daily pastebin goal
15%
SHARE
TWEET

Untitled

a guest Sep 3rd, 2018 50 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. //add scripts
  3. include_once 'resource/Database.php';
  4. include_once 'resource/utilities.php';
  5. include_once 'resource/send-email.php';
  6.  
  7. //process the form
  8. if(isset($_POST['signupBtn'], $_POST['token'])){
  9.  
  10.     if(validate_token($_POST['token'])){
  11.         //process the form
  12.         //initialize an array to store any error message from the form
  13.         $form_errors = array();
  14.  
  15.         //Form validation
  16.         $required_fields = array('email', 'username', 'password');
  17.  
  18.         //call the function to check empty field and merge the return data into form_error array
  19.         $form_errors = array_merge($form_errors, check_empty_fields($required_fields));
  20.  
  21.         //Fields that requires checking for minimum length
  22.         $fields_to_check_length = array('username' => 4, 'password' => 6);
  23.  
  24.         //call the function to check minimum required length and merge the return data into form_error array
  25.         $form_errors = array_merge($form_errors, check_min_length($fields_to_check_length));
  26.  
  27.         //email validation / merge the return data into form_error array
  28.         $form_errors = array_merge($form_errors, check_email($_POST));
  29.  
  30.         //collect form data and store in variables
  31.         $email = $_POST['email'];
  32.         $username = $_POST['username'];
  33.         $password = $_POST['password'];
  34.  
  35.         if(checkDuplicateEntries("users", "email", $email, $db)){
  36.             $result = flashMessage("Email is already taken, please try another one");
  37.         }
  38.         else if(checkDuplicateEntries("users", "username", $username, $db)){
  39.             $result = flashMessage("Username is already taken, please try another one");
  40.         }
  41.         //check if error array is empty, if yes process form data and insert record
  42.         else if(empty($form_errors)){
  43.             //hashing the password
  44.             $hashed_password = password_hash($password, PASSWORD_DEFAULT);
  45.             try{
  46.                 //create SQL insert statement
  47.                 $sqlInsert = "INSERT INTO users (username, email, password, join_date)
  48.               VALUES (:username, :email, :password, now())";
  49.  
  50.                 //use PDO prepared to sanitize data
  51.                 $statement = $db->prepare($sqlInsert);
  52.  
  53.                 //add the data into the database
  54.                 $statement->execute(array(':username' => $username, ':email' => $email, ':password' => $hashed_password));
  55.                 //check if one new row was created
  56.                 if($statement->rowCount() == 1){
  57.  
  58.                     //get the last inserted ID
  59.                     $user_id = $db->lastInsertId();
  60.                     //encode the ID
  61.                     $encode_id = base64_encode("encodeuserid{$user_id}");
  62.  
  63.                     //prepare email body
  64.                     $mail_body = '<html>
  65.                     <body style="background-color:#CCCCCC; color:#000; font-family: Arial, Helvetica, sans-serif;
  66.                                         line-height:1.8em;">
  67.                     <h2>User Authentication: Code A Secured Login System</h2>
  68.                     <p>Dear '.$username.'<br><br>Thank you for registering, please click on the link below to
  69.                         confirm your email address</p>
  70.                     <p><a href="http://auth.dev/activate.php?id='.$encode_id.'"> Confirm Email</a></p>
  71.                     <p><strong>&copy;2016 ICT DesighHUB</strong></p>
  72.                     </body>
  73.                     </html>';
  74.  
  75.                     $mail->addAddress($email, $username);
  76.                     $mail->Subject = "Message from ICT DesignHUB";
  77.                     $mail->Body = $mail_body;
  78.  
  79.                     //Error Handling for PHPMailer
  80.                     if(!$mail->Send()){
  81.                         $result = "<script type=\"text/javascript\">
  82.                     swal(\"Error\",\" Email sending failed: $mail->ErrorInfo \",\"error\");</script>";
  83.                     }
  84.                     else{
  85.                         $result = "<script type=\"text/javascript\">
  86.                             swal({
  87.                             title: \"Congratulations $username!\",
  88.                             text: \"Registration Completed Successfully. Please check your email for confirmation link\",
  89.                             type: 'success',
  90.                             confirmButtonText: \"Thank You!\" });
  91.                         </script>";
  92.                     }
  93.                 }
  94.             }catch (PDOException $ex){
  95.                 $result = flashMessage("An error occurred: " .$ex->getMessage());
  96.             }
  97.         }
  98.         else{
  99.             if(count($form_errors) == 1){
  100.                 $result = flashMessage("There was 1 error in the form<br>");
  101.             }else{
  102.                 $result = flashMessage("There were " .count($form_errors). " errors in the form <br>");
  103.             }
  104.         }
  105.     }else{
  106.         //display error
  107.         $result = "<script type='text/javascript'>
  108.                       swal('Error','This request originates from an unknown source, posible attack'
  109.                       ,'error');
  110.                       </script>";
  111.     }
  112.  
  113. }
  114. //activation
  115. else if(isset($_GET['id'])) {
  116.     $encoded_id = $_GET['id'];
  117.     $decode_id = base64_decode($encoded_id);
  118.     $user_id_array = explode("encodeuserid", $decode_id);
  119.     $id = $user_id_array[1];
  120.  
  121.     $sql = "UPDATE users SET activated =:activated WHERE id=:id AND activated='0'";
  122.  
  123.     $statement = $db->prepare($sql);
  124.     $statement->execute(array(':activated' => "1", ':id' => $id));
  125.  
  126.     if ($statement->rowCount() == 1) {
  127.         $result = '<h2>Email Confirmed </h2>
  128.         <p>Your email address has been verified, you can now <a href="login.php">login</a> with your email and password.</p>';
  129.     } else {
  130.         $result = "<p class='lead'>No changes made please contact site admin,
  131.     if you have not confirmed your email before</p>";
  132.     }
  133. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top