<?php/* Registration process, inserts user info into the database and sen

1. <?php
2. /* Registration process, inserts user info into the database
3. and sends account confirmation email message
4. */
5.  
6. session_start();
7.  
8. // Set session variables to be used on profile.php page
9. $_SESSION['email'] = $_POST['email'];
10. $_SESSION['first_name'] = $_POST['firstname'];
11. $_SESSION['last_name'] = $_POST['lastname'];
12.  
13. // Escape all $_POST variables to protect against SQL injections
14. $first_name = $mysqli->escape_string($_POST['firstname']);
15. $last_name = $mysqli->escape_string($_POST['lastname']);
16. $email = $mysqli->escape_string($_POST['email']);
17. $password = $mysqli->escape_string(password_hash($_POST['password'], PASSWORD_BCRYPT));
18. $hash = $mysqli->escape_string( md5( rand(0,1000) ) );
19. $igname = $mysqli->escape_string($_POST['igname']);
20. $profileurl = $mysqli->escape_string($_POST['profileurl']);
21. $rules = $mysqli->escape_string($_POST['rules']);
22. $username2 = $mysqli->escape_string($_POST['username']);
23.  
24.  
25. // Check if user with that email already exists
26. if(!($stmt = $mysqli->prepare("SELECT * FROM users WHERE email='?' OR username='?'"))){
27. echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
28. }
29.  
30. if(!$stmt->bind_param('ss', $email, $username2)){
31. echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
32. }
33.  
34. if(!$stmt->execute()){
35. echo "Execute failed: (" . $stmt->errno .")" . $stmt->error;
36. }
37.  
38. if($stmt->num_rows > 0) {
39. $_SESSION['message'] = 'User with this email already exists!';
40. header("location: error.php");
41. exit();
42. }elseif ($stmt->num_rows > 0){
43. $_SESSION['message'] = 'User with this username already exists!';
44. header("location: error.php");
45. exit();
46. }
47. else { // Email doesn't already exist in a database, proceed...
48.  
49. //define the receiver of the email
50. $to = 'kielly@hgjhg.ca';
51. //define the subject of the email
52. $subject = 'NEWUSER';
53. //define the message to be sent. Each line should be separated with \n
54. $message = "Someone has registered";
55. //define the headers we want passed. Note that they are separated with \r\n
56. $headers = "From: general@ghjghj.ca\r\nReply-To: webmaster@example.com";
57. //send the email
58. $mail_sent = @mail( $to, $subject, $message, $headers );
59. //if the message is sent successfully print "Mail sent". Otherwise print "Mail failed"
60. echo $mail_sent ? "Mail sent" : "Mail failed";
61. // active is 0 by DEFAULT (no need to include it here)
62.  
63. if(!($stmt = $mysqli->prepare("INSERT INTO users (first_name, last_name, email, password, hash, igname, profileurl, readrules, admin, username) VALUES (?,?,?,?,?,?,?,?,?,?)}"))){
64. echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
65. }
66.  
67. if(!$stmt->bind_param('ssssisssss', $first_name, $last_name, $email, $password, $hash, $igname, $profileurl, $rules, 0, $username2)){
68. echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
69. }
70.  
71. if(!$stmt->execute()){
72. echo "Execute failed: (" . $stmt->errno .")" . $stmt->error;
73. }
74.  
75.  
76. if($stmt) {
77. $_SESSION['active'] = 0; //0 until user activates their account with verify.php
78. $_SESSION['logged_in'] = true; // So we know the user has logged in
79. $_SESSION['admin'] = 0;
80. $_SESSION['message'] =
81.  
82. "Thank you for applying. Please wait while admins check over your application. You should recieve an email shortly. (Check junk folders and allow up to 5 hours for a review)";
83. header("location: usertest.php");
84. exit();
85.  
86. }
87. else{
88. echo "Registration failed";
89. }
90. }
91.  
92. $mysqli->close();