/**
* Save user details
*/
function save_user_details()
{
global $db, $_mail, $_pre, $valreg, $_allow_user_reg;
//Is user registration allowed...?
if ($_allow_user_reg == 0) {
echo "{'warning':'User registration has been disabled. Please contact the administrator'}";
return;
}
//Do validation and add user
list($full_names, $registration_no, $nick_name, $pass1, $pass2, $email, $unused1, $unused2) = assoc_to_indexed($_POST);
$error = '';
if (strlen($full_names) < 6) {
$error = $error . 'Full name invalid, ';
}
if (strlen($registration_no) > 20 || strlen($registration_no) < 3) {
//Use regex!
$error .= 'Registration Number invalid, ';
}
if (!checkAlphanumPlus($nick_name) || strlen($nick_name) < 2) {
$error = $error . 'Nick name invalid or is too short, nick name needs to be at least 5 characters in length and should contain only alphanumeric characters, a full stop or an underscore, ';
}
if ($pass1 != $pass2) {
$error .= 'Passwords do not match, ';
}
if (strlen($pass1) < 5) {
$error .= 'Password too short, password must be at least 5 characters in length, ';
}
if (!checkEmail($email)) {
$error = $error . 'Email address invalid, ';
}
if (strlen($error) > 0) {
$error = substr($error, 0, strlen($error) - 2);
echo "{'error': '{$error}'}";
return;
} else {
//Check if the registration no provided exists in users table
$query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$registration_no}'";
$db->setQuery($query);
if ($db->foundRows > 0) {
echo "{'error':'The registration number you provided is already in use'}";
return;
}
//Check if the nick name provided exists
$query = "SELECT * FROM {$_pre}users WHERE nick_name='{$nick_name}' AND registration_no!='{$registration_no}'";
$db->setQuery($query);
if ($db->foundRows > 0) {
echo "{'error':'The nick name you provided is already in use'}";
return;
}
//Check if the email address provided exists
$query = "SELECT * FROM " . $_pre . "users WHERE email='{$email}'";
$db->setQuery($query);
if ($db->foundRows > 0) {
echo "{'error':'The email account you provided is already in use'}";
return;
}
//Check if the given account has been updated ie activated == 2
$query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$registration_no}' AND activated=2";
$db->setQuery($query);
if ($db->foundRows > 0) {
echo "{'warning':'Your account has been created but not yet activated, please activate it'}";
return;
}
//Check if the given accout has been activated
$query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$registration_no}' AND activated=1";
$db->setQuery($query);
if ($db->foundRows > 0) {
echo "{'error':'What the heck...? Your account is active, please login or if you are not the owner of the registration number you just provided, provide yours!'}";
return;
}
$password = encrypt_password($pass1);
$full_names = strtolower($full_names);
$registration_no = strtoupper($registration_no);
$user_type = 'registered';
$key = md5(time());
$query = "INSERT INTO {$_pre}users (full_names,registration_no,user_type,nick_name,password,email,register_date,last_visit_date,activated,activation_key) VALUES ('{$full_names}','{$registration_no}','{$user_type}','{$nick_name}','{$password}','{$email}',NOW(),NOW(),2,'{$key}')";
$db->setQuery($query);
//Create a row in profiles table for this user
$query = "INSERT INTO " . $_pre . "profile (registration_no) VALUE ('{$registration_no}')";
$db->setQuery($query);
//Send mail to provided account number
require_once '..' . DS . 'lib' . DS . 'mail' . DS . 'mail.php';
$subject = 'Your CodeZone account has been created';
$message = "{$nick_name},\nYour CodeZone account has been created. To complete the registration, please click on the link below or cut and paste in your browser's location bar to activate your account.\n Link: http://{$_SERVER['HTTP_HOST']}/index.php?a=activate&r=" . base64_encode($registration_no) . "&k={$key}\nYour details are as follows:\nLogin Name (Registration No): {$registration_no}\nPassword: {$pass1}\nPlease change your password once you log in for security purposes. If you are having any problems then do not hesitate to contact the admin at {$_mail}.\n\nWishing you all the best at CodeZone";
mailSend(array($email), $subject, $message);
echo "{'success':'Your account has been created. An activation link has been sent to the email address you provided'}";
}
}
/**
* Save extras
*/
function save_extras($post)
{
global $db, $_pre;
$ud = @$_SESSION['user_row_data'];
if (base64_decode($_POST['f']) != 'save extras') {
echo "{'error':'Request source unknown'}";
return;
}
list($language, $quote, $about_me, $unused) = assoc_to_indexed($post);
$language = htmlspecialchars($language);
$quote = htmlspecialchars($quote);
$quote = str_replace("\"", "", $quote);
$about_me = htmlspecialchars($about_me);
$query = "UPDATE {$_pre}profile SET quote='{$quote}',about_me='{$about_me}',language='{$language}' WHERE registration_no='{$ud['registration_no']}'";
$db->setQuery($query);
//Update user session data to effect immediate changes
$_SESSION['user_row_data']['language'] = $language;
$_SESSION['user_row_data']['quote'] = $quote;
$_SESSION['user_row_data']['about_me'] = $about_me;
echo "{'success':'Extras saved'}";
}
/**
* Save edited match details
*/
function valEditMatch()
{
global $db, $_pre;
list($title, $duration, $start_date, $start_time, $difficulty, $match_points, $match_ranked, $analysis, $unused_1, $unused_2, $match_id, $action) = assoc_to_indexed($_POST);
$match_id = base64_decode($match_id);
settype($match_id, 'integer');
//If action is delete, do and return
if ($action == 'Delete this match?') {
//Get match table name first
$query = "SELECT match_table_name FROM {$_pre}matches WHERE id={$match_id}";
$db->setQuery($query);
$row = $db->fetch_assoc();
$match_table_name = $row['match_table_name'];
//Delete records from matches table
$query = "DELETE FROM {$_pre}matches WHERE id={$match_id}";
$db->setQuery($query);
//Drop the match table
$query = "DROP TABLE {$_pre}{$match_table_name}";
$db->setQuery($query);
//Remove logs with this match ID
$query = "DELETE FROM {$_pre}user_match_log WHERE match_id={$match_id}";
$db->setQuery($query);
//Rename this match's table to have suffix ".old" so it can be deleted later with a script or manually
rename("competition_uploads" . DS . $match_table_name, "competition_uploads" . DS . $match_table_name . ".old");
system_messages(1, "Match number {$match_id} successfully deleted");
return;
}
$errmsg = "";
//Validate match name
if (strlen($title) < 2) {
$errmsg .= "Match name too short";
}
//Validate duration
settype($duration, 'integer');
if ($duration < 600) {
$errmsg .= ", Duration invalid";
}
//Validate start date
if (!check_date($start_date)) {
$errmsg .= ", Invalid date";
}
//Validate start time
if (!check_time($start_time)) {
$errmsg .= ", Invalid time";
}
//Join start date and start time
$full_date = $start_date . " " . $start_time;
//Validate match difficulty : scale of 0-100, but min is 10
settype($difficulty, 'integer');
if ($difficulty < 10 || $difficulty > 100) {
$errmsg .= ", Difficulty invalid";
}
//Validate match points
settype($match_points, 'integer');
if ($match_points < 100 || $match_points > 999) {
$errmsg .= ", Match points invalid";
}
//Validate match ranked
$match_ranked = $match_ranked != '0' && $match_ranked != '1' ? '0' : $match_ranked;
//Validate match analysis
$analysis_text = strip_tags($analysis, "<p><a><strong><i><br><div><pre>");
//Strip HTML tags
if (strlen($errmsg) > 0) {
system_messages(0, $errmsg, 'true');
return;
}
//Update match details
$query = "UPDATE {$_pre}matches SET title='{$title}',duration={$duration},start_time=" . make_time($full_date) . ",difficulty={$difficulty},match_points={$match_points},match_ranked={$match_ranked},analysis='{$analysis}' WHERE id={$match_id}";
$db->setQuery($query);
//We also need to update user_match_log table match_date column to the new changes
$query = "UPDATE {$_pre}user_match_log SET match_date=" . make_time($full_date) . " WHERE match_id={$match_id}";
$db->setQuery($query);
//Echo success message
system_messages(1, 'Match details saved');
}
