Mercurial > hg > ywww

view user/newLogin.php @ 30:b1bbf44c701b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
standarise semaphore use
author Robert Boland <robert@markup.co.uk>
date Fri, 04 Jan 2019 08:50:23 -0500
parents 077b0a0a3e6d
children 385ddd7c4b55 a67bf725e87b
line wrap: on
line source

<?php
require "PasswordHash.php";

include "../../private/db.php"; 

// emailname and password sent from form
$email=$_GET['email'];
$mypassword=$_GET['pwd'];
$fname=isset($_GET['fName'])?$_GET['fName']:"";
$sname=isset($_GET['sName'])?$_GET['sName']:"";
$dname=$_GET['dName'];
$age=$_GET['age'];
$loc=$_GET['loc'];

// To protect MySQL injection 
$email = stripslashes($email);
$mypassword = stripslashes($mypassword);
$email = mysqli_real_escape_string($link,$email);
$mypassword = mysqli_real_escape_string($link,$mypassword);
$fname = stripslashes($fname);
$fname = mysqli_real_escape_string($link,$fname);
$sname = stripslashes($sname);
$sname = mysqli_real_escape_string($link,$sname);
$dname = stripslashes($dname);
$dname = mysqli_real_escape_string($link,$dname);
$age = stripslashes($age);
$age = mysqli_real_escape_string($link,$age);
$loc = stripslashes($loc);
$loc = mysqli_real_escape_string($link,$loc);

$t_hasher = new PasswordHash(8, FALSE);

$hashpwd = $t_hasher->HashPassword($mypassword);
//check if loginname exists already, throw error
//if not, insert with hash pwd

$query1 = 'select * from user where Email = \'' .$email .'\'';
//echo $query1;
$data1 = mysqli_query($link, $query1);

if ( mysqli_num_rows( $data1 ) < 1 )
{
	$confirm_code=md5(uniqid(rand()));
	$add="INSERT INTO temp_user VALUES('$confirm_code', '$email', '$hashpwd', '$fname', '$sname', '$dname', $age, $loc)";
	echo $add;
	//$add = 'insert into temp_user values (\''$confirm_code'\',\'' . $email . '\',\'' . $hashpwd . '\');';
	$run = mysqli_query($link, $add);
	
	// if successfully inserted data into database, send confirmation link to email
	if($run){
		// ---------------- SEND MAIL FORM ----------------

		// send e-mail to ...
		$to=$email;

		// Your subject
		$subject="YourNextRead confirmation link";

		// From
		$header="from: YourNextRead <noreply@YourNextRead.com>";

		// Your message
		$message="YourNextRead Confirmation link \r\n";
		$message.="Click on this link to activate your account \r\n";
		$message.="http://www.YourNextRead.com/user/confirmation.php?passkey=$confirm_code";

		// send email
		$sentmail = mail($to,$subject,$message,$header);
		}
	// if not found
	else {
	echo "Error Adding Account";
	}

	// if your email succesfully sent
	if($sentmail){
		echo "A confirmation link has been sent to your email address.";
	}
	else {
		echo "Error Sending Confirmation Email";
	}
	/*$add = 'insert into user values (null,\'' . $email . '\',\'' . $hashpwd . '\');';
	//echo $add;
	$run = mysqli_query($link, $add); //add the book if it doesn't exist
	session_start();
	$_SESSION['email']=$email;
	echo session_id();
	//start session and send the id back to GWT*/
}
else
echo 'Email already exists';

mysqli_close($link);
?>