static function register_user($firstname, $lastname, $email, $password, $confirmpassword) { // registers a new user // if data is invalid the function throws exceptions if ($firstname == NULL) { throw new Exception('No_first_name_given'); } else { if ($lastname == NULL) { throw new Exception('No_last_name_given'); } else { if (!Validation::is_email($email)) { throw new Exception('Invalid_email_address'); } else { if (!Validation::is_password($password)) { throw new Exception('Invalid_password'); } else { if ($password != $confirmpassword) { throw new Exception('Different_passwords'); } else { if (!self::email_available($email)) { throw new Exception('Email_alreads_in_use'); } else { $salt = rand(0, 999999999); $password = sha1($salt . $password); unset($confirmpassword); $hash = sha1($salt . $email . $password); $reg_time = time(); global $con; $sql = "\n INSERT INTO `user` (`firstname`, `lastname`, `email`, `password`, `salt`, `reg_time`, `hash`)\n\t\t VALUES ('" . $firstname . "', '" . $lastname . "', '" . $email . "', '" . $password . "', " . $salt . ", " . $reg_time . ", '" . $hash . "');"; $query = mysqli_query($con, $sql); $user_id = mysqli_insert_id($con); // create settings table entry $sql = "INSERT INTO `user_settings` (`user`) VALUES (" . $user_id . ");"; $query = mysqli_query($con, $sql); // send email to registered user Mail::get_email_confirmation_mail($firstname, $email, $hash)->send(); // mail to admin $admin_mail = new Mail("*****@*****.**", Mail::DEFAULT_SENDER_EMAIL, null, "New user", "" . $firstname . " " . $lastname . " has just signed up on Abfrage3!"); $admin_mail->send(); return TRUE; } } } } } } }
$email = $_POST['email']; $password = $_POST['password']; $result = Database::check_login_data($email, $password); $id = Database::email2id($email); // correct combination if ($result == 1) { session_start(); $_SESSION['id'] = $id; Database::add_login($id, $_POST['stay-logged-in'] == 1); header("Location: /#/home"); exit; } else { if ($result == 2) { // correct combination but email not comfirmed yet $user = Database::get_user_by_id($id); $mail = Mail::get_email_confirmation_mail($user->firstname, $user->email, $user->hash); $mail->send(); header("Location: /?login_message=" . $l['Email_not_confirmed__'] . "&email=" . $user->email); exit; } else { if ($result == 0) { header("Location: /?login_message=" . $l['Password_wrong__'] . "&email=" . $email); exit; } else { if ($result == 3) { header("Location: /?login_message=" . $l['Email_invalid__']); exit; } } } }