-
Notifications
You must be signed in to change notification settings - Fork 0
/
signup.php
132 lines (113 loc) · 4.84 KB
/
signup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
<?php
// start session
session_start();
// connect to database
include("db_connection.php");
//define error messages
$missingUsername = "<p><strong>Por favor insira um nome de usuário.</strong></p>";
$missingEmail = "<p><strong>Por favor insira um email.</strong></p>";
$invalidEmail = "<p><strong>Email inserido inválido.</strong></p>";
$missingPassword = "<p><strong>Por favor insira uma senha.</strong></p>";
$invalidPassword = "<p><strong>Sua senha deve conter pelo menos 6 caracteres e incluir 1 letra maiúscula e 1 número.</strong></p>";
$differentPassword = "<p><strong>As senhas não correspondem.</strong></p>";
$missingPassword2 = "<p><strong>Por favor confirme sua senha.</strong></p>";
//get username
if(empty($_POST["userName"])){
$errors .= $missingUsername;
} else {
$username = filter_var($_POST["userName"], FILTER_SANITIZE_STRING);
}
//get email
if(empty($_POST["email"])){
$errors .= $missingEmail;
} else {
$email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL);
if(!filter_var($email,FILTER_VALIDATE_EMAIL)){
$errors .= $invalidEmail;
}
}
//get password
if(empty($_POST["password"])){
$errors .= $missingPassword;
} elseif (!(strlen($_POST["password"]) > 6 and preg_match('/[A-Z]/',$_POST["password"]) and
preg_match('/[a-z]/',$_POST["password"]) and preg_match('/[0-9]/',$_POST["password"]))){
$errors .= $invalidPassword;
} else {
$password = filter_var($_POST["password"],FILTER_SANITIZE_STRING);
if(empty($_POST["password2"])){
$errors .= $missingPassword2;
} else {
$password2 = filter_var($_POST["password2"],FILTER_SANITIZE_STRING);
if($password !== $password2) {
$errors .= $differentPassword;
}
}
}
// If there are any errors print Error
if($errors){
$resultMessage = "<div class='alert alert-danger'>" . $errors . "</div>";
echo $resultMessage;
}
// ---- No errors -----
// Prepare variables for queries
$username = mysqli_real_escape_string($link, $username);
$email = mysqli_real_escape_string($link, $email);
$password = mysqli_real_escape_string($link, $password);
//hash hpassword
//$password = md5($password);
$password = hash('sha256', $password);
;//
//If username exists in the users table, print error
//Obs: to use php variable in the statement, need double quotes
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = mysqli_query($link, $sql);
if(!$result){
echo "<div class='alert alert-danger'>Erro ao rodar a query!</div>";
exit;
}
$results = mysqli_num_rows($result);
if($results){
echo "<div class='alert alert-danger'>Esse nome de usuário já está registrado!</div>";
exit;
}
// If email exists in the users table, print error
//If username exists in the users table, print error
//Obs: to use php variable in the statement, need double quotes
$sql = "SELECT * FROM users WHERE email = '$email'";
$result = mysqli_query($link, $sql);
if(!$result){
echo "<div class='alert alert-danger'>Erro ao rodar a query!</div>";
//echo "<div class='alert alert-danger'>" . mysqli_error($link) ."</div>";
exit;
}
$results = mysqli_num_rows($result);
if($results){
echo "<div class='alert alert-danger'>Esse email já está registrado!</div>";
exit;
}
//Create a unique activation code
// 16bytes -> 1byte = 8bits
// 16 bytes = 16*8 = 128 bits
// 16 * 16 * .. -> 32 char
$activationKey = bin2hex(openssl_random_pseudo_bytes(16));
//Insert user details and activation code in the users table
$sql = "INSERT INTO users (`username`, `email`, `password`, `activation`)
VALUES ('$username', '$email', '$password', '$activationKey')";
$result = mysqli_query($link, $sql);
if(!$result){
echo "<div class='alert alert-danger'>Erro ao inserir dados do usuário no banco.</div>";
exit;
}
//Send user email with a link to activate.php with their email
//and activation code
$message = "Por favor clique nesse link para ativar sua conta:\n\n";
$message .= "http://arthurdlima.com/App_Notas_Online/activate.php?email=".urlencode($email)."&key=$activationKey";
//mail will return true or false
if(mail($email, "Confirme sua conta", $message, "From:"."[email protected]")){
echo "<div class='alert alert-success'>Obrigado por se registrar! Um email de
confirmação foi enviado para $email. Por favor clique no link de ativação
para ativar sua conta.</div>";
} else {
echo "<div class='alert alert-danger'>Ocorreu algum erro ao enviar email</div>";
}
?>