Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $code = md5(uniqid());
- if(!is_valid_request()
- # If the request validated, we can expect all these fields to exist
- # in $_POST, otherwise PHP would not reach this part of the condition:
- || !create_new_user($code, $_POST['username'], $_POST['email'], $_POST['pass'])
- ) {
- redirect('error_page.html'); # Redirect will exit.
- }
- # I removed the code to redirect to more specific error pages,
- # you might rather start a session and create an error message
- # to store in the session, and then print it on the error page,
- # or do the checks first in javascript, and then if a user ignores
- # them or disables JS, just fail with a generic
- # "Your request could not be processed" page.
- $message = "Your confirmation link \r\n";
- $message.= "Click on this link to activate your account \r\n";
- $message.= "MYWEBSITE.org/confirmation.php?passkey=$code";
- print $message;
- # =============================================================================
- # Below are all functions used above:
- # =============================================================================
- # This is not reusable, it really just does the check for this page
- # I put it into a function with a clear name so that it can be separate
- # from the actual action that the page will take on success:
- function is_valid_request() {
- $required = array('username', 'email', 'email2', 'pass', 'pass2');
- # The moment any one of these fails, PHP will stop checking and return false.
- return fields_are_present($required, $_POST)
- && ctype_alnum($_POST['username']) # Check for alphanumeric
- && $_POST['email'] === $_POST['email2'] # Check equals
- && $_POST['pass'] === $_POST['pass2'] # check equals
- && user_is_unique($_POST['username'], $_POST['email']);
- }
- # This is somewhat reusable, if we have another page to create a user on,
- # it can be done there as well, as long as getPDOInstance is also present
- # and working.
- function create_new_user($code, $username, $email, $password) {
- $db = getPDOInstance();
- $sql = 'INSERT INTO temp (code, username, email, password) VALUES (?, ?, ?, ?)';
- $stmt = $db->prepare($sql);
- try {
- $stmt->execute(array($code, $username, $email, $pass));
- } catch(\PDOException $e) {
- error_log($e->getMessage()); # assuming your error log is set up
- return false;
- }
- return true;
- }
- # This is basic, but reusable:
- function redirect($url) {
- header('Location: '. $url);
- exit('You are being redirected to: <a href="'.$url.'">'.$url.'</a>');
- }
- # Reusable, check of an array of keys (fields) are in another array:
- function fields_are_present(array $fields, array $array) {
- foreach($fields as $field) {
- if(empty($array[$field])) {
- return false;
- }
- }
- return true;
- }
- # Does the username already exist? You'd be better off just trying to insert
- # it and letting SQL give a non-unique error, but anyway, I'll just do the check
- # I don't usually do checks like this but I think this would work
- function user_is_unique($username, $email) {
- $db = getPDOInstance();
- $sql = 'SELECT id FROM users WHERE username = ? OR email = ? LIMIT 1'
- $stmt = $db->prepare($sql);
- $stmt->execute(array($username, email));
- $result = $db->fetchColumn();
- # We have a unique user if we got an empty result:
- return empty($result);
- }
- # Get a PDO instance based on made up parameters.
- # Once an instance exists, it is 'static' and will only be created once,
- # so every time you use this function, you will get the same connection
- # that was created the first time.
- function getPDOInstance() {
- static $instance;
- if(empty($instance)) {
- $config = include('config.php');
- $instance = new PDO($config['connection'], $config['user'], $config['pass']);
- $instance->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- }
- return $instance;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement