$hash = substr(md5(time()), 0, 10);
$user_id = mysql_insert_id($conn);
//put confirm code in the database
$query = "INSERT INTO email_registration SET user_id=" . $user_id . ", registration_code='{$hash}'";
print "\n\r\n\r" . $query;
$result = mysql_query($query) or die(mysql_error());
//send email
$emailbody = "Hi {$name}, please go to friendface/confirm_registration.php?reg_id={$hash}";
$headers = 'From: registration@git.huntlycameron.co.uk' . "\r\n" . 'Reply-To: huntly@huntlycameron.co.uk' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($email, "Confirm FriendFace Registration", $emailbody);
mysql_close($conn);
header("Location: ../login.php?reg=success");
}
} else {
print "Error, username taken \n";
mysql_close($conn);
returnWithError("usernametaken");
}
} else {
print "There has been an error.";
}
} else {
print "Error, post vars not there \n";
returnWithError("postvars");
}
function returnWithError($error)
{
print "Redirecting with error, \n";
header("Location: ../register.php?error={$error}");
exit;
}
<?php
include_once 'sessioncheck.php';
if (isset($_GET['id'])) {
include_once '../objects/AuthorisedUser.php';
$user = unserialize($_SESSION['user']);
$success = $user->sendFriendRequest($_GET['id']);
if ($success) {
header("Location: ../users.php?success=true");
} else {
returnWithError("db");
}
} else {
returnWithError("error");
}
function returnWithError($errorMsg)
{
header("Location: ../users.php?error={$errorMsg}");
}
