user is OK, create rows in required tables */
$query = 'INSERT INTO login(username, password, regtimestamp, regip, lastlogon) ';
$query .= 'VALUES ("' . $_POST['username'] . '", "' . md5(utf8_decode($_POST['password'])) . '", "';
$query .= time() . '", "' . $_SERVER['REMOTE_ADDR'] . '", "")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$user_id = mysql_insert_id();
$query = 'INSERT INTO userinfo (userid) VALUES ("' . $user_id . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$query = 'INSERT INTO traffa (userid) VALUES ("' . $user_id . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
$query = 'INSERT INTO preferences (userid) VALUES ("' . $user_id . '")';
mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__));
/* Rows created, log on the user */
login_dologin($_POST['username'], $_POST['password']);
/* Redirect to welcome page asking the user for more information */
jscript_alert('Du kan numera känna dig som en riktig Hamsterpajare!\\nVi loggar in dig på ditt konto nu.');
jscript_location('/registered.php');
}
} else {
regform_header_p13();
regform_header_welcome();
register_form();
event_log_log('classic_reg_form_load');
}
ui_bottom();
?>
function register()
{
global $db, $fullsite, $cla_cid, $cla_nid, $cla_site;
$register_success = false;
$email = __post('email');
$password = __post('password');
$re_password = __post('re_password');
$full_name = __post('full_name');
$province_id = __post('province_id');
$hospital_id = __post('hospital_id');
$department_id = __post('department_id');
if ($password == $re_password && $email != '' && $full_name != '') {
$user_info = get_user_info($email);
if (is_array($user_info)) {
$msg = "Email đã tồn tại. Vui lòng kiểm tra lại thông tin.";
} else {
$password = md5($password);
$sql = " insert into ntk_users(email,password,full_name,province_id,department_id,hospital_id)\n\t\t\t\t\tvalues('" . $email . "','" . $password . "',N'" . $full_name . "'," . (int) $province_id . "," . (int) $department_id . "," . (int) $hospital_id . ")\n\t\t\t\t";
$result = $db->query($sql, true, "Query failed");
$user_info = get_user_info($email);
if (is_array($user_info)) {
$msg = "Đăng ký thành công.";
$_SESSION[_PLATFORM_]['is_login'] = true;
$_SESSION[_PLATFORM_]['USER_INFO'] = $user_info;
$register_success = true;
}
}
} else {
$msg = "Đăng ký không thành công. Vui lòng kiểm tra lại thông tin.";
}
register_form($msg, $register_success);
}
function register_val($con)
{
//require_once('includes/bootstrapper.php');
//require_once('includes/connect.php');
//second send validation
if (!empty($_POST['Send_2'])) {
$username_final = mysqli_real_escape_string($con, $_POST['username']);
$password_final = mysqli_real_escape_string($con, $_POST['password']);
$apikey_final = mysqli_real_escape_string($con, $_POST['api']);
$vcode_final = mysqli_real_escape_string($con, $_POST['vcode']);
$email_final = mysqli_real_escape_string($con, $_POST['email']);
$reports_final = mysqli_real_escape_string($con, $_POST['reports']);
$dt = new DateTime();
$tz = new DateTimeZone('Europe/Lisbon');
$dt->setTimezone($tz);
$datetime = $dt->format('Y-m-d H:i:s');
$chars = array();
if (isset($_POST['char1'])) {
$char1 = $_POST['char1'];
array_push($chars, $char1);
} else {
$char1 = "";
}
if (isset($_POST['char2'])) {
$char2 = $_POST['char2'];
array_push($chars, $char2);
} else {
$char2 = "";
}
if (isset($_POST['char3'])) {
$char3 = $_POST['char3'];
array_push($chars, $char3);
} else {
$char3 = "";
}
//$chars = array($char1,$char2,$char3);
//FINAL SERVER VALIDATION #2 (just in case someone sneaks in HTML5)
if (strlen($username_final) < 5 || $username_final == "") {
echo "Username is too short (5 characters minimum)";
failed_validation_2();
} else {
if ($password_final == "") {
echo "Input a proper password";
failed_validation_2();
} else {
if (!filter_var($email_final, FILTER_VALIDATE_EMAIL)) {
echo "Wrong email format.";
failed_validation_2();
} else {
if (!in_array($reports_final, array('none', 'daily', 'weekly', 'monthly'))) {
echo "Invalid report type selection";
failed_validation_2();
} else {
//check if characters belong to API KEY by intersecting both arrays
$pheal2 = new Pheal($apikey_final, $vcode_final);
$chars_api = array();
$chars_name = array();
$empty = array();
$result2 = $pheal2->accountScope->APIKeyInfo();
foreach ($result2->key->characters as $character) {
array_push($chars_api, $character->characterID);
array_push($chars_name, $character->characterName);
}
if (array_intersect(array_diff($chars, $chars_api), $chars_api) != $empty) {
echo "Character does not belong to account";
failed_validation_2();
} else {
$cost = 10;
//Before creating the account, let's securely hash the password:
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
// Prefix information about the hash so PHP knows how to verify it later.
// "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
$salt = sprintf("\$2a\$%02d\$", $cost) . $salt;
// Hash the password with the salt
$password_final = crypt($password_final, $salt);
//Everything is validated, prepare SQL transaction
mysqli_query($con, "START TRANSACTION");
$query_insert_user = $con->prepare("INSERT INTO `trader`.`user` (" . "`iduser`, " . "`username`, " . "`registration_date`, " . "`password`, " . "`reports`, " . "`email`, `salt`, `login_count`) " . "VALUES (" . "NULL, " . "?, " . "?, " . "?, " . "?, " . "?, ?, ?);");
$zero = 0;
$query_insert_user->bind_param("ssssssi", $username_final, $datetime, $password_final, $reports_final, $email_final, $salt, $zero);
//ss stands for 2 strings
$query_insert_user->execute();
$last_id_user = mysqli_insert_id($con);
//Insert ignore because api key may already exist
$query_insert_apikey = mysqli_query($con, "insert ignore into `trader`.`api` (`apikey`, `vcode`) " . "VALUES " . "('{$apikey_final}', " . "'{$vcode_final}');") or die(mysqli_error($con));
// print_r($chars);
$pheal3 = new Pheal($apikey_final, $vcode_final, "char");
foreach ($chars as $row) {
//echo $row;
$response_final = $pheal3->CharacterSheet(array("characterID" => $row));
$name_char = mysqli_real_escape_string($con, $response_final->name);
$checkExistingCharacter = mysqli_query($con, "SELECT name FROM v_user_characters WHERE character_eve_idcharacter IN" . "(" . implode(",", $chars) . ")") or die(mysqli_error($con));
if (mysqli_num_rows($checkExistingCharacter) > 0) {
$duplicates = array();
while ($existing_characters = mysqli_fetch_array($checkExistingCharacter)) {
array_push($duplicates, $existing_characters['name']);
}
echo implode(" and ", $duplicates) . " already belong to another account.";
echo "<meta http-equiv='refresh' content='3;URL=register.php'>";
return;
} else {
$query_insert_character = mysqli_query($con, "replace INTO `trader`.`characters` " . "(`eve_idcharacter`, " . "`name`, " . "`balance`, " . "`api_apikey`," . "`networth`," . "`escrow`," . "`total_sell`," . "`broker_relations`," . "`accounting`) " . "VALUES " . "({$row}, " . "'{$name_char}', " . "'0', " . "'{$apikey_final}'," . "'0'," . "'0'," . "'0'," . "'0'," . "'0');") or die(mysqli_error($con));
}
}
//create aggregation between characters and account
foreach ($chars as $row2) {
$query_insert_aggr = mysqli_query($con, "INSERT INTO `trader`.`aggr` " . "(`idaggr`, " . "`user_iduser`, " . "`character_eve_idcharacter`) " . "VALUES " . "(NULL, " . "'{$last_id_user}', " . "'{$row2}');") or die(mysqli_error($con));
}
//check if everything is right before commit
if ($query_insert_user && $query_insert_apikey && $query_insert_character && $query_insert_aggr) {
mysqli_query($con, "COMMIT");
echo "Account created sucessfully" . "<br>" . "You may now login.";
echo "<br><br>";
$dt = new DateTime();
$tz = new DateTimeZone('Europe/Lisbon');
$dt->setTimezone($tz);
$datetime = $dt->format('Y-m-d H:i:s');
mysqli_query($con, "INSERT INTO `trader`.`log` (`idlog`, `user_iduser`, `type`, `datetime`) VALUES (NULL, '{$last_id_user}', 'register', '{$datetime}')") or die(mysqli_error($con));
redirect_login();
} else {
mysqli_query($con, "ROLLBACK");
echo "There was a problem creating your account. Try again.";
echo "<br>";
redirect_error();
}
}
}
}
}
}
} else {
//first send validation
if (!empty($_POST['Send'])) {
$username = mysqli_real_escape_string($con, $_POST['username']);
//password encryption
$password1 = $_POST['password'];
$password2 = $_POST['password2'];
$cost = 10;
// Create a random salt
//$password1 = mysqli_real_escape_string($con,md5($_POST['password']));
//$password2 = mysqli_real_escape_string($con,md5( $_POST['password2']));
if ($password1 == $password2) {
$pw_encr = $password1;
}
unset($_POST['password']);
$apikey = mysqli_real_escape_string($con, $_POST['api']);
$vcode = mysqli_real_escape_string($con, $_POST['vcode']);
$reports = mysqli_real_escape_string($con, $_POST['reports']);
$email = mysqli_real_escape_string($con, $_POST['email']);
/*$pheal = new Pheal('4458709', 'vR9VUNKD3hSHD9KJRbTOUnPDiRC1Rb87ETUEbKsaxa4c9gXCtiNDNCPwKvdrt0tu');
$result = $pheal->accountScope->APIKeyInfo();
foreach($result->key as $res) {echo $res->accessMask, $res->type;}
*/
//Using CURL to fetch API Access Mask
$curl_url = "https://api.eveonline.com/account/APIKeyInfo.xml.aspx?keyID=" . $apikey . "&vCode=" . $vcode;
// create curl resource
$ch = curl_init($curl_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
// $response contains the XML response string from the API call
$response = curl_exec($ch);
// If curl_exec() fails/throws an error, the function will return false
if ($response === false) {
// Could add some 404 headers here
echo 'Curl error: ' . curl_error($ch);
} else {
$apiInfo = new SimpleXMLElement($response);
try {
checkXML($apiInfo->result->key);
$accessMask = (int) $apiInfo->result->key->attributes()->accessMask;
} catch (Exception $e) {
echo 'Error: ' . $e->getMessage();
echo "<meta http-equiv='refresh' content='3;URL=register.php'>";
return;
}
}
// close curl resource to free up system resources
curl_close($ch);
//***********SERVER VALIDATION #1***************
//check if email is already taken
$check_email = mysqli_query($con, "SELECT email FROM user WHERE email = '{$email}'") or die(mysqli_error($con));
if (mysqli_num_rows($check_email) != 0) {
echo "Email is already taken";
redirect_error();
} else {
//check if access mask is correct
if ($accessMask != '82317323' && $accessMask != '1073741823') {
echo "Your access mask is " . $accessMask . " which has different permissions than requested. Please <a href = 'https://community.eveonline.com/support/api-key/CreatePredefined?accessMask=82317323' target='_blank'>create one here</a> with the correct permissions and <a href= 'register.php'>try again </a>.";
} else {
//check if passwords match
if ($password1 != $password2) {
echo "Your passwords must match.";
redirect_error();
} else {
//check if username is already taken
$check_username = mysqli_query($con, "SELECT username FROM user WHERE username = '******'") or die(mysqli_error($con));
if (mysqli_num_rows($check_username) != 0) {
echo "Username is already taken";
redirect_error();
} else {
//check if API KEY is valid
echo "<b>Choose which characters to import:</b><br>";
//get character List from API KEY using Pheal
$pheal = new Pheal($apikey, $vcode);
$result = $pheal->accountScope->APIKeyInfo();
$count = 0;
echo "<table border ='1'>";
echo "<form action = {$_SERVER['PHP_SELF']} method = 'POST' >";
foreach ($result->key->characters as $character) {
$count = $count + 1;
echo "<tr><td>" . $character->characterName . "</td><td>" . "<img src='https://image.eveonline.com/Character/" . $character->characterID . "_64.jpg'" . "</td><td>" . "<input type = 'checkbox' name = 'char{$count}' value = '{$character->characterID}'>" . "</td></tr>";
//there is a KEY HEADER BEFORE THE CHARACTERS ROWSET
}
echo "</table><br>";
//rest of the parameters
echo "<input type ='hidden' name='username' value='{$username}'>";
echo "<input type ='hidden' name='password' value='{$pw_encr}'>";
echo "<input type ='hidden' name='api' value='{$apikey}'>";
echo "<input type ='hidden' name='vcode' value='{$vcode}'>";
echo "<input type ='hidden' name='reports' value='{$reports}'>";
echo "<input type ='hidden' name='email' value='{$email}'>";
echo "<input type ='Submit' name='Send_2' value ='Send' class='btn btn-lg btn-success btn-block' />";
echo "</form>";
}
}
}
}
} else {
register_form();
}
}
}
<div class="left">
<div class="title">Register</div>
<?php
echo register_form();
?>
</div>
<div class="right">
<div style="margin: 0 auto; text-align: center; width: 90%;">
<div class="ul-tit" style="margin: 0 0 30px 0;">Already have an account?
<a href="<?php
echo tlink('user/login');
?>
" class="btn">Login here</a>
</div>
<div class="social_share">
<?php
if (facebook_login()) {
?>
<a href="<?php
echo tlink('plugin/facebook_login.html');
?>
" class="facebook" style="width: 100%;">Login with Facebook</a>
<?php
}
