function registerFormSubmitted()
{
require 'include/configGlobals.php';
connectDatabase();
slashAllInputs();
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['email'] | !$_POST['firstName'] | !$_POST['lastName']) {
die('You did not complete all of the required fields');
}
if (!isUsernameValid($_POST['username'])) {
die('Sorry, that username is invalid. Please go back and try again.');
}
// checks if the username is in use
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '******'") or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username ' . $_POST['username'] . ' is already in use. Please go back and try again.');
}
$emailcheck = $_POST['email'];
$check = mysql_query("SELECT email FROM users WHERE email = '{$emailcheck}'") or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the email exists it gives an error
if ($check2 != 0) {
die('Sorry, the email ' . $_POST['email'] . ' has already been registered. Please go back and try again.');
}
$tempPassword = rand_string(16);
// here we encrypt the password and add slashes if needed
$hashPassword = md5($tempPassword);
$hashUsername = md5($_POST['username']);
$hash256Password = bin2hex(mhash(MHASH_SHA256, $tempPassword));
$hash256Username = bin2hex(mhash(MHASH_SHA256, $_POST['username']));
$creationDate = date('Y-m-d');
// now we insert it into the database
$insert = "INSERT INTO users (username, pass, sha256_user, sha256_pass, fname, lname, addr1, addr2, city, state, zip, hphone, cphone, email, econtact, econtact_phone, econtact_rel, creation) VALUES (\n '" . $_POST['username'] . "',\n '" . $hashPassword . "',\n\t\t '" . $hash256Username . "',\n\t\t '" . $hash256Password . "',\n '" . $_POST['firstName'] . "',\n '" . $_POST['lastName'] . "',\n '" . $_POST['address1'] . "',\n '" . $_POST['address2'] . "',\n '" . $_POST['city'] . "',\n '" . $_POST['state'] . "',\n '" . $_POST['zipCode'] . "',\n '" . $_POST['homePhone'] . "',\n '" . $_POST['cellPhone'] . "',\n '" . $_POST['email'] . "',\n '" . $_POST['econtact'] . "',\n '" . $_POST['econtactPhone'] . "',\n '" . $_POST['econtactRel'] . "',\n '" . $creationDate . "'\n )";
$add_member = mysql_query($insert);
$to = $_POST['email'];
$from = $email_Administrator;
$subject = 'Registered on ' . $club_Abbr . ' Online Registration Site';
$message = "--{$mime_boundary}\n";
$message .= "Content-Type: text/plain; charset=UTF-8\r\n";
$message .= "Content-Transfer-Encoding: 8bit\r\n";
$message .= 'Thank you for registering on the ' . $club_Abbr . ' Online Registration site.' . "\n" . "\n" . 'Your username is: [ ' . $usercheck . " ]\n" . 'Your temporary password is: [ ' . $tempPassword . " ]\n" . "\n" . 'Login at ' . $http_Logout . ' to change your password and register for events.' . "\n" . "\n" . 'Thank you!' . "\n" . '- ' . $club_Abbr . ' Administration' . "\n";
$message .= "--{$mime_boundary}--\n\n";
if (sendEmail($to, $from, $subject, $message) != false) {
echo "<h1>Registered</h1>\n";
echo "Thank you, you have registered. An email has been sent to " . $to . " \n";
echo "with your username and temporary password. Depending on internal server traffic, this may take some time.<br><br>\n";
echo "When you receive your temporary password you may <a href=\"index.php\">login</a> to continue.\n";
} else {
echo "<h1>Internal Email Error. Please contact administrator at " . $email_Administrator . "</h1>\n";
}
}
if (isset($_GET['submit'])) {
$errors = array();
switch ($type) {
case 'user':
if (!($link = db_init(true))) {
break;
}
$result = mysqli_query($link, 'SELECT `username`, `password`, `colour` FROM `users` WHERE `id`=' . $id . ';');
if (!$result) {
array_push($errors, 'MySQL error! | ' . mysqli_error());
break;
}
$user = @mysqli_fetch_all($result, MYSQLI_ASSOC)[0];
mysqli_free_result($result);
if (isset($_POST['newusername']) && $_POST['newusername'] != $user['username']) {
$errors = isUsernameValid($_POST['newusername'], $errors);
if (empty($errors)) {
$result = mysqli_query($link, 'SELECT `username` FROM `users` WHERE `username`=\'' . mysqli_real_escape_string($link, $_POST['newusername']) . '\';');
$found = @mysqli_fetch_all($result, MYSQLI_ASSOC);
if (!empty($found)) {
array_push($errors, 'Username taken!');
break;
}
mysqli_free_result($result);
mysqli_query($link, 'UPDATE `users` SET `username`=\'' . mysqli_real_escape_string($link, $_POST['newusername']) . '\' WHERE `id`=' . $id . ';');
}
}
if (isset($_POST['oldpassword']) && isset($_POST['newpassword']) && $_POST['oldpassword'] != '' && $_POST['newpassword'] != '') {
if ($_POST['oldpassword'] == $_POST['newpassword']) {
$errors = isPasswordValid($_POST['newpassword'], $errors);
}
if (isset($_SESSION['username'])) {
return true;
} else {
return false;
}
}
function isUsernameValid($username)
{
$usernameValidator = new UsernameValidator();
return $usernameValidator->isValid($username);
}
function isPasswordValid($password)
{
$passwordValidator = new PasswordValidator();
return $passwordValidator->isValid($password);
}
if (isLoggedIn()) {
redirect('demoAccount.php');
exit;
} else {
if (isUsernameValid($username)) {
if (isPasswordValid($password)) {
redirect('demoAccount.php');
exit;
} else {
echo 'invalid password';
}
} else {
echo 'invalid username';
}
}
redirect('index.php', false);
die;
}
$CURRENT_PAGE = 'Sign up';
$PAGE_TITLE = PAGE_DEFAULT_TITLE . ' | Sign up';
$NAVBAR = NAVBAR_MINIMAL;
require_once 'header.php';
if (isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password'])) {
$errors = array();
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$colour = $_POST['colour'];
while (1) {
// USERNAME
$errors = isUsernameValid($username, $errors);
// EMAIL
if (CONF_EMAIL_STRICT) {
if (strlen($email) < 3) {
array_push($errors, 'Email address too short!');
break;
}
if (strlen($email) > 128) {
array_push($errors, 'Email address too long!');
break;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
array_push($errors, 'Invalid email address!');
break;
}
}
