Mercurial > hg > ywww
diff user/newLogin.php @ 6:077b0a0a3e6d
remaining originals according to dependency walk
| author | Robert Boland <robert@markup.co.uk> |
|---|---|
| date | Thu, 16 Feb 2017 22:29:02 +0000 |
| parents | |
| children | 385ddd7c4b55 a67bf725e87b |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/user/newLogin.php Thu Feb 16 22:29:02 2017 +0000 @@ -0,0 +1,94 @@ +<?php +require "PasswordHash.php"; + +include "../../private/db.php"; + +// emailname and password sent from form +$email=$_GET['email']; +$mypassword=$_GET['pwd']; +$fname=isset($_GET['fName'])?$_GET['fName']:""; +$sname=isset($_GET['sName'])?$_GET['sName']:""; +$dname=$_GET['dName']; +$age=$_GET['age']; +$loc=$_GET['loc']; + +// To protect MySQL injection +$email = stripslashes($email); +$mypassword = stripslashes($mypassword); +$email = mysqli_real_escape_string($link,$email); +$mypassword = mysqli_real_escape_string($link,$mypassword); +$fname = stripslashes($fname); +$fname = mysqli_real_escape_string($link,$fname); +$sname = stripslashes($sname); +$sname = mysqli_real_escape_string($link,$sname); +$dname = stripslashes($dname); +$dname = mysqli_real_escape_string($link,$dname); +$age = stripslashes($age); +$age = mysqli_real_escape_string($link,$age); +$loc = stripslashes($loc); +$loc = mysqli_real_escape_string($link,$loc); + +$t_hasher = new PasswordHash(8, FALSE); + +$hashpwd = $t_hasher->HashPassword($mypassword); +//check if loginname exists already, throw error +//if not, insert with hash pwd + +$query1 = 'select * from user where Email = \'' .$email .'\''; +//echo $query1; +$data1 = mysqli_query($link, $query1); + +if ( mysqli_num_rows( $data1 ) < 1 ) +{ + $confirm_code=md5(uniqid(rand())); + $add="INSERT INTO temp_user VALUES('$confirm_code', '$email', '$hashpwd', '$fname', '$sname', '$dname', $age, $loc)"; + echo $add; + //$add = 'insert into temp_user values (\''$confirm_code'\',\'' . $email . '\',\'' . $hashpwd . '\');'; + $run = mysqli_query($link, $add); + + // if successfully inserted data into database, send confirmation link to email + if($run){ + // ---------------- SEND MAIL FORM ---------------- + + // send e-mail to ... + $to=$email; + + // Your subject + $subject="YourNextRead confirmation link"; + + // From + $header="from: YourNextRead <noreply@YourNextRead.com>"; + + // Your message + $message="YourNextRead Confirmation link \r\n"; + $message.="Click on this link to activate your account \r\n"; + $message.="http://www.YourNextRead.com/user/confirmation.php?passkey=$confirm_code"; + + // send email + $sentmail = mail($to,$subject,$message,$header); + } + // if not found + else { + echo "Error Adding Account"; + } + + // if your email succesfully sent + if($sentmail){ + echo "A confirmation link has been sent to your email address."; + } + else { + echo "Error Sending Confirmation Email"; + } + /*$add = 'insert into user values (null,\'' . $email . '\',\'' . $hashpwd . '\');'; + //echo $add; + $run = mysqli_query($link, $add); //add the book if it doesn't exist + session_start(); + $_SESSION['email']=$email; + echo session_id(); + //start session and send the id back to GWT*/ +} +else +echo 'Email already exists'; + +mysqli_close($link); +?> \ No newline at end of file