/
register.php
87 lines (73 loc) · 2.57 KB
/
register.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?php
include 'inc/config.php';
var_dump($_POST);
/*
Sends out the activation email and redirects to success
*/
function sendActivation($email, $EmpNum)
{
global $encrypt;
$sendEmail = new StdClass();
$sendEmail->emailTo = $email;
$sendEmail->subject = "CRUK Website activation";
$sendEmail->Content ='<p>Hi,<p>
<p>Please click on the link to activate your account. Please <a href="'.HTTP_PATH.'activate.php?activate=yes&EmpNum='.$encrypt->encode($EmpNum).'">click here</a> to activate your account</p>' ;
$reply = sendEmail($sendEmail,'');
if($reply == "success")
{
header('Location: index.php?register&success');
}
else
{
header('Location: index.php?register&alert=There seems to be a problem with our email server. Please try again later.');
}
}
if($_POST["empNum"] && isset($_POST['password']) && isset($_POST['password_confirmation']))
{
//first let's check if the user has an email attached
$EmpNum = $_POST["empNum"];
$password = $_POST['password'];
$password_confirmation = $_POST['password_confirmation'];
if($password != $password_confirmation)
header('Location: index.php?register&alert=Password mismatch!');
$stmt = $db->prepare("SELECT * FROM tblempall WHERE EmpNum = :EmpNum and eligible=1");
$stmt->execute(array('EmpNum' => $EmpNum));
$stmt->setFetchMode(PDO::FETCH_CLASS, 'User');
if ($user = $stmt->fetch())
{
//check if the user is already activated
if ($user->sPassword != "" && $user->activated == 1)
{
header('Location: index.php?register¬activated');
}
}
else //employee not found
{
header('Location: index.php?register¬found');
}
if($user->Eaddress == "")
{
echo "Redirecting to fill in email...";
// update password
$stmt = $db->prepare('UPDATE tblempall SET sPassword = :sPassword WHERE EmpNum = :EmpNum');
$stmt->execute(array(':EmpNum' => $EmpNum,':sPassword' => $password));
header('Location: index.php?register&req_email&empNum='.$EmpNum);
}
else
{
echo "Sending activation email";
// update password and send email to activate
$stmt = $db->prepare('UPDATE tblempall SET sPassword = :sPassword WHERE EmpNum = :EmpNum');
$stmt->execute(array(':EmpNum' => $EmpNum,':sPassword' => $password));
sendActivation($user->Eaddress, $EmpNum);
}
}
else
if(isset($_POST['email']) && isset($_POST['empNum']))
{
// update the email and send email to activate
$stmt = $db->prepare('UPDATE tblempall SET Eaddress = :email WHERE EmpNum = :EmpNum');
$stmt->execute(array(':EmpNum' => $_POST['empNum'],':email' => $_POST['email']));
echo "Sending activation 2";
sendActivation($_POST['email'], $_POST['empNum']);
}