diff options
author | Andreas Habel <mail@exceptionfault.de> | 2009-10-20 19:03:02 +0200 |
---|---|---|
committer | Andreas Habel <mail@exceptionfault.de> | 2009-10-20 19:03:02 +0200 |
commit | 6e1d4a6d8b9288356e64674f41209be4f4c2acfe (patch) | |
tree | 48bd44c04c0d3880d28652637bb0e925aac8b3d1 | |
parent | 5fdd082f7b4631d75b920e4ea5736dc67ab056dc (diff) | |
download | website-6e1d4a6d8b9288356e64674f41209be4f4c2acfe.tar.gz website-6e1d4a6d8b9288356e64674f41209be4f4c2acfe.tar.bz2 website-6e1d4a6d8b9288356e64674f41209be4f4c2acfe.tar.xz website-6e1d4a6d8b9288356e64674f41209be4f4c2acfe.zip |
New accounts will be written to a mysql database
-rw-r--r-- | includes/conf/mysql.conf.php | 8 | ||||
-rw-r--r-- | includes/libs/libmysql.php | 89 | ||||
-rw-r--r-- | includes/libs/libstrutils.php | 10 | ||||
-rw-r--r-- | includes/models/account.php | 102 | ||||
-rw-r--r-- | registration.php | 115 | ||||
-rw-r--r-- | sql/createTables.sql | 13 |
6 files changed, 272 insertions, 65 deletions
diff --git a/includes/conf/mysql.conf.php b/includes/conf/mysql.conf.php new file mode 100644 index 0000000..05122cd --- /dev/null +++ b/includes/conf/mysql.conf.php @@ -0,0 +1,8 @@ +<?php
+
+ $conf['mysql_hostname'] = "localhost";
+ $conf['mysql_database'] = "test";
+ $conf['mysql_username'] = "test";
+ $conf['mysql_password'] = "test123";
+
+?>
\ No newline at end of file diff --git a/includes/libs/libmysql.php b/includes/libs/libmysql.php new file mode 100644 index 0000000..5a3a06c --- /dev/null +++ b/includes/libs/libmysql.php @@ -0,0 +1,89 @@ +<?php + +require_once "includes/conf/mysql.conf.php"; + +class Database +{ + // implement singleton pattern + static private $instance = null; + + private $conn; + + static public function getInstance() + { + if (null === self::$instance) + { + self::$instance = new self; + } + return self::$instance; + } + + // ctor + private function __construct() + { + global $conf; + $this->conn = mysql_connect( $conf['mysql_hostname'], + $conf['mysql_username'], + $conf['mysql_password'] ) + or die ("Connection to database failed!" . mysql_error()); + + mysql_select_db( $conf['mysql_database'], $this->conn ) + or die ("Selection of database failed! " . mysql_error()); + } + + private function checkConnect() + { + if (!isset($this->conn)) + { + die("Not connected to database"); + } + } + + // returns the value in the first row and column + public function getValue( $sql ) + { + $this->checkConnect(); + + $res = mysql_query( $sql, $this->conn ); + if (!$res) + { + die('Error while calling database: ' . mysql_error()); + } + $vals = mysql_fetch_row( $res ); + mysql_free_result( $res ); + return $vals[0]; + } + + // executes some sql and returns affected rows + public function exec( $sql ) + { + $this->checkConnect(); + + $res = mysql_query( $sql, $this->conn ); + if (!$res) + { + die('Error while calling database: ' . mysql_error()); + } + $numrows = mysql_affected_rows( $this->conn ); + return $numrows; + } + + public function escape( $string ) + { + $this->checkConnect(); + + return mysql_real_escape_string( $string, $this->conn ); + } + + public function disconnect() + { + if ( mysql_ping( $this->conn ) ) + { + mysql_close( $this->conn ); + } + } + +} + + +?>
\ No newline at end of file diff --git a/includes/libs/libstrutils.php b/includes/libs/libstrutils.php new file mode 100644 index 0000000..9c097af --- /dev/null +++ b/includes/libs/libstrutils.php @@ -0,0 +1,10 @@ +<?php
+
+ define("BAD_STRING_DESC", "Only printable characters (except spaces and \") are allowed.");
+
+ function check_chars($string)
+ {
+ return ctype_graph($string) && (strpos($string, '"') === FALSE);
+ }
+
+?>
\ No newline at end of file diff --git a/includes/models/account.php b/includes/models/account.php new file mode 100644 index 0000000..ea091f5 --- /dev/null +++ b/includes/models/account.php @@ -0,0 +1,102 @@ +<?php
+
+require_once "includes/libs/libstrutils.php";
+
+class TMWAccount
+{
+ const ACCOUNT_TBL = "tmw_accounts";
+
+ const GENDER_MALE = 1;
+ const GENDER_FEMALE = 2;
+
+ const STATE_PENDING = 0;
+ const STATE_CREATED = 0;
+ const STATE_FAILED = 0;
+
+ private $id;
+ private $username;
+ private $password;
+ private $email;
+ private $gender;
+ private $state;
+ private $registration;
+
+ public static function getAccountCount()
+ {
+ $db = Database::getInstance();
+ $sql = "SELECT COUNT(*) FROM " . TMWAccount::ACCOUNT_TBL;
+ return $db->getValue( $sql );
+ }
+
+ public static function existsUsername($str)
+ {
+ $db = Database::getInstance();
+ $sql = sprintf("SELECT COUNT(*) FROM " . TMWAccount::ACCOUNT_TBL .
+ " WHERE USERNAME = '%s'", $db->escape($str));
+ return ($db->getValue($sql) == 1);
+ }
+
+ public function setUsername($name){ $this->username = $name; }
+ public function setPassword($pwd){ $this->password = $pwd; }
+ public function setEMail($email){ $this->email = $email; }
+ public function setGender($gender){ $this->gender = $gender; }
+
+ public function validate()
+ {
+ $errors = array();
+
+ // check here for correct values..
+ if (strlen($this->username) < 4)
+ $errors[] = "Username is too short";
+
+ if (strlen($this->password) < 4)
+ $errors[] = "Password is too short";
+
+ if (!check_chars($this->username))
+ $errors[] = 'Username contains invalid characters. ' . BAD_STRING_DESC;
+
+ if (!check_chars($this->password))
+ $errors[] = 'Password contains invalid characters. ' . BAD_STRING_DESC;
+
+ if ($this->gender != TMWAccount::GENDER_MALE &&
+ $this->gender != TMWAccount::GENDER_FEMALE )
+ {
+ $errors[] = 'Gender has to be Male or Female!';
+ }
+
+ if (!filter_var($this->email, FILTER_VALIDATE_EMAIL))
+ {
+ $errors[] = 'EMail has wrong format.';
+ }
+
+
+ // returns true if everything is fine ( test with === true)
+ if (count($errors) == 0)
+ {
+ return true;
+ }
+ else
+ {
+ return $errors;
+ }
+ }
+
+
+
+ public function storeAccount()
+ {
+ $db = Database::getInstance();
+ $sql = sprintf( "INSERT INTO " . TMWAccount::ACCOUNT_TBL .
+ " (USERNAME, PASSWORD, EMAIL, GENDER) " .
+ "VALUES ('%s', '%s', '%s', %d) ",
+ $db->escape($this->username),
+ $db->escape($this->password),
+ $db->escape($this->email),
+ $this->gender);
+
+ $rows = $db->exec( $sql );
+ return ( $rows == 1 );
+ }
+}
+
+?>
\ No newline at end of file diff --git a/registration.php b/registration.php index bf7fe34..ed7b528 100644 --- a/registration.php +++ b/registration.php @@ -1,95 +1,76 @@ <?php + require_once('includes/libs/libmysql.php'); + require_once('includes/models/account.php'); require_once('recaptcha-php/recaptchalib.php'); - $publickey = "6LexmAQAAAAAAJD-07K2pF5RvTfIdRrlE4lKbUZ2"; // you got this from the signup page - $privatekey = ":::"; + + $publickey = "6LexmAQAAAAAAJD-07K2pF5RvTfIdRrlE4lKbUZ2"; // you got this from the signup page + $privatekey = ":::"; + $enable_captcha = true; // modify this in production - include("includes/common.php"); - placeHeader("Registration"); $showform = true; - function check_chars($string) - { - return ctype_graph($string) && (strpos($string, '"') === FALSE); - } - $bad_string_desc = 'Only printable characters (except spaces and ") are allowed.'; - if (isset($_POST['register']) && $_POST['register'] == "true") { - // handle registration - if (!isset($_POST['username']) || strlen($_POST['username']) < 4) - { - $err = "Username is not given or too short!"; $showform = true; - } - else if (!isset($_POST['password1']) || strlen($_POST['password1']) < 4) + $showform = false; + $err = ""; + $acc = new TMWAccount(); + $acc->setUsername($_POST['username']); + $acc->setPassword($_POST['password1']); + $acc->setEMail($_POST['email']); + $acc->setGender($_POST['gender']); + + $val = $acc->validate(); + if (is_array($val)) { - $err = "Password is not given or too short!"; $showform = true; - } - else if (!isset($_POST['password2']) || strlen($_POST['password2']) < 4) - { - $err = "Password is not given or too short!"; $showform = true; - } - else if (!check_chars($_POST['username'])) - { - $err = 'Username contains invalid characters. ' . $bad_string_desc; $showform = true; - } - else if (!check_chars($_POST['password1'])) - { - $err = 'Password contains invalid characters. ' . $bad_string_des; $showform = true; + foreach( $val as $error) + { + $err .= $error . "<br />"; + } + $showform = true; } - else if ($_POST['password2'] != $_POST['password1']) + + if ($_POST['password2'] != $_POST['password1']) { - $err = "The given passwords don't match!"; $showform = true; + $err .= "The given passwords don't match!"; $showform = true; } - else if ($_POST['gender'] != 1 && $_POST['gender'] != 2) + + if (TMWAccount::existsUsername( $_POST['username'] )) { - $err = 'Please select your preferred gender.'; $showform = true; + $err .= "The username is in use!"; $showform = true; } - else + + if ($enable_captcha) { // check captcha $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], - $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); - + $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); + if (!$resp->is_valid) { - $err = "The captcha was incorrect!"; $showform = true; + $err .= "The captcha was incorrect!"; $showform = true; } - else - { - $username = escapeshellarg($_POST['username']); - $password = escapeshellarg($_POST['password1']); - $gender = ($_POST['gender'] == 1) ? "Male" : "Female"; - - // create a new account - $handle = popen("/home/eathena/webexec/runladmin.sh add $username $gender $password", "r"); - $retstr = fgets($handle); - $retval = pclose($handle); + } - if ($retstr === FALSE) - { - $err = "There was an unknown error while creating account."; - $showform = true; - } - else if (strpos($retstr, 'successfully created')) - { - // everything was fine, created account - $showform = false; - } - else - { - $err = $retstr; - $showform = true; - } + if (!$showform) + { + // create the account + if (!$acc->storeAccount()) + { + $err = "The was an unknown error while storing your new account"; + $showform = true; } } } + include("includes/common.php"); + placeHeader("Registration"); + + if ($showform) { - + ?> - <p>With this form you can register for a new account.</p> <form action="registration.php" method="post"> @@ -115,6 +96,10 @@ <td><input type="password" size="20" name="password2" /></td> </tr> <tr> + <td>EMail:</td> + <td><input type="text" size="30" name="email" /></td> + </tr> + <tr> <td>Gender:</td> <td> <select name="gender"> @@ -144,7 +129,7 @@ else { ?> - <p>Your account has been created!</p> + <p>Your account has been created and was scheduled for creation! In a few minutes you should receive an email with verification of your new account.</p> <?php } placeFooter(); ?> diff --git a/sql/createTables.sql b/sql/createTables.sql new file mode 100644 index 0000000..6442b6b --- /dev/null +++ b/sql/createTables.sql @@ -0,0 +1,13 @@ +CREATE TABLE `tmw_accounts` +( + `ID` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY , + `USERNAME` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL , + `PASSWORD` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL , + `EMAIL` VARCHAR( 200 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL , + `STATE` TINYINT UNSIGNED NOT NULL DEFAULT '0', + `REGISTRATION` TIMESTAMP ON UPDATE CURRENT_TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , + `GENDER` TINYINT UNSIGNED NOT NULL DEFAULT '0', + -- + INDEX ( `STATE` ) , + UNIQUE ( `USERNAME` ) +) ENGINE = InnoDB; |