public static function register($email, $password1, $password2, $blid) { //if(!AccountManager::validUsername($username)) { // return [ // "message" => "Invalid username provided. You may only use up to 20 characters." // ]; //} if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { return ["message" => "Invalid e-mail address"]; } if ($password1 !== $password2) { return ["message" => "Your passwords do not match."]; } if (strlen($password1) < 4) { return ["message" => "Your password must be at least 4 characters"]; } $blid = trim($blid); if (!is_numeric($blid)) { return ["message" => "INVALID BL_ID"]; } $loginDetails1 = AccountManager::getLoginDetailsFromBLID($blid); $loginDetails2 = AccountManager::getLoginDetailsFromEmail($email); if ($loginDetails1) { return ["message" => "That BL_ID is already in use!"]; } else { if ($loginDetails2) { return ["message" => "That E-mail address is already in use."]; } } $database = new DatabaseManager(); //AccountManager::verifyTable($database); $intermediateSalt = md5(uniqid(rand(), true)); $salt = substr($intermediateSalt, 0, 6); $hash = hash("sha256", $password1 . $salt); //long if statement because oh well //I am assuming 'groups' is a json array, so by default it is "[]" if ($database->query("INSERT INTO users (password, salt, blid, email, groups, username) VALUES ('" . $database->sanitize($hash) . "', '" . $database->sanitize($salt) . "', '" . $database->sanitize($blid) . "', '" . $database->sanitize($email) . "', '" . $database->sanitize("[]") . "', '" . $database->sanitize("Blockhead" . $blid) . "')")) { //$_SESSION['justregistered'] = 1; //header("Location: " . $redirect); //I think this is the only way to do a redirect containing post information //echo("<!doctype html><head><meta charset=\"utf-8\"></head><body>"); //echo("<form class=\"hidden\" action=\"/login.php\" name=\"redirectForm\" method=\"post\">"); //echo("<input type=\"hidden\" name=\"redirect\" value=\"" . htmlspecialchars($redirect) . "\">"); //echo("<input type=\"hidden\" name=\"justregistered\" value=\"1\">"); //echo("<input type=\"submit\" value=\"Click here if your browser does not automatically redirect you\">"); //echo("</form>"); //echo("<script language=\"JavaScript\">document.redirectForm.submit();</script>"); //echo("</body></html>"); //die(); return ["redirect" => "/login.php"]; } else { throw new Exception("Error adding new user into databse: " . $database->error()); } }