if(!isset($_POST['join'])){ $_POST['join'] = ''; } switch($_POST['join']){ case('01'):{ $error = false; if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) { $error = true; $_POST['email_error'] = 'red'; } if(strlen($_POST['email'])>255) { $error = true; $_POST['email_error'] = 'red'; } if(checkEmail($pdo, $_POST['email'])) { $error = true; $_POST['email_error'] = 'red'; mail($_POST['email'], COMPANY_NAME_FORMAL.' Account Creation Error', "Someone recently tried to create an account with ".COMPANY_NAME_FORMAL." using this email address, which already has an account associated with it. ".COMPANY_NAME_FORMAL." does not indicate the existence of accounts when users attempt to create new accounts to protect your privacy from robots that spam account creation forms to identify valid email addresses.\n\nIf it was you who made this attempt, you may need to click the \"Forget your password?\" link on the main page to reset the account's password. If it was not you who made the attempt, please ensure your account is secure with a good password.\n\nIf you have any questions please contact us through our Contact Us page.\n\nThank You,\n".COMPANY_NAME_FORMAL, "From: ".COMPANY_NAME_FORMAL." "); } if(!( $_POST['pass1'] != '' && $_POST['pass2'] != '' && $_POST['pass1'] == $_POST['pass2'] )){ $error = true; $_POST['pass1_error'] = 'red'; $_POST['pass2_error'] = 'red'; } if(!isset($_POST['age']) || $_POST['age'] != 'on'){ $error = true; $_POST['age_error'] = 'new_checkbox_red'; } //----- ALPHA TESTER INVITES -----// if(empty($_POST['invite'])){ $error = true; $_POST['invite_error']='red'; } else { $a=$pdo->prepare("SELECT * FROM invites_alpha WHERE code=:code AND used='0'"); $a->bindParam('code', $_POST['invite']); $a->execute(); if(!($invitation = $a->fetch(PDO::FETCH_ASSOC))){$error=true; $_POST['invite_error']='red';} } //----- TERMS CHECK -----// if(empty($_POST['terms01'])){ $error = true; $_POST['terms01_error']='new_checkbox_red'; } if(empty($_POST['terms02'])){ $error = true; $_POST['terms02_error']='new_checkbox_red'; } if(empty($_POST['terms03'])){ $error = true; $_POST['terms03_error']='new_checkbox_red'; } if($error){ require(PAGE_DIR.'page_join_01.php'); } else { $_POST['pass1'] = password_hash($_POST['pass2'], PASSWORD_DEFAULT); $confirm_code = bin2hex(random_bytes(32)); unset($check_confirm_code); $check_confirm_code = getUser($pdo, 'confirm_code', $confirm_code); while($check_confirm_code !== false){ $confirm_code = bin2hex(random_bytes(32)); $check_confirm_code = getUser($pdo, 'confirm_code', $confirm_code); } $_POST['date_created'] = time(); (!isset($_POST['age']) || $_POST['age'] != 'on') ? $_POST['age'] = 0 : $_POST['age'] = 1; $stmt = $pdo->prepare("INSERT INTO `users` (email, password, age, location, how_found, date_created, confirm_code) VALUES (:email, :password, :age, :location, :how_found, :date_created, :confirm_code)"); $stmt->bindParam('email', $_POST['email']); $stmt->bindParam('password', $_POST['pass1']); $stmt->bindParam('age', $_POST['age'], PDO::PARAM_INT); $stmt->bindParam('location', $_POST['location']); $stmt->bindParam('how_found', $_POST['reference']); $stmt->bindParam('date_created', $_POST['date_created']); $stmt->bindParam('confirm_code', $confirm_code); $stmt->execute(); $a=$pdo->prepare("SELECT uid FROM users WHERE email=:email"); $a->bindParam('email', $_POST['email']); $a->execute(); $uid = $a->fetchColumn(); $a=$pdo->prepare("INSERT INTO `user_emails` (`email`,`uid`) VALUES (?,?)"); $a->execute(array($_POST['email'],$uid)); log_action($pdo, 19, time()); //--ALPHA INVITES (remove when we go to beta) $a=$pdo->prepare("UPDATE invites_alpha SET used='1', uid=:uid, used_date=:udt WHERE code=:code"); $a->bindParam('code', $_POST['invite']); $a->bindParam('uid', $uid); $a->bindValue('udt', time()); $a->execute(); //--END ALPHA INVITES $txt = "Thank you for your recent registration with ".COMPANY_NAME_FORMAL." Before you can login, you must activate your account. "; $txt .= "Please click the following link or copy-and-paste it into your web browser to confirm your account.\n\n"; $txt .= "http://wwphelps.com/join/confirm/".$confirm_code."\n\n"; $txt .= "After confirming you account, you may login to buy the latest LDS ebooks or to publish a book of your own!\n\nThank You,\n".COMPANY_NAME_FORMAL; mail($_POST['email'], "Confirm Your ".COMPANY_NAME_FORMAL." Account", $txt, "From: ".COMPANY_NAME_FORMAL." "); require(PAGE_DIR.'page_join_02.php'); } break; } default: require(PAGE_DIR.'page_join_01.php'); }