</head>
<body>
<?php
if (!empty(protect($_POST['email']))) {
$email = protect($_POST['email']);
$pass = protect($_POST['password']);
$error = 0;
function nullchk($string)
{
global $error;
if (empty($string)) {
$error++;
}
}
nullchk($email);
nullchk($pass);
//Hash password
$pass = hashword($pass, $hash);
if ($error === 0) {
$logsql = "SELECT *\n\t\t\tFROM tbl_members\n\t\t\tWHERE\n\t\t\temail = '{$email}'\n\t\t\tAND\n\t\t\tpassword = '******'\n\t\t\t";
$logqry = mysql_query($logsql);
while ($log = mysql_fetch_assoc($logqry)) {
$_SESSION['user'] = $log;
header('Location: ./usr.php');
}
} else {
echo 'errors';
}
}
$page = 'Login';
include_once './include/header.php';
$mob = protect($_POST['mob']);
$email = protect($_POST['email']);
$errors = 0;
$txterror = '';
function nullchk($string, $item)
{
global $errors;
if (empty($string)) {
$errors++;
$txterror .= '<p class="error">No ' . $item . ' value was detected. Please try again.</p>';
}
}
nullchk($fname, 'First Name');
nullchk($sname, 'Surname');
nullchk($orga, 'Organisation');
nullchk($email, 'Email Address');
if ($errors === 0) {
$sqlerror = 0;
$emailchk = "SELECT *\n FROM tbl_contacts\n WHERE\n email = '{$email}'\n ";
$emailchkqry = mysql_query($emailchk);
while ($emailchkres = mysql_fetch_assoc($emailchkqry)) {
$sqlerror++;
}
if ($sqlerror === 0) {
$user = $_SESSION['user']['id'];
$date = date("G:i:s j/m/Y");
$addsql = "INSERT INTO tbl_contacts\n (\n firstname,\n surname,\n organisation,\n role,\n tel,\n mob,\n email,\n user,\n date\n ) VALUES (\n '{$fname}',\n '{$sname}',\n '{$orga}',\n '{$role}',\n '{$tel}',\n '{$mob}',\n '{$email}',\n '{$user}',\n '{$date}'\n )";
//echo $addsql;
if (mysql_query($addsql)) {
echo '<p class="success">The contact has been added to the site.</p>';
} else {
