-
-
Save infacq/8394498 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| require dirname(__FILE__) . '/functions.php'; | |
| $module = md5( 'module' ); | |
| $page_url = sanitize( $_SERVER['PHP_SELF'] ); | |
| if ( isset($_POST['firstname']) ) | |
| require dirname(__FILE__).'/save.php'; | |
| if ( isset( $_SESSION[$module]['firstname'] ) ) | |
| extract( $_SESSION[$module] ); | |
| $csrf = md5( uniqid(rand(), true) ); | |
| $_SESSION[$module]['csrf'] = $csrf; | |
| ?> | |
| <form class="signup" action="<?php echo $page_url ?>" method="post"> | |
| <input type="hidden" name="csrf" id="csrf" value="<?php echo $csrf ?>"/> | |
| <table> | |
| <tr> | |
| <td><label for="email">E-mail <span class="asterix">*</span></label></td> | |
| <td><input type="text" name="email" id="email" maxlength="255" value="<?php if (isset($email)) echo $email ?>"/></td> | |
| </tr> | |
| <tr> | |
| <td><label for="password">Password <span class="asterix">*</span></label></td> | |
| <td><input type="password" name="password" id="password" maxlength="20" /></td> | |
| </tr> | |
| <tr> | |
| <td><label for="password2">Confirm password <span class="asterix">*</span></label></td> | |
| <td><input type="password" name="password2" id="password2" maxlength="20" /></td> | |
| </tr> | |
| <tr> | |
| <td> </td> | |
| <td><button type="submit">Submit</button></td> | |
| </tr> | |
| </table> | |
| </form> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function sanitize( $input, $strip = 1, $charset = 'UTF-8' ) | |
| { | |
| if ( is_array($input) ) { | |
| $output = array(); | |
| foreach ( $input as $key => $data ) { | |
| $output[$key] = sanitize($data, $strip, $charset); | |
| } | |
| return $output; | |
| } | |
| else { | |
| // Strip HTML tags if set | |
| if ($strip > 0) | |
| $input = strip_tags($input); | |
| // Encode special chars | |
| $input = htmlspecialchars($input, ENT_QUOTES, $charset); | |
| if ( get_magic_quotes_gpc() ) | |
| return mysql_real_escape_string(stripslashes($input)); | |
| else | |
| return mysql_real_escape_string($input); | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $secured = array(); | |
| $secured = sanitize($_POST); | |
| extract( $secured ); | |
| foreach ( $secured as $key => $value ) { | |
| $_SESSION[$module][$key] = $value; | |
| } | |
| // idea from http://stackoverflow.com/a/10469574/289404 | |
| if ( $csrf !== $_SESSION[$module]['csrf'] ) { | |
| echo '<br class="clr"><p class="notice">Bad request token. Please try again.</p>'; | |
| return false; | |
| } | |
| // Check required | |
| $required = array( | |
| 'firstname' => 'First name', | |
| 'surname' => 'Last name', | |
| 'zip' => 'ZIP', | |
| 'email' => 'E-mail', | |
| 'password' => 'Password', | |
| 'password2' => 'Confirm password', | |
| 'agree' => 'Agreement', | |
| ); | |
| foreach ( $required as $key => $value ) { | |
| if ( empty(${$key}) ) { | |
| echo '<br class="clr"><p class="notice">Please enter: '.$value.'.</p>'; | |
| return false; | |
| } | |
| } | |
| if ($password != $password2) { | |
| echo '<br class="clr"><p class="notice">Passwords missmatch.</p>'; | |
| return false; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment