mydrops/createuser.php at master · dropio/mydrops · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<?php
session_start();
if(isset($_SESSION['user']))
	header('location: manage.php');
include "digest.php";
include "global.php";
include "config.php";

$w=(trim(strtolower($_POST['passwd'])));
$x=(trim(strtolower($_POST['passwd2'])));
$y=(trim(strtolower($_POST['user'])));
$z=(trim(strtolower($_POST['user2'])));
$digest=digest($w);

//Check for bad foregin characters and to prevent attacks
$invalidPass1=(preg_match('/[^a-zA-Z0-9\s@.!@#$%^&*()-=_+\[\]<>,.?\/\{\}\|:;]/', $w));
$invalidPass2=(preg_match('/[^a-zA-Z0-9\s@.!@#$%^&*()-=_+\[\]<>,.?\/\{\}\|:;]/', $x));
$invalidUser2=(preg_match('/[^a-zA-Z0-9\s@.-_+]/', $z));
$invalidUser1=(preg_match('/[^a-zA-Z0-9\s@.-_+]/', $y));

$con = mysql_connect($mysqlserver,$mysqluser,$mysqlpass);

list($emailName,$mailDomain)=explode("@",$y);
list($emailName2,$mailDomain2)=explode("@",$z);

if((!$invalidPass1) && (!$invalidPass2))
{
	if((!$invalidUser1) && (!$invalidUser2))
	{
		if (($w) && ($x) && ($y) && ($z) && ($w != "") && ($x !="") && ($y != "") && ($z != ""))
		{
			if(($mailDomain) && ($mailDomain2))
			{
				//Check if domain supports mail exchange
				if((checkdnsrr($mailDomain,"MX")) && (checkdnsrr($mailDomain2,"MX")))
				{
					if ($w == $x)
					{
						if ($y == $z)
						{
							if (!$con)
							{
							        die('Could not connect:'.mysql_error());
							}
							mysql_select_db($mysqldb,$con);
							$result = mysql_query(sprintf("SELECT user FROM users WHERE user='%s'", mysql_real_escape_string($y)));
							$checkuser=mysql_fetch_array($result);
							if ($y != $checkuser['user'])
							{
								$createuser=(sprintf("INSERT INTO users (user,pass) VALUES ('%s','%s')", mysql_real_escape_string($y), mysql_real_escape_string($digest)));
								if(!mysql_query($createuser))
								{
									die('Error: '.mysql_error());
								}
								mysql_close($con);
								header('Location: return.php');
							} else {
								echo "This e-mail has been taken.";
								goBack(register);
							}
						} else {
							echo "The given e-mails are not the same.";
							goback(register);
						}
					} else {
						echo "The given passwords are not the same.";
						goBack(register);
					}
				} else {
					echo "Your e-mail is not valid.";
					goBack(register);
				}
			} else {
				echo "Your e-mail is not valid.";
				goBack(register);
			}
		} else {
			echo "A field is empty.";
			goback(register);
		}
	} else {
		echo "Invalid characters in e-mail.";
		goBack(register);
	}
} else {
	echo "Invalid characters in password.";
	goBack(register);
}
?>