Mercurial > hg > ywww

comparison user/uk/newLogin.php @ 6:077b0a0a3e6d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
remaining originals according to dependency walk
author Robert Boland <robert@markup.co.uk>
date Thu, 16 Feb 2017 22:29:02 +0000
parents
children 385ddd7c4b55 a67bf725e87b
comparison
equal deleted inserted replaced
5:55445b456ad0 6:077b0a0a3e6d
1 <?php
2 require "PasswordHash.php";
3
4 include "../../private/db.php";
5
6 // emailname and password sent from form
7 $email=$_GET['email'];
8 $mypassword=$_GET['pwd'];
9 $fname=$_GET['fName'];
10 $sname=$_GET['sName'];
11
12 // To protect MySQL injection
13 $email = stripslashes($email);
14 $mypassword = stripslashes($mypassword);
15 $email = mysqli_real_escape_string($link,$email);
16 $mypassword = mysqli_real_escape_string($link,$mypassword);
17 $fname = stripslashes($fname);
18 $fname = mysqli_real_escape_string($link,$fname);
19 $sname = stripslashes($sname);
20 $sname = mysqli_real_escape_string($link,$sname);
21
22 $t_hasher = new PasswordHash(8, FALSE);
23
24 $hashpwd = $t_hasher->HashPassword($mypassword);
25 //check if loginname exists already, throw error
26 //if not, insert with hash pwd
27
28 $query1 = 'select * from user where Email = \'' .$email .'\'';
29 //echo $query1;
30 $data1 = mysqli_query($link, $query1);
31
32 if ( mysqli_num_rows( $data1 ) < 1 )
33 {
34 $confirm_code=md5(uniqid(rand()));
35 $add="INSERT INTO temp_user VALUES('$confirm_code', '$email', '$hashpwd', '$fname', '$sname')";
36 echo $add;
37 //$add = 'insert into temp_user values (\''$confirm_code'\',\'' . $email . '\',\'' . $hashpwd . '\');';
38 $run = mysqli_query($link, $add);
39
40 // if successfully inserted data into database, send confirmation link to email
41 if($run){
42 // ---------------- SEND MAIL FORM ----------------
43
44 // send e-mail to ...
45 $to=$email;
46
47 // Your subject
48 $subject="BookWhack confirmation link";
49
50 // From
51 $header="from: BookWhack <noreply@bookwhack.com>";
52
53 // Your message
54 $message="BookWhack Confirmation link \r\n";
55 $message.="Click on this link to activate your account \r\n";
56 $message.="http://www.bookwhack.co.uk/user/confirmation.php?passkey=$confirm_code";
57
58 // send email
59 $sentmail = mail($to,$subject,$message,$header);
60 }
61 // if not found
62 else {
63 echo "Error Adding Account";
64 }
65
66 // if your email succesfully sent
67 if($sentmail){
68 echo "A confirmation link has been sent to your email address.";
69 }
70 else {
71 echo "Error Sending Confirmation Email";
72 }
73 /*$add = 'insert into user values (null,\'' . $email . '\',\'' . $hashpwd . '\');';
74 //echo $add;
75 $run = mysqli_query($link, $add); //add the book if it doesn't exist
76 session_start();
77 $_SESSION['email']=$email;
78 echo session_id();
79 //start session and send the id back to GWT*/
80 }
81 else
82 echo 'Email already exists';
83 ?>