<?php/* Registration process, inserts user info into the database and sen

1. <?php
2. /* Registration process, inserts user info into the database
3.    and sends account confirmation email message
4.  */
5.  
6. session_start();
7.  
8. // Set session variables to be used on profile.php page
9. $_SESSION['email'] = $_POST['email'];
10. $_SESSION['first_name'] = $_POST['firstname'];
11. $_SESSION['last_name'] = $_POST['lastname'];
12.  
13. // Escape all $_POST variables to protect against SQL injections
14. $first_name = $mysqli->escape_string($_POST['firstname']);
15. $last_name = $mysqli->escape_string($_POST['lastname']);
16. $email = $mysqli->escape_string($_POST['email']);
17. $password = $mysqli->escape_string(password_hash($_POST['password'], PASSWORD_BCRYPT));
18. $hash = $mysqli->escape_string( md5( rand(0,1000) ) );
19. $igname = $mysqli->escape_string($_POST['igname']);
20. $profileurl = $mysqli->escape_string($_POST['profileurl']);
21. $rules = $mysqli->escape_string($_POST['rules']);
22. $username2 = $mysqli->escape_string($_POST['username']);
23.  
24.      
25. // Check if user with that email already exists
26. if(!($stmt = $mysqli->prepare("SELECT * FROM users WHERE email='?' OR username='?'"))){
27.  echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
28. }
29.  
30. if(!$stmt->bind_param('ss', $email, $username2)){
31.      echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
32. }
33.  
34. if(!$stmt->execute()){
35.      echo "Execute failed: (" . $stmt->errno .")" . $stmt->error;
36. }
37.  
38. if($stmt->num_rows > 0) {
39.         $_SESSION['message'] = 'User with this email already exists!';
40.         header("location: error.php");
41.         exit();
42. }elseif ($stmt->num_rows > 0){
43.     $_SESSION['message'] = 'User with this username already exists!';
44.     header("location: error.php");
45.     exit();
46. }
47. else { // Email doesn't already exist in a database, proceed...
48.  
49.     //define the receiver of the email
50. $to = 'kielly@picmount.ca';
51. //define the subject of the email
52. $subject = 'NEWUSER';
53. //define the message to be sent. Each line should be separated with \n
54. $message = "Someone has registered";
55. //define the headers we want passed. Note that they are separated with \r\n
56. $headers = "From: general@picmount.ca\r\nReply-To: webmaster@example.com";
57. //send the email
58. $mail_sent = @mail( $to, $subject, $message, $headers );
59. //if the message is sent successfully print "Mail sent". Otherwise print "Mail failed"
60. echo $mail_sent ? "Mail sent" : "Mail failed";
61.     // active is 0 by DEFAULT (no need to include it here)
62.    
63.     if(!($stmt = $mysqli->prepare("INSERT INTO users (first_name, last_name, email, password, hash, igname, profileurl, readrules, admin, username) VALUES (?,?,?,?,?,?,?,?,?,?)}"))){
64.  echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
65. }
66.  
67. if(!$stmt->bind_param('ssssisssss', $first_name, $last_name, $email, $password, $hash, $igname, $profileurl, $rules, 0, $username2)){
68.      echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
69. }
70.  
71. if(!$stmt->execute()){
72.      echo "Execute failed: (" . $stmt->errno .")" . $stmt->error;
73. }
74.    
75.    
76.     if($stmt) {
77.         $_SESSION['active'] = 0; //0 until user activates their account with verify.php
78.         $_SESSION['logged_in'] = true; // So we know the user has logged in
79.         $_SESSION['admin'] = 0;
80.         $_SESSION['message'] =
81.                
82.                  "Thank you for applying. Please wait while admins check over your application. You should recieve an email shortly. (Check junk folders and allow up to 5 hours for a review)";
83.         header("location: usertest.php");
84.         exit();
85.  
86.     }
87.     else{
88.         echo "Registration failed";
89.     }
90. }
91.  
92. $mysqli->close();