1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,127 @@ |
1 |
+<?php |
|
2 |
+/** |
|
3 |
+ * Copyright (C) 2021 Double Bastion LLC |
|
4 |
+ * |
|
5 |
+ * This file is part of Roundpin, which is licensed under the |
|
6 |
+ * GNU Affero General Public License Version 3.0. The license terms |
|
7 |
+ * are detailed in the "LICENSE.txt" file located in the root directory. |
|
8 |
+ */ |
|
9 |
+ |
|
10 |
+session_start(); |
|
11 |
+ |
|
12 |
+if (isset($_POST['vd_ajax_call']) && ($_POST['vd_ajax_call'] == $_SESSION['validate_access'])) { |
|
13 |
+ |
|
14 |
+define('ACCESSCONST', TRUE); |
|
15 |
+ |
|
16 |
+require('db-connect.php'); |
|
17 |
+ |
|
18 |
+ if (isset($_POST['emailaddress']) && isset($_POST['login']) && isset($_POST['password']) && isset($_POST['selectrole']) && isset($_POST['currentmessage'])) { |
|
19 |
+ |
|
20 |
+ $currentuseremail = $_POST['emailaddress']; |
|
21 |
+ $currentusername = $_POST['login']; |
|
22 |
+ $currentuserpswd = password_hash($_POST['password'], PASSWORD_DEFAULT); |
|
23 |
+ $currentuserrole = $_POST['selectrole']; |
|
24 |
+ |
|
25 |
+ $currentmessage = $_POST['currentmessage']; |
|
26 |
+ |
|
27 |
+ if ($currentmessage == '' && $currentuseremail != '' && $currentusername != '' && $currentuserpswd != '' && $currentuserrole != '') { |
|
28 |
+ |
|
29 |
+ // Check if there is any other user with the same username or email |
|
30 |
+ $query0 = $mysqli->query("SELECT username, emailaddress FROM app_users"); |
|
31 |
+ |
|
32 |
+ $duplicatename = 0; |
|
33 |
+ $duplicateemail = 0; |
|
34 |
+ |
|
35 |
+ while ($row = $query0->fetch_row()) { |
|
36 |
+ |
|
37 |
+ if ($currentusername == $row[0]) { |
|
38 |
+ $duplicatename = 1; |
|
39 |
+ } |
|
40 |
+ |
|
41 |
+ if ($currentuseremail == $row[1]) { |
|
42 |
+ $duplicateemail = 1; |
|
43 |
+ } |
|
44 |
+ } |
|
45 |
+ |
|
46 |
+ if ($duplicatename == 1 && $duplicateemail == 0) { |
|
47 |
+ $result = 'failure'; |
|
48 |
+ $messageoninsert = "Your username is already in use. Please choose a different username !"; |
|
49 |
+ } elseif ($duplicatename == 0 && $duplicateemail == 1) { |
|
50 |
+ $result = 'failure'; |
|
51 |
+ $messageoninsert = "Your email address is already in use. Please choose a different email address !"; |
|
52 |
+ } elseif ($duplicatename == 1 && $duplicateemail == 1) { |
|
53 |
+ $result = 'failure'; |
|
54 |
+ $messageoninsert = "Your username and email address are already in use. Please choose a different username and email address !"; |
|
55 |
+ } else { |
|
56 |
+ |
|
57 |
+ /** |
|
58 |
+ * Send the verification email |
|
59 |
+ */ |
|
60 |
+ |
|
61 |
+ // Generate a random string to be used as the termination of the verification link |
|
62 |
+ function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') { |
|
63 |
+ $pieces = []; |
|
64 |
+ $max = mb_strlen($keyspace, '8bit') - 1; |
|
65 |
+ |
|
66 |
+ for ($i = 0; $i < $length; ++$i) { |
|
67 |
+ $pieces []= $keyspace[random_int(0, $max)]; |
|
68 |
+ } |
|
69 |
+ return implode('', $pieces); |
|
70 |
+ } |
|
71 |
+ |
|
72 |
+ $token = random_str(50); |
|
73 |
+ $verificationLink = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . "/email-address-verification.php?key=" . $token; |
|
74 |
+ $domaininit = explode(".", $_SERVER['HTTP_HOST']); |
|
75 |
+ array_shift($domaininit); |
|
76 |
+ $domain = implode(".", $domaininit); |
|
77 |
+ |
|
78 |
+ // Mention the content-type, because it's an HTML email |
|
79 |
+ $headers = "MIME-Version: 1.0" . "\r\n"; |
|
80 |
+ $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n"; |
|
81 |
+ |
|
82 |
+ $headers .= "From: " . "no-reply@" . $domain . "\r\n"; |
|
83 |
+ |
|
84 |
+ $subject = "Roundpin email address verification"; |
|
85 |
+ |
|
86 |
+ $message = "Hello, <br><br> |
|
87 |
+ Thank you for signing up to Roundpin. To complete the registration process, please click on the link from below: <br><br> |
|
88 |
+ <a href='".$verificationLink."'>".$verificationLink."</a> <br><br> |
|
89 |
+ Alternatively, you can copy the link and paste it in the address bar of your browser.<br><br> |
|
90 |
+ Thank you,<br> |
|
91 |
+ Roundpin<br> |
|
92 |
+ Host: '" . $_SERVER['HTTP_HOST'] . "'"; |
|
93 |
+ |
|
94 |
+ // Send the email |
|
95 |
+ mail($currentuseremail, $subject, $message, $headers); |
|
96 |
+ |
|
97 |
+ try { |
|
98 |
+ |
|
99 |
+ // Insert the data entered in the sign up form in the 'app_users' table |
|
100 |
+ $registered = '0'; |
|
101 |
+ $temporary = ''; |
|
102 |
+ $enabled = 1; |
|
103 |
+ $query1 = $mysqli->prepare("INSERT INTO app_users (userrole, username, password, emailaddress, registered, token, temporarypass, enabled) VALUES (?, ?, ?, ?, ?, |
|
104 |
+ ?, ?, ?)"); |
|
105 |
+ $query1->bind_param("sssssssi", $currentuserrole, $currentusername, $currentuserpswd, $currentuseremail, $registered, $token, $temporary, $enabled); |
|
106 |
+ $query1->execute(); |
|
107 |
+ |
|
108 |
+ $result = 'success'; |
|
109 |
+ $messageoninsert = "A message has been sent to your email address ! Please follow the instructions in the received email to complete the registration process !"; |
|
110 |
+ |
|
111 |
+ } catch(mysqli_sql_exception $e) { |
|
112 |
+ $result = 'failure'; |
|
113 |
+ $messageoninsert = "An error occurred while saving your data."; |
|
114 |
+ } |
|
115 |
+ } |
|
116 |
+ |
|
117 |
+ $response = array('result' => $result, 'messageoninsert' => $messageoninsert); |
|
118 |
+ echo json_encode($response); |
|
119 |
+ } |
|
120 |
+ } |
|
121 |
+ |
|
122 |
+} else { |
|
123 |
+ |
|
124 |
+ header("Location: roundpin-login.php"); |
|
125 |
+} |
|
126 |
+ |
|
127 |
+?> |