API tools faq
paste
Advertisement
adhieresthenes

register_inc

adhieresthenes
Jun 5th, 2017
234
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 7.85 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include_once '../app/config/config.php';
  3. include_once '../app/general/Security.php';
  4. require("../app/securimage/Securimage.php");
  5.  
  6. $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
  7. if (mysqli_connect_errno()) {
  8.     printf("Error Connection\n", mysqli_connect_error());
  9.     exit;
  10. }
  11. $mysqli_perso = new mysqli(HOST_PERSO, USER_PERSO, PASSWORD_PERSO, DATABASE_PERSO);
  12. if (mysqli_connect_errno()) {
  13.     printf("Error Connection\n", mysqli_connect_error());
  14.     exit;
  15. }
  16.  
  17. $error_msg = "";
  18.  
  19. function generateRandomString($length = 10) {
  20.     return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
  21. }
  22.  
  23. // Echo the random string.
  24. // Optionally, you can give it a desired string length up to 62 characters.
  25. $rand = generateRandomString();
  26.  
  27. if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
  28.     // Sanitize and validate the data passed in
  29.     $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
  30.     $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
  31.     $email = filter_var($email, FILTER_VALIDATE_EMAIL);
  32.     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  33.         // Not a valid email
  34.         $error_msg .= '<p class="error">Format email yang Anda masukkan salah.</p>';
  35.     }
  36.  
  37.     $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
  38.     if (strlen($password) != 128) {
  39.         // The hashed pwd should be 128 characters long.
  40.         // If it's not, something really odd has happened
  41.         $error_msg .= '<p class="error">Invalid password configuration.</p>';
  42.     }
  43.  
  44.     $no_ktp = filter_input(INPUT_POST, 'no_ktp', FILTER_SANITIZE_STRING);
  45.     $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
  46.     $handphone = filter_input(INPUT_POST, 'handphone');
  47.     $address = filter_input(INPUT_POST, 'address', FILTER_SANITIZE_STRING);
  48.     $kelurahan = filter_input(INPUT_POST, 'kelurahan', FILTER_SANITIZE_STRING);
  49.     $kecamatan = filter_input(INPUT_POST, 'kecamatan', FILTER_SANITIZE_STRING);
  50.     $city = filter_input(INPUT_POST, 'city', FILTER_SANITIZE_STRING);
  51.     $province = filter_input(INPUT_POST, 'province', FILTER_SANITIZE_STRING);
  52.     $zipcode = filter_input(INPUT_POST, 'zipcode', FILTER_SANITIZE_NUMBER_INT);
  53.     $obu_id = filter_input(INPUT_POST, 'obu_id');
  54.     $no_plat = filter_input(INPUT_POST, 'no_plat');
  55.     $no_mesin = filter_input(INPUT_POST, 'no_mesin');
  56.  
  57.  
  58.     // Username validity and password validity have been checked client side.
  59.     // This should should be adequate as nobody gains any advantage from
  60.     // breaking these rules.
  61.     //
  62.  
  63.     $prep_stmt = "SELECT id FROM m_user WHERE email = ? LIMIT 1";
  64.     $stmt = $mysqli->prepare($prep_stmt);
  65.  
  66.    // check existing email  
  67.     if ($stmt) {
  68.         $stmt->bind_param('s', $email);
  69.         $stmt->execute();
  70.         $stmt->store_result();
  71.  
  72.         if ($stmt->num_rows == 1) {
  73.             // A user with this email address already exists
  74.             $error_msg .= '<p class="error">Email yang Anda pilih sudah terdaftar. Silakan gunakan email yang lain.</p>';
  75.             $stmt->close();
  76.         }
  77.         //$stmt->close();
  78.     } else {
  79.         $error_msg .= '<p class="error">Database error Line 39</p>';
  80.         //$stmt->close();
  81.     }
  82.  
  83.     // check existing username
  84.     $prep_stmt = "SELECT id FROM m_user WHERE username = ? LIMIT 1";
  85.     $stmt = $mysqli->prepare($prep_stmt);
  86.  
  87.     if ($stmt) {
  88.         $stmt->bind_param('s', $username);
  89.         $stmt->execute();
  90.         $stmt->store_result();
  91.  
  92.         if ($stmt->num_rows == 1) {
  93.             // A user with this username already exists
  94.             $error_msg .= '<p class="error">Username yang Anda pilih sudah terdaftar. Silakan gunakan username yang lain.</p>';
  95.             //$stmt->close();
  96.         }
  97.         //$stmt->close();
  98.     } else {
  99.         $error_msg .= '<p class="error">Database error line 55</p>';
  100.         //$stmt->close();
  101.     }
  102.  
  103.        
  104.  
  105.     // check existing OBU ID
  106.     $prep_stmt = "SELECT id FROM m_user WHERE obu_id = ? LIMIT 1";
  107.     $stmt = $mysqli->prepare($prep_stmt);
  108.  
  109.     if ($stmt) {
  110.         $stmt->bind_param('s', $obu_id);
  111.         $stmt->execute();
  112.         $stmt->store_result();
  113.  
  114.         if ($stmt->num_rows == 1) {
  115.             // A user with this username already exists
  116.             $error_msg .= '<p class="error">OBU ID yang Anda masukkan sudah digunakan.</p>';
  117.             //$stmt->close();
  118.         }
  119.         //$stmt->close();
  120.     } else {
  121.         $error_msg .= '<p class="error">Database error line 75</p>';
  122.         //$stmt->close();
  123.     }
  124.    
  125.     // check OBU ID is not already registered yet on obu_registred
  126.     $prep_stmt = "SELECT obu_id FROM obu_registered WHERE obu_id = ? LIMIT 1";
  127.     $stmt = $mysqli->prepare($prep_stmt);
  128.  
  129.     if ($stmt) {
  130.         $stmt->bind_param('s', $obu_id);
  131.         $stmt->execute();
  132.         $stmt->store_result();
  133.  
  134.         if ($stmt->num_rows > 0) {
  135.             $error_msg .= '<p class="error">OBU ID yang Anda masukkan sudah digunakan.</p>';
  136.         }
  137.     }
  138.  
  139.     // check OBU ID has to registered on obu_account, if not then unknown OBU ID
  140.     $prep_stmt = "SELECT obu_id FROM obu_account WHERE obu_id = ? LIMIT 1";
  141.     $stmt = $mysqli_perso->prepare($prep_stmt);
  142.  
  143.     if ($stmt) {
  144.         $stmt->bind_param('s', $obu_id);
  145.         $stmt->execute();
  146.         $stmt->store_result();
  147.  
  148.         if ($stmt->num_rows == 0) {
  149.             $error_msg .= '<p class="error">OBU ID yang Anda masukkan tidak dikenal.</p>';
  150.         }
  151.     }
  152.    
  153.     // TODO:
  154.     // We'll also have to account for the situation where the user doesn't have
  155.     // rights to do registration, by checking what type of user is attempting to
  156.     // perform the operation.
  157.     $captcha = $_POST['captcha_code'];
  158.     $img = new Securimage();
  159.     if ( ! $img->check($_POST['captcha_code'])) {
  160.         $error_msg .= '<p class="error">Silakan masukkan kode CAPTCHA dengan benar.</p>';
  161.     }
  162.  
  163.     if (empty($error_msg)) {
  164.         // Create a random salt
  165.         //$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work
  166.         $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
  167.  
  168.         // Create salted password
  169.         $password = hash('sha512', $password . $random_salt);
  170.         $active = "1";
  171.  
  172.  
  173.         // Insert the new user into the database
  174.         if ($insert_stmt = $mysqli->prepare("INSERT INTO m_user
  175.                (username, email, password, salt, active,
  176.                    name, handphone, address, city, kelurahan,
  177.                    kecamatan, province, zipcode, obu_id, no_plat,
  178.                    no_mesin, rand_key, no_ktp)
  179.                VALUES (?, ?, ?, ?, ?,
  180.                    ?, ?, ?, ?, ?,
  181.                    ?, ?, ?, ?, ?,
  182.                    ?, ?, ?)
  183.            ")) {
  184.             $insert_stmt->bind_param('ssssssssssssssssss', $username, $email, $password, $random_salt, $active, $name, $handphone, $address, $city, $kelurahan, $kecamatan, $province, $zipcode, $obu_id, $no_plat, $no_mesin, $rand, $no_ktp);
  185.             // Execute the prepared query.
  186.             if (! $insert_stmt->execute()) {
  187.                 header('Location: reg.php?err='.$err_msg);
  188.             }
  189.  
  190.             $query5 = "INSERT INTO obu_registered (obu_id,username,create_date,created_by,no_plat,no_mesin,tipe_akun) ".
  191.                 "VALUES ('".$obu_id."', '".$username."', NOW(), '".$username."', '".$no_plat."', '".$no_mesin."','prepaid')";
  192.             $result5 = $mysqli->query($query5);
  193.             //printf("Error: %s.\n", $stmt->error);
  194.            
  195.             $mysqli_perso->query("UPDATE obu_account SET customer_name = '{$name}', phone_number = '{$handphone}', last_update = now(), update_by = '{$username}' WHERE obu_id = '{$obu_id}'");
  196.            
  197.             // send sms notification
  198.             $msg = "OBU ID {$obu_id} berhasil ditambahkan";
  199.             $mysqli_perso->query("INSERT INTO sms_inbox (obu_id,phone_number,sms,time_req) VALUES ('{$obu_id}', '{$handphone}', '{$msg}', NOW())");
  200.         }
  201.  
  202.         header('Location: reg_success.php');
  203.         exit;
  204.     }
  205.    
  206. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!