registro.php

1. <?php
2. /**
3.  * Hola
4.  */
5.  
6. $connection = [
7.     'host'       => '',
8.     'username'   => '',
9.     'password'   => '',
10.     'database'   => ''
11. ];
12. // HOW CAN I RESIST YOU
13.  
14. list($host, $username, $password, $database) = $connection;
15.  
16. $mysqli = new mysqli($host, $username, $password, $database);
17.  
18. if ($mysqli->error) {
19.     exit; // how do I handle this
20. }
21.  
22. /*
23. 700 = user taken
24. 710 = 5 accounts on email
25. 600 = custom ban message
26. */
27.  
28. $get_val = function ($val) use ($mysqli)
29. {
30.     if (! isset($_POST[$val])) {
31.         return '';
32.     }
33.     $val = $_POST[$val];
34.     $val = trim($val);
35.     return $val;
36. };
37.  
38. $username  = $get_val('n');
39. $password  = $get_val('p');
40. $email     = $get_val('email');
41.  
42. if ($_SERVER['HTTP_REFERER'] === 'http://clubpenguin.io/penguin/chat.swf') {
43.     exit('e=600');
44. }
45.  
46. if ( ! ($username && $password && $email)) { // empty?
47.     exit('e=28');
48. }
49.  
50. if (! preg_match('/^[a-z0-9]{3-14}$/', $username)) {
51.     exit('e=600');
52. }
53.  
54. if (! filter_var($email, FILTER_VALIDATE_EMAIL)) {
55.     exit('e=28');
56. }
57.  
58. if (mb_strlen($password, 'utf-8') < 3) {
59.     exit('e=28'); // too short
60. }
61.  
62. $user_exists = "SELECT COUNT(*) AS size FROM users WHERE username = '%s'";
63. $user_exists = sprintf($user_exists, $mysqli->real_escape($username));
64. $user_exists = $mysqli->query($user_exists);
65. if (! $user_exists) {
66.     // query failed
67.     exit('e=28');
68. }
69. $user_exists        = $mysqli->fetch_row();
70. $user_exists = !! $user_exists[0];
71.  
72. if ($user_exists) {
73.     exit('e=28');
74. }
75.  
76. $email_exists = "SELECT COUNT(*) AS size FROM users WHERE username = '%s'";
77. $email_exists = sprintf($email_exists, $mysqli->real_escape($email));
78. $email_exists = $mysqli->query($email_exists);
79. if (! $email_exists) {
80.     // query failed
81.     exit('e=28');
82. }
83. $email_exists = $mysqli->fetch_row();
84. $email_exists = !! $email_exists[0];
85.  
86. if ($email_exists) {
87.     exit('e=29');
88. }
89.  
90. $password = strtoupper(md5($password));
91.  
92. $insert = [
93.     'Username'       => $username,
94.     'Password'       => $password,
95.     'Email'          => $email,
96.     'RegisteredTime' => time(),
97.     'Color'          => '1',
98. ];
99.  
100. $columns = array_keys($insert);
101. $values  = array_values($insert);
102.  
103. $query = 'INSERT INTO users (`' . implode('`', $columns) . "`) VALUES ('" .
104.          implode("'", $values) . "')";
105.  
106. $insert = $mysqli->query($query);
107.  
108. if (! $insert) {
109.     exit('e=28');
110. }
111. exit('e=0');