CSTIMS Register
For those who don't want their data sold
addAddress($rcpt); $mailer->Subject = 'ARFNET Email Verification'; $mailer->Body = "Welcome to ARFNET\n\nUse the following link to verify your email address\n\n" ."https://".DOMAIN."/verify.php?code=".$code ."\n\n--\nARFNET Client, Service, Ticket and Invoice Management System\nhttps://arf20.com"; if (!$mailer->send()) { echo 'Mailer Error [ask arf20]: ' . $mailer->ErrorInfo; } } // Include config file require_once "config.php"; // Define variables and initialize with empty values $username = $password = $confirm_password = $email = ""; $username_err = $password_err = $confirm_password_err = $email_err = ""; $verification_mail_sent = false; // Processing form data when form is submitted if ($_SERVER["REQUEST_METHOD"] == "POST") { // Validate username if (empty($_POST["username"])) $username_err = "Enter a username."; else if (preg_match("/[a-zA-Z0-9_]+/", $_POST["username"]) != 1) $username_err = "Invalid username."; else { // Prepare a select statement $sql = "SELECT id FROM users WHERE username = ?"; if ($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_username); // Set parameters $param_username = $_POST["username"]; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ // store result mysqli_stmt_store_result($stmt); if(mysqli_stmt_num_rows($stmt) == 1){ $username_err = "This username is already taken."; } else{ $username = $_POST["username"]; } } else{ echo "SQL failed. Idk, ask arf20."; } // Close statement mysqli_stmt_close($stmt); } } // Validate email if (empty($_POST["email"])) $email_err = "Enter a email address."; else if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL) === false) $email_err = "Invalid email address."; else $email = $_POST["email"]; // Validate password if (empty($_POST["password"])) $password_err = "Enter a password."; else if (strlen($_POST["password"]) < 8) $password_err = "Password must have at least 8 characters."; else if (preg_match("/[a-zA-Z0-9!@^*$%&)(=+çñÇ][}{\-.,_:;]+/", $_POST["password"]) != false) $password_err = "Password must be in the format [a-zA-Z0-9!@^*$%&)(=+çñÇ][}{-.,_:;]."; else $password = $_POST["password"]; // Validate confirm password if (empty($password_err) && ($password != $_POST["confirm_password"])) { $confirm_password_err = "Password did not match."; } // Check input errors before inserting in database if (empty($username_err) && empty($password_err) && empty($confirm_password_err)) { // Prepare an insert statement $sql = "INSERT INTO users (username, password, email, verifycode) VALUES (?, ?, ?, ?)"; if ($stmt = mysqli_prepare($link, $sql)) { // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "ssss", $param_username, $param_password, $param_email, $param_verifycode); // Set parameters $param_username = $username; $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash $param_email = $email; $param_verifycode = base64_encode(random_bytes(12)); // code of size 16 // Attempt to execute the prepared statement if (mysqli_stmt_execute($stmt)) { // Send verification email send_verification_email($email, $param_verifycode); $verification_mail_sent = true; // Redirect to login page header("location: login.php"); } else { echo "SQL failed. Idk ask arf20."; } // Close statement mysqli_stmt_close($stmt); } } // Close connection mysqli_close($link); } ?>
For those who don't want their data sold