function editAccount($uid)
{
$user = getPerson($uid);
$picture = $_FILES['picture'];
if ($_POST['email'] == "") {
return "Email may not be empty";
}
if ($_POST['fullname'] == "") {
return "Full name may not be empty";
}
if ($picture['name'] != '') {
$pic = pictureHandling($uid, $picture);
} else {
$pic = getPic($uid);
}
$purifier = new HTMLPurifier();
$fullname = $purifier->purify($_POST['fullname']);
$pic = $purifier->purify($pic);
$email_level = $purifier->purify($_POST['email_pref']);
mysql_query('START TRANSACTION');
$failed = 0;
$sql = sprintf("UPDATE user_info SET fullname='%s', picture='%s', email_level='%s' WHERE uid='%s'", mysql_real_escape_string($fullname), mysql_real_escape_string($pic), mysql_real_escape_string($email_level), mysql_real_escape_string($uid));
$result = mysql_query($sql);
if ($result == FALSE) {
$failed = 1;
}
$sql = sprintf("DELETE from user_info_values WHERE person_id = '%s'", mysql_real_escape_string($uid));
$result = mysql_query($sql);
if ($result == FALSE) {
$failed = 1;
}
$sql = sprintf("SELECT id, shortname, longname FROM user_info_key");
$result = get_rows($sql);
if (!$result) {
$failed = 1;
}
foreach ($result as $r) {
$shortname = $r['shortname'];
$longname = $r['longname'];
$user_key_id = $r['id'];
$value = $_POST[$shortname];
$value = $purifier->purify($value);
if ($_POST[$shortname] != "") {
$sql = sprintf("INSERT INTO user_info_values VALUES ('%s', '%s', '%s')", mysql_real_escape_string($uid), mysql_real_escape_string($user_key_id), mysql_real_escape_string($value));
$res = mysql_query($sql);
if ($res == FALSE) {
$failed = 1;
}
}
}
if ($failed == 1) {
mysql_query('ROLLBACK');
return "Registration Failed";
} else {
mysql_query('COMMIT');
return TRUE;
}
}
function register()
{
$errors = array();
$data = $_POST;
$picture = $_FILES['picture'];
$email = isset($data['email']) ? $data['email'] : "";
$username = isset($data['username']) ? $data['username'] : "";
$fullname = isset($data['fullname']) ? $data['fullname'] : "";
$pass1 = isset($data['pass1']) ? $data['pass1'] : "";
$pass2 = isset($data['pass2']) ? $data['pass2'] : "";
if ($email === "") {
$errors['email'] = "Email may not be empty";
}
if ($username === "") {
$errors['username'] = "******";
}
if ($fullname === "") {
$errors['fullname'] = "Full name may not be empty";
}
if (!TRUST_REMOTE_USER) {
if ($pass1 === "") {
$errors['pass1'] = "Passwords may not be empty";
}
if ($pass2 === "") {
$errors['pass2'] = "Passwords may not be empty";
} else {
if ($pass1 !== $pass2) {
$errors['pass2'] = "Passwords do not match";
} else {
if (strlen($pass1) < 6) {
$errors['pass1'] = "Password must be at least 6 characters";
}
}
}
}
$purifier = new HTMLPurifier();
$username = $purifier->purify($username);
$fullname = $purifier->purify($fullname);
$email = $purifier->purify($email);
$sql = sprintf("SELECT * FROM user_info WHERE username='******'", mysql_real_escape_string($username));
if (has_result($sql)) {
$errors['username'] = "******";
}
$sql = sprintf("SELECT * FROM user_info WHERE email='%s'", mysql_real_escape_string($email));
if (has_result($sql)) {
$errors['email'] = "There is already an account using that email";
}
if ($errors) {
return $errors;
}
if ($picture['name'] != '') {
$pic = pictureHandling($uid, $picture);
}
$pic = $purifier->purify($pic);
mysql_query('START TRANSACTION');
if (TRUST_REMOTE_USER) {
$sql = sprintf("INSERT INTO user_info (username, fullname, email) VALUES ('%s', '%s', '%s')", mysql_real_escape_string($username), mysql_real_escape_string($fullname), mysql_real_escape_string($email));
} else {
$sql = sprintf("INSERT INTO user_info (username, password, fullname, email) VALUES ('%s', AES_ENCRYPT('%s', '%s%s'), '%s', '%s')", mysql_real_escape_string($username), mysql_real_escape_string($pass1), mysql_real_escape_string($username), mysql_real_escape_string($pass1), mysql_real_escape_string($fullname), mysql_real_escape_string($email));
}
$result = mysql_query($sql);
if ($result === FALSE) {
mysql_query('ROLLBACK');
return array("unknown" => "Registration error in adding user");
}
$uid = mysql_insert_id();
$failed = FALSE;
$sql = sprintf("UPDATE user_info SET picture='%s' WHERE uid='%s'", mysql_real_escape_string($pic), mysql_real_escape_string($uid));
$result = mysql_query($sql);
if ($result === FALSE) {
$failed = TRUE;
}
$sql = sprintf("DELETE from user_info_values WHERE person_id = '%s'", mysql_real_escape_string($uid));
$result = mysql_query($sql);
if ($result === FALSE) {
$failed = TRUE;
}
$sql = sprintf("SELECT id, shortname, longname FROM user_info_key");
$result = get_rows($sql);
foreach ($result as $r) {
$shortname = $r['shortname'];
$longname = $r['longname'];
$user_key_id = $r['id'];
if (isset($data[$shortname]) && $data[$shortname] !== "") {
$value = $purifier->purify($data[$shortname]);
$sql = sprintf("INSERT INTO user_info_values VALUES ('%s', '%s', '%s')", mysql_real_escape_string($uid), mysql_real_escape_string($user_key_id), mysql_real_escape_string($value));
$res = mysql_query($sql);
if ($res === FALSE) {
$failed = TRUE;
}
}
}
if ($failed) {
mysql_query('ROLLBACK');
return array("unknown" => "Registration error in updating info");
} else {
mysql_query('COMMIT');
return array();
}
}