daily pastebin goal
81%
SHARE
TWEET

Untitled

a guest Jan 24th, 2019 109 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. $CurrentVersionHash="asd123";
  3. $CurrentVersion="alpha1";
  4. $CurrentHash="asd123";
  5. $serial_length="10";
  6. $memory_cost="31250";
  7. $time_cost="10";
  8. $threads="1";
  9. require 'mail.php';
  10.  
  11. if ( ! empty( $_POST ) ) // Check if Post is not empty
  12. {
  13.     $hash = $_POST['exe'];
  14.     $pw = $_POST['pass'];
  15.     $user = $_POST['name'];
  16.     $version = $_POST['ver'];
  17.     $email = $_POST['mail'];
  18.     $confirm = $_POST['pass2'];
  19.     $serial = $_POST['key'];
  20.     if ( empty($hash) or empty($version))
  21.         return;
  22.     if ( $hash<>$CurrentHash) // Check if file Hash is valid
  23.     {
  24.         if ( $version<>$CurrentVersionHash ) // Check if it's because it's outdated
  25.         {
  26.             echo "Old exe";
  27.         }
  28.         else
  29.         {
  30.             echo "Exe not valid";
  31.         }
  32.         return;
  33.     }
  34.     // Checking if there is any problem in the format
  35.     if ( (empty( $user )) or ( strlen( $user ) < 6 ) or ( strlen( $user ) > 254 ) or ( ! ctype_alnum ( $user )) )
  36.     {
  37.         echo "Error";
  38.         return;
  39.     }
  40.     if ( (empty( $pw)) or (strlen($pw) < 10) or (strlen($pw) > 254) or (! preg_match("#[0-9]+#", $pw)) or ( !preg_match("#[a-z]+#", $pw )) or ( !preg_match("#[A-Z]+#", $pw )) )
  41.     {
  42.         echo "Error";
  43.         return;
  44.     }
  45.     if ( $pw != $confirm  or empty( $confirm ) )
  46.     {
  47.         echo "Error";
  48.         return;
  49.     }
  50.     if (( empty( $email )) or ( ! filter_var($email, FILTER_VALIDATE_EMAIL)) or (strlen($email) > 254) )
  51.     {
  52.         echo "Error";
  53.         return;
  54.     }
  55.     if ( ( empty( $serial ) ) or ( strlen( $serial ) <> $serial_length ) )
  56.     {
  57.         echo "Error";
  58.         return;
  59.     }
  60.     // Check if Serial exists and is not already taken
  61.     $con = new mysqli($host, $username, $password, $database);
  62.     $stmt = $con->prepare("SELECT * FROM acc WHERE serial=?");
  63.     $stmt->bind_param('s', $serial);
  64.     $stmt->execute();
  65.     $result = $stmt->get_result();
  66.     $num_of_rows = $result->num_rows;
  67.     $result = $result->fetch_array();
  68.     // If Serial doesn't exist or is already taken
  69.     if ( ($num_of_rows==0) or ( ! empty( $result['username'] )) )
  70.     {
  71.         echo "Invalid Serial";
  72.         $error=1;
  73.     }
  74.     $stmt = $con->prepare("SELECT * FROM verify WHERE serial=?");
  75.     $stmt->bind_param('s', $serial);
  76.     $stmt->execute();
  77.     $result = $stmt->get_result();
  78.     $num_of_rows = $result->num_rows;
  79.     $result = $result->fetch_array();
  80.     // If Serial is on verify DB (means that someone already registered using it)
  81.     if ( ($num_of_rows<>0) and ($error<>1) )
  82.     {
  83.         echo "Invalid Serial";
  84.         $error=1;
  85.     }
  86.     if ($error<>1)
  87.     {
  88.         // Check if Username or E-mail is not already taken
  89.         $stmt = $con->prepare("SELECT * FROM acc WHERE username= ? OR email= ? LIMIT 1");
  90.         $stmt->bind_param('ss', $user, $email);
  91.         $stmt->execute();
  92.         $result = $stmt->get_result();
  93.         $num_of_rows = $result->num_rows;
  94.         $result = $result->fetch_array();
  95.         $stmt = $con->prepare("SELECT * FROM verify WHERE username= ? OR email= ? LIMIT 1");
  96.         $stmt->bind_param('ss', $user, $email);
  97.         $stmt->execute();
  98.         $result2 = $stmt->get_result();
  99.         $num_of_rows2 = $result2->num_rows;
  100.         $result2 = $result2->fetch_array();
  101.         if ( ($num_of_rows) or ($num_of_rows2) ) // If user or email already exists on verify and acc DB
  102.         {
  103.             if ( (strcasecmp($result['username'], $user) == 0) or (strcasecmp($result2['username'], $user) == 0) ) // If user already exists
  104.             {
  105.                 echo "Username in use";
  106.             }
  107.             else if ( (strcasecmp($result['email'], $email) == 0) or (strcasecmp($result2['email'], $email) == 0) )// If e-mail is already taken
  108.             {
  109.                 echo "Email in use";
  110.             }
  111.         }
  112.         else
  113.         {
  114.             // Do registration
  115.             $password = password_hash( $pw, PASSWORD_ARGON2ID, [
  116.                     'memory_cost' => $memory_cost,
  117.                     'time_cost'   => $time_cost,
  118.                     'threads'     => $threads,
  119.             ]);
  120.             $rand_id = random_int(-10000, 10000);
  121.             $rand_secret = random_str(32);
  122.             $stmt = $con->prepare("INSERT INTO verify (username, password, email, serial, rand_id, rand_secret) VALUES (?,?,?,?,?,?)");
  123.             $stmt->bind_param('ssssss', $user, $password, $email, $serial, $rand_id, $rand_secret);
  124.             $stmt->execute();
  125.             $confirmation_code = hash_hmac('sha256', $rand_id, $rand_secret);
  126.             $variables = array();
  127.             $variables['User'] = $user;
  128.             $variables['Serial'] = $serial;
  129.             $variables['Code'] = $confirmation_code;
  130.             $template = file_get_contents("template2.html");
  131.             foreach($variables as $key => $value)
  132.             {
  133.                 $template = str_replace('{{ '.$key.' }}', $value, $template);
  134.             }
  135.             $mail->addAddress($email, $user);
  136.             $mail->msgHTML($template, __DIR__);
  137.             $mail->AltBody = "You can activate your account here: www.mysite.com/activate.php?id=$serial&conf=$confirmation_code";
  138.             if (!$mail->send())
  139.             {
  140.                 echo 'error, mail not delivered';
  141.             }
  142.             else
  143.             {
  144.                 echo "Registration OK! mail sent";
  145.             }
  146.         }
  147.     }
  148.     $stmt->close();
  149.     $con->close();
  150.     return;
  151. }
  152.  
  153. function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
  154. {
  155.     $pieces = [];
  156.     $max = mb_strlen($keyspace, '8bit') - 1;
  157.     for ($i = 0; $i < $length; ++$i) {
  158.         $pieces []= $keyspace[random_int(0, $max)];
  159.     }
  160.     return implode('', $pieces);
  161. }
  162. ?>
  163.    
  164. <?php
  165. if ( ! empty( $_GET ) )
  166. {
  167.     if ( isset($_GET['id']) and isset($_GET['conf']) )
  168.     {
  169.         $key=$_GET['id'];
  170.         $code=$_GET['conf'];
  171.         $con = new mysqli($host, $username, $password, $database);
  172.         $stmt = $con->prepare("SELECT * FROM verify WHERE serial=?");
  173.         $stmt->bind_param('s', $key);
  174.         $stmt->execute();
  175.         $result = $stmt->get_result();
  176.         $num_of_rows = $result->num_rows;
  177.         $result = $result->fetch_array();
  178.         // If Serial doesn't exist or is already taken
  179.         if ( ($num_of_rows==0) or ( empty( $result['username'] )) or ( empty( $result['rand_id'] )) or ( empty( $result['rand_secret'] )) )
  180.         {
  181.             $error=1;
  182.             echo "Invalid code";
  183.         }
  184.         if ( $error<>1 )
  185.         {
  186.             $rand_id = $result['rand_id'];
  187.             $rand_secret = $result['rand_secret'];
  188.             $confirmation_code = hash_hmac('sha256', $rand_id, $rand_secret);
  189.             if ($confirmation_code == $code)
  190.             {
  191.                 $user=$result['username'];
  192.                 $password=$result['password'];
  193.                 $email=$result['email'];
  194.                 $stmt = $con->prepare("UPDATE accounts SET username = ?, password = ?, email = ? WHERE Serial = ?");
  195.                 $stmt->bind_param('ssss', $user, $password, $email, $key);
  196.                 $stmt->execute();
  197.                 $stmt = $con->prepare("DELETE from verify WHERE serial = ?");
  198.                 $stmt->bind_param('s', $key);
  199.                 $stmt->execute();
  200.                 echo "Account activated";
  201.             }
  202.             else
  203.             {
  204.                 $error=1;
  205.                 echo "Invalid code";
  206.             }
  207.         }
  208.         $stmt->close();
  209.         $con->close();
  210.         return;
  211.     }
  212. }
  213.  
  214. function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
  215. {
  216.     $pieces = [];
  217.     $max = mb_strlen($keyspace, '8bit') - 1;
  218.     for ($i = 0; $i < $length; ++$i) {
  219.         $pieces []= $keyspace[random_int(0, $max)];
  220.     }
  221.     return implode('', $pieces);
  222. }
  223. ?>
  224.    
  225. <?php
  226. use PHPMailerPHPMailerPHPMailer;
  227. require 'vendor/autoload.php';
  228. $mail = new PHPMailer;
  229. $mail->isSMTP();
  230. $mail->Host = 'smtphost';
  231. $mail->Port = port;
  232. $mail->SMTPAuth = true;
  233. $mail->Username = 'mymail';
  234. $mail->Password = 'mypassword';
  235. $mail->setFrom('mymail', 'myname');
  236. $mail->addReplyTo('mysupportmail', 'myname');
  237. $mail->AddEmbeddedImage('img/logo.png', 'mylogo');
  238. $mail->AddEmbeddedImage('img/gif.gif', 'mygif');
  239. $mail->Subject = "Activation for account";
  240. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top