Mercurial > hg > ywww

view user/uk/newLogin.php @ 60:05f29eb72283 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
review from DB not working???
author Charlie Root
date Sun, 09 Jun 2019 06:50:44 -0400
parents a67bf725e87b
children
line wrap: on
line source

<?php
require "PasswordHash.php";

include "db.php";  

// emailname and password sent from form
$email=$_GET['email'];
$mypassword=$_GET['pwd'];
$fname=$_GET['fName'];
$sname=$_GET['sName'];

// To protect MySQL injection 
$email = stripslashes($email);
$mypassword = stripslashes($mypassword);
$email = mysqli_real_escape_string($link,$email);
$mypassword = mysqli_real_escape_string($link,$mypassword);
$fname = stripslashes($fname);
$fname = mysqli_real_escape_string($link,$fname);
$sname = stripslashes($sname);
$sname = mysqli_real_escape_string($link,$sname);

$t_hasher = new PasswordHash(8, FALSE);

$hashpwd = $t_hasher->HashPassword($mypassword);
//check if loginname exists already, throw error
//if not, insert with hash pwd

$query1 = 'select * from user where Email = \'' .$email .'\'';
//echo $query1;
$data1 = mysqli_query($link, $query1);

if ( mysqli_num_rows( $data1 ) < 1 )
{
	$confirm_code=md5(uniqid(rand()));
	$add="INSERT INTO temp_user VALUES('$confirm_code', '$email', '$hashpwd', '$fname', '$sname')";
	echo $add;
	//$add = 'insert into temp_user values (\''$confirm_code'\',\'' . $email . '\',\'' . $hashpwd . '\');';
	$run = mysqli_query($link, $add);
	
	// if successfully inserted data into database, send confirmation link to email
	if($run){
		// ---------------- SEND MAIL FORM ----------------

		// send e-mail to ...
		$to=$email;

		// Your subject
		$subject="BookWhack confirmation link";

		// From
		$header="from: BookWhack <noreply@bookwhack.com>";

		// Your message
		$message="BookWhack Confirmation link \r\n";
		$message.="Click on this link to activate your account \r\n";
		$message.="http://www.bookwhack.co.uk/user/confirmation.php?passkey=$confirm_code";

		// send email
		$sentmail = mail($to,$subject,$message,$header);
		}
	// if not found
	else {
	echo "Error Adding Account";
	}

	// if your email succesfully sent
	if($sentmail){
		echo "A confirmation link has been sent to your email address.";
	}
	else {
		echo "Error Sending Confirmation Email";
	}
	/*$add = 'insert into user values (null,\'' . $email . '\',\'' . $hashpwd . '\');';
	//echo $add;
	$run = mysqli_query($link, $add); //add the book if it doesn't exist
	session_start();
	$_SESSION['email']=$email;
	echo session_id();
	//start session and send the id back to GWT*/
}
else
echo 'Email already exists';
?>