/*****************************************************************************/ /* SCRIPT BEGINS HERE */ /*****************************************************************************/ $q = $_REQUEST["q"]; $InputArray = explode("|", $q); $Temp_PW = $InputArray[0]; $New_PW1 = $InputArray[1]; $New_PW2 = $InputArray[2]; $token = $InputArray[3]; if (DEBUG) { var_dump($_SESSION); var_dump($q); } if (Token::check("MEMBER_RESET_PW_FORM", $token)) { if ($New_PW1 == $New_PW2) { if (iCheckLegitPassword($New_PW1) == true) { if (isset($_SESSION['email']) === true) { $Temp_PW = trim($Temp_PW); $Temp_PW = mysqli_real_escape_string($mysqli, $Temp_PW); $New_PW1 = trim($New_PW1); $New_PW1 = mysqli_real_escape_string($mysqli, $New_PW1); $New_PW2 = trim($New_PW2); $New_PW2 = mysqli_real_escape_string($mysqli, $New_PW2); $SafeEmail = $_SESSION['email']; $SafeEmail = mysqli_real_escape_string($mysqli, $SafeEmail); //unset( $_SESSION['email'] ); $QueryResultSet = "SELECT count(*) AS row_exists, salt, password, id, email_active, email_code, password_recover\r\n\t\t\t\t\t\t\t\t FROM client_login_table\r\n\t\t\t\t\t\t\t\t WHERE email_address = '{$SafeEmail}'"; $objGetResult = $mysqli->query($QueryResultSet); #remember that even if there is no single row has returned, it will return an object which is non-zero. if ($objGetResult) { $anArray = $objGetResult->fetch_array(MYSQLI_ASSOC);
echo "You have already registered!"; } } /**********************************************************************/ /* B E G I N */ /**********************************************************************/ $q = $_REQUEST["q"]; $InputArray = explode("|", $q); $owner_email = $InputArray[0]; $owner_pwd = $InputArray[1]; $owner_first_name = $InputArray[2]; $owner_last_name = $InputArray[3]; $token = $InputArray[4]; if (DEBUG) { var_dump($InputArray); echo "TOKEN = {$token}<br>"; echo "SESSION[token] =" . $_SESSION['token'] . "<br>"; } $SafeFirstName = mysqli_real_escape_string($mysqli, $owner_first_name); $SafeLastName = mysqli_real_escape_string($mysqli, $owner_last_name); $SafeEmail = mysqli_real_escape_string($mysqli, $owner_email); $SafePWD = mysqli_real_escape_string($mysqli, $owner_pwd); if (Token::check("OWNER_REGISTER_FORM", $token)) { if (iCheckLegitPassword($SafePWD) == false) { echo "Invalid password"; } else { vInsertIntoOwnerLoginTable($SafeFirstName, $SafeLastName, $SafeEmail, $SafePWD); } } else { echo "Token doesn't match."; }