db_common.php<?php // These variables define the connection information

1. db_common.php
2.  
3. <?php
4.  
5. // These variables define the connection information for your MySQL database
6. $username = "";
7. $password = "";
8. $host = "localhost";
9. $dbname = "";
10.  
11. try
12. {
13. $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);
14. }
15. catch(PDOException $ex)
16. {
17. die("Failed to connect to the database: " . $ex->getMessage());
18. }
19.  
20. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
21. $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
22.  
23. if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
24. {
25. function undo_magic_quotes_gpc(&$array)
26. {
27. foreach($array as &$value)
28. {
29. if(is_array($value))
30. {
31. undo_magic_quotes_gpc($value);
32. }
33. else
34. {
35. $value = stripslashes($value);
36. }
37. }
38. }
39.  
40. undo_magic_quotes_gpc($_POST);
41. undo_magic_quotes_gpc($_GET);
42. undo_magic_quotes_gpc($_COOKIE);
43. }
44.  
45. header('Content-Type: text/html; charset=utf-8');
46.  
47. session_start();
48.  
49.  
50.  
51. db_functions.php
52.  
53. <?php
54.  
55. require("db_common.php");
56.  
57. function xzuser_register($cp_user, $pass, $domain, $email) {
58.  
59. $query = "
60. SELECT
61. 1
62. FROM users
63. WHERE
64. username = :username
65. ";
66.  
67. $query_params = array(
68. ':username' => $cp_user
69. );
70.  
71. try
72. {
73. $stmt = $db->prepare($query);
74. $result = $stmt->execute($query_params);
75. }
76. catch(PDOException $ex)
77. {
78. die("Failed to run query: " . $ex->getMessage());
79. }
80.  
81. $row = $stmt->fetch();
82.  
83. if($row)
84. {
85. die("This username is already in use");
86. }
87.  
88. $query = "
89. SELECT
90. 1
91. FROM users
92. WHERE
93. email = :email
94. ";
95.  
96. $query_params = array(
97. ':email' => $email
98. );
99.  
100. try
101. {
102. $stmt = $db->prepare($query);
103. $result = $stmt->execute($query_params);
104. }
105. catch(PDOException $ex)
106. {
107. die("Failed to run query: " . $ex->getMessage());
108. }
109.  
110. $row = $stmt->fetch();
111.  
112. if($row)
113. {
114. die("This email address is already registered");
115. }
116.  
117. $query = "
118. INSERT INTO users (
119. username,
120. password,
121. salt,
122. email
123. ) VALUES (
124. :username,
125. :password,
126. :salt,
127. :email
128. )
129. ";
130.  
131. $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
132.  
133.  
134. $password = hash('sha256', $pass . $salt);
135.  
136.  
137. for($round = 0; $round < 65536; $round++)
138. {
139. $password = hash('sha256', $password . $salt);
140. }
141.  
142.  
143. $query_params = array(
144. ':username' => $username,
145. ':password' => $password,
146. ':salt' => $salt,
147. ':email' => $email
148. );
149.  
150. try
151. {
152. $stmt = $db->prepare($query);
153. $result = $stmt->execute($query_params);
154. }
155. catch(PDOException $ex)
156. {
157. die("Failed to run query: " . $ex->getMessage());
158. }
159.  
160. header("Location: login.php");
161.  
162. die("Redirecting to login.php");
163. }
164.  
165.  
166. ?>
167.  
168.  
169. test.php
170.  
171. <?php
172.  
173. require("includes/db_functions.php");
174.  
175. xzuser_register("test234", "test123", "justtesting2.com", "willh@test.com");
176.  
177.  
178. ?>