function register_form() { global $LANG; if (\query\main::get_option('registrations') == 'opened') { $form = '<div class="register_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['register_form']) && \site\utils::check_csrf($_POST['register_form']['csrf'], 'register_csrf')) { $pd = \site\utils::validate_user_data($_POST['register_form']); try { $session = \user\main::register($pd); $form .= '<div class="success">' . $LANG['register_success'] . '</div>'; $form .= '<meta http-equiv="refresh" content="2; url=' . $GLOBALS['siteURL'] . '/setSession.php?session=' . $session . '">'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['register_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#"> <div class="form_field"><label for="register_form[username]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="register_form[username]" id="register_form[username]" value="' . (isset($pd['username']) ? $pd['username'] : '') . '" required /></div></div> <div class="form_field"><label for="register_form[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="register_form[email]" id="register_form[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div> <div class="form_field"><label for="register_form[password]">' . $LANG['form_password'] . ':</label> <div><input type="password" name="register_form[password]" id="register_form[password]" value="" required /></div></div> <div class="form_field"><label for="register_form[password2]">' . $LANG['form_password_again'] . ':</label> <div><input type="password" name="register_form[password2]" id="register_form[password2]" value="" required /></div></div> <input type="hidden" name="register_form[csrf]" value="' . $csrf . '" /> <button>' . $LANG['register'] . '</button> </form> </div>'; return $form; } else { return '<div class="info_form">' . $LANG['register_not_allowed'] . '</div>'; } }
<?php if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_register']) { $response = array(); $pd = \site\utils::validate_user_data($_POST['register']); try { $session = \user\main::register($pd); $response['state'] = 'success'; $response['message'] = $LANG['register_success']; $response['session'] = $GLOBALS['siteURL'] . '/setSession.php?session=' . $session; unset($_SESSION['csrf']['ajax_register']); } catch (Exception $e) { $response['state'] = 'error'; $response['message'] = $e->getMessage(); } echo json_encode($response); }