Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- include_once("shared/Database.php");
- include_once("shared/SRPConstants.php");
- include_once("shared/SRP.php");
- define(SRP_PRIME_SIZE, "8192");
- $dbh = new Database();
- $username = $_REQUEST["username"];
- $password = $_REQUEST["password"];
- $email = $_REQUEST["email"];
- $escapedUsername = mysql_real_escape_string($username);
- $result = $dbh->query('SELECT * FROM users WHERE username= ' . $escapedUsername);
- if (!$result)
- {
- print ("<h1>Database Error</h1><p>Could not retrieve data.</p>");
- }
- else
- {
- $rows = mysql_num_rows($result);
- if ($rows > 0)
- {
- print ("<h1>Username in Use</h1><p>Could not create the account because the username is already in use.</p>");
- }
- else
- {
- $salt = SRP_Gen_Salt();
- $g = SRP_Get_Default_g(SRP_PRIME_SIZE);
- $N = SRP_Get_Default_N(SRP_PRIME_SIZE);
- $x = SRP_Calc_x($salt, $username, $password);
- $v = SRP_Calc_v($x, $g, $N);
- $binS = hex2bytes(gmp_strval($salt, 16));
- $binV = hex2bytes(gmp_strval($v , 16));
- $escapedSalt = mysql_real_escape_string($binS);
- $escapedVerifier = mysql_real_escape_string($binV);
- $escapedEmail = mysql_real_escape_string($email);
- $dbh->query("INSERT INTO users VALUES (NULL".
- ",\"".$escapedUsername."\"".
- ",\"".$escapedSalt."\"".
- ",\"".$escapedVerifier."\")");
- print ("<h1>Congratulations</h1><p>Your account has been created.</p>");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement