<?php require("auth_common.php"); if(!empty($_POST)) { if(empty($_POST

1. <?php
2.  
3. require("auth_common.php");
4.  
5. if(!empty($_POST))
6. {
7. if(empty($_POST['username']))
8. {
9. die("Please enter a username.");
10. }
11.  
12. if(empty($_POST['password']))
13. {
14. die("Please enter a password.");
15. }
16.  
17. if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
18. {
19. die("Invalid E-Mail Address");
20. }
21.  
22. $query = "
23. SELECT
24. 1
25. FROM users
26. WHERE
27. username = :username
28. ";
29.  
30. $query_params = array(
31. ':username' => $_POST['username']
32. );
33.  
34. try
35. {
36. $stmt = $db->prepare($query);
37. $result = $stmt->execute($query_params);
38. }
39. catch(PDOException $ex)
40. {
41. die("Failed to run query: " . $ex->getMessage());
42. }
43.  
44. $row = $stmt->fetch();
45.  
46. if($row)
47. {
48. die("This username is already in use");
49. }
50.  
51. $query = "
52. SELECT
53. 1
54. FROM users
55. WHERE
56. email = :email
57. ";
58.  
59. $query_params = array(
60. ':email' => $_POST['email']
61. );
62.  
63. try
64. {
65. $stmt = $db->prepare($query);
66. $result = $stmt->execute($query_params);
67. }
68. catch(PDOException $ex)
69. {
70. die("Failed to run query: " . $ex->getMessage());
71. }
72.  
73. $row = $stmt->fetch();
74.  
75. if($row)
76. {
77. die("This email address is already registered");
78. }
79.  
80. $query = "
81. INSERT INTO users (
82. username,
83. password,
84. salt,
85. email
86. ) VALUES (
87. :username,
88. :password,
89. :salt,
90. :email
91. )
92. ";
93.  
94. $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
95.  
96. $password = hash('sha256', $_POST['password'] . $salt);
97.  
98. for($round = 0; $round < 65536; $round++)
99. {
100. $password = hash('sha256', $password . $salt);
101. }
102.  
103. $query_params = array(
104. ':username' => $_POST['username'],
105. ':password' => $password,
106. ':salt' => $salt,
107. ':email' => $_POST['email']
108. );
109.  
110. try
111. {
112. $stmt = $db->prepare($query);
113. $result = $stmt->execute($query_params);
114. }
115. catch(PDOException $ex)
116. {
117.  
118. die("Failed to run query: " . $ex->getMessage());
119. }
120.  
121. header("Location: login.php");
122.  
123. die("Redirecting to login.php");
124. }
125. ?>
126. <h1>Register</h1>
127. <form action="register.php" method="post">
128. Username:<br />
129. <input type="text" name="username" value="" />
130. <br /><br />
131. E-Mail:<br />
132. <input type="text" name="email" value="" />
133. <br /><br />
134. Password:<br />
135. <input type="password" name="password" value="" />
136. <br /><br />
137. <input type="submit" value="Register" />
138. </form>
139.  
140. +--+--------+--------+----------+
141. |id|username|password|status |
142. +-------------------------------+
143. | 1|dennis |ezpwlol |unapproved|
144. +-------------------------------+
145. | 2|otherguy|hardpw! |approved |
146. +--+--------+--------+----------+
147.  
148. SELECT * FROM users where status = 'unapproved';
149.  
150. +--+--------+--------+----------+
151. |id|username|password|status |
152. +-------------------------------+
153. | 1|dennis |ezpwlol |unapproved|
154. +-------------------------------+
155.  
156. UPDATE users SET status = 'approved' WHERE id = {THE ID PASSED TO THE PAGE};