API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 31st, 2018
362
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.37 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. ini_set('log_errors', 1);
  4. include ('header.php');
  5. require "PHPMailerAutoload.php";
  6.  
  7. ?>
  8.  
  9.  
  10.  
  11. <body>
  12.  
  13.  
  14.  
  15. <div id="header"><h2>Robin's Funny Forum</h2></div>
  16.  
  17.  
  18.  
  19. <div id="login">
  20.  
  21. <p>
  22.  
  23. <?php
  24.  
  25. // Welcome the user (by name if they are logged in).
  26.  
  27. echo '<h4>Welcome' ;
  28.  
  29. if (isset($_SESSION['first_name']))
  30. {
  31.  
  32.  
  33. echo $_SESSION['first_name'] ;
  34.  
  35. }
  36.  
  37.  
  38.  
  39. echo '</h4>';
  40.  
  41.  
  42. // Display links based upon the login status
  43.  
  44.  
  45.  
  46. if (isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) {
  47.  
  48.  
  49.  
  50. echo '<a href="logout.php">Logout</a><br />
  51. <a href="change_password.php">Change Password</a><br />';
  52.  
  53.  
  54.  
  55. } else { // Not logged in.
  56.  
  57.  
  58.  
  59. echo '<a href="mblogin.php">Login</a><br />
  60.  
  61.  
  62.  
  63. <a href="forgot_password.php">Forgot Password</a><br />';
  64.  
  65.  
  66.  
  67. }
  68.  
  69.  
  70.  
  71. ?>
  72.  
  73. </p>
  74.  
  75. </div>
  76.  
  77.  
  78. <div id="lypsum">
  79.  
  80. <?php
  81.  
  82. require_once("DBConfig.php");
  83.  
  84.  
  85.  
  86. if (isset($_POST['submitted'])) { // Handle the form.
  87.  
  88.  
  89.  
  90. // Check for a valid first name
  91.  
  92.  
  93.  
  94. if (preg_match ('%^[-_a-zA-Z ]{2,20}$%', stripslashes(trim($_POST['firstname'])))) {
  95.  
  96.  
  97. $fn = escape_data($_POST['firstname']);
  98.  
  99.  
  100. } else {
  101.  
  102.  
  103.  
  104. $ui = FALSE;
  105.  
  106.  
  107.  
  108. echo '<p><font color="red" size="+1">Please enter a valid first name!</font></p>';
  109.  
  110.  
  111.  
  112. }
  113.  
  114.  
  115.  
  116. // Check for a valid last name
  117.  
  118.  
  119.  
  120. if (preg_match ('%^[-_a-zA-Z ]{2,30}$%', stripslashes(trim($_POST['lastname'])))) {
  121.  
  122.  
  123.  
  124. $ln = escape_data($_POST['lastname']);
  125.  
  126.  
  127.  
  128.  
  129.  
  130. } else {
  131.  
  132.  
  133.  
  134. $ui = FALSE;
  135.  
  136.  
  137.  
  138. echo '<p><font color="red" size="+1">Please enter a valid last name!</font></p>';
  139.  
  140.  
  141.  
  142. }
  143.  
  144.  
  145.  
  146. // Check for an email address.
  147.  
  148.  
  149.  
  150. if (preg_match ('%^[A-Za-z0-9._\%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$%', stripslashes(trim($_POST['email'])))) {
  151.  
  152.  
  153.  
  154. $e = escape_data($_POST['email']);
  155.  
  156.  
  157.  
  158. } else {
  159.  
  160.  
  161.  
  162. $e = FALSE;
  163.  
  164.  
  165.  
  166. echo '<p><font color="red" size="+1">Please enter a valid email address!</font></p>';
  167.  
  168.  
  169.  
  170. }
  171.  
  172.  
  173.  
  174. // Check for a valid username
  175.  
  176.  
  177.  
  178. if (preg_match ('%\A(?=[-_a-zA-Z0-9]*?[A-Z])(?=[-_a-zA-Z0-9]*?[a-z])(?=[-_a-zA-Z0-9]*?[0-9])\S{8,}\z%', stripslashes(trim($_POST['userid'])))) {
  179.  
  180.  
  181.  
  182. $ui = escape_data($_POST['userid']);
  183.  
  184.  
  185.  
  186.  
  187.  
  188. } else {
  189.  
  190.  
  191.  
  192. $ui = FALSE;
  193.  
  194.  
  195.  
  196. echo '<p><font color="red" size="+1">Please enter a valid username!</font></p>';
  197.  
  198.  
  199.  
  200. }
  201.  
  202.  
  203.  
  204. // Check for a password and match against the confirmed password.
  205.  
  206.  
  207.  
  208. if (preg_match ('%\A(?=[-_a-zA-Z0-9]*?[A-Z])(?=[-_a-zA-Z0-9]*?[a-z])(?=[-_a-zA-Z0-9]*?[0-9])\S{8,}\z%', stripslashes(trim($_POST['password1']))))
  209. {
  210.  
  211.  
  212.  
  213. if (($_POST['password1'] == $_POST['password2']) && ($_POST['password1'] != $_POST['userid'])) {
  214.  
  215.  
  216.  
  217. $p = escape_data($_POST['password1']);
  218.  
  219.  
  220.  
  221. } elseif ($_POST['password1'] == $_POST['userid']) {
  222.  
  223. $p = FALSE;
  224.  
  225.  
  226.  
  227. echo '<p><font color="red" size="+1">Your password cannot be the same as the userid!</font></p>';
  228.  
  229. } else {
  230.  
  231. $p = FALSE;
  232.  
  233.  
  234.  
  235. echo '<p><font color="red" size="+1">Your password did not match the confirmed password!</font></p>';
  236.  
  237.  
  238.  
  239. }
  240.  
  241.  
  242.  
  243. } else
  244. {
  245.  
  246.  
  247.  
  248. $p = FALSE;
  249.  
  250.  
  251.  
  252. echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';
  253.  
  254.  
  255.  
  256. }
  257.  
  258. }
  259.  
  260.  
  261. if ($fn && $ln && $e && $p && $ui) { // If everything’s OK.
  262.  
  263.  
  264.  
  265. // Make sure the userid is available.
  266.  
  267.  
  268.  
  269. $query = "SELECT username FROM users WHERE username='$ui'";
  270.  
  271.  
  272. $result = mysqli_query ($dbc, $query) OR trigger_error("Sorry there is an account assigned to that userid");
  273.  
  274.  
  275.  
  276. if (mysqli_num_rows($result) == 0) { // Available.
  277.  
  278.  
  279.  
  280. // Create the activation code.
  281.  
  282. // Create a random number with rand.
  283.  
  284. // Use it as a seed for uniqid, which when set to true generates a random number 23 digits in length
  285.  
  286. // Use it to seed md5 that creates a random string 32 characters in length
  287.  
  288.  
  289.  
  290. $a = md5(uniqid(rand(), true));
  291.  
  292.  
  293.  
  294. // Add the user. By entering values in a different order from the form sql injection can be limited
  295.  
  296.  
  297.  
  298. $query = "INSERT INTO users (first_name, last_name, email, password, active, username) VALUES ('$fn', '$ln', '$e', SHA('$p'), '$a', '$ui')";
  299.  
  300.  
  301.  
  302. // By using mysql_query I can make sure only one query is submitted blocking sql injection
  303.  
  304. // Never use the php multi_query function
  305.  
  306. $result = mysqli_query ($dbc, $query) or trigger_error("Sorry an error occurred and the account could not be created");
  307.  
  308.  
  309.  
  310. // Check that the effected rows was equal to 1 in the last query. Should log if greater than
  311.  
  312. if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
  313.  
  314.  
  315.  
  316. // Send the email.
  317.  
  318.  
  319.  
  320. $body = "Thank you for registering. To activate your account, please click on this link: " ;
  321.  
  322. // mysql_insert_id() retrieves the value of the last auto_incremented id
  323.  
  324. // Attach the random activation code in the link sent to the email
  325.  
  326.  
  327. $body .= "http://localhost/9/mbactivate.php?x=" . mysqli_insert_id($dbc) . "&y=$a";
  328.  
  329.  
  330. //Setup SMTP mail server
  331.  
  332. $mail = new PHPMailer;
  333.  
  334. $mail->IsSMTP();
  335. $mail->Host = 'smtp.gmail.com';
  336. $mail->Port = 465;
  337. $mail->SMTPAuth = true;
  338. $mail->Username = 'andblom.robin@gmail.com';
  339. $mail->Password = 'Dettaarnytt0';
  340. $mail->SMTPSecure = 'ssl';
  341.  
  342.  
  343. $mail->Subject = "Robin's Funny Forum - Activation";
  344. $mail->Body = $body;
  345. $mail->addAddress($_POST['email']);
  346.  
  347. //Mail activation link
  348.  
  349. if(!$mail->send())
  350. {
  351. echo "Mailer Error: " . $mail->ErrorInfo;
  352. }
  353.  
  354. // Finish the page.
  355.  
  356. echo '<br /><br />Thank you for registering! A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.';
  357. exit();
  358.  
  359.  
  360. } else { // If it did not run OK.
  361.  
  362.  
  363.  
  364. echo '<p><font color="red" size="+1">You could not be registered due to a system error. We apologize for any inconvenience.</font></p>';
  365.  
  366.  
  367.  
  368. }
  369.  
  370.  
  371.  
  372. } else { // The email address is not available.
  373.  
  374.  
  375.  
  376. echo '<p><font color="red" size="+1">That email address has already been registered. If you have forgotten your password, use the link to have your password sent to you.</font></p>';
  377.  
  378.  
  379.  
  380. }
  381.  
  382.  
  383.  
  384.  
  385.  
  386. }
  387.  
  388.  
  389.  
  390. // mysql_close(); // Close the database connection.
  391.  
  392. // End of the main Submit conditional.
  393.  
  394. ?>
  395.  
  396.  
  397.  
  398.  
  399. <h2>Register</h2>
  400.  
  401.  
  402.  
  403. <form action="mbregister.php" method="post">
  404.  
  405.  
  406.  
  407. <fieldset>
  408.  
  409.  
  410.  
  411. <p><b>First Name:</b> <input type="text" name="firstname" size="20" maxlength="20" value="<?php if (isset($_POST['firstname'])) echo $_POST['firstname']; ?>" /> </p>
  412.  
  413.  
  414.  
  415. <p><b>Last Name:</b> <input type="text" name="lastname" size="30" maxlength="30" value="<?php if (isset($_POST['lastname'])) echo $_POST['lastname']; ?>" /> </p>
  416.  
  417.  
  418.  
  419. <p><b>Email:</b> <input type="text" name="email" size="40" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /> </p>
  420.  
  421.  
  422.  
  423. <p><b>Username:</b> <input type="text" name="userid" size="20" maxlength="20" /> <small>Must contain a letter of both cases, a number and a minimum length of 8 characters.</small></p>
  424.  
  425.  
  426.  
  427. <p><b>Password:</b> <input type="password" name="password1" size="20" maxlength="20" /> <small>Must contain a letter of both cases, a number and a minimum length of 8 characters.</small></p>
  428.  
  429.  
  430.  
  431. <p><b>Confirm Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p>
  432.  
  433.  
  434. </fieldset>
  435.  
  436.  
  437. <br /><br />
  438.  
  439. <div align="center"><input type="submit" name="submit" value="Register" /></div>
  440.  
  441.  
  442.  
  443. <input type="hidden" name="submitted" value="TRUE" />
  444.  
  445.  
  446.  
  447. </form>
  448.  
  449.  
  450.  
  451. </div>
  452.  
  453.  
  454.  
  455. <div id="footer"><h2></h2></div>
  456.  
  457.  
  458.  
  459. </body>
  460.  
  461.  
  462.  
  463. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!