<?php
/**
* Copyright (C) 2021 Double Bastion LLC
*
* This file is part of Roundpin, which is licensed under the
* GNU Affero General Public License Version 3.0. The license terms
* are detailed in the "LICENSE.txt" file located in the root directory.
*/
session_start();
if (isset($_POST['vd_ajax_call']) && ($_POST['vd_ajax_call'] == $_SESSION['validate_access'])) {
define('ACCESSCONST', TRUE);
require('db-connect.php');
if (isset($_POST['emailaddress']) && isset($_POST['login']) && isset($_POST['password']) && isset($_POST['selectrole']) && isset($_POST['currentmessage'])) {
$currentuseremail = $_POST['emailaddress'];
$currentusername = $_POST['login'];
$currentuserpswd = password_hash($_POST['password'], PASSWORD_DEFAULT);
$currentuserrole = $_POST['selectrole'];
$currentmessage = $_POST['currentmessage'];
if ($currentmessage == '' && $currentuseremail != '' && $currentusername != '' && $currentuserpswd != '' && $currentuserrole != '') {
// Check if there is any other user with the same username or email
$query0 = $mysqli->query("SELECT username, emailaddress FROM app_users");
$duplicatename = 0;
$duplicateemail = 0;
while ($row = $query0->fetch_row()) {
if ($currentusername == $row[0]) {
$duplicatename = 1;
}
if ($currentuseremail == $row[1]) {
$duplicateemail = 1;
}
}
if ($duplicatename == 1 && $duplicateemail == 0) {
$result = 'failure';
$messageoninsert = "Your username is already in use. Please choose a different username !";
} elseif ($duplicatename == 0 && $duplicateemail == 1) {
$result = 'failure';
$messageoninsert = "Your email address is already in use. Please choose a different email address !";
} elseif ($duplicatename == 1 && $duplicateemail == 1) {
$result = 'failure';
$messageoninsert = "Your username and email address are already in use. Please choose a different username and email address !";
} else {
/**
* Send the verification email
*/
// Generate a random string to be used as the termination of the verification link
function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {
$pieces = [];
$max = mb_strlen($keyspace, '8bit') - 1;
for ($i = 0; $i < $length; ++$i) {
$pieces []= $keyspace[random_int(0, $max)];
}
return implode('', $pieces);
}
$token = random_str(50);
$verificationLink = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . "/email-address-verification.php?key=" . $token;
$domaininit = explode(".", $_SERVER['HTTP_HOST']);
array_shift($domaininit);
$domain = implode(".", $domaininit);
// Mention the content-type, because it's an HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";
$headers .= "From: " . "no-reply@" . $domain . "\r\n";
$subject = "Roundpin email address verification";
$message = "Hello, <br><br>
Thank you for signing up to Roundpin. To complete the registration process, please click on the link from below: <br><br>
<a href='".$verificationLink."'>".$verificationLink."</a> <br><br>
Alternatively, you can copy the link and paste it in the address bar of your browser.<br><br>
Thank you,<br>
Roundpin<br>
Host: '" . $_SERVER['HTTP_HOST'] . "'";
// Send the email
mail($currentuseremail, $subject, $message, $headers);
try {
// Insert the data entered in the sign up form in the 'app_users' table
$registered = '0';
$temporary = '';
$enabled = 1;
$query1 = $mysqli->prepare("INSERT INTO app_users (userrole, username, password, emailaddress, registered, token, temporarypass, enabled) VALUES (?, ?, ?, ?, ?,
?, ?, ?)");
$query1->bind_param("sssssssi", $currentuserrole, $currentusername, $currentuserpswd, $currentuseremail, $registered, $token, $temporary, $enabled);
$query1->execute();
$result = 'success';
$messageoninsert = "A message has been sent to your email address ! Please follow the instructions in the received email to complete the registration process !";
} catch(mysqli_sql_exception $e) {
$result = 'failure';
$messageoninsert = "An error occurred while saving your data.";
}
}
$response = array('result' => $result, 'messageoninsert' => $messageoninsert);
echo json_encode($response);
}
}
} else {
header("Location: roundpin-login.php");
}
?>