/** * Save user details */ function save_user_details() { global $db, $_mail, $_pre, $valreg, $_allow_user_reg; //Is user registration allowed...? if ($_allow_user_reg == 0) { echo "{'warning':'User registration has been disabled. Please contact the administrator'}"; return; } //Do validation and add user list($full_names, $registration_no, $nick_name, $pass1, $pass2, $email, $unused1, $unused2) = assoc_to_indexed($_POST); $error = ''; if (strlen($full_names) < 6) { $error = $error . 'Full name invalid, '; } if (strlen($registration_no) > 20 || strlen($registration_no) < 3) { //Use regex! $error .= 'Registration Number invalid, '; } if (!checkAlphanumPlus($nick_name) || strlen($nick_name) < 2) { $error = $error . 'Nick name invalid or is too short, nick name needs to be at least 5 characters in length and should contain only alphanumeric characters, a full stop or an underscore, '; } if ($pass1 != $pass2) { $error .= 'Passwords do not match, '; } if (strlen($pass1) < 5) { $error .= 'Password too short, password must be at least 5 characters in length, '; } if (!checkEmail($email)) { $error = $error . 'Email address invalid, '; } if (strlen($error) > 0) { $error = substr($error, 0, strlen($error) - 2); echo "{'error': '{$error}'}"; return; } else { //Check if the registration no provided exists in users table $query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$registration_no}'"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'The registration number you provided is already in use'}"; return; } //Check if the nick name provided exists $query = "SELECT * FROM {$_pre}users WHERE nick_name='{$nick_name}' AND registration_no!='{$registration_no}'"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'The nick name you provided is already in use'}"; return; } //Check if the email address provided exists $query = "SELECT * FROM " . $_pre . "users WHERE email='{$email}'"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'The email account you provided is already in use'}"; return; } //Check if the given account has been updated ie activated == 2 $query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$registration_no}' AND activated=2"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'warning':'Your account has been created but not yet activated, please activate it'}"; return; } //Check if the given accout has been activated $query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$registration_no}' AND activated=1"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'What the heck...? Your account is active, please login or if you are not the owner of the registration number you just provided, provide yours!'}"; return; } $password = encrypt_password($pass1); $full_names = strtolower($full_names); $registration_no = strtoupper($registration_no); $user_type = 'registered'; $key = md5(time()); $query = "INSERT INTO {$_pre}users (full_names,registration_no,user_type,nick_name,password,email,register_date,last_visit_date,activated,activation_key) VALUES ('{$full_names}','{$registration_no}','{$user_type}','{$nick_name}','{$password}','{$email}',NOW(),NOW(),2,'{$key}')"; $db->setQuery($query); //Create a row in profiles table for this user $query = "INSERT INTO " . $_pre . "profile (registration_no) VALUE ('{$registration_no}')"; $db->setQuery($query); //Send mail to provided account number require_once '..' . DS . 'lib' . DS . 'mail' . DS . 'mail.php'; $subject = 'Your CodeZone account has been created'; $message = "{$nick_name},\nYour CodeZone account has been created. To complete the registration, please click on the link below or cut and paste in your browser's location bar to activate your account.\n Link: http://{$_SERVER['HTTP_HOST']}/index.php?a=activate&r=" . base64_encode($registration_no) . "&k={$key}\nYour details are as follows:\nLogin Name (Registration No): {$registration_no}\nPassword: {$pass1}\nPlease change your password once you log in for security purposes. If you are having any problems then do not hesitate to contact the admin at {$_mail}.\n\nWishing you all the best at CodeZone"; mailSend(array($email), $subject, $message); echo "{'success':'Your account has been created. An activation link has been sent to the email address you provided'}"; } }
/** * Save extras */ function save_extras($post) { global $db, $_pre; $ud = @$_SESSION['user_row_data']; if (base64_decode($_POST['f']) != 'save extras') { echo "{'error':'Request source unknown'}"; return; } list($language, $quote, $about_me, $unused) = assoc_to_indexed($post); $language = htmlspecialchars($language); $quote = htmlspecialchars($quote); $quote = str_replace("\"", "", $quote); $about_me = htmlspecialchars($about_me); $query = "UPDATE {$_pre}profile SET quote='{$quote}',about_me='{$about_me}',language='{$language}' WHERE registration_no='{$ud['registration_no']}'"; $db->setQuery($query); //Update user session data to effect immediate changes $_SESSION['user_row_data']['language'] = $language; $_SESSION['user_row_data']['quote'] = $quote; $_SESSION['user_row_data']['about_me'] = $about_me; echo "{'success':'Extras saved'}"; }
/** * Save edited match details */ function valEditMatch() { global $db, $_pre; list($title, $duration, $start_date, $start_time, $difficulty, $match_points, $match_ranked, $analysis, $unused_1, $unused_2, $match_id, $action) = assoc_to_indexed($_POST); $match_id = base64_decode($match_id); settype($match_id, 'integer'); //If action is delete, do and return if ($action == 'Delete this match?') { //Get match table name first $query = "SELECT match_table_name FROM {$_pre}matches WHERE id={$match_id}"; $db->setQuery($query); $row = $db->fetch_assoc(); $match_table_name = $row['match_table_name']; //Delete records from matches table $query = "DELETE FROM {$_pre}matches WHERE id={$match_id}"; $db->setQuery($query); //Drop the match table $query = "DROP TABLE {$_pre}{$match_table_name}"; $db->setQuery($query); //Remove logs with this match ID $query = "DELETE FROM {$_pre}user_match_log WHERE match_id={$match_id}"; $db->setQuery($query); //Rename this match's table to have suffix ".old" so it can be deleted later with a script or manually rename("competition_uploads" . DS . $match_table_name, "competition_uploads" . DS . $match_table_name . ".old"); system_messages(1, "Match number {$match_id} successfully deleted"); return; } $errmsg = ""; //Validate match name if (strlen($title) < 2) { $errmsg .= "Match name too short"; } //Validate duration settype($duration, 'integer'); if ($duration < 600) { $errmsg .= ", Duration invalid"; } //Validate start date if (!check_date($start_date)) { $errmsg .= ", Invalid date"; } //Validate start time if (!check_time($start_time)) { $errmsg .= ", Invalid time"; } //Join start date and start time $full_date = $start_date . " " . $start_time; //Validate match difficulty : scale of 0-100, but min is 10 settype($difficulty, 'integer'); if ($difficulty < 10 || $difficulty > 100) { $errmsg .= ", Difficulty invalid"; } //Validate match points settype($match_points, 'integer'); if ($match_points < 100 || $match_points > 999) { $errmsg .= ", Match points invalid"; } //Validate match ranked $match_ranked = $match_ranked != '0' && $match_ranked != '1' ? '0' : $match_ranked; //Validate match analysis $analysis_text = strip_tags($analysis, "<p><a><strong><i><br><div><pre>"); //Strip HTML tags if (strlen($errmsg) > 0) { system_messages(0, $errmsg, 'true'); return; } //Update match details $query = "UPDATE {$_pre}matches SET title='{$title}',duration={$duration},start_time=" . make_time($full_date) . ",difficulty={$difficulty},match_points={$match_points},match_ranked={$match_ranked},analysis='{$analysis}' WHERE id={$match_id}"; $db->setQuery($query); //We also need to update user_match_log table match_date column to the new changes $query = "UPDATE {$_pre}user_match_log SET match_date=" . make_time($full_date) . " WHERE match_id={$match_id}"; $db->setQuery($query); //Echo success message system_messages(1, 'Match details saved'); }