function insert($qr)
{
$link = DbConnection();
$res = mysql_query($qr);
DbDisconnect($link);
return $res;
}
function register($Email, $Pass, $CPass, $Fname, $Lname, $Ulevel)
{
$link = DbConnection();
//Start session
session_start();
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Sanitize the POST values
$fname = clean($Fname);
$lname = clean($Lname);
$login = clean($Email);
$password = clean($Pass);
$cpassword = clean($CPass);
$ulevel = clean($Ulevel);
//Input Validations
if ($ulevel == '') {
$errmsg_arr[] = 'User level missing';
$errflag = true;
}
if ($login == '') {
$errmsg_arr[] = 'Email address missing';
$errflag = true;
}
if ($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if ($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if (strcmp($password, $cpassword) != 0) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
//Check for duplicate login ID
if ($login != '') {
$qry = "SELECT * FROM logon WHERE useremail='{$login}'";
$result = mysql_query($qry);
if ($result) {
if (mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'E-mail ID already in use';
$errflag = true;
}
@mysql_free_result($result);
} else {
die("Query failed");
}
}
DbDisconnect($link);
//If there are input validations, redirect back to the registration form
if ($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: register-form.php");
exit;
}
$link = DbConnection();
//Create INSERT query
$qry = "INSERT INTO logon(firstname,lastname,useremail,userlevel,password) VALUES('{$fname}','{$lname}','{$login}','{$ulevel}','" . md5($password) . "')";
$result = @mysql_query($qry);
//Check whether the query was successful or not
if ($result) {
header("location: register-success.php");
DbDisconnect($link);
exit;
} else {
DbDisconnect($link);
die("Query failed");
}
}