Credentials Exposure


#1

Hi, so i created a website which seemed to functioning just fine for the last couple of days (all i have done is create a registration system for it). Upon running a few tests again today, i realised that my database password is being exposed to potential users of the site. By the way, i am using a typical registration process: Go to website, Fill in form, click “register”, recievce email that contains the info you entered on the form (username and password), click a link in that email which officially uploads you to the database. My issue is that the email that the user recieves always sends my database password as their password instead of the password they entered in the form. Before today, it was working okay. They would recieve proper info. in trying to diagnose, i realised that even though the password in their email is not the one they entered, the link they click uploads their true form data to my database (hashed ofcourse). Am i being hacked? is 000webhost being hacked? cant be sql injection could it? like i said, the database info is legit. Views on this? Here is some sample code of the file that sends the email to the user:

$name = $_POST['userName'];
	$surname = $_POST['userSurname'];
	$email = $_POST['userEmail'];
	$pword = $_POST['userPassword'];
	$confirmPassword = $_POST['userConfirmPassword'];
	
	include('ErrorList.php');
	$result = "";
	
	if(empty($name) || ctype_space($name) || empty($surname) || ctype_space($surname) || empty($email) || ctype_space($email) || empty($pword) || ctype_space($pword) || empty($confirmPassword) || ctype_space($confirmPassword)){
		$result = $errors["length"];
	}else{
		if(!ctype_alpha($name) || !ctype_alpha($surname)){
			$result = $errors["credentialsFormat"];
		}else{
			if(strlen($pword) < 7){
				$result = $errors['length'];	
			}else{
				if($pword != $confirmPassword){
					$result = $errors['passwordMismatch'];
				}else{
					if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
						$result = $errors['invalidEmail'];
					}else{
						if(!ctype_alnum($pword)){
							$result = $errors['passwordFormat'];
						}else{
							include('DatabaseConnection.php');

							if(!$connection){
								$result = $errors['databaseConnectionError'];
							}else{
								$sqlQueryExistence = 'SELECT * FROM users WHERE email = "'.$email.'"';
		
								$answer = mysqli_query($connection,$sqlQueryExistence);
		
								if(mysqli_num_rows($answer) > 0){
									$result = $errors['emailExists'];
								}else{
									$registrationDate = date('d/m/Y');
									$md5Pass = md5($pword);
									$prefixKey = 'Etalk';
									$suffixKey = '2017';
									$prefixKeymd5 = md5($prefixKey);
									$suffixKeymd5 = md5($suffixKey);
									$md5Combined = $prefixKeymd5.$md5Pass.$suffixKeymd5;

									$userDetails = '?name='.$name.'&surname='.$surname.'&email='.$email.'&password='.$md5Combined.'&regDate='.$registrationDate;
									$body = '
									<html>
										<body>
											<p>Thank you for signing up '.$name.' '.$surname.'! One more step remains..</p>
											<p>----------------------------------------</p>
											<p>Your username is: '.$email.'</p>
											<p>Your Password is: '.$pword.'</p>
											<p>----------------------------------------</p>
											<p>Please click on this link to complete your registration and activate your account:</p>
											<a href="etalk.000webhostapp.com/PHP/ConfirmRegistration.php'.$userDetails.'">accounts.Etalk.com</a>
											<h3>If you have any enquiries, please visit our <a href="www.google.com">FAQ page</a><h3>
										</body>
									</html>
									';

									$headers  = 'MIME-Version: 1.0' . "\r\n";
									$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
									$headers .= 'From: E-Talk accounts';

									mail($email, 'E-Talk Registration', $body, $headers);
									$result = 'Thank you for registering. An account-activation email will be sent to you within 24 hours. Please note: the email MIGHT be sent to your spam/junk folder';
								}
							}
						}
					}
				}
			}
		}	
	}
	
	echo $result;
?>

#2

May I know what is the variable holding your password for the sql connection?