Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // required headers
- header("Access-Control-Allow-Origin: *");
- header("Content-Type: application/json; charset=UTF-8");
- // include database and object files
- include_once '../config/database.php';
- // instantiate database and product object
- $database = new Database();
- $conn = $database->getConnection();
- // Get post variables
- $username = $_POST['username'];
- $password = $_POST['password'];
- $email = $_POST['email'];
- // Init error variables & flag
- $usernameError = $passwordError = $emailError = '';
- $generalError = '';
- $error = false;
- if(isset($username) && isset($password) && isset($email)) {
- // Convert username and email to lowercase only as well as test the input
- // also escape strings
- $username = $conn->real_escape_string(strtolower(test_input($username)));
- $email = $conn->real_escape_string(strtolower(test_input($email)));
- $password = $conn->real_escape_string(test_input($password));
- /*
- Test username
- */
- // Test username for whitespaces
- if (preg_match("/\s/", $username)) {
- $error = true;
- $usernameError = "username can not contain any spaces";
- }
- // Test username for letters and number only
- else if(!ctype_alnum($username)){
- $error = true;
- $usernameError = "username can only contain a-z, A-Z, 0-9";
- }
- // Check if username is taken
- else {
- $sql = "SELECT USERNAME FROM users WHERE USERNAME = '$username'"; # <- Change to prepared statement if wanted... Not rly needed tho
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- $error = true;
- $usernameError = "this username is taken";
- }
- }
- /*
- Test password
- */
- if(strlen($password) < 8) {
- $error = true;
- $passwordError = "password must contain at least 8 characters";
- }
- /*
- Test email
- */
- // check if e-mail address is well-formed
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
- $error = true;
- $emailError = "wrong email format";
- }
- //Check if email is busy
- else {
- $sql = "SELECT EMAIL FROM users WHERE EMAIL = '$email'"; # <- Change to prepared statement if wanted... Not rly needed tho
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- $error = true;
- $emailError = "there already exist a user with this email";
- }
- }
- // Add user to database if everything is ok
- if(!$error && empty($usernameError) && empty($passwordError) && empty($emailError)) {
- $stmt = $conn->prepare("INSERT INTO users (ACTIVE, TIER, USERNAME, PASSWORD, EMAIL, IP) VALUES (?, ?, ?, ?, ?, ?)");
- $stmt->bind_param("iissss", $active, $tier, $sqlUsername, $sqlPassword, $sqlEmail, $ip);
- // Set this values to new users
- $active = '1';
- $tier = '1';
- $sqlUsername = $username;
- $sqlPassword = password_hash($password, PASSWORD_BCRYPT, array('cost' => 12));
- $sqlEmail = $email;
- $ip = $conn->real_escape_string($_SERVER["REMOTE_ADDR"]);
- if ($stmt->execute() === TRUE) {
- //Close register statement
- $stmt->close();
- //Query out user ID and create users own image folder
- $stmt = $conn->prepare("SELECT ID FROM users WHERE USERNAME = ?");
- $stmt->bind_param("s", $username);
- $username = $username;
- if(($stmt->execute()) && ($stmt->bind_result($ul_folder)) && ($stmt->fetch())){
- //Close statement
- $stmt->close();
- //Also create this upload folder
- mkdir('../../../uploads/'.$ul_folder);
- //Update upload_stats table
- $stat_sql = "UPDATE upload_stats SET USERS = USERS +1 WHERE ID=1";
- $conn->query($stat_sql);
- // Set response code to 201 and echo json response
- http_response_code(201);
- $response=array(
- "status" => "created",
- "id" => $ul_folder
- );
- echo json_encode($response);
- }
- else {
- $error = true;
- $generalError = "error when creating folder for user, please contact support";
- }
- }
- else {
- $error = true;
- $generalError = "something went wrong in the sql query, please try again";
- }
- }
- }
- else {
- $error = true;
- $generalError = "POST variables username, password and email required";
- }
- /*
- Error response
- */
- // If an error occurred above, respond with it here
- if($error) {
- $response=array(
- "status" => "error"
- );
- if(strlen($generalError) > 0) {
- $response['general-error'] = $generalError;
- }
- if(strlen($usernameError) > 0) {
- $response['username-error'] = $usernameError;
- }
- if(strlen($passwordError) > 0) {
- $response['password-error'] = $passwordError;
- }
- if(strlen($emailError) > 0) {
- $response['email-error'] = $emailError;
- }
- // Set response code to 400 and echo json response
- http_response_code(400);
- echo json_encode($response);
- }
- //Function to block input data from running server scripts etc.
- function test_input($data) {
- $data = trim($data);
- $data = stripslashes($data);
- $data = htmlspecialchars($data);
- return $data;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement