<?php$CurrentVersionHash="asd123";$CurrentVersion="alpha1";$CurrentHash="asd1

1. <?php
2. $CurrentVersionHash="asd123";
3. $CurrentVersion="alpha1";
4. $CurrentHash="asd123";
5. $serial_length="10";
6. $memory_cost="31250";
7. $time_cost="10";
8. $threads="1";
9. require 'mail.php';
10.  
11. if ( ! empty( $_POST ) ) // Check if Post is not empty
12. {
13. $hash = $_POST['exe'];
14. $pw = $_POST['pass'];
15. $user = $_POST['name'];
16. $version = $_POST['ver'];
17. $email = $_POST['mail'];
18. $confirm = $_POST['pass2'];
19. $serial = $_POST['key'];
20. if ( empty($hash) or empty($version))
21. return;
22. if ( $hash<>$CurrentHash) // Check if file Hash is valid
23. {
24. if ( $version<>$CurrentVersionHash ) // Check if it's because it's outdated
25. {
26. echo "Old exe";
27. }
28. else
29. {
30. echo "Exe not valid";
31. }
32. return;
33. }
34. // Checking if there is any problem in the format
35. if ( (empty( $user )) or ( strlen( $user ) < 6 ) or ( strlen( $user ) > 254 ) or ( ! ctype_alnum ( $user )) )
36. {
37. echo "Error";
38. return;
39. }
40. if ( (empty( $pw)) or (strlen($pw) < 10) or (strlen($pw) > 254) or (! preg_match("#[0-9]+#", $pw)) or ( !preg_match("#[a-z]+#", $pw )) or ( !preg_match("#[A-Z]+#", $pw )) )
41. {
42. echo "Error";
43. return;
44. }
45. if ( $pw != $confirm or empty( $confirm ) )
46. {
47. echo "Error";
48. return;
49. }
50. if (( empty( $email )) or ( ! filter_var($email, FILTER_VALIDATE_EMAIL)) or (strlen($email) > 254) )
51. {
52. echo "Error";
53. return;
54. }
55. if ( ( empty( $serial ) ) or ( strlen( $serial ) <> $serial_length ) )
56. {
57. echo "Error";
58. return;
59. }
60. // Check if Serial exists and is not already taken
61. $con = new mysqli($host, $username, $password, $database);
62. $stmt = $con->prepare("SELECT * FROM acc WHERE serial=?");
63. $stmt->bind_param('s', $serial);
64. $stmt->execute();
65. $result = $stmt->get_result();
66. $num_of_rows = $result->num_rows;
67. $result = $result->fetch_array();
68. // If Serial doesn't exist or is already taken
69. if ( ($num_of_rows==0) or ( ! empty( $result['username'] )) )
70. {
71. echo "Invalid Serial";
72. $error=1;
73. }
74. $stmt = $con->prepare("SELECT * FROM verify WHERE serial=?");
75. $stmt->bind_param('s', $serial);
76. $stmt->execute();
77. $result = $stmt->get_result();
78. $num_of_rows = $result->num_rows;
79. $result = $result->fetch_array();
80. // If Serial is on verify DB (means that someone already registered using it)
81. if ( ($num_of_rows<>0) and ($error<>1) )
82. {
83. echo "Invalid Serial";
84. $error=1;
85. }
86. if ($error<>1)
87. {
88. // Check if Username or E-mail is not already taken
89. $stmt = $con->prepare("SELECT * FROM acc WHERE username= ? OR email= ? LIMIT 1");
90. $stmt->bind_param('ss', $user, $email);
91. $stmt->execute();
92. $result = $stmt->get_result();
93. $num_of_rows = $result->num_rows;
94. $result = $result->fetch_array();
95. $stmt = $con->prepare("SELECT * FROM verify WHERE username= ? OR email= ? LIMIT 1");
96. $stmt->bind_param('ss', $user, $email);
97. $stmt->execute();
98. $result2 = $stmt->get_result();
99. $num_of_rows2 = $result2->num_rows;
100. $result2 = $result2->fetch_array();
101. if ( ($num_of_rows) or ($num_of_rows2) ) // If user or email already exists on verify and acc DB
102. {
103. if ( (strcasecmp($result['username'], $user) == 0) or (strcasecmp($result2['username'], $user) == 0) ) // If user already exists
104. {
105. echo "Username in use";
106. }
107. else if ( (strcasecmp($result['email'], $email) == 0) or (strcasecmp($result2['email'], $email) == 0) )// If e-mail is already taken
108. {
109. echo "Email in use";
110. }
111. }
112. else
113. {
114. // Do registration
115. $password = password_hash( $pw, PASSWORD_ARGON2ID, [
116. 'memory_cost' => $memory_cost,
117. 'time_cost' => $time_cost,
118. 'threads' => $threads,
119. ]);
120. $rand_id = random_int(-10000, 10000);
121. $rand_secret = random_str(32);
122. $stmt = $con->prepare("INSERT INTO verify (username, password, email, serial, rand_id, rand_secret) VALUES (?,?,?,?,?,?)");
123. $stmt->bind_param('ssssss', $user, $password, $email, $serial, $rand_id, $rand_secret);
124. $stmt->execute();
125. $confirmation_code = hash_hmac('sha256', $rand_id, $rand_secret);
126. $variables = array();
127. $variables['User'] = $user;
128. $variables['Serial'] = $serial;
129. $variables['Code'] = $confirmation_code;
130. $template = file_get_contents("template2.html");
131. foreach($variables as $key => $value)
132. {
133. $template = str_replace('{{ '.$key.' }}', $value, $template);
134. }
135. $mail->addAddress($email, $user);
136. $mail->msgHTML($template, __DIR__);
137. $mail->AltBody = "You can activate your account here: www.mysite.com/activate.php?id=$serial&conf=$confirmation_code";
138. if (!$mail->send())
139. {
140. echo 'error, mail not delivered';
141. }
142. else
143. {
144. echo "Registration OK! mail sent";
145. }
146. }
147. }
148. $stmt->close();
149. $con->close();
150. return;
151. }
152.  
153. function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
154. {
155. $pieces = [];
156. $max = mb_strlen($keyspace, '8bit') - 1;
157. for ($i = 0; $i < $length; ++$i) {
158. $pieces []= $keyspace[random_int(0, $max)];
159. }
160. return implode('', $pieces);
161. }
162. ?>
163.  
164. <?php
165. if ( ! empty( $_GET ) )
166. {
167. if ( isset($_GET['id']) and isset($_GET['conf']) )
168. {
169. $key=$_GET['id'];
170. $code=$_GET['conf'];
171. $con = new mysqli($host, $username, $password, $database);
172. $stmt = $con->prepare("SELECT * FROM verify WHERE serial=?");
173. $stmt->bind_param('s', $key);
174. $stmt->execute();
175. $result = $stmt->get_result();
176. $num_of_rows = $result->num_rows;
177. $result = $result->fetch_array();
178. // If Serial doesn't exist or is already taken
179. if ( ($num_of_rows==0) or ( empty( $result['username'] )) or ( empty( $result['rand_id'] )) or ( empty( $result['rand_secret'] )) )
180. {
181. $error=1;
182. echo "Invalid code";
183. }
184. if ( $error<>1 )
185. {
186. $rand_id = $result['rand_id'];
187. $rand_secret = $result['rand_secret'];
188. $confirmation_code = hash_hmac('sha256', $rand_id, $rand_secret);
189. if ($confirmation_code == $code)
190. {
191. $user=$result['username'];
192. $password=$result['password'];
193. $email=$result['email'];
194. $stmt = $con->prepare("UPDATE accounts SET username = ?, password = ?, email = ? WHERE Serial = ?");
195. $stmt->bind_param('ssss', $user, $password, $email, $key);
196. $stmt->execute();
197. $stmt = $con->prepare("DELETE from verify WHERE serial = ?");
198. $stmt->bind_param('s', $key);
199. $stmt->execute();
200. echo "Account activated";
201. }
202. else
203. {
204. $error=1;
205. echo "Invalid code";
206. }
207. }
208. $stmt->close();
209. $con->close();
210. return;
211. }
212. }
213.  
214. function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
215. {
216. $pieces = [];
217. $max = mb_strlen($keyspace, '8bit') - 1;
218. for ($i = 0; $i < $length; ++$i) {
219. $pieces []= $keyspace[random_int(0, $max)];
220. }
221. return implode('', $pieces);
222. }
223. ?>
224.  
225. <?php
226. use PHPMailerPHPMailerPHPMailer;
227. require 'vendor/autoload.php';
228. $mail = new PHPMailer;
229. $mail->isSMTP();
230. $mail->Host = 'smtphost';
231. $mail->Port = port;
232. $mail->SMTPAuth = true;
233. $mail->Username = 'mymail';
234. $mail->Password = 'mypassword';
235. $mail->setFrom('mymail', 'myname');
236. $mail->addReplyTo('mysupportmail', 'myname');
237. $mail->AddEmbeddedImage('img/logo.png', 'mylogo');
238. $mail->AddEmbeddedImage('img/gif.gif', 'mygif');
239. $mail->Subject = "Activation for account";
240. ?>