/** * Save personal details */ function save_personal_details($post) { global $db, $_pre; if (base64_decode($post['f']) != 'save personal') { echo "{'error':'Request source unknown'}"; return; } $registration_no = $this->ud['registration_no']; list($full_name, $nick_name, $cur_passwd, $new_passwd1, $new_passwd2, $email, $unused) = assoc_to_indexed($post); $full_name = strtolower($full_name); if (strlen($full_name) < 6) { echo "{'error':'Full names invalid'}"; return; } if (strlen($nick_name) < 2) { echo "{'error':'Nick name too short'}"; return; } if (!checkAlphanumPlus($nick_name)) { echo "{'error':'nick name should contain only alphanumeric characters, a full stop or an underscore'}"; return; } //Has user shown intention to change password...? $p_query = ''; if (strlen($cur_passwd) > 0) { if ($new_passwd1 != $new_passwd2) { echo "{'error':'New password did not match'}"; return; } if (strlen($new_passwd1) < 5) { echo "{'error':'New password too short'}"; return; } if (encrypt_password($cur_passwd) != $this->ud['password']) { echo "{'error':'Current password invalid" . encrypt_password($cur_passwd) . "--" . $this->ud['password'] . "'}"; return; } $new_passwd = encrypt_password($new_passwd1); $p_query = "password='******',"; } if (!checkEmail($email)) { echo "{'error':'Email address invalid'}"; return; } //Check if the nick name provided is in use with another account $query = "SELECT * FROM {$_pre}users WHERE nick_name='{$nick_name}' AND registration_no!='{$registration_no}'"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'This nick name is already in use'}"; return; } //Check if the email address provided is in use with another account $query = "SELECT * FROM " . $_pre . "users WHERE email='{$email}' AND registration_no!='{$registration_no}'"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'This email account is already in use'}"; return; } $query = "UPDATE {$_pre}users SET full_names='{$full_name}',nick_name='{$nick_name}',{$p_query}email='{$email}' WHERE registration_no='{$registration_no}'"; $db->setQuery($query); //Update user session data to effect immediate changes $_SESSION['user_row_data']['full_names'] = $full_name; $_SESSION['user_row_data']['nick_name'] = $nick_name; $_SESSION['user_row_data']['email'] = $email; $_SESSION['user_row_data']['password'] = encrypt_password($new_passwd1); echo "{'success':'Personal details saved'}"; }
/** * Save user details */ function save_user_details() { global $db, $_mail, $_pre, $valreg, $_allow_user_reg; //Is user registration allowed...? if ($_allow_user_reg == 0) { echo "{'warning':'User registration has been disabled. Please contact the administrator'}"; return; } //Do validation and add user list($full_names, $registration_no, $nick_name, $pass1, $pass2, $email, $unused1, $unused2) = assoc_to_indexed($_POST); $error = ''; if (strlen($full_names) < 6) { $error = $error . 'Full name invalid, '; } if (strlen($registration_no) > 20 || strlen($registration_no) < 3) { //Use regex! $error .= 'Registration Number invalid, '; } if (!checkAlphanumPlus($nick_name) || strlen($nick_name) < 2) { $error = $error . 'Nick name invalid or is too short, nick name needs to be at least 5 characters in length and should contain only alphanumeric characters, a full stop or an underscore, '; } if ($pass1 != $pass2) { $error .= 'Passwords do not match, '; } if (strlen($pass1) < 5) { $error .= 'Password too short, password must be at least 5 characters in length, '; } if (!checkEmail($email)) { $error = $error . 'Email address invalid, '; } if (strlen($error) > 0) { $error = substr($error, 0, strlen($error) - 2); echo "{'error': '{$error}'}"; return; } else { //Check if the registration no provided exists in users table $query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$registration_no}'"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'The registration number you provided is already in use'}"; return; } //Check if the nick name provided exists $query = "SELECT * FROM {$_pre}users WHERE nick_name='{$nick_name}' AND registration_no!='{$registration_no}'"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'The nick name you provided is already in use'}"; return; } //Check if the email address provided exists $query = "SELECT * FROM " . $_pre . "users WHERE email='{$email}'"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'The email account you provided is already in use'}"; return; } //Check if the given account has been updated ie activated == 2 $query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$registration_no}' AND activated=2"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'warning':'Your account has been created but not yet activated, please activate it'}"; return; } //Check if the given accout has been activated $query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$registration_no}' AND activated=1"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'What the heck...? Your account is active, please login or if you are not the owner of the registration number you just provided, provide yours!'}"; return; } $password = encrypt_password($pass1); $full_names = strtolower($full_names); $registration_no = strtoupper($registration_no); $user_type = 'registered'; $key = md5(time()); $query = "INSERT INTO {$_pre}users (full_names,registration_no,user_type,nick_name,password,email,register_date,last_visit_date,activated,activation_key) VALUES ('{$full_names}','{$registration_no}','{$user_type}','{$nick_name}','{$password}','{$email}',NOW(),NOW(),2,'{$key}')"; $db->setQuery($query); //Create a row in profiles table for this user $query = "INSERT INTO " . $_pre . "profile (registration_no) VALUE ('{$registration_no}')"; $db->setQuery($query); //Send mail to provided account number require_once '..' . DS . 'lib' . DS . 'mail' . DS . 'mail.php'; $subject = 'Your CodeZone account has been created'; $message = "{$nick_name},\nYour CodeZone account has been created. To complete the registration, please click on the link below or cut and paste in your browser's location bar to activate your account.\n Link: http://{$_SERVER['HTTP_HOST']}/index.php?a=activate&r=" . base64_encode($registration_no) . "&k={$key}\nYour details are as follows:\nLogin Name (Registration No): {$registration_no}\nPassword: {$pass1}\nPlease change your password once you log in for security purposes. If you are having any problems then do not hesitate to contact the admin at {$_mail}.\n\nWishing you all the best at CodeZone"; mailSend(array($email), $subject, $message); echo "{'success':'Your account has been created. An activation link has been sent to the email address you provided'}"; } }