function custom_register() { // Validate du lieu nhap vao if (isset($_POST['submit'])) { register_validate($_POST['username'], $_POST['password'], $_POST['email']); } // Xu ly du lieu truoc khi nhap vao global $username, $password, $email; $username = sanitize_user($_POST['username']); $password = esc_attr($_POST['password']); $email = sanitize_email($_POST['email']); // Xu ly dang ky register_complete($username, $password, $email); // Hien thi form dang ky register_form($username, $password, $email); }
function register() { global $db, $fullsite, $cla_cid, $cla_nid, $cla_site; $register_success = false; $email = __post('email'); $password = __post('password'); $re_password = __post('re_password'); $full_name = __post('full_name'); $province_id = __post('province_id'); $hospital_id = __post('hospital_id'); $hospital_name = __post('hospital_name'); $department_id = __post('department_id'); if ($password == $re_password && $email != '' && $full_name != '') { $user_info = get_user_info($email); if (is_array($user_info)) { $msg = "Email đã tồn tại. Vui lòng kiểm tra lại thông tin."; } else { if ($hospital_id == 0 && $hospital_name != '') { $sSQLHospital = "insert into ntk_hospital (province_id,name,`status`,`order`) \n\t\t\t\t\tvalues(" . $province_id . ",N'" . $hospital_name . "',1,1000) "; $result = $db->query($sSQLHospital, true, "Query failed"); $sSQLHospitalId = "select * from ntk_hospital where name = N'" . $hospital_name . "' order by id desc limit 0,1 "; $result = $db->query($sSQLHospitalId, true, "Query failed"); if ($aRHospital = $db->fetchByAssoc($result)) { $hospital_id = (int) $aRHospital['id']; } } $password = md5($password); $sql = " insert into ntk_users(email,password,full_name,province_id,department_id,hospital_id)\n\t\t\t\t\tvalues('" . $email . "','" . $password . "',N'" . $full_name . "'," . (int) $province_id . "," . (int) $department_id . "," . (int) $hospital_id . ")\n\t\t\t\t"; $result = $db->query($sql, true, "Query failed"); $user_info = get_user_info($email); if (is_array($user_info)) { $msg = "Đăng ký thành công."; $_SESSION[_PLATFORM_]['is_login'] = true; $_SESSION[_PLATFORM_]['USER_INFO'] = $user_info; $register_success = true; } } } else { $msg = "Đăng ký không thành công. Vui lòng kiểm tra lại thông tin."; } register_form($msg, $register_success); }
} else { event_log_log('classic_reg_form_sign_up'); /* Input from user is OK, create rows in required tables */ $query = 'INSERT INTO login(username, password, regtimestamp, regip, lastlogon) '; $query .= 'VALUES ("' . $_POST['username'] . '", "' . md5(utf8_decode($_POST['password'])) . '", "'; $query .= time() . '", "' . $_SERVER['REMOTE_ADDR'] . '", "")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); $user_id = mysql_insert_id(); $query = 'INSERT INTO userinfo (userid) VALUES ("' . $user_id . '")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); $query = 'INSERT INTO traffa (userid) VALUES ("' . $user_id . '")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); $query = 'INSERT INTO preferences (userid) VALUES ("' . $user_id . '")'; mysql_query($query) or die(report_sql_error($query, __FILE__, __LINE__)); /* Rows created, log on the user */ login_dologin($_POST['username'], $_POST['password']); /* Redirect to welcome page asking the user for more information */ jscript_alert('Du kan numera känna dig som en riktig Hamsterpajare!\\nVi loggar in dig på ditt konto nu.'); jscript_location('/registered.php'); } } else { regform_header_p13(); regform_header_welcome(); register_form(); event_log_log('classic_reg_form_load'); } ui_bottom(); ?>
function register() { global $db, $fullsite, $cla_cid, $cla_nid, $cla_site; $register_success = false; $email = __post('email'); $password = __post('password'); $re_password = __post('re_password'); $full_name = __post('full_name'); $province_id = __post('province_id'); $hospital_id = __post('hospital_id'); $department_id = __post('department_id'); if ($password == $re_password && $email != '' && $full_name != '') { $user_info = get_user_info($email); if (is_array($user_info)) { $msg = "Email đã tồn tại. Vui lòng kiểm tra lại thông tin."; } else { $password = md5($password); $sql = " insert into ntk_users(email,password,full_name,province_id,department_id,hospital_id)\n\t\t\t\t\tvalues('" . $email . "','" . $password . "',N'" . $full_name . "'," . (int) $province_id . "," . (int) $department_id . "," . (int) $hospital_id . ")\n\t\t\t\t"; $result = $db->query($sql, true, "Query failed"); $user_info = get_user_info($email); if (is_array($user_info)) { $msg = "Đăng ký thành công."; $_SESSION[_PLATFORM_]['is_login'] = true; $_SESSION[_PLATFORM_]['USER_INFO'] = $user_info; $register_success = true; } } } else { $msg = "Đăng ký không thành công. Vui lòng kiểm tra lại thông tin."; } register_form($msg, $register_success); }
function register_val($con) { //require_once('includes/bootstrapper.php'); //require_once('includes/connect.php'); //second send validation if (!empty($_POST['Send_2'])) { $username_final = mysqli_real_escape_string($con, $_POST['username']); $password_final = mysqli_real_escape_string($con, $_POST['password']); $apikey_final = mysqli_real_escape_string($con, $_POST['api']); $vcode_final = mysqli_real_escape_string($con, $_POST['vcode']); $email_final = mysqli_real_escape_string($con, $_POST['email']); $reports_final = mysqli_real_escape_string($con, $_POST['reports']); $dt = new DateTime(); $tz = new DateTimeZone('Europe/Lisbon'); $dt->setTimezone($tz); $datetime = $dt->format('Y-m-d H:i:s'); $chars = array(); if (isset($_POST['char1'])) { $char1 = $_POST['char1']; array_push($chars, $char1); } else { $char1 = ""; } if (isset($_POST['char2'])) { $char2 = $_POST['char2']; array_push($chars, $char2); } else { $char2 = ""; } if (isset($_POST['char3'])) { $char3 = $_POST['char3']; array_push($chars, $char3); } else { $char3 = ""; } //$chars = array($char1,$char2,$char3); //FINAL SERVER VALIDATION #2 (just in case someone sneaks in HTML5) if (strlen($username_final) < 5 || $username_final == "") { echo "Username is too short (5 characters minimum)"; failed_validation_2(); } else { if ($password_final == "") { echo "Input a proper password"; failed_validation_2(); } else { if (!filter_var($email_final, FILTER_VALIDATE_EMAIL)) { echo "Wrong email format."; failed_validation_2(); } else { if (!in_array($reports_final, array('none', 'daily', 'weekly', 'monthly'))) { echo "Invalid report type selection"; failed_validation_2(); } else { //check if characters belong to API KEY by intersecting both arrays $pheal2 = new Pheal($apikey_final, $vcode_final); $chars_api = array(); $chars_name = array(); $empty = array(); $result2 = $pheal2->accountScope->APIKeyInfo(); foreach ($result2->key->characters as $character) { array_push($chars_api, $character->characterID); array_push($chars_name, $character->characterName); } if (array_intersect(array_diff($chars, $chars_api), $chars_api) != $empty) { echo "Character does not belong to account"; failed_validation_2(); } else { $cost = 10; //Before creating the account, let's securely hash the password: $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.'); // Prefix information about the hash so PHP knows how to verify it later. // "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter. $salt = sprintf("\$2a\$%02d\$", $cost) . $salt; // Hash the password with the salt $password_final = crypt($password_final, $salt); //Everything is validated, prepare SQL transaction mysqli_query($con, "START TRANSACTION"); $query_insert_user = $con->prepare("INSERT INTO `trader`.`user` (" . "`iduser`, " . "`username`, " . "`registration_date`, " . "`password`, " . "`reports`, " . "`email`, `salt`, `login_count`) " . "VALUES (" . "NULL, " . "?, " . "?, " . "?, " . "?, " . "?, ?, ?);"); $zero = 0; $query_insert_user->bind_param("ssssssi", $username_final, $datetime, $password_final, $reports_final, $email_final, $salt, $zero); //ss stands for 2 strings $query_insert_user->execute(); $last_id_user = mysqli_insert_id($con); //Insert ignore because api key may already exist $query_insert_apikey = mysqli_query($con, "insert ignore into `trader`.`api` (`apikey`, `vcode`) " . "VALUES " . "('{$apikey_final}', " . "'{$vcode_final}');") or die(mysqli_error($con)); // print_r($chars); $pheal3 = new Pheal($apikey_final, $vcode_final, "char"); foreach ($chars as $row) { //echo $row; $response_final = $pheal3->CharacterSheet(array("characterID" => $row)); $name_char = mysqli_real_escape_string($con, $response_final->name); $checkExistingCharacter = mysqli_query($con, "SELECT name FROM v_user_characters WHERE character_eve_idcharacter IN" . "(" . implode(",", $chars) . ")") or die(mysqli_error($con)); if (mysqli_num_rows($checkExistingCharacter) > 0) { $duplicates = array(); while ($existing_characters = mysqli_fetch_array($checkExistingCharacter)) { array_push($duplicates, $existing_characters['name']); } echo implode(" and ", $duplicates) . " already belong to another account."; echo "<meta http-equiv='refresh' content='3;URL=register.php'>"; return; } else { $query_insert_character = mysqli_query($con, "replace INTO `trader`.`characters` " . "(`eve_idcharacter`, " . "`name`, " . "`balance`, " . "`api_apikey`," . "`networth`," . "`escrow`," . "`total_sell`," . "`broker_relations`," . "`accounting`) " . "VALUES " . "({$row}, " . "'{$name_char}', " . "'0', " . "'{$apikey_final}'," . "'0'," . "'0'," . "'0'," . "'0'," . "'0');") or die(mysqli_error($con)); } } //create aggregation between characters and account foreach ($chars as $row2) { $query_insert_aggr = mysqli_query($con, "INSERT INTO `trader`.`aggr` " . "(`idaggr`, " . "`user_iduser`, " . "`character_eve_idcharacter`) " . "VALUES " . "(NULL, " . "'{$last_id_user}', " . "'{$row2}');") or die(mysqli_error($con)); } //check if everything is right before commit if ($query_insert_user && $query_insert_apikey && $query_insert_character && $query_insert_aggr) { mysqli_query($con, "COMMIT"); echo "Account created sucessfully" . "<br>" . "You may now login."; echo "<br><br>"; $dt = new DateTime(); $tz = new DateTimeZone('Europe/Lisbon'); $dt->setTimezone($tz); $datetime = $dt->format('Y-m-d H:i:s'); mysqli_query($con, "INSERT INTO `trader`.`log` (`idlog`, `user_iduser`, `type`, `datetime`) VALUES (NULL, '{$last_id_user}', 'register', '{$datetime}')") or die(mysqli_error($con)); redirect_login(); } else { mysqli_query($con, "ROLLBACK"); echo "There was a problem creating your account. Try again."; echo "<br>"; redirect_error(); } } } } } } } else { //first send validation if (!empty($_POST['Send'])) { $username = mysqli_real_escape_string($con, $_POST['username']); //password encryption $password1 = $_POST['password']; $password2 = $_POST['password2']; $cost = 10; // Create a random salt //$password1 = mysqli_real_escape_string($con,md5($_POST['password'])); //$password2 = mysqli_real_escape_string($con,md5( $_POST['password2'])); if ($password1 == $password2) { $pw_encr = $password1; } unset($_POST['password']); $apikey = mysqli_real_escape_string($con, $_POST['api']); $vcode = mysqli_real_escape_string($con, $_POST['vcode']); $reports = mysqli_real_escape_string($con, $_POST['reports']); $email = mysqli_real_escape_string($con, $_POST['email']); /*$pheal = new Pheal('4458709', 'vR9VUNKD3hSHD9KJRbTOUnPDiRC1Rb87ETUEbKsaxa4c9gXCtiNDNCPwKvdrt0tu'); $result = $pheal->accountScope->APIKeyInfo(); foreach($result->key as $res) {echo $res->accessMask, $res->type;} */ //Using CURL to fetch API Access Mask $curl_url = "https://api.eveonline.com/account/APIKeyInfo.xml.aspx?keyID=" . $apikey . "&vCode=" . $vcode; // create curl resource $ch = curl_init($curl_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 0); // $response contains the XML response string from the API call $response = curl_exec($ch); // If curl_exec() fails/throws an error, the function will return false if ($response === false) { // Could add some 404 headers here echo 'Curl error: ' . curl_error($ch); } else { $apiInfo = new SimpleXMLElement($response); try { checkXML($apiInfo->result->key); $accessMask = (int) $apiInfo->result->key->attributes()->accessMask; } catch (Exception $e) { echo 'Error: ' . $e->getMessage(); echo "<meta http-equiv='refresh' content='3;URL=register.php'>"; return; } } // close curl resource to free up system resources curl_close($ch); //***********SERVER VALIDATION #1*************** //check if email is already taken $check_email = mysqli_query($con, "SELECT email FROM user WHERE email = '{$email}'") or die(mysqli_error($con)); if (mysqli_num_rows($check_email) != 0) { echo "Email is already taken"; redirect_error(); } else { //check if access mask is correct if ($accessMask != '82317323' && $accessMask != '1073741823') { echo "Your access mask is " . $accessMask . " which has different permissions than requested. Please <a href = 'https://community.eveonline.com/support/api-key/CreatePredefined?accessMask=82317323' target='_blank'>create one here</a> with the correct permissions and <a href= 'register.php'>try again </a>."; } else { //check if passwords match if ($password1 != $password2) { echo "Your passwords must match."; redirect_error(); } else { //check if username is already taken $check_username = mysqli_query($con, "SELECT username FROM user WHERE username = '******'") or die(mysqli_error($con)); if (mysqli_num_rows($check_username) != 0) { echo "Username is already taken"; redirect_error(); } else { //check if API KEY is valid echo "<b>Choose which characters to import:</b><br>"; //get character List from API KEY using Pheal $pheal = new Pheal($apikey, $vcode); $result = $pheal->accountScope->APIKeyInfo(); $count = 0; echo "<table border ='1'>"; echo "<form action = {$_SERVER['PHP_SELF']} method = 'POST' >"; foreach ($result->key->characters as $character) { $count = $count + 1; echo "<tr><td>" . $character->characterName . "</td><td>" . "<img src='https://image.eveonline.com/Character/" . $character->characterID . "_64.jpg'" . "</td><td>" . "<input type = 'checkbox' name = 'char{$count}' value = '{$character->characterID}'>" . "</td></tr>"; //there is a KEY HEADER BEFORE THE CHARACTERS ROWSET } echo "</table><br>"; //rest of the parameters echo "<input type ='hidden' name='username' value='{$username}'>"; echo "<input type ='hidden' name='password' value='{$pw_encr}'>"; echo "<input type ='hidden' name='api' value='{$apikey}'>"; echo "<input type ='hidden' name='vcode' value='{$vcode}'>"; echo "<input type ='hidden' name='reports' value='{$reports}'>"; echo "<input type ='hidden' name='email' value='{$email}'>"; echo "<input type ='Submit' name='Send_2' value ='Send' class='btn btn-lg btn-success btn-block' />"; echo "</form>"; } } } } } else { register_form(); } } }
<div class="left"> <div class="title">Register</div> <?php echo register_form(); ?> </div> <div class="right"> <div style="margin: 0 auto; text-align: center; width: 90%;"> <div class="ul-tit" style="margin: 0 0 30px 0;">Already have an account? <a href="<?php echo tlink('user/login'); ?> " class="btn">Login here</a> </div> <div class="social_share"> <?php if (facebook_login()) { ?> <a href="<?php echo tlink('plugin/facebook_login.html'); ?> " class="facebook" style="width: 100%;">Login with Facebook</a> <?php }