Mercurial > hg > ywww

view user/uk/newLogin.php @ 43:dbc006408d2b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ASSUMES we have SetEnv PHP_VALUE "include_path =.:/var/test/private:/var/test/ywww:/usr/share/php" in apache2/.../test.conf use dl(...) for debug logging, defined in dlog.php use doAmazonRequest in amazonBookSearch use ../private/web.php (q.v., not in mercurial) for Aserver and Aassociates Started by updating from 40:c24ae74bf6d5, i.e. just before the bug on the main line
author Charlie Root
date Sat, 05 Jan 2019 18:00:10 -0500
parents 077b0a0a3e6d
children 385ddd7c4b55 a67bf725e87b
line wrap: on
line source

<?php
require "PasswordHash.php";

include "../../private/db.php";  

// emailname and password sent from form
$email=$_GET['email'];
$mypassword=$_GET['pwd'];
$fname=$_GET['fName'];
$sname=$_GET['sName'];

// To protect MySQL injection 
$email = stripslashes($email);
$mypassword = stripslashes($mypassword);
$email = mysqli_real_escape_string($link,$email);
$mypassword = mysqli_real_escape_string($link,$mypassword);
$fname = stripslashes($fname);
$fname = mysqli_real_escape_string($link,$fname);
$sname = stripslashes($sname);
$sname = mysqli_real_escape_string($link,$sname);

$t_hasher = new PasswordHash(8, FALSE);

$hashpwd = $t_hasher->HashPassword($mypassword);
//check if loginname exists already, throw error
//if not, insert with hash pwd

$query1 = 'select * from user where Email = \'' .$email .'\'';
//echo $query1;
$data1 = mysqli_query($link, $query1);

if ( mysqli_num_rows( $data1 ) < 1 )
{
	$confirm_code=md5(uniqid(rand()));
	$add="INSERT INTO temp_user VALUES('$confirm_code', '$email', '$hashpwd', '$fname', '$sname')";
	echo $add;
	//$add = 'insert into temp_user values (\''$confirm_code'\',\'' . $email . '\',\'' . $hashpwd . '\');';
	$run = mysqli_query($link, $add);
	
	// if successfully inserted data into database, send confirmation link to email
	if($run){
		// ---------------- SEND MAIL FORM ----------------

		// send e-mail to ...
		$to=$email;

		// Your subject
		$subject="BookWhack confirmation link";

		// From
		$header="from: BookWhack <noreply@bookwhack.com>";

		// Your message
		$message="BookWhack Confirmation link \r\n";
		$message.="Click on this link to activate your account \r\n";
		$message.="http://www.bookwhack.co.uk/user/confirmation.php?passkey=$confirm_code";

		// send email
		$sentmail = mail($to,$subject,$message,$header);
		}
	// if not found
	else {
	echo "Error Adding Account";
	}

	// if your email succesfully sent
	if($sentmail){
		echo "A confirmation link has been sent to your email address.";
	}
	else {
		echo "Error Sending Confirmation Email";
	}
	/*$add = 'insert into user values (null,\'' . $email . '\',\'' . $hashpwd . '\');';
	//echo $add;
	$run = mysqli_query($link, $add); //add the book if it doesn't exist
	session_start();
	$_SESSION['email']=$email;
	echo session_id();
	//start session and send the id back to GWT*/
}
else
echo 'Email already exists';
?>