~george-edison55/charms/oneiric/thinkup/trunk

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/usr/bin/php
<?php

//=======================================
//    This 'small' PHP script updates
// the information for the administrator
//=======================================

// Include the file containing DB credentials
require_once '/var/www/config.inc.php';

// We should have received 4 command line arguments
if($argc != 4)
{
    echo "Usage: {$argv[0]} name email password\n";
    exit(1);
}

$name  = $argv[1];
$email = $argv[2];
$pass  = $argv[3];

// Connect to the database server
$sql = new mysqli($THINKUP_CFG['db_host'],
                  $THINKUP_CFG['db_user'],
                  $THINKUP_CFG['db_password'],
                  $THINKUP_CFG['db_name']);

// Make sure the connection is valid
if($sql->connect_error)
{
    echo "MySQL connection error: {$sql->connect_error}\n";
    exit(1);
}

// Check if the user exists (NOTE: this is not foolproof there are no
// provisions for changing your email address.)
if(!($statement = $sql->prepare('SELECT id FROM tu_owners WHERE email = ?')))
{
    echo "MySQL error: {$sql->error}\n";
    exit(1);
}

$statement->bind_param('s', $email);
$statement->bind_result($id);

if($statement->execute() === FALSE)
{
    echo "MySQL error: {$sql->error}\n";
    exit(1);
}

$user_exists = $statement->fetch();
$statement->close();

if($user_exists)
{
    // Okay, we're updating the user with the specified email address
    if(!($statement = $sql->prepare('UPDATE tu_owners SET full_name = ?, pwd = ?, pwd_salt = ? WHERE id = ?')))
    {
        echo "MySQL error: {$sql->error}\n";
        exit(1);
    }
    
    // Generate a salt and hash the password
    $salt = hash('sha256', rand() . $email);
    $hash = hash('sha256', $pass . $salt);
    
    $statement->bind_param('sssi', $name, $hash, $salt, $id);
    
    // Perform the update
    if($statement->execute() === FALSE)
    {
        echo "MySQL error: {$sql->error}\n";
        exit(1);
    }
}
else
{
    // Create the user
    if(!($statement = $sql->prepare('INSERT INTO tu_owners (full_name, pwd, pwd_salt, email, joined, is_activated, is_admin, last_login) VALUES (?, ?, ?, ?, NOW(), 1, 1, NOW())')))
    {
        echo "MySQL error: {$sql->error}\n";
        exit(1);
    }
    
    // Generate a salt and hash the password
    $salt = hash('sha256', rand() . $email);
    $hash = hash('sha256', $pass . $salt);
    
    // Bind the parameters
    $statement->bind_param('ssss', $name, $hash, $salt, $email);
    
    // Insert the user
    if($statement->execute() === FALSE)
    {
        echo "MySQL error: {$sql->error}\n";
        exit(1);
    }
}

?>