function authlogin() { global $smarty, $sql; $username = strtolower($_POST['username']); $password = md5($_POST['password']); if (strpos($username, ':') !== false) { $users = explode(':', $username, 2); $username = $users[0]; $user_passthrough = $users[1]; } for ($i = 0; $i < 2; $i++) { $sql->select(array(array('users', 'user_id'), array('users', 'username'), array('users', 'password'), array('users', 'style'), array('users', 'preferences'), array('users', 'activated'), array('users', 'tos_hash'), array('users', 'admin'))); $sql->where(array(array('users', 'username', $username), array('users', 'password', $password))); $sql->limit(1); $db_result = $sql->execute(); // If nothing was returned they're not registered if (mysql_num_rows($db_result) == 0) { if (empty($user_passthrough)) { $smarty->append('status', 'Invalid username and/or password.'); login(); exit; } else { $username = implode(':', $users); unset($user_passthrough); } } else { break; } } // Make sure they've been activated $user = mysql_fetch_array($db_result, MYSQL_ASSOC); if ($user['activated'] != '0') { $smarty->append('status', 'This account has not been activated yet. If you have not received your activation code please click <a href="http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?fn=SendActivationCode&username='******'username'] . '">here</a> to resend it. If you do not receive it soon please contact an administrator.'); login(); exit; } session_regenerate_id(); if ($user['admin'] == 1) { $_SESSION['admin'] = true; } else { $_SESSION['admin'] = false; } if ($_SESSION['admin'] && !empty($user_passthrough)) { $sql->select(array(array('users', 'user_id'), array('users', 'username'), array('users', 'password'), array('users', 'style'), array('users', 'preferences'), array('users', 'activated'), array('users', 'tos_hash'), array('users', 'admin'))); $sql->where(array('users', 'username', $user_passthrough)); $sql->limit(1); $db_result = $sql->execute(); if (mysql_num_rows($db_result) > 0) { $user = mysql_fetch_array($db_result, MYSQL_ASSOC); } else { $smarty->append('status', 'Invalid username and/or password for passthrough login.'); login(); exit; } } // Get their default settings $_SESSION['user_id'] = $user['user_id']; $_SESSION['style'] = $user['style']; $_SESSION['preferences'] = unserialize($user['preferences']); tos($user['tos_hash']); }
$i_adress = $sanitiser->sanitise($_POST["padress"]); $i_country = $sanitiser->sanitise($_POST["pcountry"]); if (isset($_POST["ptos"])) { $i_tos = $sanitiser->sanitise($_POST["ptos"]); } else { $i_tos = ''; } //Must agree to terms of service //Start Validating :D $valid = true; $valid = fName($i_firstname) && $valid; $valid = lName($i_lastname) && $valid; $valid = email($i_email) && $valid; $valid = dob($i_dob) && $valid; $valid = sex($i_sex) && $valid; $valid = tos() && $valid; if (!$valid) { header("location:register_form.php?errors={$errors}"); } else { //check user already exist $email = 'guest'; include_once "settings_guest.php"; $conn = mysqli_connect($host, $user, $pwd, $sql_db); if (!$conn) { header("location:error.php?type=database"); die; } $query = "SELECT Email FROM Student WHERE Email='{$i_email}';"; $result = mysqli_query($conn, $query); $row = mysqli_fetch_assoc($result); if (count($row) > 0) {
function stack_tos() { global $stack; return $stack[tos()]; }