/* secure/access.php */<?phpclass access { var $db_host = null; var $d

1. /* secure/access.php */
2. <?php
3.  
4. class access {
5.  
6. var $db_host = null;
7. var $db_username = null;
8. var $db_password = null;
9. var $db_name = null;
10.  
11. var $conn = null;
12.  
13. var $result = null;
14.  
15. function __construct($dbHost, $dbUser, $dbPassword, $dbName) {
16. $this->db_host = $dbHost;
17. $this->db_username = $dbUser;
18. $this->db_password = $dbPassword;
19. $this->db_name = $dbName;
20. }
21.  
22. public function connect() {
23.  
24. $this->conn = new mysqli($this->db_host, $this->db_username, $this->db_password, $this->db_name);
25.  
26. if (mysqli_connect_errno()) {
27. echo "Couldn't connect to the Database";
28. echo mysqli_connect_error();
29. }
30.  
31. $this->conn->set_charset("utf8");
32. }
33.  
34. public function disconnect() {
35.  
36. if ($this->conn != null) {
37. $this->conn->close();
38. }
39. }
40.  
41. public function createUser($username, $password, $salt, $email, $fullname) {
42.  
43. $sql = "INSERT INTO users
44. SET
45. username=?, password=?, salt=?, email=?, fullname=? ";
46.  
47. $statement = $this->conn->prepare($sql);
48.  
49. try {
50. throw new Exception($statement->error);
51. } catch (Exception $e) {
52. }
53.  
54. $statement->bind_param("sssss", $username, $password, $salt, $email, $fullname);
55.  
56. $returnValue = $statement->execute();
57.  
58. return $returnValue;
59. }
60.  
61. public function getUserInfo($username) {
62.  
63. $sql = "SELECT * FROM users
64. WHERE username = " . $username ." ";
65.  
66. $result = $this->conn->query($sql);
67.  
68. if ($result != null && (mysqli_num_rows($result) >= 1)) {
69. $row = $result->fetch_array(MYSQLI_ASSOC);
70.  
71. if (!empty($row)) {
72. $returnArray = $row;
73. }
74. }
75. return $returnArray;
76. }
77.  
78. }
79.  
80. /* register.php */
81. <?php
82.  
83. $username = htmlentities($_REQUEST["username"]);
84. $password = htmlentities($_REQUEST["password"]);
85. $email = htmlentities($_REQUEST["email"]);
86. $fullname = htmlentities($_REQUEST["fullname"]);
87.  
88. if (empty($username) || empty($password) || empty($email) || empty($fullname)) {
89. $returnArray["status"] = "400";
90. $returnArray["message"] = "Missing required information";
91. echo json_encode($returnArray);
92. return;
93. }
94.  
95. $salt = openssl_random_pseudo_bytes(20);
96.  
97. $secured_password = sha1($password . $salt);
98.  
99. $file = parse_ini_file("../../TwitterApp.ini");
100.  
101. $host = trim($file["dbhost"]);
102. $user = trim($file["dbuser"]);
103. $pass = trim($file["dbpass"]);
104. $name = trim($file["dbname"]);
105.  
106. require ("secure/access.php");
107.  
108. $access = new access($host, $user, $pass, $name);
109. $access->connect();
110.  
111. try {
112. $result = $access->createUser($username, $secured_password, $salt, $email, $fullname);
113. } catch (Exception $e) {
114. }
115.  
116. if ($result) {
117. $user = $access->getUserInfo($username);
118.  
119. $returnArray["status"] = "200";
120. $returnArray["message"] = "Successfully registered";
121.  
122. $returnArray["id"] = $user["id"];
123. $returnArray["username"] = $user["username"];
124. $returnArray["email"] = $user["email"];
125. $returnArray["fullname"] = $user["fullname"];
126. $returnArray["ava"] = $user["ava"];
127.  
128. } else {
129. $returnArray["status"] = "400";
130. $returnArray["message"] = "Could not register with provided Information";
131. }
132.  
133. $access->disconnect();
134.  
135. echo json_encode($returnArray);
136.  
137. ?>