Mercurial > hg > ywww

comparison user/newLogin.php @ 6:077b0a0a3e6d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
remaining originals according to dependency walk
author Robert Boland <robert@markup.co.uk>
date Thu, 16 Feb 2017 22:29:02 +0000
parents
children 385ddd7c4b55 a67bf725e87b
comparison
equal deleted inserted replaced
5:55445b456ad0 6:077b0a0a3e6d
1 <?php
2 require "PasswordHash.php";
3
4 include "../../private/db.php";
5
6 // emailname and password sent from form
7 $email=$_GET['email'];
8 $mypassword=$_GET['pwd'];
9 $fname=isset($_GET['fName'])?$_GET['fName']:"";
10 $sname=isset($_GET['sName'])?$_GET['sName']:"";
11 $dname=$_GET['dName'];
12 $age=$_GET['age'];
13 $loc=$_GET['loc'];
14
15 // To protect MySQL injection
16 $email = stripslashes($email);
17 $mypassword = stripslashes($mypassword);
18 $email = mysqli_real_escape_string($link,$email);
19 $mypassword = mysqli_real_escape_string($link,$mypassword);
20 $fname = stripslashes($fname);
21 $fname = mysqli_real_escape_string($link,$fname);
22 $sname = stripslashes($sname);
23 $sname = mysqli_real_escape_string($link,$sname);
24 $dname = stripslashes($dname);
25 $dname = mysqli_real_escape_string($link,$dname);
26 $age = stripslashes($age);
27 $age = mysqli_real_escape_string($link,$age);
28 $loc = stripslashes($loc);
29 $loc = mysqli_real_escape_string($link,$loc);
30
31 $t_hasher = new PasswordHash(8, FALSE);
32
33 $hashpwd = $t_hasher->HashPassword($mypassword);
34 //check if loginname exists already, throw error
35 //if not, insert with hash pwd
36
37 $query1 = 'select * from user where Email = \'' .$email .'\'';
38 //echo $query1;
39 $data1 = mysqli_query($link, $query1);
40
41 if ( mysqli_num_rows( $data1 ) < 1 )
42 {
43 $confirm_code=md5(uniqid(rand()));
44 $add="INSERT INTO temp_user VALUES('$confirm_code', '$email', '$hashpwd', '$fname', '$sname', '$dname', $age, $loc)";
45 echo $add;
46 //$add = 'insert into temp_user values (\''$confirm_code'\',\'' . $email . '\',\'' . $hashpwd . '\');';
47 $run = mysqli_query($link, $add);
48
49 // if successfully inserted data into database, send confirmation link to email
50 if($run){
51 // ---------------- SEND MAIL FORM ----------------
52
53 // send e-mail to ...
54 $to=$email;
55
56 // Your subject
57 $subject="YourNextRead confirmation link";
58
59 // From
60 $header="from: YourNextRead <noreply@YourNextRead.com>";
61
62 // Your message
63 $message="YourNextRead Confirmation link \r\n";
64 $message.="Click on this link to activate your account \r\n";
65 $message.="http://www.YourNextRead.com/user/confirmation.php?passkey=$confirm_code";
66
67 // send email
68 $sentmail = mail($to,$subject,$message,$header);
69 }
70 // if not found
71 else {
72 echo "Error Adding Account";
73 }
74
75 // if your email succesfully sent
76 if($sentmail){
77 echo "A confirmation link has been sent to your email address.";
78 }
79 else {
80 echo "Error Sending Confirmation Email";
81 }
82 /*$add = 'insert into user values (null,\'' . $email . '\',\'' . $hashpwd . '\');';
83 //echo $add;
84 $run = mysqli_query($link, $add); //add the book if it doesn't exist
85 session_start();
86 $_SESSION['email']=$email;
87 echo session_id();
88 //start session and send the id back to GWT*/
89 }
90 else
91 echo 'Email already exists';
92
93 mysqli_close($link);
94 ?>