/
system-register-exec.php
170 lines (136 loc) · 5.59 KB
/
system-register-exec.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
<?php
//Include database connection details
require_once('system-db.php');
require_once('sqlfunctions.php');
start_db();
try {
$imageid = getImageData("image", 100, 100);
} catch (Exception $e) {
$errmsg_arr[] = $e->getMessage();
}
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Sanitize the POST values
$fname = clean($_POST['fname']);
$lname = clean($_POST['lname']);
$password = clean($_POST['password']);
$cpassword = clean($_POST['cpassword']);
$email = clean($_POST['email']);
$cemail = clean($_POST['confirmemail']);
$customerid = clean($_POST['customerid']);
$mobile = "";
//Input Validations
if($fname == '') {
$errmsg_arr[] = 'First name missing';
$errflag = true;
}
if($lname == '') {
$errmsg_arr[] = 'Last name missing';
$errflag = true;
}
if (! isset($_GET['id'])) {
$login = clean($_POST['login']);
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
if( strcmp($email, $cemail) != 0 ) {
$errmsg_arr[] = 'Email addresses do not match';
$errflag = true;
}
$matches = null;
$guid = uniqid();
$memberid = 0;
//If there are input validations, redirect back to the registration form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: " . $_SERVER['HTTP_REFERER']);
exit();
}
if (! isset($_GET['id'])) {
//Check for duplicate login ID
if($login != '') {
$qry = "SELECT * FROM {$_SESSION['DB_PREFIX']}members WHERE login='$login'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Login ID already in use';
$errflag = true;
}
@mysql_free_result($result);
}
}
//Create INSERT query
$qry = "INSERT INTO {$_SESSION['DB_PREFIX']}members " .
"(firstname, lastname, login, passwd, email, imageid, accepted, guid, status, customerid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) " .
"VALUES" .
"('$fname','$lname','$login', '".md5($_POST['password'])."', '$email', $imageid, 'Y', '$guid', 'Y', $customerid, NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")";
$result = @mysql_query($qry);
$memberid = mysql_insert_id();
if (! $result) {
logError("$qry - " . mysql_error());
}
//Create INSERT query
$qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES($memberid, 'PUBLIC', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")";
$result = @mysql_query($qry);
$qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES($memberid, 'USER', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")";
$result = @mysql_query($qry);
if (isset($_POST['accounttype'])) {
$accountrole = $_POST['accounttype'];
$qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES($memberid, '$accountrole', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")";
$result = @mysql_query($qry);
}
$_SESSION['SESS_FIRST_NAME'] = $fname;
$_SESSION['SESS_LAST_NAME'] = $lname;
$_SESSION['SESS_IMAGE_ID'] = $imageid;
$_SESSION['SESS_CUSTOMER_ID'] = $customerid;
sendRoleMessage("ADMIN", "User Registration", "User " . $login . " has been registered as a user.<br>Password : " . $_POST['password']);
sendUserMessage($memberid, "User Registration", "<h3>Welcome $fname $lname.</h3><br>You have been invited to become a member of 'iAfrica Database'.<br>Please click on the <a href='" . getSiteConfigData()->domainurl . "/index.php'>link</a> to activate your account.<br><br><h4>Login details</h4>User ID : $login<br>Password : " . $_POST['password']);
if($result) {
header("location: system-register-success.php");
} else {
logError("1 Query failed:" . mysql_error());
}
} else {
$memberid = $_GET['id'];
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members " .
"SET email = '$email', " .
"firstname = '$fname', " .
"lastname = '$lname', " .
"customerid = $customerid, " .
"imageid = $imageid, " .
"lastaccessdate = NOW(), ";
if (isset($_POST['postcode'])) {
$qry .= "postcode = '$postcode', ";
}
$qry .= "passwd = '" . md5($password) . "', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " .
"WHERE member_id = " . $_GET['id'];
$result = mysql_query($qry);
if (! $result) {
logError("UPDATE members failed:" . mysql_error());
}
$_SESSION['SESS_FIRST_NAME'] = $fname;
$_SESSION['SESS_LAST_NAME'] = $lname;
$_SESSION['SESS_IMAGE_ID'] = $imageid;
sendRoleMessage("ADMIN", "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended by the System Administration.<br>Your password has been changed to: <i>$password</i>.");
sendUserMessage($memberid, "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended by the System Administration.<br>Your password has been changed to: <i>$password</i>.");
header("location: system-register-amend.php");
}
//Check whether the query was successful or not
?>