function checkRequestUser($db, &$request, &$record, $operation, &$roles) { // Generated fields list($record["firstName"], $record["lastName"], $record["saniValid"], $trash) = DataSanitizer::formatUserNames($record["firstName"], $record["lastName"]); if ($operation === "insert") { $record["salt"] = generateSalt(); $record["passwordMd5"] = computePasswordMD5($record["password"], $record["salt"]); } $roles[] = "generator"; if ($operation === "insert") { if (existingEmail($db, $record["officialEmail"], 0)) { $message = "Un compte existe déjà pour l'email " . $record["officialEmail"] . "."; echo json_encode(array("success" => false, "message" => $message)); error_log($message); return false; } if (existingEmail($db, $record["alternativeEmail"], 0)) { $message = "Un compte existe déjà pour l'email " . $record["alternativeEmail"] . "."; echo json_encode(array("success" => false, "message" => $message)); error_log($message); return false; } $record["registrationDate"] = date('Y-m-d H:i:s'); } if (!checkUser($record)) { error_log("checkUser false"); return false; } if (!$_SESSION["isAdmin"] && $operation === "update") { $record["ID"] = $_SESSION["userID"]; $user = getUser($db); if ($record["password"] != "") { $oldPasswordMd5 = computePasswordMD5($record["old_password"], $user->salt); if ($oldPasswordMd5 !== $user->passwordMd5) { echo json_encode(array("success" => false, "message" => "mot de passe invalide")); error_log("Invalid password"); return false; } $record["passwordMd5"] = computePasswordMD5($record["password"], $user->salt); } if ($record["alternativeEmail"] !== $user->alternativeEmail) { $record["alternativeEmailValidated"] = "0"; } } // Filters if (!$_SESSION["isAdmin"] && $operation === "update") { // Could/should we use a filter for this ? if ($record["officialEmail"] !== $user->officialEmail && $user->officialEmailValidated) { error_log("impossible de modifier un email officiel validé"); return false; } } return true; }
<?php $results = ""; if (isPostRequest()) { $email = filter_input(INPUT_POST, 'email'); $password = filter_input(INPUT_POST, 'password'); if (!existingEmail($email, "email", "users")) { if (createNewUser($email, $password)) { $results = "User Registered"; } else { $results = "Error, try again"; } } else { $results = 'User already exists. Sorry, please try again.'; } } ?> <h3>To register your account, please enter an email and password below</h3> <br /> <?php echo $results; ?> <div id="register"> <form method="post" action="#"> <input name="email" type="text" value="" placeholder="Email" class="form-control"/>
function validate_email($email_input) { //store and sanitize the input and remove white spaces at the //end and the beginning of it $email = filter_var($email_input, FILTER_SANITIZE_EMAIL); $errors = FALSE; //check if the email is valid if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors = TRUE; $error_messages[] = "please enter a valid email address"; } elseif (strpos($email, ',')) { $errors = TRUE; $error_messages[] = "please avoid character ','"; } elseif (existingEmail($email)) { $errors = TRUE; $error_messages[] = "you are already registered with an account"; } //returns the email or an error message if ($errors == TRUE) { return $error_messages; } else { return $email; } }