include_once("shared/Database.php");include_once("shared/SRPConstants.php");

1. include_once("shared/Database.php");
2. include_once("shared/SRPConstants.php");
3. include_once("shared/SRP.php");
4.  
5. define(SRP_PRIME_SIZE, "8192");
6.  
7. $dbh = new Database();
8.  
9. $username = $_REQUEST["username"];
10. $password = $_REQUEST["password"];
11. $email = $_REQUEST["email"];
12.  
13. $escapedUsername = mysql_real_escape_string($username);
14.  
15. $result = $dbh->query('SELECT * FROM users WHERE username= ' . $escapedUsername);
16.  
17. if (!$result)
18. {
19.   print ("<h1>Database Error</h1><p>Could not retrieve data.</p>");
20. }
21. else
22. {
23.   $rows = mysql_num_rows($result);
24.   if ($rows > 0)
25.   {
26.     print ("<h1>Username in Use</h1><p>Could not create the account because the username is already in use.</p>");
27.   }
28.   else
29.   {
30.     $salt = SRP_Gen_Salt();
31.     $g = SRP_Get_Default_g(SRP_PRIME_SIZE);
32.     $N = SRP_Get_Default_N(SRP_PRIME_SIZE);
33.     $x = SRP_Calc_x($salt, $username, $password);
34.     $v = SRP_Calc_v($x, $g, $N);
35.    
36.     $binS = hex2bytes(gmp_strval($salt, 16));
37.     $binV = hex2bytes(gmp_strval($v   , 16));
38.    
39.     $escapedSalt     = mysql_real_escape_string($binS);
40.     $escapedVerifier = mysql_real_escape_string($binV);
41.     $escapedEmail    = mysql_real_escape_string($email);
42.    
43.     $dbh->query("INSERT INTO users VALUES (NULL".
44.                                          ",\"".$escapedUsername."\"".
45.                                          ",\"".$escapedSalt."\"".
46.                                          ",\"".$escapedVerifier."\")");
47.     print ("<h1>Congratulations</h1><p>Your account has been created.</p>");
48.   }
49. }