API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 16th, 2017
268
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.21 KB | None | 0 0
raw download clone embed print report
  1. class Registration
  2. {
  3. /**
  4. * @var object $db_connection The database connection
  5. */
  6. private $db_connection = null;
  7. /**
  8. * @var bool success state of registration
  9. */
  10. public $registration_successful = false;
  11. /**
  12. * @var bool success state of verification
  13. */
  14. public $verification_successful = false;
  15. /**
  16. * @var array collection of error messages
  17. */
  18. public $errors = array();
  19. /**
  20. * @var array collection of success / neutral messages
  21. */
  22. public $messages = array();
  23.  
  24.  
  25. /**
  26. * the function "__construct()" automatically starts whenever an object of this class is created,
  27. * you know, when you do "$login = new Login();"
  28. */
  29. public function __construct()
  30. {
  31. session_start();
  32.  
  33. // if we have such a POST request, call the registerNewUser() method
  34. if (isset($_POST["register"])) {
  35. $this->registerNewUser($_POST['user_name'], $_POST['user_email'], $_POST['user_password_new'], $_POST['user_password_repeat'], $_POST['user_safecode'],$_POST["captcha"]);
  36. // if we have such a GET request, call the verifyNewUser() method
  37. } else if (isset($_GET["id"]) && isset($_GET["verification_code"])) {
  38. $this->verifyNewUser($_GET["id"], $_GET["verification_code"]);
  39. }
  40. }
  41.  
  42. /**
  43. * Checks if database connection is opened and open it if not
  44. */
  45. private function databaseConnection()
  46. {
  47. // connection already opened
  48. if ($this->db_connection != null) {
  49. return true;
  50. } else {
  51. // create a database connection, using the constants from config/config.php
  52. try {
  53. // Generate a database connection, using the PDO connector
  54. // @see http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/
  55. // Also important: We include the charset, as leaving it out seems to be a security issue:
  56. // @see http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers#Connecting_to_MySQL says:
  57. // "Adding the charset to the DSN is very important for security reasons,
  58. // most examples you'll see around leave it out. MAKE SURE TO INCLUDE THE CHARSET!"
  59. $this->db_connection = new PDO('mysql:host='. DB_HOST .';dbname='. DB_NAME . ';charset=utf8', DB_USER, DB_PASS);
  60. return true;
  61. // If an error is catched, database connection failed
  62. } catch (PDOException $e) {
  63. $this->errors[] = MESSAGE_DATABASE_ERROR;
  64. return false;
  65. }
  66. }
  67. }
  68.  
  69. /**
  70. * handles the entire registration process. checks all error possibilities, and creates a new user in the database if
  71. * everything is fine
  72. */
  73. private function registerNewUser($user_name, $user_email, $user_password, $user_password_repeat, $user_safecode, $captcha)
  74. {
  75. // we just remove extra space on username and email
  76. $user_name = trim($user_name);
  77. $user_email = trim($user_email);
  78.  
  79. // check provided data validity
  80. // TODO: check for "return true" case early, so put this first
  81. if (strtolower($captcha) != strtolower($_SESSION['captcha'])) {
  82. $this->errors[] = MESSAGE_CAPTCHA_WRONG;
  83. } elseif (empty($user_name)) {
  84. $this->errors[] = MESSAGE_USERNAME_EMPTY;
  85. } elseif (empty($user_password) || empty($user_password_repeat)) {
  86. $this->errors[] = MESSAGE_PASSWORD_EMPTY;
  87. } elseif ($user_password !== $user_password_repeat) {
  88. $this->errors[] = MESSAGE_PASSWORD_BAD_CONFIRM;
  89. } elseif (strlen($user_password) < 6) {
  90. $this->errors[] = MESSAGE_PASSWORD_TOO_SHORT;
  91. } elseif (strlen($user_name) > 64 || strlen($user_name) < 2) {
  92. $this->errors[] = MESSAGE_USERNAME_BAD_LENGTH;
  93. } elseif (!preg_match('/^[a-zd]{2,64}$/i', $user_name)) {
  94. $this->errors[] = MESSAGE_USERNAME_INVALID;
  95. } elseif (empty($user_email)) {
  96. $this->errors[] = MESSAGE_EMAIL_EMPTY;
  97. } elseif (strlen($user_email) > 64) {
  98. $this->errors[] = MESSAGE_EMAIL_TOO_LONG;
  99. } elseif (!filter_var($user_email, FILTER_VALIDATE_EMAIL)) {
  100. $this->errors[] = MESSAGE_EMAIL_INVALID;
  101. } elseif (empty($user_safecode)) {
  102. $this->errors[] = MESSAGE_SAFECODE_EMPTY;
  103. } elseif (strlen($user_safecode) < 12) {
  104. $this->errors[] = MESSAGE_SAFECODE_BAD_LENGTH;
  105. } elseif (strlen($user_safecode) > 64) {
  106. $this->errors[] = MESSAGE_SAFECODE_BAD_LENGTH;
  107.  
  108.  
  109. // finally if all the above checks are ok
  110. } else if ($this->databaseConnection()) {
  111. // check if username or email already exists
  112. $query_check_user_name = $this->db_connection->prepare('SELECT user_name, user_email FROM users WHERE user_name=:user_name OR user_email=:user_email');
  113. $query_check_user_name->bindValue(':user_name', $user_name, PDO::PARAM_STR);
  114. $query_check_user_name->bindValue(':user_email', $user_email, PDO::PARAM_STR);
  115. $query_check_user_name->execute();
  116. $result = $query_check_user_name->fetchAll();
  117.  
  118. // if username or/and email find in the database
  119. // TODO: this is really awful!
  120. if (count($result) > 0) {
  121. for ($i = 0; $i < count($result); $i++) {
  122. $this->errors[] = ($result[$i]['user_name'] == $user_name) ? MESSAGE_USERNAME_EXISTS : MESSAGE_EMAIL_ALREADY_EXISTS;
  123. }
  124. } else {
  125. // check if we have a constant HASH_COST_FACTOR defined (in config/hashing.php),
  126. // if so: put the value into $hash_cost_factor, if not, make $hash_cost_factor = null
  127. $hash_cost_factor = (defined('HASH_COST_FACTOR') ? HASH_COST_FACTOR : null);
  128.  
  129. // crypt the user's password with the PHP 5.5's password_hash() function, results in a 60 character hash string
  130. // the PASSWORD_DEFAULT constant is defined by the PHP 5.5, or if you are using PHP 5.3/5.4, by the password hashing
  131. // compatibility library. the third parameter looks a little bit shitty, but that's how those PHP 5.5 functions
  132. // want the parameter: as an array with, currently only used with 'cost' => XX.
  133. $user_password_hash = password_hash($user_password, PASSWORD_DEFAULT, array('cost' => $hash_cost_factor));
  134. // generate random hash for email verification (40 char string)
  135. $user_activation_hash = sha1(uniqid(mt_rand(), true));
  136.  
  137. // write new users data into database
  138. $query_new_user_insert = $this->db_connection->prepare('INSERT INTO users (user_name, user_password_hash, user_email, user_activation_hash, user_registration_ip, user_registration_datetime, user_accountstatus, user_group, user_safecode, user_mainaccount) VALUES(:user_name, :user_password_hash, :user_email, :user_activation_hash, :user_registration_ip, now(), :user_accountstatus, :user_group, :user_safecode, :user_mainaccount)');
  139. $query_new_user_insert->bindValue(':user_name', $user_name, PDO::PARAM_STR);
  140. $query_new_user_insert->bindValue(':user_password_hash', $user_password_hash, PDO::PARAM_STR);
  141. $query_new_user_insert->bindValue(':user_email', $user_email, PDO::PARAM_STR);
  142. $query_new_user_insert->bindValue(':user_activation_hash', $user_activation_hash, PDO::PARAM_STR);
  143. $query_new_user_insert->bindValue(':user_registration_ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
  144.  
  145. $query_new_user_insert->bindValue(':user_accountstatus', 1, PDO::PARAM_INT);
  146. $query_new_user_insert->bindValue(':user_group', 1, PDO::PARAM_INT);
  147. $query_new_user_insert->bindValue(':user_safecode', $user_safecode, PDO::PARAM_STR);
  148. $query_new_user_insert->bindValue(':user_mainaccount', "NULL", PDO::PARAM_STR);
  149. $query_new_user_insert->execute(); // Seems like this doesn't execute
  150.  
  151. // id of new user
  152. $user_id = $this->db_connection->lastInsertId();
  153.  
  154. if ($query_new_user_insert) {
  155. $send_mail = true; //bypass mailing system first
  156. // send a verification email $this->sendVerificationEmail($user_id, $user_email, $user_activation_hash)
  157. if ($send_mail) {
  158. // when mail has been send successfully
  159. $this->messages[] = MESSAGE_VERIFICATION_MAIL_SENT;
  160. $this->registration_successful = true;
  161. } else {
  162. // delete this users account immediately, as we could not send a verification email
  163. $query_delete_user = $this->db_connection->prepare('DELETE FROM users WHERE user_id=:user_id');
  164. $query_delete_user->bindValue(':user_id', $user_id, PDO::PARAM_INT);
  165. $query_delete_user->execute();
  166.  
  167. $this->errors[] = MESSAGE_VERIFICATION_MAIL_ERROR;
  168. }
  169. } else {
  170. $this->errors[] = MESSAGE_REGISTRATION_FAILED;
  171. }
  172. }
  173. }
  174. }
  175.  
  176. /*
  177. * sends an email to the provided email address
  178. * @return boolean gives back true if mail has been sent, gives back false if no mail could been sent
  179. */
  180. public function sendVerificationEmail($user_id, $user_email, $user_activation_hash)
  181. {
  182. $mail = new PHPMailer;
  183.  
  184. // please look into the config/config.php for much more info on how to use this!
  185. // use SMTP or use mail()
  186. if (EMAIL_USE_SMTP) {
  187. // Set mailer to use SMTP
  188. $mail->IsSMTP();
  189. //useful for debugging, shows full SMTP errors
  190. //$mail->SMTPDebug = 1; // debugging: 1 = errors and messages, 2 = messages only
  191. // Enable SMTP authentication
  192. $mail->SMTPAuth = EMAIL_SMTP_AUTH;
  193. // Enable encryption, usually SSL/TLS
  194. if (defined(EMAIL_SMTP_ENCRYPTION)) {
  195. $mail->SMTPSecure = EMAIL_SMTP_ENCRYPTION;
  196. }
  197. // Specify host server
  198. $mail->Host = EMAIL_SMTP_HOST;
  199. $mail->Username = EMAIL_SMTP_USERNAME;
  200. $mail->Password = EMAIL_SMTP_PASSWORD;
  201. $mail->Port = EMAIL_SMTP_PORT;
  202. } else {
  203. $mail->IsMail();
  204. }
  205.  
  206. $mail->From = EMAIL_VERIFICATION_FROM;
  207. $mail->FromName = EMAIL_VERIFICATION_FROM_NAME;
  208. $mail->AddAddress($user_email);
  209. $mail->Subject = EMAIL_VERIFICATION_SUBJECT;
  210.  
  211. $link = EMAIL_VERIFICATION_URL.'?id='.urlencode($user_id).'&verification_code='.urlencode($user_activation_hash);
  212.  
  213. // the link to your register.php, please set this value in config/email_verification.php
  214. $mail->Body = EMAIL_VERIFICATION_CONTENT.' '.$link;
  215.  
  216. if(!$mail->Send()) {
  217. $this->errors[] = MESSAGE_VERIFICATION_MAIL_NOT_SENT . $mail->ErrorInfo;
  218. return false;
  219. } else {
  220. return true;
  221. }
  222. }
  223.  
  224. /**
  225. * checks the id/verification code combination and set the user's activation status to true (=1) in the database
  226. */
  227. public function verifyNewUser($user_id, $user_activation_hash)
  228. {
  229. // if database connection opened
  230. if ($this->databaseConnection()) {
  231. // try to update user with specified information
  232. $query_update_user = $this->db_connection->prepare('UPDATE users SET user_active = 1, user_activation_hash = NULL WHERE user_id = :user_id AND user_activation_hash = :user_activation_hash');
  233. $query_update_user->bindValue(':user_id', intval(trim($user_id)), PDO::PARAM_INT);
  234. $query_update_user->bindValue(':user_activation_hash', $user_activation_hash, PDO::PARAM_STR);
  235. $query_update_user->execute();
  236.  
  237. if ($query_update_user->rowCount() > 0) {
  238. $this->verification_successful = true;
  239. $this->messages[] = MESSAGE_REGISTRATION_ACTIVATION_SUCCESSFUL;
  240. } else {
  241. $this->errors[] = MESSAGE_REGISTRATION_ACTIVATION_NOT_SUCCESSFUL;
  242. }
  243. }
  244. }
  245. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!