daily pastebin goal
84%
SHARE
TWEET

Untitled

a guest Mar 26th, 2019 87 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. require_once "../../templates/footer.php";
  3. require_once "../../configs/paths.php";
  4. include_once "../../templates/cookie-warning.php";
  5. include "../../templates/error.html";
  6.  
  7. global $errors;
  8. $errors = array();
  9.  
  10. function allParamsPresent() {
  11.   // x & y are also params since the submit button is a image
  12.   $mandatory_params = array('name', 'gender', 'username', 'cpf', 'phone', 'birth-date', 'password', 'confirm-password', 'institution-name', 'institution-uf', 'institution-city', 'g-recaptcha-response');
  13.   for ($i=0; $i < count($mandatory_params); $i++) {
  14.     if (!(isset($_POST[$mandatory_params[$i]]))) {
  15.       //Param $expected_params[$i] is missing on the request
  16.       $error = 'MISSING DATA \'' . $mandatory_params[$i] . '\'';
  17.       $errors["params"] = $error;
  18.       return false;
  19.     }
  20.   }
  21.   //No params missing (params not validated yet, only present)
  22.   return true;
  23. }
  24.  
  25. function validateName($name = null) {
  26.   if (empty($name)) {
  27.     $errors["name"] = "EMPTY";
  28.     return false;
  29.   }
  30.  
  31.   $reg = '/[^\p{L}\s]+/u'; //Match all chars that are not letters (UTF-8 letters are ok) or whitespaces
  32.   $verif = preg_replace($reg, '', $name);
  33.  
  34.   if ($name === $verif) {
  35.     //Remove space if is the first or last char
  36.     while (empty(explode(' ', $name)[0])) {
  37.       $name = substr($name, 1);
  38.     }
  39.     while (empty(explode(' ', $name)[count(explode(' ', $name)) - 1])) {
  40.       $name = substr($name, 0, strlen($name)-1);
  41.     }
  42.  
  43.     if (count(explode(' ', $name)) < 2) {
  44.       //Name is fine but it is only the first time
  45.       $errors["name"] = "ONLY FIRST NAME";
  46.       return false;
  47.     } else {
  48.       //Full name
  49.       $_POST['full_name'] = $name;
  50.       return true;
  51.     }
  52.  
  53.   } else {
  54.     //Name with not supported chars
  55.     $errors["name"] = "NOT SUPPORTED LETTERS";
  56.     return false;
  57.   }
  58. }
  59.  
  60. function validateGender($gender = null) {
  61.   switch ($gender) {
  62.     case 'M':
  63.       return true;
  64.     case 'F':
  65.       return true;
  66.     case 'NF':
  67.       return true;
  68.     default:
  69.       $errors["gender"] = "NOT SUPPORTED GENDER";
  70.       return false;
  71.   }
  72. }
  73.  
  74. function validateEmail($email = null) {
  75.   if(empty($email)) {
  76.     $errors["email"] = "EMPTY";
  77.         return false;
  78.     }
  79.  
  80.   if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  81.       $errors["email"] = "NOT VALID EMAIL";
  82.       return false;
  83.   } else {
  84.     return true;
  85.   }
  86. }
  87.  
  88. function validateCpf($cpf = null) {
  89.     if(empty($cpf)) {
  90.     $errors["cpf"] = "EMPTY";
  91.         return false;
  92.     }
  93.  
  94.     // Elimina possivel mascara
  95.     $cpf = preg_replace("/[^0-9]/", "", $cpf);
  96.     $cpf = str_pad($cpf, 11, '0', STR_PAD_LEFT);
  97.  
  98.     if (strlen($cpf) != 11) {
  99.     $errors["cpf"] = "TOO SHORT";
  100.         return false;
  101.     }
  102.  
  103.     else if ($cpf == '00000000000' ||
  104.         $cpf == '11111111111' ||
  105.         $cpf == '22222222222' ||
  106.         $cpf == '33333333333' ||
  107.         $cpf == '44444444444' ||
  108.         $cpf == '55555555555' ||
  109.         $cpf == '66666666666' ||
  110.         $cpf == '77777777777' ||
  111.         $cpf == '88888888888' ||
  112.         $cpf == '99999999999') {
  113.     $errors["cpf"] = "INVALID";
  114.         return false;
  115.  
  116.      } else {
  117.  
  118.         for ($t = 9; $t < 11; $t++) {
  119.  
  120.             for ($d = 0, $c = 0; $c < $t; $c++) {
  121.                 $d += $cpf{$c} * (($t + 1) - $c);
  122.             }
  123.             $d = ((10 * $d) % 11) % 10;
  124.             if ($cpf{$c} != $d) {
  125.         $errors["cpf"] = "INVALID";
  126.                 return false;
  127.             }
  128.         }
  129.  
  130.         return true;
  131.     }
  132. }
  133.  
  134. function validatePhone($phone = null) {
  135.   if(empty($phone)) {
  136.     $errors["phone"] = "EMPTY";
  137.         return false;
  138.     }
  139.  
  140.   $phone= trim(str_replace('/', '', str_replace(' ', '', str_replace('-', '', str_replace(')', '', str_replace('(', '', $phone))))));
  141.   $phone_regex = "/^[0-9]{11}$/";
  142.   if (preg_match($phone_regex, $phone) == 1) {
  143.     return true;
  144.   } else {
  145.     $errors["phone"] = "WRONG FORMAT";
  146.     return false;
  147.   }
  148. }
  149.  
  150. function validateBirth($date = null) {
  151.   $min_age = 12;
  152.   date_default_timezone_set('America/Sao_Paulo');
  153.  
  154.   if (empty($date) ||
  155.       strlen($date) != 10 ||
  156.       $date[2] != '/' ||
  157.       $date[5] != '/') {
  158.     $errors["birth"] = "WRONG FORMAT";
  159.         return false;
  160.     }
  161.  
  162.   $date = explode("/", $date);
  163.   $year = $date[2];
  164.   $month = $date[1];
  165.   $day = $date[0];
  166.  
  167.   if (!(checkdate((int)$month, (int)$day, (int)$year))) {
  168.     $errors["birth"] = "INVALID DATE";
  169.     return false;
  170.   }
  171.  
  172.   $today = new DateTime(date('m/d/Y', time()));
  173.   $birth = new DateTime($month . '.' . $day . '.' . $year);
  174.   $age = $today->diff($birth)->y;
  175.  
  176.   if ($age < $min_age) {
  177.     $errors["birth"] = "AGE BELOW MINIMUM";
  178.     return false;
  179.   } else {
  180.     //Change date on $_POST to SQL friendly
  181.     $birth = $year . '-' . $month . '-' . $day;
  182.     $_POST['birth-date'] = $birth;
  183.     return true;
  184.   }
  185. }
  186.  
  187. function validatePassword($pwrd = null, $confirm_pwrd = null) {
  188.  
  189.   $pwrd_req = array('numbers' => 1, 'up_case' => 1, 'low_case' => 1, 'min_length' => 8, 'max_length' => 30);
  190.  
  191.   //Has to be different ifs because needs to set the right error
  192.   if (empty($pwrd)) {
  193.     $errors["password"] = "EMPTY";
  194.     return false;
  195.   }
  196.   if (empty($confirm_pwrd)) {
  197.     $errors["password"] = "CONFIRM EMPTY";
  198.     return false;
  199.   }
  200.   if ($pwrd != $confirm_pwrd) {
  201.     $errors["password"] = "NOT EQUAL TO CONFIRM";
  202.     return false;
  203.   }
  204.   if (strlen($pwrd) > $pwrd_req['max_length']) {
  205.     $errors["password"] = "TOO LONG";
  206.     return false;
  207.   }
  208.   if (strlen($pwrd) < $pwrd_req['min_length']) {
  209.     $errors["password"] = "TOO SHORT";
  210.     return false;
  211.   }
  212.  
  213.   //Check if uppercase if present
  214.   if (preg_match("/[A-Z]/", $pwrd)===0) {
  215.     return false;
  216.   }
  217.   //Check if lower case is present
  218.   if (preg_match("/[a-z]/", $pwrd)===0) {
  219.     return false;
  220.   }
  221.   //Check if digit is present
  222.   if (preg_match("/[0-9]/", $pwrd)===0) {
  223.     return false;
  224.   }
  225.   //Check if has white space
  226.   if (!(preg_match("/\s/", $pwrd))===0) {
  227.     return false;
  228.   }
  229.  
  230.   return true;
  231. }
  232.  
  233. function validateInstName($inst_name = null) {
  234.   //Disable if inst not declared
  235.   if ($_POST['institution-checkbox'] == 'on') {
  236.     return true;
  237.   }
  238.  
  239.   if (empty($inst_name)) {
  240.     $errors["inst-name"] = "EMPTY";
  241.     return false;
  242.   }
  243.  
  244.   $reg = '/[^\p{L}\s]+/u'; //Match all chars that are not letters (UTF-8 letters are ok) or whitespaces
  245.   $verif = preg_replace($reg, '', $inst_name);
  246.  
  247.   if ($inst_name === $verif) {
  248.     //Remove space if is the first or last char
  249.     while (empty(explode(' ', $inst_name)[0])) {
  250.       $inst_name = substr($inst_name, 1);
  251.     }
  252.     while (empty(explode(' ', $inst_name)[count(explode(' ', $inst_name)) - 1])) {
  253.       $inst_name = substr($inst_name, 0, strlen($inst_name)-1);
  254.     }
  255.  
  256.     $_POST['institution-name'] = $inst_name;
  257.     return true;
  258.  
  259.   } else {
  260.     //Name with not supported chars
  261.     $errors["inst-name"] = "NOT SUPPORTED CHARS";
  262.     return false;
  263.   }
  264. }
  265.  
  266. function validateInstUf($uf = null, $data = null) {
  267.   //Disable if inst not declared
  268.   if ($_POST['institution-checkbox'] == 'on') {
  269.     return true;
  270.   }
  271.  
  272.   if (empty($uf) ||
  273.       strlen($uf) != 2 ||
  274.       empty($data)) {
  275.     $errors["inst-uf"] = "EMPTY";
  276.     return false;
  277.   }
  278.   $uf = strtoupper($uf);
  279.   $siglas = array();
  280.   for ($i=0; $i < count($data); $i++) {
  281.     array_push($siglas, $data[$i]['sigla']);
  282.   }
  283.  
  284.   if (in_array($uf, $siglas)) {
  285.     return true;
  286.   } else {
  287.     $errors["inst-uf"] = "INVALID";
  288.     return false;
  289.   }
  290. }
  291.  
  292. function validateInstCity($inst_uf = null, $inst_city = null, $data = null) {
  293.   //Disable if inst not declared
  294.   if ($_POST['institution-checkbox'] == 'on') {
  295.     return true;
  296.   }
  297.  
  298.   if (empty($inst_uf) ||
  299.       empty($inst_city) ||
  300.       empty($data)) {
  301.         $errors["inst-city"] = "EMPTY";
  302.         return false;
  303.   }
  304.  
  305.   $idx;
  306.   for ($i=0; $i < count($data); $i++) {
  307.     if ($data[$i]['sigla'] == $inst_uf) {
  308.       $idx = $i;
  309.       break;
  310.     }
  311.   }
  312.  
  313.   if (in_array($inst_city, $data[$idx]['cidades'])) {
  314.     return true;
  315.   } else {
  316.     $errors["inst-city"] = "CITY NOT IN GIVEN PROVINCE";
  317.     return false;
  318.   }
  319. }
  320.  
  321. // Checks if everything provided is valid
  322. function dataIsValid() {
  323.   include "../web/assets/estados-cidades.php";
  324.   if (allParamsPresent() &&
  325.       validateName($_POST['name']) &&
  326.       validateGender($_POST['gender']) &&
  327.       validateEmail($_POST['username']) &&
  328.       validateCpf($_POST['cpf']) &&
  329.       validatePhone($_POST['phone']) &&
  330.       validateBirth($_POST['birth-date']) &&
  331.       validatePassword($_POST['password'], $_POST['confirm-password']) &&
  332.       validateInstName($_POST['institution-name']) &&
  333.       validateInstUf($_POST['institution-uf'], $states_json) &&
  334.       validateInstCity($_POST['institution-uf'], $_POST['institution-city'], $states_json)) {
  335.     return true;
  336.   } else {
  337.     return false;
  338.   }
  339. }
  340.  
  341. //CAPTCHA HANDLING AND DB QUERY
  342. if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  343.     function post_captcha($user_response) {
  344.         $fields_string = '';
  345.         $fields = array(
  346.             'secret' => "6Ld4aZkUAAAAAOkQjEEEDXz6bW6oj8Nb7CI_dtrI",
  347.             'response' => $user_response
  348.         );
  349.         foreach($fields as $key=>$value)
  350.         $fields_string .= $key . '=' . $value . '&';
  351.         $fields_string = rtrim($fields_string, '&');
  352.  
  353.         $ch = curl_init();
  354.         curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
  355.         curl_setopt($ch, CURLOPT_POST, count($fields));
  356.         curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
  357.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
  358.  
  359.         $result = curl_exec($ch);
  360.         curl_close($ch);
  361.  
  362.         return json_decode($result, true);
  363.     }
  364.  
  365.     $res = post_captcha($_POST['g-recaptcha-response']);
  366.  
  367.     if (!$res['success']) {
  368.         // FAILURE
  369.         $_POST = array();
  370.         echo '<script>showError(\'reCAPTCHA INVÁLIDO\')</script>';
  371.     } else {
  372.         // SUCCESS
  373.         if (dataIsValid()) {
  374.           //MAKE DB QUERY
  375.           require_once "../../configs/db.php";
  376.  
  377.           $name = $_POST['name'];
  378.           $gender = $_POST['gender'];
  379.           $email = $_POST['username'];
  380.           $cpf = $_POST['cpf'];
  381.           $phone = $_POST['phone'];
  382.           $birth = $_POST['birth-date'];
  383.           $password = hash('sha256', $_POST['password']);
  384.           $inst_name = $_POST['institution-name'];
  385.           $inst_uf = $_POST['institution-uf'];
  386.           $inst_city = $_POST['institution-city'];
  387.  
  388.           //Save Data
  389.           $insert = "INSERT INTO users (id, name, gender, email, cpf, phone, birth, password, inst_name, inst_uf, inst_city) ";
  390.           $values = "VALUES (NULL, \"$name\", \"$gender\", \"$email\", \"$cpf\", \"$phone\", \"$birth\", \"$password\", \"$inst_name\", \"$inst_uf\", \"$inst_city\")";
  391.           $sql = $insert . $values;
  392.  
  393.           $result = $connection->query($sql);
  394.           if ($result) {
  395.             header("Location: entrar.php");
  396.             exit;
  397.           } else {
  398.             $error = mysqli_error($connection);
  399.             $msg;
  400.             if(preg_match("/unique_email/i", $error)) {
  401.               $msg = "EMAIL JÁ ESTÁ EM USO";
  402.             }
  403.             if(preg_match("/unique_phone/i", $error)) {
  404.               $msg = "TELEFONE JÁ ESTÁ EM USO";
  405.             }
  406.             if(preg_match("/unique_cpf/i", $error)) {
  407.               $msg = "CPF JÁ ESTÁ EM USO";
  408.             }
  409.             if(preg_match("/unique_id/i", $error)) {
  410.               $msg = "ENTRE EM CONTATO CONOSCO! -  ERROR UNIQUE_ID";
  411.             }
  412.             echo "<script>showError('$msg')</script>";
  413.           }
  414.         } else {
  415.           //Captach is ok but data was not verified
  416.           print_r($errors);
  417.         }
  418.     }
  419. }
  420.  
  421. ?>
  422.  
  423.  
  424. <!DOCTYPE html>
  425. <html lang="pt-br">
  426.   <head>
  427.     <meta charset="utf-8">
  428.     <link rel="stylesheet" href="<?echo $sing_up_css;?>">
  429.     <link href="https://fonts.googleapis.com/css?family=Work+Sans:300,400" rel="stylesheet">
  430.     <script src="https://www.google.com/recaptcha/api.js?hl=pt-BR" async defer></script>
  431.     <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
  432.     <!--<script src="<?//echo $sign_up_js;?>" defer></script>-->
  433.     <script src="/js/sign-up.js" defer></script>
  434.     <title>iStudiWeb | Cadastrar</title>
  435.   </head>
  436.   <body>
  437.     <div id="wraper">
  438.       <img id="logo" alt="iStudiWeb Logo" src="<?echo $web_logo_black;?>">
  439.  
  440.       <form id="form" action="cadastrar" method="POST">
  441.         <ul class="left-list ul-list">
  442.           <li><label class="list-title">Sobre Mim</label></li>
  443.           <li><input class="text-input" type="text" name="name"  id="name" placeholder="Nome" autocomplete="off" required></input></li>
  444.           <li>
  445.             <select class="text-input" id="gender" name="gender" placeholder="Sexo" required>
  446.               <option id="gender-placeholder" value="" disabled selected style="">Sexo</option>
  447.               <option value="M">Masculino</option>
  448.               <option value="F">Feminino</option>
  449.               <option value="NF">Prefiro não informar</option>
  450.             </select>
  451.           </li>
  452.           <li><input class="text-input" type="email" name="username" id="email" placeholder="Email" autocomplete="on" required></input></li>
  453.           <li><input class="text-input" type="text" name="cpf" id="cpf" placeholder="CPF" autocomplete="off" required></input></li>
  454.           <li><input class="text-input" type="tel" name="phone" id="phone" placeholder="Celular" autocomplete="on" required></input></li>
  455.           <li><input class="text-input" type="text" name="birth-date" id="birth-date" placeholder="Data de Nascimento" autocomplete="off" required></input></li>
  456.           <li><input class="text-input" type="password" name="password" id="password" placeholder="Senha" autocomplete="off" required></input></li>
  457.           <li><input class="text-input" type="password" name="confirm-password" id="confirm-password" placeholder="Confirme sua senha" autocomplete="off" required></input></li>
  458.         </ul>
  459.  
  460.         <hr class="separator">
  461.  
  462.         <ul class="right-list ul-list">
  463.           <li><label class="list-title">Minha Instituição</label></li>
  464.           <li><label id="institution-label"><input class="check-input" type="checkbox" name="institution-checkbox" id="institution-checkbox" value="on"></input>Não estou em nenhuma Instituição</label></li>
  465.           <li><input class="text-input" type="text" name="institution-name"  id="institution-name" placeholder="Nome" autocomplete="off" required></input></li>
  466.           <li>
  467.             <input class="text-input" name="institution-uf"  id="institution-uf" placeholder="UF" list="inst-uf-list" required>
  468.             <datalist id="inst-uf-list"></datalist>
  469.           </li>
  470.           <li>
  471.             <input class="text-input" name="institution-city" id="institution-city" list="inst-city-list" placeholder="Cidade" required readonly>
  472.             <datalist id="inst-city-list"></datalist>
  473.           </li>
  474.         </ul>
  475.  
  476.         <hr class="separator">
  477.  
  478.         <div id="submit-wrap">
  479.           <div class="g-recaptcha" id="reCaptcha" data-callback="recaptchaCallback" data-sitekey="6Ld4aZkUAAAAANscwRBTTGhaEIWvwj0gm3BY4BNQ"></div>
  480.           <input id="cadastrar-btn" type="image" alt="Criar Conta" src=<?echo $sing_up_btn;?> disabled><br>
  481.           <span class="legal-agreement">Ao se cadastrar, você concorda com os nossos</span><br>
  482.           <span class="legal-agreement"><a href="#" class="legal-agreement">Termos de Uso</a> e <a href="#" class="legal-agreement">Política de Privacidade</a></span>
  483.         </div>
  484.       </form>
  485.     </div>
  486.  
  487.  
  488.   </body>
  489. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top