$login_info = bronto_user_login($fm_username, $fm_password, $fm_sitename, $fm_siteid);
process_login($login_info, $fm_username, $fm_password, $fm_sitename);
}
}
} else {
if ($fm_stage == "userinfo") {
$dbh = open_db();
// we could obtain the username from the userinfo form itself, but this could allow a malicious user to
// change the user information for a user other than him/herself; a DB lookup is used instead
$username = db_get_session_user($dbh, $fm_sessionid);
if ($username) {
$got_error = false;
$userinfo = array('firstname' => $fm_firstname, 'lastname' => $fm_lastname, 'email' => $fm_email, 'phone' => $fm_phone);
if ($fm_firstname && $fm_lastname && $fm_email && $fm_phone) {
if (is_valid_email($fm_email)) {
if (db_update_user_info($dbh, $username, $userinfo) == true) {
print_message_select_form($bapi, $fm_sessionid);
} else {
display_errorbox("Unable to update user information for user " . $username . ".");
print_request_login_form($username);
}
} else {
display_errorbox("Must provide a valid e-mail address.");
$got_error = true;
}
} else {
display_errorbox("Must provide first name, last name, phone number, and e-mail address.");
$got_error = true;
}
if ($got_error) {
$userinfo['username'] = $username;
function db_update_user_last_login($dbh, $username)
{
$userinfo['last_login'] = "******";
return db_update_user_info($dbh, $username, $userinfo);
}
