Zbee

Sanitized

Apr 16th, 2014
92
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. require '../functions.php';
  3.     #sanitize($_POST['email'])
  4.    #Would return the sanitized version of the inputted email
  5.    #Written by Zbee (zbee.me)
  6.    function sanitize($sql, $htmlAllowed = false) {
  7.         $sql = preg_replace("/(drop table|show tables|`|\*|--|\\\\)/i","",$sql);
  8.         $sql = trim($sql);
  9.         if ($htmlAllowed ==== false) { $sql = strip_tags($sql); } #Some areas might have HTML, I dunno
  10.             $sql = addslashes($sql);
  11.         return $sql;
  12.     }
  13.  
  14. $username = sanitize($_POST['username']);
  15. $email = sanitize($_POST['email']);
  16. $password = hash("sha256", sanitize($_POST['password'])); #You need to be using a salt, bro
  17. $activationString = generateActivationString();
  18. mysql_query("INSERT INTO users (username,email,password, activation_string) VALUES('$username','$email','$password','$activationString')");
  19.  
  20. $to = $email;
  21. $subject = 'Xeno Network Website Acount Activation';
  22. $headers = 'From: noreply@xenominecraft.ga';
  23. $body = 'You have registered an account on the Xeno Network Website.' . "\r\n" .
  24.         '' . "\r\n" .
  25.         'Click this link below to confirm your registration:' . "\r\n" .
  26.   'http://www.xenominecraft.ga/activate/?confirm='.$activationString . "\r\n" .
  27.   '' . "\r\n" .
  28.   'If you believe that this is a mistake, contact the website administrator at:' / "\r\n" .
  29.   'mailto://website@xenominecraft.ga' . PHP_EOL;
  30.  
  31. mail($to, $subject, $headers, $body);
  32. ?>
RAW Paste Data