getToken(); $_SESSION['token'] = $csrf; } else { $csrf = $db->clean($_SESSION['token'],'encode'); } $submit = true; $email = ''; $username = ''; $password = ''; if(isset($_POST["csrf"])) { if(isset($_POST["csrf"]) != '') { $csrf_post = $db->clean($_POST["csrf"],'encode'); } else { $submit = false; $reason = "Token is incorrect, are you a bot?"; } if($_POST["csrf"] == $csrf) { $csrf_post = $db->clean($_POST["csrf"],'encode'); } else { $submit = false; $reason = "Token is incorrect, are you a bot?"; } if(isset($_POST["email"]) != '') { $email = $db->clean($_POST["email"],'encode'); } else { $submit = false; $reason = "E-mail cannot be empty"; } if(isset($_POST["username"]) != '') { $username = strtolower($db->clean($_POST["username"],'encode')); $username = strtolower($db->clean($_POST["username"],'user')); } else { $submit = false; $reason = "Username cannot be empty"; } if(strlen($_POST["username"]) <= 25) { $username = strtolower($db->clean($_POST["username"],'encode')); $username = strtolower($db->clean($_POST["username"],'user')); } else { $submit = false; $reason = "Username is too long, try something shorter."; } if(strlen($_POST["password"]) >= 64 ) { $submit = false; $reason = "Password is unreasonbly long"; } if(isset($_POST["password"]) != '') { $password = $db->clean($_POST["password"],'encode'); } else { $submit = false; $reason = "Password cannot be empty"; } if(isset($_POST["captcha"]) != '') { $captcha = $_POST["captcha"]; if($_SESSION['captcha_question'] != $captcha) { $submit = false; $reason = "Captcha incorrectly solved."; } } else { $submit = false; } if($submit == true) { $userprofile = []; $stmt = $mysqli->prepare("SELECT id, name, password FROM profile where username = ?"); $stmt->bind_param('s', $username); $stmt->execute(); $stmt->bind_result($id,$name,$password); while($stmt->fetch()) { array_push($userprofile,$name); array_push($userprofile,$email); } $stmt->close(); if(count($userprofile) >= 1) { $submit = false; $reason = "Account username already exist."; } else { $hash = sha1($db->getToken()); $password = password_hash($password,PASSWORD_DEFAULT); $joined = date("F j, Y"); $active = 1; $photo = 'images/profile/smile.png'; $stmt = $mysqli->prepare("INSERT INTO profile (username, email, hash, password, joined, active, photo) VALUES (?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param("sssssis", $username, $email, $hash, $password, $joined, $active, $photo); $stmt->execute(); $resultmessage = "Success. Please check your e-mail for instructions. Have fun on Twigpage!"; $email = str_replace(';','',$email); $username = $username; $body = 'Hello, please verify your signup: verified'.$hash; $subject = 'Welcome to Twigpage'; mail($email,$subject,$body,"From: Twigpage "); } } } ?>