Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if(isset($_POST['register'])) {
- // cek jika filed kosong langsung exit
- if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) {
- echo "filed tidak boleh kosong!";
- exit();
- }
- $query = "SELECT * FROM users WHERE username=:username";
- // query_params di array buat ngatasi sql injeksi
- $query_params = array(':username' => $_POST['username']);
- try {
- // mecoba eksekusi SQL dan garap database
- $stmt = $db->prepare($query);
- $result = $stmt->execute($query_params);
- } catch (PDOException $er) {
- // jika gagal matikan program
- die("Failed to run query");
- }
- // fetch data ke pada row
- $row = $stmt->fetch();
- // cek jika row ada langsung exit
- if ($row) {
- echo "username sudah di pakai";
- exit();
- }
- // cek apakah post email berformat email
- if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
- echo "bukan format email";
- exit();
- }
- $query = "SELECT * FROM users WHERE email=:email";
- $query_params = array(':email' => $_POST['email']);
- try {
- $stmt = $db->prepare($query);
- $result = $stmt->execute($query_params);
- } catch (PDOException $er) {
- die("Failed to run query");
- }
- $row = $stmt->fetch();
- if ($row) {
- echo "email sudah di pakai";
- exit();
- }
- // salt untuk scure password dengan type 8 byte
- $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
- // hash password + salt tadi dengan bentu sha256 32 byte
- $password = hash('sha256', $_POST['password'] . $salt);
- //kita looping lagi sebanyak 65536 kali biar nagis si attacks, nested loop ?
- for ($round=0; $round < 65536; $round++) {
- $password = hash('sha256', $password . $salt);
- }
- // jika semua OK masukan ke database
- $query = "INSERT INTO users (username, password, salt, email) VALUES (:username, :password, :salt, :email)";
- $query_params = array(
- ':username' => $_POST['username'],
- ':password' => $password,
- ':salt' => $salt,
- ':email' => $_POST['email'],
- );
- try {
- $stmt = $db->prepare($query);
- $result = $stmt->execute($query_params);
- } catch (PDOException $er) {
- die("Failed to run query");
- }
- print "<script>window.location.href = '../login';</script>";
- die("Redirecting...");
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement