HEX
Server: Apache
System: Linux b:u:marcbase:1 3.10.0-1160.31.1.el7.x86_64 #1 SMP Thu Jun 10 13:32:12 UTC 2021 x86_64
User: apache (92344)
PHP: 7.0.18
Disabled: apache_get_modules, apache_get_version, apache_reset_timeout, apache_getenv, apache_note, apache_setenv
$ pwd: /var/www/html/marcbase.com.br/web/mybringback/
Upload Files
File: /var/www/html/marcbase.com.br/web/mybringback/index.php
<?php



/*

Our "config.inc.php" file connects to database every time we include or require

it within a php script.  Since we want this script to add a new user to our db,

we will be talking with our database, and therefore,

let's require the connection to happen:

*/

require("config.inc.php");



//if posted data is not empty

if (!empty($_POST)) {

    //If the username or password is empty when the user submits

    //the form, the page will die.

    //Using die isn't a very good practice, you may want to look into

    //displaying an error message within the form instead.  

	//We could also do front-end form validation from within our Android App,

	//but it is good to have a have the back-end code do a double check.

    if (empty($_POST['username']) || empty($_POST['password'])) {

		

	

	    // Create some data that will be the JSON response 

	    $response["success"] = 0;

	    $response["message"] = "Please Enter Both a Username and Password.";



		//die will kill the page and not execute any code below, it will also

		//display the parameter... in this case the JSON data our Android

		//app will parse

        die(json_encode($response));

    }

    

    //if the page hasn't died, we will check with our database to see if there is

    //already a user with the username specificed in the form.  ":user" is just

    //a blank variable that we will change before we execute the query.  We

    //do it this way to increase security, and defend against sql injections

    $query        = " SELECT 1 FROM users WHERE username = :user";

    //now lets update what :user should be

    $query_params = array(

        ':user' => $_POST['username']

    );

    

    //Now let's make run the query:

    try {

        // These two statements run the query against your database table. 

        $stmt   = $db->prepare($query);

        $result = $stmt->execute($query_params);

    }

    catch (PDOException $ex) {

        // Note: On a production website, you should not output $ex->getMessage(). 

        // It may provide an attacker with helpful information about your code.  

        die("Failed to run query: " . $ex->getMessage());



		//You eventually want to comment out the above die and use this one:

		$response["success"] = 0;

		$response["message"] = "Database Error. Please Try Again!";

		die(json_encode($response));

    }

    

    //fetch is an array of returned data.  If any data is returned,

    //we know that the username is already in use, so we murder our

    //page

    $row = $stmt->fetch();

    if ($row) {

        die("This username is already in use");

		//You could comment out the above die and use this one:

		$response["success"] = 0;

		$response["message"] = "I'm sorry, this username is already in use";

		die(json_encode($response));

    }

    

    //If we have made it here without dying, then we are in the clear to 

    //create a new user.  Let's setup our new query to create a user.  

    //Again, to protect against sql injects, user tokens such as :user and :pass

    $query = "INSERT INTO users ( username, password ) VALUES ( :user, :pass ) ";

    

    //Again, we need to update our tokens with the actual data:

    $query_params = array(

        ':username' => $_POST['username'],

        ':password' => $_POST['password']

    );

    

    //time to run our query, and create the user

    try {

        $stmt   = $db->prepare($query);

        $result = $stmt->execute($query_params);

    }

    catch (PDOException $ex) {

        // Again, don't display $ex->getMessage() when you go live. 

        die("Failed to run query: " . $ex->getMessage());

		//You could comment out the above die and use this one:

		$response["success"] = 0;

		$response["message"] = "Database Error. Please Try Again!";

		die(json_encode($response));

    }



	//If we have made it this far without dying, we have successfully added

	//a new user to our database.  We could do a few things here, such as 

	//redirect to the login page.  Instead we are going to echo out some

	//json data that will be read by the Android application, which will login

	//the user (or redirect to a different activity, I'm not sure yet..)

	$response["success"] = 1;

	$response["message"] = "Username Successfully Added!";

	echo json_encode($response);

	

	//for a php webservice you could do a simple redirect and die.

	//header("Location: login.php"); 

	//die("Redirecting to login.php");

    

    

} else {

?>

	<h1>Register</h1> 

	<form action="index.php" method="post"> 

	    Username:<br /> 

	    <input type="text" name="username" value="" /> 

	    <br /><br /> 

	    Password:<br /> 

	    <input type="password" name="password" value="" /> 

	    <br /><br /> 

	    <input type="submit" value="Register New User" /> 

	</form>

	<?php

}



?>
@ Telegram