Mercurial > hg > ywww
diff user/uk/newLogin.php @ 6:077b0a0a3e6d
remaining originals according to dependency walk
| author | Robert Boland <robert@markup.co.uk> |
|---|---|
| date | Thu, 16 Feb 2017 22:29:02 +0000 |
| parents | |
| children | 385ddd7c4b55 a67bf725e87b |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/user/uk/newLogin.php Thu Feb 16 22:29:02 2017 +0000 @@ -0,0 +1,83 @@ +<?php +require "PasswordHash.php"; + +include "../../private/db.php"; + +// emailname and password sent from form +$email=$_GET['email']; +$mypassword=$_GET['pwd']; +$fname=$_GET['fName']; +$sname=$_GET['sName']; + +// To protect MySQL injection +$email = stripslashes($email); +$mypassword = stripslashes($mypassword); +$email = mysqli_real_escape_string($link,$email); +$mypassword = mysqli_real_escape_string($link,$mypassword); +$fname = stripslashes($fname); +$fname = mysqli_real_escape_string($link,$fname); +$sname = stripslashes($sname); +$sname = mysqli_real_escape_string($link,$sname); + +$t_hasher = new PasswordHash(8, FALSE); + +$hashpwd = $t_hasher->HashPassword($mypassword); +//check if loginname exists already, throw error +//if not, insert with hash pwd + +$query1 = 'select * from user where Email = \'' .$email .'\''; +//echo $query1; +$data1 = mysqli_query($link, $query1); + +if ( mysqli_num_rows( $data1 ) < 1 ) +{ + $confirm_code=md5(uniqid(rand())); + $add="INSERT INTO temp_user VALUES('$confirm_code', '$email', '$hashpwd', '$fname', '$sname')"; + echo $add; + //$add = 'insert into temp_user values (\''$confirm_code'\',\'' . $email . '\',\'' . $hashpwd . '\');'; + $run = mysqli_query($link, $add); + + // if successfully inserted data into database, send confirmation link to email + if($run){ + // ---------------- SEND MAIL FORM ---------------- + + // send e-mail to ... + $to=$email; + + // Your subject + $subject="BookWhack confirmation link"; + + // From + $header="from: BookWhack <noreply@bookwhack.com>"; + + // Your message + $message="BookWhack Confirmation link \r\n"; + $message.="Click on this link to activate your account \r\n"; + $message.="http://www.bookwhack.co.uk/user/confirmation.php?passkey=$confirm_code"; + + // send email + $sentmail = mail($to,$subject,$message,$header); + } + // if not found + else { + echo "Error Adding Account"; + } + + // if your email succesfully sent + if($sentmail){ + echo "A confirmation link has been sent to your email address."; + } + else { + echo "Error Sending Confirmation Email"; + } + /*$add = 'insert into user values (null,\'' . $email . '\',\'' . $hashpwd . '\');'; + //echo $add; + $run = mysqli_query($link, $add); //add the book if it doesn't exist + session_start(); + $_SESSION['email']=$email; + echo session_id(); + //start session and send the id back to GWT*/ +} +else +echo 'Email already exists'; +?> \ No newline at end of file