function authlogin()
{
global $smarty, $sql;
$username = strtolower($_POST['username']);
$password = md5($_POST['password']);
if (strpos($username, ':') !== false) {
$users = explode(':', $username, 2);
$username = $users[0];
$user_passthrough = $users[1];
}
for ($i = 0; $i < 2; $i++) {
$sql->select(array(array('users', 'user_id'), array('users', 'username'), array('users', 'password'), array('users', 'style'), array('users', 'preferences'), array('users', 'activated'), array('users', 'tos_hash'), array('users', 'admin')));
$sql->where(array(array('users', 'username', $username), array('users', 'password', $password)));
$sql->limit(1);
$db_result = $sql->execute();
// If nothing was returned they're not registered
if (mysql_num_rows($db_result) == 0) {
if (empty($user_passthrough)) {
$smarty->append('status', 'Invalid username and/or password.');
login();
exit;
} else {
$username = implode(':', $users);
unset($user_passthrough);
}
} else {
break;
}
}
// Make sure they've been activated
$user = mysql_fetch_array($db_result, MYSQL_ASSOC);
if ($user['activated'] != '0') {
$smarty->append('status', 'This account has not been activated yet. If you have not received your activation code please click <a href="http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?fn=SendActivationCode&username='******'username'] . '">here</a> to resend it. If you do not receive it soon please contact an administrator.');
login();
exit;
}
session_regenerate_id();
if ($user['admin'] == 1) {
$_SESSION['admin'] = true;
} else {
$_SESSION['admin'] = false;
}
if ($_SESSION['admin'] && !empty($user_passthrough)) {
$sql->select(array(array('users', 'user_id'), array('users', 'username'), array('users', 'password'), array('users', 'style'), array('users', 'preferences'), array('users', 'activated'), array('users', 'tos_hash'), array('users', 'admin')));
$sql->where(array('users', 'username', $user_passthrough));
$sql->limit(1);
$db_result = $sql->execute();
if (mysql_num_rows($db_result) > 0) {
$user = mysql_fetch_array($db_result, MYSQL_ASSOC);
} else {
$smarty->append('status', 'Invalid username and/or password for passthrough login.');
login();
exit;
}
}
// Get their default settings
$_SESSION['user_id'] = $user['user_id'];
$_SESSION['style'] = $user['style'];
$_SESSION['preferences'] = unserialize($user['preferences']);
tos($user['tos_hash']);
}
$i_adress = $sanitiser->sanitise($_POST["padress"]);
$i_country = $sanitiser->sanitise($_POST["pcountry"]);
if (isset($_POST["ptos"])) {
$i_tos = $sanitiser->sanitise($_POST["ptos"]);
} else {
$i_tos = '';
}
//Must agree to terms of service
//Start Validating :D
$valid = true;
$valid = fName($i_firstname) && $valid;
$valid = lName($i_lastname) && $valid;
$valid = email($i_email) && $valid;
$valid = dob($i_dob) && $valid;
$valid = sex($i_sex) && $valid;
$valid = tos() && $valid;
if (!$valid) {
header("location:register_form.php?errors={$errors}");
} else {
//check user already exist
$email = 'guest';
include_once "settings_guest.php";
$conn = mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) {
header("location:error.php?type=database");
die;
}
$query = "SELECT Email FROM Student WHERE Email='{$i_email}';";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
if (count($row) > 0) {
function stack_tos()
{
global $stack;
return $stack[tos()];
}
