sunlee-newyork · November 16, 2013 21:32
diff --git a/signup.php b/signup.php
 <html>
 <head>
 <style>
 #title {
 	margin-top:100px;
 	font-family:HelveticaNeue-Light;
 	font-size:25px;
 	text-align:center;
 }
 #form {
 	width:251px;
 	margin-top:50px;
 	margin-left:auto;
 	margin-right:auto;
 }
 #firstname, #lastname, #username, #password, #password2, #email {
 	width:250px;
 	height:24px;
 	font-family:HelveticaNeue-Light;
 	font-size:14px;
 }
 #submit_button {
 	margin-top:20px;
 	font-size:20px;
 }
 #login {
 	margin-left:81px;
 	font-family:HelveticaNeue-Light;
 	font-size:16px;
 }
 #search {
 	margin-left:5px;
 	font-family:HelveticaNeue-Light;
 	font-size:16px;
 }

 </style>
 <title>SIGNUP</title>
 </head>
 <body>
 	<?php require $_SERVER['DOCUMENT_ROOT']."/IDEA/header/index.php"; ?>
 	<div id="title">
 		Jump into the pool of thoughts.
 		<br>Everyone is here to collaborate.
 		<br>Post your ideas. Make it happen.
 	</div>
    <div id="form">
    	<form action="index.php" name="form" method="post">
    		<input id="firstname" name="firstname" placeholder="First Name" required/>
    		<br><br>
    		<input id="lastname"  name="lastname"  placeholder="Last Name" required/>
    		<br><br>
    		<input id="username" name="username" placeholder="Username" required/>
    		<br><br>
    		<input id="password" name="password" placeholder="Password" type="password" required/>
 			<br><br>
 			<input id="password2" name="password2" placeholder="Confirm Password" type="password" required/>
 			<br><br>
 			<input id="email" name="email" placeholder="Email Address" required/>
 			<br>
 			<br>
 				<input id="submit_button" type="submit" />
 				<a href="/IDEA/login/index.php" id="login">Log In</a>
 				<a href="/IDEA/search/index.php" id="search">Search</a>
    	</form>
    </div>
 </body>

 <?php

 // === PROCESS USER INPUT === \\
 if ($_POST) {

 	// Request salt and iv, then save to variables (also decode iv)
 	$query = mysql_query("SELECT * FROM `encryption` WHERE 1");

 	while ($row = mysql_fetch_assoc($query)) {
 		$salt =              $row["salt"];
 		$iv   = base64_decode($row["iv"]);
 	}

 	mysql_free_result($query);

 	// Name all user input variables
 	$firstname = $_POST["firstname"];
 	$lastname  = $_POST["lastname" ];
 	$username  = $_POST["username" ];
 	$password  = $_POST["password" ];
 	$password2 = $_POST["password2"];
 	$email     = $_POST["email"    ];

 	// Bounce empty input fields
 	$required = array('firstname','lastname','username','password','password2','email');
 	$error    = false;

 	foreach($required as $value) {
 		if (empty($_POST[$value])) {
 			$error = true;
 		}
 	}

 	if ($error) {
 		echo "<script>alert('ERROR: All fields are required.');</script>";
 		die;
 	}

 	// Bounce non-matching passwords
 	if ($password != $password2) {
 		echo "<script>alert('Your passwords do not match!');</script>";
 		die;
 	}

 	// Bounce non-emails
 	if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
 		echo "<script>alert('Email is not valid. Please enter a valid email address.');</script>";
 		die;
 	}

 	// Bounce duplicate entries for username OR email
 	$query = mysql_query (
 		"SELECT `username` FROM `signup` WHERE `username` = '$username';");

 	while ($row = mysql_fetch_assoc($query)) {
 		if ($row) {
 			echo "<script>alert('Username already exists! Please enter different values or sign in.');</script>";
 			die;
 		} else mysql_free_result($query);
 	}

 	// Allow signup for new emails
 	if (!$row) {
 		$query = mysql_query (
 			"SELECT `email` FROM `signup` WHERE `email` = '$email';"
 		);

 		while ($row = mysql_fetch_assoc($query)) {
 			if ($row) {
 				echo "<script>alert('Email address already exists!. Please enter different values or sign in.');</script>";
 				die;
 			} else mysql_free_result($query);
 		}
 	}

 	// Encrypt and encode password
 	$encrypted_password = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $salt, $password, MCRYPT_MODE_CBC, $iv);
 	$encoded_password   = base64_encode($encrypted_password);
 	echo "Encrypted Password: " .$encrypted_password. "</br>";
 	echo "Encoded Password: "   .$encoded_password  . "<br/><br/>";

 	// Create random string (for mail validation purposes)
 	function random_string($max = 20) {
 		$chars = explode(" ", "a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9");		
 		
 		for($i = 0; $i < $max; $i++) {
 	    	$rnd  = array_rand($chars);
 	    	$rtn .= base64_encode(md5($chars[$rnd]));
 		}
 		
 		return substr(str_shuffle(strtolower($rtn)), 0, $max);
 	}

 	$random_string = random_string();

 	// Insert user data + encrypted password
 	$query = mysql_query (
 		"INSERT INTO `signup` (
 			`timestamp`, 
 			`id`       , 
 			`validate` ,
 			`firstname`, 
 			`lastname` , 
 			`username` , 
 			`password` , 
 			`email`
 		) 
 		VALUES (
 			NULL               , 
 			NULL               , 
 			'$random_string'   ,
 			'$firstname'       , 
 			'$lastname'        , 
 			'$username'        ,  
 			'$encoded_password', 
 			'$email'
 		);"
 	);

 	if (!$query) {
 		$message = 'Invalid Query: ' .mysql_error(). "<br/><br/>";
 		die($message);
 	}

 	// Report such data back as logged successfully
 	if ($query) {
 		mysql_free_result($query);

 		// Build clickable URL w/ random string + username
 		$url = "localhost:8888/IDEA/activate/index.php?activation=" .$random_string. "&username=" .$username;

 		// Send instant email after signup
 		$subject  = "You've signed up for Idea.com!";

 		$headers .= "From: Idea.com <[email protected]>]\r\n";
 		$headers .= "MIME-Version: 1.0\r\n";
 		$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

 		$message  = "<html><head></head><body>";
 		$message .= "<p>Thank you for signing up with Idea.com! </p>";
 		$message .= "<p>Here is your account information:</p>";
 		$message .= "<table>";
 		$message .= "<tr><td><b>First Name: </b></td><td>"    .strip_tags($firstname). "</td></tr>";
 		$message .= "<tr><td><b>Last Name: </b></td><td>"     .strip_tags($lastname ). "</td></tr>";
 		$message .= "<tr><td><b>Username: </b></td><td>"      .strip_tags($username ). "</td></tr>";
 		$message .= "<tr><td><b>Email Address: </b></td><td>" .strip_tags($email    ). "</td></tr>";
 		$message .= "<tr><td></td></tr>";
 		$message .= "</table>";
 		$message .= "<p>Click this link to activate your account:";
 		$message .= "<br><a href='".$url."'>".$url."</a></p>";
 		$message .= "<p>If the link doesn't work, copy and paste the link into your browser directly.</p>";
 		$message .= "</br>";
 		$message .= "</body></html>";

 		echo "something";
 		mail($email, $subject, $message, $headers);

 		if (mail($email, $subejct, $message, $headers)) {
 			echo "Email sent!";
 		} else {
 			echo "Email failed to send.";
 		}

 		$query = mysql_query("SELECT * FROM `signup` WHERE `username` = '$username';");
 	}

 	while ($row = mysql_fetch_assoc($query)) {
 		echo "You successfully performed an insert affecting the following data.<br/><br/>";
 		echo "ID: "        .$row["id"       ]. "</br>";
 		echo "Firstname: " .$row["firstname"]. "</br>";
 		echo "Lastname: "  .$row["lastname" ]. "</br>";
 		echo "Username: "  .$row["username" ]. "</br>";
 		echo "Password: "  .$row["password" ]. "</br>";
 		echo "Email: "     .$row["email"    ]. "</br>";
 	}
 	
 	// Wrap it up team
 	mysql_free_result($query);
 	return;

 }

 echo "</p></html>";
 ?>
	<html>
	<head>
	<style>
	#title {
	margin-top:100px;
	font-family:HelveticaNeue-Light;
	font-size:25px;
	text-align:center;
	}
	#form {
	width:251px;
	margin-top:50px;
	margin-left:auto;
	margin-right:auto;
	}
	#firstname, #lastname, #username, #password, #password2, #email {
	width:250px;
	height:24px;
	font-family:HelveticaNeue-Light;
	font-size:14px;
	}
	#submit_button {
	margin-top:20px;
	font-size:20px;
	}
	#login {
	margin-left:81px;
	font-family:HelveticaNeue-Light;
	font-size:16px;
	}
	#search {
	margin-left:5px;
	font-family:HelveticaNeue-Light;
	font-size:16px;
	}

	</style>
	<title>SIGNUP</title>
	</head>
	<body>
	<?php require $_SERVER['DOCUMENT_ROOT']."/IDEA/header/index.php"; ?>
	<div id="title">
	Jump into the pool of thoughts.
	<br>Everyone is here to collaborate.
	<br>Post your ideas. Make it happen.
	</div>
	<div id="form">
	<form action="index.php" name="form" method="post">
	<input id="firstname" name="firstname" placeholder="First Name" required/>
	<br><br>
	<input id="lastname" name="lastname" placeholder="Last Name" required/>
	<br><br>
	<input id="username" name="username" placeholder="Username" required/>
	<br><br>
	<input id="password" name="password" placeholder="Password" type="password" required/>
	<br><br>
	<input id="password2" name="password2" placeholder="Confirm Password" type="password" required/>
	<br><br>
	<input id="email" name="email" placeholder="Email Address" required/>
	<br>
	<br>
	<input id="submit_button" type="submit" />
	<a href="/IDEA/login/index.php" id="login">Log In</a>
	<a href="/IDEA/search/index.php" id="search">Search</a>
	</form>
	</div>
	</body>

	<?php

	// === PROCESS USER INPUT === \\
	if ($_POST) {

	// Request salt and iv, then save to variables (also decode iv)
	$query = mysql_query("SELECT * FROM `encryption` WHERE 1");

	while ($row = mysql_fetch_assoc($query)) {
	$salt = $row["salt"];
	$iv = base64_decode($row["iv"]);
	}

	mysql_free_result($query);

	// Name all user input variables
	$firstname = $_POST["firstname"];
	$lastname = $_POST["lastname" ];
	$username = $_POST["username" ];
	$password = $_POST["password" ];
	$password2 = $_POST["password2"];
	$email = $_POST["email" ];

	// Bounce empty input fields
	$required = array('firstname','lastname','username','password','password2','email');
	$error = false;

	foreach($required as $value) {
	if (empty($_POST[$value])) {
	$error = true;
	}
	}

	if ($error) {
	echo "<script>alert('ERROR: All fields are required.');</script>";
	die;
	}

	// Bounce non-matching passwords
	if ($password != $password2) {
	echo "<script>alert('Your passwords do not match!');</script>";
	die;
	}

	// Bounce non-emails
	if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
	echo "<script>alert('Email is not valid. Please enter a valid email address.');</script>";
	die;
	}

	// Bounce duplicate entries for username OR email
	$query = mysql_query (
	"SELECT `username` FROM `signup` WHERE `username` = '$username';");

	while ($row = mysql_fetch_assoc($query)) {
	if ($row) {
	echo "<script>alert('Username already exists! Please enter different values or sign in.');</script>";
	die;
	} else mysql_free_result($query);
	}

	// Allow signup for new emails
	if (!$row) {
	$query = mysql_query (
	"SELECT `email` FROM `signup` WHERE `email` = '$email';"
	);

	while ($row = mysql_fetch_assoc($query)) {
	if ($row) {
	echo "<script>alert('Email address already exists!. Please enter different values or sign in.');</script>";
	die;
	} else mysql_free_result($query);
	}
	}

	// Encrypt and encode password
	$encrypted_password = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $salt, $password, MCRYPT_MODE_CBC, $iv);
	$encoded_password = base64_encode($encrypted_password);
	echo "Encrypted Password: " .$encrypted_password. "</br>";
	echo "Encoded Password: " .$encoded_password . "<br/><br/>";

	// Create random string (for mail validation purposes)
	function random_string($max = 20) {
	$chars = explode(" ", "a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9");

	for($i = 0; $i < $max; $i++) {
	$rnd = array_rand($chars);
	$rtn .= base64_encode(md5($chars[$rnd]));
	}

	return substr(str_shuffle(strtolower($rtn)), 0, $max);
	}

	$random_string = random_string();

	// Insert user data + encrypted password
	$query = mysql_query (
	"INSERT INTO `signup` (
	`timestamp`,
	`id` ,
	`validate` ,
	`firstname`,
	`lastname` ,
	`username` ,
	`password` ,
	`email`
	)
	VALUES (
	NULL ,
	NULL ,
	'$random_string' ,
	'$firstname' ,
	'$lastname' ,
	'$username' ,
	'$encoded_password',
	'$email'
	);"
	);

	if (!$query) {
	$message = 'Invalid Query: ' .mysql_error(). "<br/><br/>";
	die($message);
	}

	// Report such data back as logged successfully
	if ($query) {
	mysql_free_result($query);

	// Build clickable URL w/ random string + username
	$url = "localhost:8888/IDEA/activate/index.php?activation=" .$random_string. "&username=" .$username;

	// Send instant email after signup
	$subject = "You've signed up for Idea.com!";

	$headers .= "From: Idea.com <[email protected]>]\r\n";
	$headers .= "MIME-Version: 1.0\r\n";
	$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

	$message = "<html><head></head><body>";
	$message .= "<p>Thank you for signing up with Idea.com! </p>";
	$message .= "<p>Here is your account information:</p>";
	$message .= "<table>";
	$message .= "<tr><td><b>First Name: </b></td><td>" .strip_tags($firstname). "</td></tr>";
	$message .= "<tr><td><b>Last Name: </b></td><td>" .strip_tags($lastname ). "</td></tr>";
	$message .= "<tr><td><b>Username: </b></td><td>" .strip_tags($username ). "</td></tr>";
	$message .= "<tr><td><b>Email Address: </b></td><td>" .strip_tags($email ). "</td></tr>";
	$message .= "<tr><td></td></tr>";
	$message .= "</table>";
	$message .= "<p>Click this link to activate your account:";
	$message .= "<br><a href='".$url."'>".$url."</a></p>";
	$message .= "<p>If the link doesn't work, copy and paste the link into your browser directly.</p>";
	$message .= "</br>";
	$message .= "</body></html>";

	echo "something";
	mail($email, $subject, $message, $headers);

	if (mail($email, $subejct, $message, $headers)) {
	echo "Email sent!";
	} else {
	echo "Email failed to send.";
	}

	$query = mysql_query("SELECT * FROM `signup` WHERE `username` = '$username';");
	}

	while ($row = mysql_fetch_assoc($query)) {
	echo "You successfully performed an insert affecting the following data.<br/><br/>";
	echo "ID: " .$row["id" ]. "</br>";
	echo "Firstname: " .$row["firstname"]. "</br>";
	echo "Lastname: " .$row["lastname" ]. "</br>";
	echo "Username: " .$row["username" ]. "</br>";
	echo "Password: " .$row["password" ]. "</br>";
	echo "Email: " .$row["email" ]. "</br>";
	}

	// Wrap it up team
	mysql_free_result($query);
	return;

	}

	echo "</p></html>";
	?>