Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include_once '../app/config/config.php';
- include_once '../app/general/Security.php';
- require("../app/securimage/Securimage.php");
- $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
- if (mysqli_connect_errno()) {
- printf("Error Connection\n", mysqli_connect_error());
- exit;
- }
- $mysqli_perso = new mysqli(HOST_PERSO, USER_PERSO, PASSWORD_PERSO, DATABASE_PERSO);
- if (mysqli_connect_errno()) {
- printf("Error Connection\n", mysqli_connect_error());
- exit;
- }
- $error_msg = "";
- function generateRandomString($length = 10) {
- return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
- }
- // Echo the random string.
- // Optionally, you can give it a desired string length up to 62 characters.
- $rand = generateRandomString();
- if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
- // Sanitize and validate the data passed in
- $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
- $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
- $email = filter_var($email, FILTER_VALIDATE_EMAIL);
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
- // Not a valid email
- $error_msg .= '<p class="error">Format email yang Anda masukkan salah.</p>';
- }
- $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
- if (strlen($password) != 128) {
- // The hashed pwd should be 128 characters long.
- // If it's not, something really odd has happened
- $error_msg .= '<p class="error">Invalid password configuration.</p>';
- }
- $no_ktp = filter_input(INPUT_POST, 'no_ktp', FILTER_SANITIZE_STRING);
- $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
- $handphone = filter_input(INPUT_POST, 'handphone');
- $address = filter_input(INPUT_POST, 'address', FILTER_SANITIZE_STRING);
- $kelurahan = filter_input(INPUT_POST, 'kelurahan', FILTER_SANITIZE_STRING);
- $kecamatan = filter_input(INPUT_POST, 'kecamatan', FILTER_SANITIZE_STRING);
- $city = filter_input(INPUT_POST, 'city', FILTER_SANITIZE_STRING);
- $province = filter_input(INPUT_POST, 'province', FILTER_SANITIZE_STRING);
- $zipcode = filter_input(INPUT_POST, 'zipcode', FILTER_SANITIZE_NUMBER_INT);
- $obu_id = filter_input(INPUT_POST, 'obu_id');
- $no_plat = filter_input(INPUT_POST, 'no_plat');
- $no_mesin = filter_input(INPUT_POST, 'no_mesin');
- // Username validity and password validity have been checked client side.
- // This should should be adequate as nobody gains any advantage from
- // breaking these rules.
- //
- $prep_stmt = "SELECT id FROM m_user WHERE email = ? LIMIT 1";
- $stmt = $mysqli->prepare($prep_stmt);
- // check existing email
- if ($stmt) {
- $stmt->bind_param('s', $email);
- $stmt->execute();
- $stmt->store_result();
- if ($stmt->num_rows == 1) {
- // A user with this email address already exists
- $error_msg .= '<p class="error">Email yang Anda pilih sudah terdaftar. Silakan gunakan email yang lain.</p>';
- $stmt->close();
- }
- //$stmt->close();
- } else {
- $error_msg .= '<p class="error">Database error Line 39</p>';
- //$stmt->close();
- }
- // check existing username
- $prep_stmt = "SELECT id FROM m_user WHERE username = ? LIMIT 1";
- $stmt = $mysqli->prepare($prep_stmt);
- if ($stmt) {
- $stmt->bind_param('s', $username);
- $stmt->execute();
- $stmt->store_result();
- if ($stmt->num_rows == 1) {
- // A user with this username already exists
- $error_msg .= '<p class="error">Username yang Anda pilih sudah terdaftar. Silakan gunakan username yang lain.</p>';
- //$stmt->close();
- }
- //$stmt->close();
- } else {
- $error_msg .= '<p class="error">Database error line 55</p>';
- //$stmt->close();
- }
- // check existing OBU ID
- $prep_stmt = "SELECT id FROM m_user WHERE obu_id = ? LIMIT 1";
- $stmt = $mysqli->prepare($prep_stmt);
- if ($stmt) {
- $stmt->bind_param('s', $obu_id);
- $stmt->execute();
- $stmt->store_result();
- if ($stmt->num_rows == 1) {
- // A user with this username already exists
- $error_msg .= '<p class="error">OBU ID yang Anda masukkan sudah digunakan.</p>';
- //$stmt->close();
- }
- //$stmt->close();
- } else {
- $error_msg .= '<p class="error">Database error line 75</p>';
- //$stmt->close();
- }
- // check OBU ID is not already registered yet on obu_registred
- $prep_stmt = "SELECT obu_id FROM obu_registered WHERE obu_id = ? LIMIT 1";
- $stmt = $mysqli->prepare($prep_stmt);
- if ($stmt) {
- $stmt->bind_param('s', $obu_id);
- $stmt->execute();
- $stmt->store_result();
- if ($stmt->num_rows > 0) {
- $error_msg .= '<p class="error">OBU ID yang Anda masukkan sudah digunakan.</p>';
- }
- }
- // check OBU ID has to registered on obu_account, if not then unknown OBU ID
- $prep_stmt = "SELECT obu_id FROM obu_account WHERE obu_id = ? LIMIT 1";
- $stmt = $mysqli_perso->prepare($prep_stmt);
- if ($stmt) {
- $stmt->bind_param('s', $obu_id);
- $stmt->execute();
- $stmt->store_result();
- if ($stmt->num_rows == 0) {
- $error_msg .= '<p class="error">OBU ID yang Anda masukkan tidak dikenal.</p>';
- }
- }
- // TODO:
- // We'll also have to account for the situation where the user doesn't have
- // rights to do registration, by checking what type of user is attempting to
- // perform the operation.
- $captcha = $_POST['captcha_code'];
- $img = new Securimage();
- if ( ! $img->check($_POST['captcha_code'])) {
- $error_msg .= '<p class="error">Silakan masukkan kode CAPTCHA dengan benar.</p>';
- }
- if (empty($error_msg)) {
- // Create a random salt
- //$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work
- $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
- // Create salted password
- $password = hash('sha512', $password . $random_salt);
- $active = "1";
- // Insert the new user into the database
- if ($insert_stmt = $mysqli->prepare("INSERT INTO m_user
- (username, email, password, salt, active,
- name, handphone, address, city, kelurahan,
- kecamatan, province, zipcode, obu_id, no_plat,
- no_mesin, rand_key, no_ktp)
- VALUES (?, ?, ?, ?, ?,
- ?, ?, ?, ?, ?,
- ?, ?, ?, ?, ?,
- ?, ?, ?)
- ")) {
- $insert_stmt->bind_param('ssssssssssssssssss', $username, $email, $password, $random_salt, $active, $name, $handphone, $address, $city, $kelurahan, $kecamatan, $province, $zipcode, $obu_id, $no_plat, $no_mesin, $rand, $no_ktp);
- // Execute the prepared query.
- if (! $insert_stmt->execute()) {
- header('Location: reg.php?err='.$err_msg);
- }
- $query5 = "INSERT INTO obu_registered (obu_id,username,create_date,created_by,no_plat,no_mesin,tipe_akun) ".
- "VALUES ('".$obu_id."', '".$username."', NOW(), '".$username."', '".$no_plat."', '".$no_mesin."','prepaid')";
- $result5 = $mysqli->query($query5);
- //printf("Error: %s.\n", $stmt->error);
- $mysqli_perso->query("UPDATE obu_account SET customer_name = '{$name}', phone_number = '{$handphone}', last_update = now(), update_by = '{$username}' WHERE obu_id = '{$obu_id}'");
- // send sms notification
- $msg = "OBU ID {$obu_id} berhasil ditambahkan";
- $mysqli_perso->query("INSERT INTO sms_inbox (obu_id,phone_number,sms,time_req) VALUES ('{$obu_id}', '{$handphone}', '{$msg}', NOW())");
- }
- header('Location: reg_success.php');
- exit;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement