daily pastebin goal
31%
SHARE
TWEET

register_inc

adhieresthenes Jun 5th, 2017 97 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. include_once '../app/config/config.php';
  3. include_once '../app/general/Security.php';
  4. require("../app/securimage/Securimage.php");
  5.  
  6. $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
  7. if (mysqli_connect_errno()) {
  8.     printf("Error Connection\n", mysqli_connect_error());
  9.     exit;
  10. }
  11. $mysqli_perso = new mysqli(HOST_PERSO, USER_PERSO, PASSWORD_PERSO, DATABASE_PERSO);
  12. if (mysqli_connect_errno()) {
  13.     printf("Error Connection\n", mysqli_connect_error());
  14.     exit;
  15. }
  16.  
  17. $error_msg = "";
  18.  
  19. function generateRandomString($length = 10) {
  20.     return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
  21. }
  22.  
  23. // Echo the random string.
  24. // Optionally, you can give it a desired string length up to 62 characters.
  25. $rand = generateRandomString();
  26.  
  27. if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
  28.     // Sanitize and validate the data passed in
  29.     $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
  30.     $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
  31.     $email = filter_var($email, FILTER_VALIDATE_EMAIL);
  32.     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  33.         // Not a valid email
  34.         $error_msg .= '<p class="error">Format email yang Anda masukkan salah.</p>';
  35.     }
  36.  
  37.     $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
  38.     if (strlen($password) != 128) {
  39.         // The hashed pwd should be 128 characters long.
  40.         // If it's not, something really odd has happened
  41.         $error_msg .= '<p class="error">Invalid password configuration.</p>';
  42.     }
  43.  
  44.     $no_ktp = filter_input(INPUT_POST, 'no_ktp', FILTER_SANITIZE_STRING);
  45.     $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
  46.     $handphone = filter_input(INPUT_POST, 'handphone');
  47.     $address = filter_input(INPUT_POST, 'address', FILTER_SANITIZE_STRING);
  48.     $kelurahan = filter_input(INPUT_POST, 'kelurahan', FILTER_SANITIZE_STRING);
  49.     $kecamatan = filter_input(INPUT_POST, 'kecamatan', FILTER_SANITIZE_STRING);
  50.     $city = filter_input(INPUT_POST, 'city', FILTER_SANITIZE_STRING);
  51.     $province = filter_input(INPUT_POST, 'province', FILTER_SANITIZE_STRING);
  52.     $zipcode = filter_input(INPUT_POST, 'zipcode', FILTER_SANITIZE_NUMBER_INT);
  53.     $obu_id = filter_input(INPUT_POST, 'obu_id');
  54.     $no_plat = filter_input(INPUT_POST, 'no_plat');
  55.     $no_mesin = filter_input(INPUT_POST, 'no_mesin');
  56.  
  57.  
  58.     // Username validity and password validity have been checked client side.
  59.     // This should should be adequate as nobody gains any advantage from
  60.     // breaking these rules.
  61.     //
  62.  
  63.     $prep_stmt = "SELECT id FROM m_user WHERE email = ? LIMIT 1";
  64.     $stmt = $mysqli->prepare($prep_stmt);
  65.  
  66.    // check existing email  
  67.     if ($stmt) {
  68.         $stmt->bind_param('s', $email);
  69.         $stmt->execute();
  70.         $stmt->store_result();
  71.  
  72.         if ($stmt->num_rows == 1) {
  73.             // A user with this email address already exists
  74.             $error_msg .= '<p class="error">Email yang Anda pilih sudah terdaftar. Silakan gunakan email yang lain.</p>';
  75.             $stmt->close();
  76.         }
  77.         //$stmt->close();
  78.     } else {
  79.         $error_msg .= '<p class="error">Database error Line 39</p>';
  80.         //$stmt->close();
  81.     }
  82.  
  83.     // check existing username
  84.     $prep_stmt = "SELECT id FROM m_user WHERE username = ? LIMIT 1";
  85.     $stmt = $mysqli->prepare($prep_stmt);
  86.  
  87.     if ($stmt) {
  88.         $stmt->bind_param('s', $username);
  89.         $stmt->execute();
  90.         $stmt->store_result();
  91.  
  92.         if ($stmt->num_rows == 1) {
  93.             // A user with this username already exists
  94.             $error_msg .= '<p class="error">Username yang Anda pilih sudah terdaftar. Silakan gunakan username yang lain.</p>';
  95.             //$stmt->close();
  96.         }
  97.         //$stmt->close();
  98.     } else {
  99.         $error_msg .= '<p class="error">Database error line 55</p>';
  100.         //$stmt->close();
  101.     }
  102.  
  103.        
  104.  
  105.     // check existing OBU ID
  106.     $prep_stmt = "SELECT id FROM m_user WHERE obu_id = ? LIMIT 1";
  107.     $stmt = $mysqli->prepare($prep_stmt);
  108.  
  109.     if ($stmt) {
  110.         $stmt->bind_param('s', $obu_id);
  111.         $stmt->execute();
  112.         $stmt->store_result();
  113.  
  114.         if ($stmt->num_rows == 1) {
  115.             // A user with this username already exists
  116.             $error_msg .= '<p class="error">OBU ID yang Anda masukkan sudah digunakan.</p>';
  117.             //$stmt->close();
  118.         }
  119.         //$stmt->close();
  120.     } else {
  121.         $error_msg .= '<p class="error">Database error line 75</p>';
  122.         //$stmt->close();
  123.     }
  124.    
  125.     // check OBU ID is not already registered yet on obu_registred
  126.     $prep_stmt = "SELECT obu_id FROM obu_registered WHERE obu_id = ? LIMIT 1";
  127.     $stmt = $mysqli->prepare($prep_stmt);
  128.  
  129.     if ($stmt) {
  130.         $stmt->bind_param('s', $obu_id);
  131.         $stmt->execute();
  132.         $stmt->store_result();
  133.  
  134.         if ($stmt->num_rows > 0) {
  135.             $error_msg .= '<p class="error">OBU ID yang Anda masukkan sudah digunakan.</p>';
  136.         }
  137.     }
  138.  
  139.     // check OBU ID has to registered on obu_account, if not then unknown OBU ID
  140.     $prep_stmt = "SELECT obu_id FROM obu_account WHERE obu_id = ? LIMIT 1";
  141.     $stmt = $mysqli_perso->prepare($prep_stmt);
  142.  
  143.     if ($stmt) {
  144.         $stmt->bind_param('s', $obu_id);
  145.         $stmt->execute();
  146.         $stmt->store_result();
  147.  
  148.         if ($stmt->num_rows == 0) {
  149.             $error_msg .= '<p class="error">OBU ID yang Anda masukkan tidak dikenal.</p>';
  150.         }
  151.     }
  152.    
  153.     // TODO:
  154.     // We'll also have to account for the situation where the user doesn't have
  155.     // rights to do registration, by checking what type of user is attempting to
  156.     // perform the operation.
  157.     $captcha = $_POST['captcha_code'];
  158.     $img = new Securimage();
  159.     if ( ! $img->check($_POST['captcha_code'])) {
  160.         $error_msg .= '<p class="error">Silakan masukkan kode CAPTCHA dengan benar.</p>';
  161.     }
  162.  
  163.     if (empty($error_msg)) {
  164.         // Create a random salt
  165.         //$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work
  166.         $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
  167.  
  168.         // Create salted password
  169.         $password = hash('sha512', $password . $random_salt);
  170.         $active = "1";
  171.  
  172.  
  173.         // Insert the new user into the database
  174.         if ($insert_stmt = $mysqli->prepare("INSERT INTO m_user
  175.                (username, email, password, salt, active,
  176.                    name, handphone, address, city, kelurahan,
  177.                    kecamatan, province, zipcode, obu_id, no_plat,
  178.                    no_mesin, rand_key, no_ktp)
  179.                VALUES (?, ?, ?, ?, ?,
  180.                    ?, ?, ?, ?, ?,
  181.                    ?, ?, ?, ?, ?,
  182.                    ?, ?, ?)
  183.            ")) {
  184.             $insert_stmt->bind_param('ssssssssssssssssss', $username, $email, $password, $random_salt, $active, $name, $handphone, $address, $city, $kelurahan, $kecamatan, $province, $zipcode, $obu_id, $no_plat, $no_mesin, $rand, $no_ktp);
  185.             // Execute the prepared query.
  186.             if (! $insert_stmt->execute()) {
  187.                 header('Location: reg.php?err='.$err_msg);
  188.             }
  189.  
  190.             $query5 = "INSERT INTO obu_registered (obu_id,username,create_date,created_by,no_plat,no_mesin,tipe_akun) ".
  191.                 "VALUES ('".$obu_id."', '".$username."', NOW(), '".$username."', '".$no_plat."', '".$no_mesin."','prepaid')";
  192.             $result5 = $mysqli->query($query5);
  193.             //printf("Error: %s.\n", $stmt->error);
  194.            
  195.             $mysqli_perso->query("UPDATE obu_account SET customer_name = '{$name}', phone_number = '{$handphone}', last_update = now(), update_by = '{$username}' WHERE obu_id = '{$obu_id}'");
  196.            
  197.             // send sms notification
  198.             $msg = "OBU ID {$obu_id} berhasil ditambahkan";
  199.             $mysqli_perso->query("INSERT INTO sms_inbox (obu_id,phone_number,sms,time_req) VALUES ('{$obu_id}', '{$handphone}', '{$msg}', NOW())");
  200.         }
  201.  
  202.         header('Location: reg_success.php');
  203.         exit;
  204.     }
  205.    
  206. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top