Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /* Registration process, inserts user info into the database
- and sends account confirmation email message
- */
- session_start();
- // Set session variables to be used on profile.php page
- $_SESSION['email'] = $_POST['email'];
- $_SESSION['first_name'] = $_POST['firstname'];
- $_SESSION['last_name'] = $_POST['lastname'];
- // Escape all $_POST variables to protect against SQL injections
- $first_name = $mysqli->escape_string($_POST['firstname']);
- $last_name = $mysqli->escape_string($_POST['lastname']);
- $email = $mysqli->escape_string($_POST['email']);
- $password = $mysqli->escape_string(password_hash($_POST['password'], PASSWORD_BCRYPT));
- $hash = $mysqli->escape_string( md5( rand(0,1000) ) );
- $igname = $mysqli->escape_string($_POST['igname']);
- $profileurl = $mysqli->escape_string($_POST['profileurl']);
- $rules = $mysqli->escape_string($_POST['rules']);
- $username2 = $mysqli->escape_string($_POST['username']);
- // Check if user with that email already exists
- if(!($stmt = $mysqli->prepare("SELECT * FROM users WHERE email='?' OR username='?'"))){
- echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
- }
- if(!$stmt->bind_param('ss', $email, $username2)){
- echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
- }
- if(!$stmt->execute()){
- echo "Execute failed: (" . $stmt->errno .")" . $stmt->error;
- }
- if($stmt->num_rows > 0) {
- $_SESSION['message'] = 'User with this email already exists!';
- header("location: error.php");
- exit();
- }elseif ($stmt->num_rows > 0){
- $_SESSION['message'] = 'User with this username already exists!';
- header("location: error.php");
- exit();
- }
- else { // Email doesn't already exist in a database, proceed...
- //define the receiver of the email
- $to = 'kielly@hgjhg.ca';
- //define the subject of the email
- $subject = 'NEWUSER';
- //define the message to be sent. Each line should be separated with \n
- $message = "Someone has registered";
- //define the headers we want passed. Note that they are separated with \r\n
- $headers = "From: general@ghjghj.ca\r\nReply-To: webmaster@example.com";
- //send the email
- $mail_sent = @mail( $to, $subject, $message, $headers );
- //if the message is sent successfully print "Mail sent". Otherwise print "Mail failed"
- echo $mail_sent ? "Mail sent" : "Mail failed";
- // active is 0 by DEFAULT (no need to include it here)
- if(!($stmt = $mysqli->prepare("INSERT INTO users (first_name, last_name, email, password, hash, igname, profileurl, readrules, admin, username) VALUES (?,?,?,?,?,?,?,?,?,?)}"))){
- echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
- }
- if(!$stmt->bind_param('ssssisssss', $first_name, $last_name, $email, $password, $hash, $igname, $profileurl, $rules, 0, $username2)){
- echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
- }
- if(!$stmt->execute()){
- echo "Execute failed: (" . $stmt->errno .")" . $stmt->error;
- }
- if($stmt) {
- $_SESSION['active'] = 0; //0 until user activates their account with verify.php
- $_SESSION['logged_in'] = true; // So we know the user has logged in
- $_SESSION['admin'] = 0;
- $_SESSION['message'] =
- "Thank you for applying. Please wait while admins check over your application. You should recieve an email shortly. (Check junk folders and allow up to 5 hours for a review)";
- header("location: usertest.php");
- exit();
- }
- else{
- echo "Registration failed";
- }
- }
- $mysqli->close();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement