Sanitized

1. <?php
2. require '../functions.php';
3.     #sanitize($_POST['email'])
4.    #Would return the sanitized version of the inputted email
5.    #Written by Zbee (zbee.me)
6.    function sanitize($sql, $htmlAllowed = false) {
7.         $sql = preg_replace("/(drop table|show tables|`|\*|--|\\\\)/i","",$sql);
8.         $sql = trim($sql);
9.         if ($htmlAllowed ==== false) { $sql = strip_tags($sql); } #Some areas might have HTML, I dunno
10.             $sql = addslashes($sql);
11.         return $sql;
12.     }
13.  
14. $username = sanitize($_POST['username']);
15. $email = sanitize($_POST['email']);
16. $password = hash("sha256", sanitize($_POST['password'])); #You need to be using a salt, bro
17. $activationString = generateActivationString();
18. mysql_query("INSERT INTO users (username,email,password, activation_string) VALUES('$username','$email','$password','$activationString')");
19.  
20. $to = $email;
21. $subject = 'Xeno Network Website Acount Activation';
22. $headers = 'From: noreply@xenominecraft.ga';
23. $body = 'You have registered an account on the Xeno Network Website.' . "\r\n" .
24.         '' . "\r\n" .
25.         'Click this link below to confirm your registration:' . "\r\n" .
26.   'http://www.xenominecraft.ga/activate/?confirm='.$activationString . "\r\n" .
27.   '' . "\r\n" .
28.   'If you believe that this is a mistake, contact the website administrator at:' / "\r\n" .
29.   'mailto://website@xenominecraft.ga' . PHP_EOL;
30.  
31. mail($to, $subject, $headers, $body);
32. ?>