$message .= "Click on this link to activate your account\n";
$message .= "http://bmetest.site40.net/confirm.php?passkey={$confirm_code}";
mail($account->email, 'Registration Confirmation', "{$message}");
header("Location: register.php?error_message={$error_message}");
} else {
if ($confirm_password != $account->password) {
$error_message = "Passwords do not match";
header("Location: register.php?error_message={$error_message}");
} else {
if ($confirm_email != $account->email) {
$error_message = "Emails do not match";
header("Location: register.php?error_message={$error_message}");
} else {
if ($error_message == "") {
$confirm_code = rand();
while (Queries::valueOccurances(Database::$table_temp, 'code', $confirm_code)) {
$confirm_code = rand();
}
if (!Queries::instertValuesIntoTable(Database::$table_temp, array($confirm_code, $account->username, $account->password, $account->email))) {
$error_message = "Error putting user into temporary database";
header("Location: register.php?error_message={$error_message}");
}
$message = "Your confirmation link: \r\n";
$message .= "Click on this link to activate your account\n";
$message .= "http://bmetest.site40.net/confirm.php?passkey={$confirm_code}";
mail($account->email, 'Registration Confirmation', "{$message}");
header("Location: thankyou.html");
}
}
}
}
<?php
include '../includes.php';
Tracking::track(basename(filter_input(INPUT_SERVER, 'PHP_SELF')));
$passkey = filter_input(INPUT_GET, 'passkey');
if (!$passkey) {
echo "Error receiving passkey";
} else {
if (!ctype_digit($passkey)) {
echo "Invalid passkey";
} else {
if (Queries::valueOccurances(Database::$table_temp, "code", $passkey) == 1) {
$rows = Queries::getRowWithValue(Database::$table_temp, "code", $passkey);
if (Queries::instertValuesIntoTable(Database::$table_users, array($rows['username'], $rows['password'], $rows['email']))) {
echo "Email confirmation successful!";
if (Queries::deleteValueFromTable(Database::$table_temp, "code", $passkey)) {
echo "<br>User info moved from temporary to permanent database";
}
}
}
}
}
$account->password = filter_input(INPUT_POST, 'password');
$error_message = "";
if (!$account->username) {
$error_message = "Error receiving username";
} else {
if (!$account->password) {
$error_message = "Error receiving password";
} else {
if (!ctype_alnum($account->username)) {
$error_message = "Username must be alphanumeric";
} else {
if (!ctype_alnum($account->password)) {
$error_message = "Password must be alphanumeric";
}
}
}
}
if ($error_message != "") {
echo $error_message;
} else {
if (Queries::valueOccurances(Database::$table_users, "username", $account->username) == 1) {
if (Queries::valueOccurances(Database::$table_users, "password", $account->password) == 1) {
User::login($account->username, $account->password);
header("Location: loggedin.php");
} else {
echo "Invalid password";
}
} else {
echo "Invalid username";
}
}
$account = new User();
if ($account->isLoggedIn()) {
$title = filter_input(INPUT_POST, 'title');
$description = filter_input(INPUT_POST, 'description');
$goal = filter_input(INPUT_POST, 'goal');
$error_message = "";
if (!ctype_alnum($title) && strlen($title) < 3 || strlen($title) > 100) {
$error_message = "Title is not alphanumeric, too short (less than 3 characters), or too long (over 100 characters)";
}
if (strpos($description, "'") !== false || strpos($description, "\"") !== false) {
$error_message = "Description cannot contain a ' or a \"";
}
if (!ctype_digit($goal)) {
$error_message = "Goal is not numeric";
}
if ($error_message != "") {
echo $error_message;
} else {
if (!Queries::valueOccurances(Database::$table_pages, "title", $title)) {
if (!Queries::instertValuesIntoTable(Database::$table_pages, array($account->username, $title, $description, $goal, 0))) {
echo "Error inserting page info into database";
} else {
echo "Successfully created your page!";
}
} else {
echo "There's already a page with that title";
}
}
} else {
echo "You need to be logged in to access this page";
}
