API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 19th, 2016
88
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.28 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include_once 'secConSql.php';
  3.  
  4. $error_msg = "";
  5.  
  6.  
  7.  
  8. if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
  9. // Sanitize and validate the data passed in
  10. $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
  11. $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
  12. $email = filter_var($email, FILTER_VALIDATE_EMAIL);
  13. if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  14. // Not a valid email
  15. $error_msg .= '<p class="error">The email address you entered is not valid</p>';
  16. }
  17.  
  18. $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
  19. if (strlen($password) != 128) {
  20. // The hashed pwd should be 128 characters long.
  21. // If it's not, something really odd has happened
  22. $error_msg .= '<p class="error">Invalid password configuration.</p>';
  23. }
  24.  
  25. // Username validity and password validity have been checked client side.
  26. // This should should be adequate as nobody gains any advantage from
  27. // breaking these rules.
  28.  
  29. $prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
  30. $stmt = $mysqli->prepare($prep_stmt);
  31.  
  32. // check existing email
  33. if ($stmt) {
  34. $stmt->bind_param('s', $email);
  35. $stmt->execute();
  36. $stmt->store_result();
  37.  
  38. if ($stmt->num_rows == 1) {
  39. // A user with this email address already exists
  40. $error_msg .= '<p class="error">A user with this email address already exists.</p>';
  41. $stmt->close();
  42. }
  43. $stmt->close();
  44. } else {
  45. $error_msg .= '<p class="error">Database error Line 39</p>';
  46. $stmt->close();
  47. }
  48.  
  49. // check existing username
  50. $prep_stmt = "SELECT id FROM members WHERE username = ? LIMIT 1";
  51. $stmt = $mysqli->prepare($prep_stmt);
  52.  
  53. if ($stmt) {
  54. $stmt->bind_param('s', $username);
  55. $stmt->execute();
  56. $stmt->store_result();
  57.  
  58. if ($stmt->num_rows == 1) {
  59. // A user with this username already exists
  60. $error_msg .= '<p class="error">A user with this username already exists</p>';
  61. $stmt->close();
  62. }
  63. $stmt->close();
  64. } else {
  65. $error_msg .= '<p class="error">Database error line 55</p>';
  66. $stmt->close();
  67. }
  68.  
  69.  
  70. if (empty($error_msg)) {
  71. // Create a random salt
  72. //$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work
  73. $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
  74.  
  75. // Create salted password
  76. $password = hash('sha512', $password . $random_salt);
  77.  
  78. // Insert the new user into the database
  79. if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)")) {
  80. $insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
  81. // Execute the prepared query.
  82. if (! $insert_stmt->execute()) {
  83. header('Location: ../error.php?err=Registration failure: INSERT');
  84. }
  85. }
  86. header('Location: ./register_success.php');
  87. }
  88. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!