<?php //Start session session_start(); //Connect to the database

1. <?php
2.     //Start session
3.     session_start();
4.     //Connect to the database
5.     include("connection.php");
6.     //Check user inputs
7.     //Define error messages
8.     $missingUsername="<p><strong>Please enter a username!</strong></p>";
9.     $missingEmail="<p><strong>Please enter your email address!</strong></p>";
10.     $invalidEmail="<p><strong>Please enter a valid email address!</strong></p>";
11.     $missingPassword="<p><strong>Please enter a password!</strong></p>";
12.     $invalidPassword="<p><strong>Please enter a valid password, with at least 6 characters long and include one capital letter and one number!</strong></p>";
13.     $differentPassword="<p><strong>Passwords don\'t match!</strong></p>";
14.     $missingPassword2="<p><strong>Please confirm your password!</strong></p>";
15.     //Get username, email, password, password2
16.     //Get username
17.     if(empty($_POST["username"])){
18.         $errors .= $missingUsername;
19.     }else{
20.         $username = filter_var($_POST["username"],FILTER_SANITIZE_STRING);
21.     }
22.     //Get email
23.     if(empty($_POST["email"])){
24.         $errors .= $missingEmail;
25.     }else{
26.         $email = filter_var($_POST["email"],FILTER_SANITIZE_EMAIL);
27.         if(!filter_var($_POST["email"],FILTER_VALIDATE_EMAIL)){
28.             $errors .= $invalidEmail;
29.         }
30.     }
31.     //Get passwords
32.     if(empty($_POST["signuppassword"])){
33.         $errors .= $missingPassword;
34.     }elseif(!(strlen($_POST["signuppassword"])>=6 and preg_match('/[A-Z]/', $_POST["signuppassword"]) and preg_match('/[0-9]/',$_POST["signuppassword"]))){
35.         $errors .= $invalidPassword;
36.     }else{
37.         $password = filter_var($_POST["signuppassword"],FILTER_SANITIZE_STRING);
38.         if(empty($_POST["signuppassword2"])){
39.             $errors .= $missingPassword2;
40.         }else{
41.             $password2 = filter_var($_POST["signuppassword2"],FILTER_SANITIZE_STRING);
42.             if($password !== $password2){
43.                 echo "<p>pass1: $password</p>";
44.                 echo "<p>pass2: $password2</p>";
45.                 $errors .= $differentPassword;
46.             }
47.         }
48.     }
49.     //If there are any errors print error
50.     if($errors){
51.         $resultMessage = "<div class='alert alert-danger'>$errors</div>";
52.         echo $resultMessage;
53.     }
54.     //no errors
55.     //prepare variables for the queries
56.     $username = mysqli_real_escape_string($link, $username);
57.     $email = mysqli_real_escape_string($link, $email);
58.     $password = mysqli_real_escape_string($link, $password);
59.     //$password = md5($password);
60.     $password = hash('sha256',$password);
61.     //256 bits - 64 characters
62.     //if username exists in the users table print error
63.     $sql = "SELECT * FROM users WHERE username = '$username'";
64.     $result = mysqli_query($link,$sql);
65.     if(!$result){
66.         echo "<div class='alert alert-danger'>Error running the query 1!</div>";
67.         echo "<div class='alert alert-danger'>" . mysqli_error() . "</div>";
68.         exit;
69.     }
70.     $results = mysqli_num_rows($result);
71.     if($results){
72.         echo "<div class='alert alert-danger'>That username name is already registered. Do you want to log in?</div>";
73.         exit;
74.     }
75.     //if email exists in the users table print error
76.     $sql = "SELECT * FROM users WHERE email = '$email'";
77.     $result = mysqli_query($link,$sql);
78.     if(!$result){
79.         echo "<div class='alert alert-danger'>Error running the query 2!</div>";
80.         echo "<div class='alert alert-danger'>" . mysqli_error() . "</div>";
81.         exit;
82.     }
83.     $results = mysqli_num_rows($result);
84.     if($results){
85.         echo "<div class='alert alert-danger'>That email is already registered. Do you want to log in?</div>";
86.         exit;
87.     }
88.     //create a unique activation code
89.     $activationKey = bin2hex(openssl_random_pseudo_bytes(16));
90.         //byte: unit of data = 8 bits
91.         //bit: 0 or 1
92.         //16 bytes = 128 bits
93.         //(2*2*2*2)*2*2*2*2*...*2
94.         //32 charectaers
95.    
96.     //Insert user details and activation code in the users table
97.     $sql = "INSERT INTO users (username,email,password,activation) VALUES ('$username', '$email', '$password', '$activationKey')";
98.     if(!mysqli_query($link, $sql)){
99.         echo "<div class='alert alert-warning'>Error: Unable to execute: $sql." .  mysqli_error($link) . "</div>";
100.         exit;
101.     }else{
102.         //echo "<p>Success</p>";
103.     }
104.    
105.     //Send the user an email with the link to activate.php with their email and activation code
106.     $message = "Please click on this link to activate your account:\n\n";
107.     $message .= "http://soulkode.byethost15.com/websites/9.Online%20Notes%20APP/activate.php?email=" .urlencode($email) . "&key=$activationKey";
108.     if(mail($email, 'Confirm your Registration', $message, 'From:' . 'peter@gmail.com')){
109.         echo "<div class='alert alert-success'>Thank for your registring! A confirmation email has been sent to $email. Please click on the activation link to activate your account.</div>";
110.     }
111.  
112. ?>