CastleCorp · January 21, 2014 19:25
diff --git a/register.php b/register.php
 <?php
 // show potential errors / feedback (from registration object)
 if (isset($registration)) {
    if ($registration->errors) {
        foreach ($registration->errors as $error) {
            echo $error;
        }
    }
    if ($registration->messages) {
        foreach ($registration->messages as $message) {
            echo $message;
        }
    }
 }
 ?>
 <title>Register</title>
 <!-- register form -->
 <form method="post" action="register.php" name="registerform">   
    
    <!-- the user name input field uses a HTML5 pattern check -->
    <label for="login_input_username">Desired Username</label>
    <input id="login_input_username" class="login_input" type="text" pattern="[a-zA-Z0-9]{2,64}" name="user_name" required />
    
    <br>
    <!-- the email input field uses a HTML5 email type check -->
    <label for="login_input_email">Your Email</label>    
    <input id="login_input_email" class="login_input" type="email" name="user_email" required />        
    
    <br>
    <label for="login_input_password_new">Password</label>
    <input id="login_input_password_new" class="login_input" type="password" name="user_password_new" pattern=".{6,}" required autocomplete="off" /> *Must be 6 or more characters.
    
    <br>
    <label for="login_input_password_repeat">Password Again</label>
    <input id="login_input_password_repeat" class="login_input" type="password" name="user_password_repeat" pattern=".{6,}" required autocomplete="off" />        
    <input type="submit"  name="register" value="Register" />
    
 </form>


 <!-- backlink -->
 <a href="index.php">Back to the login page.</a>

 <br>
 <a href="http://localhost:8080/#">Take Me Home!</a>
diff --git a/Registration.php b/Registration.php
 <?php

 include ('../../chat/lib/data/users.php');
 include('../../chat/lib/custom.php');

 /**
 * Class registration
 * handles the user registration
 */
 class Registration
 {
    /**
     * @var object $db_connection The database connection
     */
    private $db_connection = null;
    /**
     * @var array $errors Collection of error messages
     */
    public $errors = array();
    /**
     * @var array $messages Collection of success / neutral messages
     */
    public $messages = array();

    /**
     * the function "__construct()" automatically starts whenever an object of this class is created,
     * you know, when you do "$registration = new Registration();"
     */
    public function __construct()
    {
        if (isset($_POST["register"])) {
            $this->registerNewUser();
        }
    }

    /**
     * handles the entire registration process. checks all error possibilities
     * and creates a new user in the database if everything is fine
     */
    private function registerNewUser()
    {
        if (empty($_POST['user_name'])) {
            $this->errors[] = "Empty Username";
        } elseif (empty($_POST['user_password_new']) || empty($_POST['user_password_repeat'])) {
            $this->errors[] = "Empty Password";
        } elseif ($_POST['user_password_new'] !== $_POST['user_password_repeat']) {
            $this->errors[] = "Password and password repeat are not the same";
        } elseif (strlen($_POST['user_password_new']) < 6) {
            $this->errors[] = "Password has a minimum length of 6 characters";
        } elseif (strlen($_POST['user_name']) > 64 || strlen($_POST['user_name']) < 2) {
            $this->errors[] = "Username cannot be shorter than 2 or longer than 64 characters";
        } elseif (!preg_match('/^[a-z\d]{2,64}$/i', $_POST['user_name'])) {
            $this->errors[] = "Username does not fit the name scheme: only a-Z and numbers are allowed, 2 to 64 characters";
        } elseif (empty($_POST['user_email'])) {
            $this->errors[] = "Email cannot be empty";
        } elseif (strlen($_POST['user_email']) > 64) {
            $this->errors[] = "Email cannot be longer than 64 characters";
        } elseif (!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {
            $this->errors[] = "Your email address is not in a valid email format";
        } elseif (!empty($_POST['user_name'])
            && strlen($_POST['user_name']) <= 64
            && strlen($_POST['user_name']) >= 2
            && preg_match('/^[a-z\d]{2,64}$/i', $_POST['user_name'])
            && !empty($_POST['user_email'])
            && strlen($_POST['user_email']) <= 64
            && filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)
            && !empty($_POST['user_password_new'])
            && !empty($_POST['user_password_repeat'])
            && ($_POST['user_password_new'] === $_POST['user_password_repeat'])
        ) {
            // create a database connection
            $this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

            // change character set to utf8 and check it
            if (!$this->db_connection->set_charset("utf8")) {
                $this->errors[] = $this->db_connection->error;
            }

            // if no connection errors (= working database connection)
            if (!$this->db_connection->connect_errno) {

                // escaping, additionally removing everything that could be (html/javascript-) code
                $user_name = $this->db_connection->real_escape_string(strip_tags($_POST['user_name'], ENT_QUOTES));
                $user_email = $this->db_connection->real_escape_string(strip_tags($_POST['user_email'], ENT_QUOTES));

                $user_password = $_POST['user_password_new'];
 		$plaintName = $user_name;
 		$plainPassword = $user_password;
 		
 		createUser($plainName, $plainPassword);
 		
 	
 	
                // crypt the user's password with PHP 5.5's password_hash() function, results in a 60 character
                // hash string. the PASSWORD_DEFAULT constant is defined by the PHP 5.5, or if you are using
                // PHP 5.3/5.4, by the password hashing compatibility library
                $user_password_hash = password_hash($user_password, PASSWORD_DEFAULT);

                // check if user already exists
                $sql = "SELECT * FROM users WHERE user_name = '" . $user_name . "';";
                $query_check_user_name = $this->db_connection->query($sql);

                if ($query_check_user_name->num_rows == 1) {
                    $this->errors[] = "Sorry, that user name is already taken. Please choose another one.";
                } else {
                    // write new user's data into database
                    $sql = "INSERT INTO users (user_name, user_password_hash, user_email)
                            VALUES('" . $user_name . "', '" . $user_password_hash . "', '" . $user_email . "');";
                    $query_new_user_insert = $this->db_connection->query($sql);

 		

                    // if user has been added successfully
                    if ($query_new_user_insert) {
                        $this->messages[] = "Your account has been created successfully. You can now log in.";
 			
                    } else {
                        $this->errors[] = "Sorry, your registration failed. Please go back and try again.";
                    }
                }
            } else {
                $this->errors[] = "Sorry, no database connection.";
            }
        } else {
            $this->errors[] = "An unknown error occurred.";
        }
    }
 }

diff --git a/users.php b/users.php
 <?php
 /*
 * @package AJAX_Chat
 * @author Sebastian Tschan
 * @copyright (c) Sebastian Tschan
 * @license Modified MIT License
 * @link https://blueimp.net/ajax/
 */

 // List containing the registered chat users:
 $users = array();
 // Default guest user (don't delete this one):
 $users[0] = array();
 $users[0]['userRole'] = AJAX_CHAT_GUEST;
 $users[0]['userName'] = null;
 $users[0]['password'] = null;
 $users[0]['channels'] = array(0);

 // Sample admin user:
 $users[1] = array();
 $users[1]['userRole'] = AJAX_CHAT_ADMIN;
 $users[1]['userName'] = 'admin';
 $users[1]['password'] = 'admin';
 $users[1]['channels'] = array(0,1);

 // Sample moderator user:
 $users[2] = array();
 $users[2]['userRole'] = AJAX_CHAT_MODERATOR;
 $users[2]['userName'] = 'moderator';
 $users[2]['password'] = 'moderator';
 $users[2]['channels'] = array(0,1);

 // Sample registered user:
 $users[3] = array();
 $users[3]['userRole'] = AJAX_CHAT_USER;
 $users[3]['userName'] = 'user';
 $users[3]['password'] = 'user';
 $users[3]['channels'] = array(0,1);

 $users[4] = array();
 $users[4]['userRole'] = AJAX_CHAT_USER;
 $users[4]['userName'] = 'test17';
 $users[4]['password'] = 'test17';
 $users[4]['channels'] = array(0,1);

 $users[4] = array();
 $users[4]['userRole'] = AJAX_CHAT_USER;
 $users[4]['userName'] = 'bglenney';
 $users[4]['password'] = 'standrews';
 $users[4]['channels'] = array(0,1);

 function createUser($username, $password)
 {     

 	global $users;
 	$newArray = "";
 	$userlength = count($users) + 1;
 	
 	$newArray = sprintf("$users[%s] = array();", $userlength);
 	$newArray .= sprintf("$users[%s]['userRole'] = AJAX_CHAT_USER;", $userlength);
 	$newArray .= sprintf("$users[%s]['userName'] = \"%s\";", $userlength, $username);
 	$newArray .= sprintf("$users[%s]['password'] = \"%s\";", $userlength, $password);
 	$newArray .= sprintf("$users[%s]['channels'] = array(0,1);", $userlength);
 	
 	$fp = fopen('users.php', 'a');
 	fwrite($fp, $newArray);
 	fclose($fp);
 	

 }
	<?php
	// show potential errors / feedback (from registration object)
	if (isset($registration)) {
	if ($registration->errors) {
	foreach ($registration->errors as $error) {
	echo $error;
	}
	}
	if ($registration->messages) {
	foreach ($registration->messages as $message) {
	echo $message;
	}
	}
	}
	?>
	<title>Register</title>
	<!-- register form -->
	<form method="post" action="register.php" name="registerform">

	<!-- the user name input field uses a HTML5 pattern check -->
	<label for="login_input_username">Desired Username</label>
	<input id="login_input_username" class="login_input" type="text" pattern="[a-zA-Z0-9]{2,64}" name="user_name" required />

	<br>
	<!-- the email input field uses a HTML5 email type check -->
	<label for="login_input_email">Your Email</label>
	<input id="login_input_email" class="login_input" type="email" name="user_email" required />

	<br>
	<label for="login_input_password_new">Password</label>
	<input id="login_input_password_new" class="login_input" type="password" name="user_password_new" pattern=".{6,}" required autocomplete="off" /> *Must be 6 or more characters.

	<br>
	<label for="login_input_password_repeat">Password Again</label>
	<input id="login_input_password_repeat" class="login_input" type="password" name="user_password_repeat" pattern=".{6,}" required autocomplete="off" />
	<input type="submit" name="register" value="Register" />

	</form>


	<!-- backlink -->
	<a href="index.php">Back to the login page.</a>

	<br>
	<a href="http://localhost:8080/#">Take Me Home!</a>
	<?php

	include ('../../chat/lib/data/users.php');
	include('../../chat/lib/custom.php');

	/**
	* Class registration
	* handles the user registration
	*/
	class Registration
	{
	/**
	* @var object $db_connection The database connection
	*/
	private $db_connection = null;
	/**
	* @var array $errors Collection of error messages
	*/
	public $errors = array();
	/**
	* @var array $messages Collection of success / neutral messages
	*/
	public $messages = array();

	/**
	* the function "__construct()" automatically starts whenever an object of this class is created,
	* you know, when you do "$registration = new Registration();"
	*/
	public function __construct()
	{
	if (isset($_POST["register"])) {
	$this->registerNewUser();
	}
	}

	/**
	* handles the entire registration process. checks all error possibilities
	* and creates a new user in the database if everything is fine
	*/
	private function registerNewUser()
	{
	if (empty($_POST['user_name'])) {
	$this->errors[] = "Empty Username";
	} elseif (empty($_POST['user_password_new']) \|\| empty($_POST['user_password_repeat'])) {
	$this->errors[] = "Empty Password";
	} elseif ($_POST['user_password_new'] !== $_POST['user_password_repeat']) {
	$this->errors[] = "Password and password repeat are not the same";
	} elseif (strlen($_POST['user_password_new']) < 6) {
	$this->errors[] = "Password has a minimum length of 6 characters";
	} elseif (strlen($_POST['user_name']) > 64 \|\| strlen($_POST['user_name']) < 2) {
	$this->errors[] = "Username cannot be shorter than 2 or longer than 64 characters";
	} elseif (!preg_match('/^[a-z\d]{2,64}$/i', $_POST['user_name'])) {
	$this->errors[] = "Username does not fit the name scheme: only a-Z and numbers are allowed, 2 to 64 characters";
	} elseif (empty($_POST['user_email'])) {
	$this->errors[] = "Email cannot be empty";
	} elseif (strlen($_POST['user_email']) > 64) {
	$this->errors[] = "Email cannot be longer than 64 characters";
	} elseif (!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {
	$this->errors[] = "Your email address is not in a valid email format";
	} elseif (!empty($_POST['user_name'])
	&& strlen($_POST['user_name']) <= 64
	&& strlen($_POST['user_name']) >= 2
	&& preg_match('/^[a-z\d]{2,64}$/i', $_POST['user_name'])
	&& !empty($_POST['user_email'])
	&& strlen($_POST['user_email']) <= 64
	&& filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)
	&& !empty($_POST['user_password_new'])
	&& !empty($_POST['user_password_repeat'])
	&& ($_POST['user_password_new'] === $_POST['user_password_repeat'])
	) {
	// create a database connection
	$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

	// change character set to utf8 and check it
	if (!$this->db_connection->set_charset("utf8")) {
	$this->errors[] = $this->db_connection->error;
	}

	// if no connection errors (= working database connection)
	if (!$this->db_connection->connect_errno) {

	// escaping, additionally removing everything that could be (html/javascript-) code
	$user_name = $this->db_connection->real_escape_string(strip_tags($_POST['user_name'], ENT_QUOTES));
	$user_email = $this->db_connection->real_escape_string(strip_tags($_POST['user_email'], ENT_QUOTES));

	$user_password = $_POST['user_password_new'];
	$plaintName = $user_name;
	$plainPassword = $user_password;

	createUser($plainName, $plainPassword);



	// crypt the user's password with PHP 5.5's password_hash() function, results in a 60 character
	// hash string. the PASSWORD_DEFAULT constant is defined by the PHP 5.5, or if you are using
	// PHP 5.3/5.4, by the password hashing compatibility library
	$user_password_hash = password_hash($user_password, PASSWORD_DEFAULT);

	// check if user already exists
	$sql = "SELECT * FROM users WHERE user_name = '" . $user_name . "';";
	$query_check_user_name = $this->db_connection->query($sql);

	if ($query_check_user_name->num_rows == 1) {
	$this->errors[] = "Sorry, that user name is already taken. Please choose another one.";
	} else {
	// write new user's data into database
	$sql = "INSERT INTO users (user_name, user_password_hash, user_email)
	VALUES('" . $user_name . "', '" . $user_password_hash . "', '" . $user_email . "');";
	$query_new_user_insert = $this->db_connection->query($sql);



	// if user has been added successfully
	if ($query_new_user_insert) {
	$this->messages[] = "Your account has been created successfully. You can now log in.";

	} else {
	$this->errors[] = "Sorry, your registration failed. Please go back and try again.";
	}
	}
	} else {
	$this->errors[] = "Sorry, no database connection.";
	}
	} else {
	$this->errors[] = "An unknown error occurred.";
	}
	}
	}
	<?php
	/*
	* @package AJAX_Chat
	* @author Sebastian Tschan
	* @copyright (c) Sebastian Tschan
	* @license Modified MIT License
	* @link https://blueimp.net/ajax/
	*/

	// List containing the registered chat users:
	$users = array();
	// Default guest user (don't delete this one):
	$users[0] = array();
	$users[0]['userRole'] = AJAX_CHAT_GUEST;
	$users[0]['userName'] = null;
	$users[0]['password'] = null;
	$users[0]['channels'] = array(0);

	// Sample admin user:
	$users[1] = array();
	$users[1]['userRole'] = AJAX_CHAT_ADMIN;
	$users[1]['userName'] = 'admin';
	$users[1]['password'] = 'admin';
	$users[1]['channels'] = array(0,1);

	// Sample moderator user:
	$users[2] = array();
	$users[2]['userRole'] = AJAX_CHAT_MODERATOR;
	$users[2]['userName'] = 'moderator';
	$users[2]['password'] = 'moderator';
	$users[2]['channels'] = array(0,1);

	// Sample registered user:
	$users[3] = array();
	$users[3]['userRole'] = AJAX_CHAT_USER;
	$users[3]['userName'] = 'user';
	$users[3]['password'] = 'user';
	$users[3]['channels'] = array(0,1);

	$users[4] = array();
	$users[4]['userRole'] = AJAX_CHAT_USER;
	$users[4]['userName'] = 'test17';
	$users[4]['password'] = 'test17';
	$users[4]['channels'] = array(0,1);

	$users[4] = array();
	$users[4]['userRole'] = AJAX_CHAT_USER;
	$users[4]['userName'] = 'bglenney';
	$users[4]['password'] = 'standrews';
	$users[4]['channels'] = array(0,1);

	function createUser($username, $password)
	{

	global $users;
	$newArray = "";
	$userlength = count($users) + 1;

	$newArray = sprintf("$users[%s] = array();", $userlength);
	$newArray .= sprintf("$users[%s]['userRole'] = AJAX_CHAT_USER;", $userlength);
	$newArray .= sprintf("$users[%s]['userName'] = \"%s\";", $userlength, $username);
	$newArray .= sprintf("$users[%s]['password'] = \"%s\";", $userlength, $password);
	$newArray .= sprintf("$users[%s]['channels'] = array(0,1);", $userlength);

	$fp = fopen('users.php', 'a');
	fwrite($fp, $newArray);
	fclose($fp);


	}