function registerNewUser($user, $password, $email)
{
$return_string = "";
// Check wheter user already exist
$query = "SELECT name FROM User WHERE name = '" . $user . "'";
$result = mysql_query($query);
$return_val = array();
if (mysql_num_rows($result) > 0) {
$return_val['returncode'] = "false";
$return_val['errormessage'] = "User exist";
} else {
$query = "SELECT name FROM UnverifiedUser WHERE name='{$user}'";
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
$return_val['returncode'] = "false";
$return_val['errormessage'] = "User exist, but unverified";
} else {
$confirm_code = md5(uniqid(rand()));
$query = "INSERT INTO UnverifiedUser (name, password, email, " . "confirm_code) VALUES('" . $user . "', '" . $password . "','{$email}','{$confirm_code}')";
$result = mysql_query($query);
if ($result) {
$return_val['returncode'] = "true";
$return_string .= sendVerificationEmail($user, $email);
} else {
$return_val['returncode'] = "false";
}
}
}
foreach ($return_val as $key => $value) {
$return_string .= "<" . $key . ">" . strval($value) . "</" . $key . ">\n";
}
return $return_string;
}
function process_form()
{
$username = addslashes($_POST["username"]);
$email = addslashes($_POST["email"]);
$passwrd = addslashes($_POST["password"]);
$password_confirmation = addslashes($_POST["password_confirmation"]);
if ($passwrd == $password_confirmation) {
$conn = mysql_connect("localhost", "netboffi_goject", "l2315793014") or die("Can't Connect : " . mysql_error());
if ($conn) {
$salt = "Mick";
$passwordAndSalt = $passwrd . $salt;
$hash = md5($passwordAndSalt);
$db_selected = mysql_select_db("netboffi_goject") or die("Can't connect to goject :" . mysql_error());
$query = "insert into account values(NULL,'{$username}','{$email}','{$hash}',false,NOW())";
$result = mysql_query($query) or die("Query failed" . mysql_error());
print "Account Registered. We sent you an email. Please click on the link in the email to verify your account.";
mysql_close();
}
sendVerificationEmail($username, $email, $passwrd, $hash);
} else {
print "Password and password confirmation not the same.";
print " {$passwrd}" . " " . $password_confirmation;
}
}
$newinv_db = ORM::for_table('invoice')->create();
$newinv_db->number = $invoicenum;
$newinv_db->value = $faceval;
$newinv_db->issue_date = $issuedate;
$newinv_db->payment_date = $paymentdate;
$newinv_db->expected_date = $expecteddate;
$newinv_db->description = $description;
$newinv_db->invoice_company_id = $customerid;
$newinv_db->debtor_company_id = $customerid;
$newinv_db->author_id = $person->user_id;
$newinv_db->invoice_length = $invLength;
$newinv_db->file_dir = $target_dir;
$newinv_db->listing_fee = 0;
$newinv_db->buyer_fee = $buyerfee;
$newinv_db->save();
$lastInv = ORM::for_table('invoice')->where('author_id', $person->user_id)->where('file_dir', $target_dir)->find_one();
// Submit Files name to invoice_fie db table
for ($i = 0; $i < count($fileNames); $i++) {
$newinv_files = ORM::for_table('invoice_files')->create();
$newinv_files->file_name = $fileNames[$i];
$newinv_files->file_location = $target_dir;
$newinv_files->invoice_id = $lastInv->invoice_id;
$newinv_files->save();
}
$messages[0] = 'Your invoice has been uploaded for review, please await our confirmation!';
$htmltextun = '<table>' . '<tr style="font-size:20px; font-weight:bold;text-align:center;">' . '<td>Funding Invoice</td>' . '</tr>' . '<tr>' . '<td style="text-align:center;">' . ' <a href="http://fundinginvoice.com">Home</a> - ' . '<a href="http://fundinginvoice.com/platform/">Login to platform</a> - ' . '<a href="#home">Help</a> - ' . '<a href="http://fundinginvoice.com/contact/">Contact Us</a>' . '</td>' . '</tr>' . '<tr>' . '<td>' . '<span style="font-size:16px;font-weight:bold;">Invoice Submission Confirmation</span><br />' . 'This is an email confirmation that your invoice has been submitted for a review, we will ' . 'review and approve this invoice as soon as possible, Thank you!' . '</td>' . '</tr>' . '</table>' . '<table border="0" style="width: 100%;text-align: center;font-size: 14px;margin-top:10px;">' . '<tbody>' . '<tr>' . '<td style="border-right: 1px solid #ccc;">Face Value</td>' . ' <td style="border-right: 1px solid #ccc;">Listing Fee</td>' . '<td>Investor Fee</td>' . '</tr>' . '<tr style="font-size: 18px;font-weight: bold;">' . '<td style="border-right: 1px solid #ccc;">£' . $faceval . '</td>' . '<td style="border-right: 1px solid #ccc;">FREE</td>' . '<td>£' . $buyerfee . '</td>' . '</tr>' . '</tbody>' . '</table>';
sendVerificationEmail($htmltextun, $person->user_email, 'FI - New Invoice Confirmation');
} else {
$messages[0] = 'An error has occured, please ensure all fields are correctly filled in.';
}
}
function prepareVerification($conn, $username, $email, $firstname, $lastname)
{
$sql_ver = "INSERT INTO `Verifications`(`Code`, `UserID`, `VerificationCode`) VALUES(?,?,?)";
$sql_usr = "******";
$rows_usr = fetchRows($conn, $sql_usr, 's', $username);
$userID = $rows_usr[0]['ID'];
$identifier = $rows_usr[0]['Identifier'];
$code = generateRandomString(32);
$verCode = generateRandomString(8);
if (modifyRows($conn, $sql_ver, "sis", $code, $userID, $verCode)) {
return sendVerificationEmail($conn, $userID, $code, $verCode, $identifier, $email);
} else {
return false;
}
}
$user->username = $PARAMS['username'];
$user->Find();
if (!$user->variables) {
$VEmail->email = $PARAMS['email'];
$VEmail->Find();
if (!$VEmail->variables) {
$user->username = $PARAMS['username'];
$user->password = md5(base64_encode($PARAMS['password']));
$user->create_date = date("Ymd");
$user->email = $PARAMS['email'];
$user->Create();
$VEmail->email = $PARAMS['email'];
$VEmail->code = getNewCode();
$VEmail->username = $PARAMS['username'];
$VEmail->Create();
sendVerificationEmail($VEmail->email, $user->username, $VEmail->code);
$datos = array("status" => "OK");
print_r(json_encode($datos));
} elseif (!$VEmail->verified) {
$datos = array("status" => "inUseNotVerified");
print_r(json_encode($datos));
} else {
$datos = array("status" => "emailInUse");
print_r(json_encode($datos));
}
} else {
$datos = array("status" => "UsernameInUse");
print_r(json_encode($datos));
}
} else {
$datos = array("status" => "wrongData");
if ($r) {
$r = mysqli_fetch_array($r, MYSQLI_ASSOC);
//Get the UserID from the query
$UserID = $r["UserID"];
if ($UserID > -1) {
//Update user record with member code and association
mysqli_query($dbc, "Call spUpdateUserInfo({$UserID}, '{$FirstName}', '{$LastName}', '{$MemberCode}', '{$Association}');");
complete_procedure($dbc);
//Create the address record
mysqli_query($dbc, "Call spCreateAddress({$UserID}, {$AddressType}, '{$Address1}', '{$Address2}', '{$City}', {$State}, '{$PostCode}', 1);");
complete_procedure($dbc);
//Create the phone record
mysqli_query($dbc, "Call spCreatePhoneNumber({$UserID}, {$PhoneType}, '{$PhoneNumber}', 1);");
complete_procedure($dbc);
// Send welcome E-mail for verification
sendVerificationEmail($dbc, $UserID, 1);
} else {
$errors[] = 'Email address is already registered';
}
} else {
$errors[] = 'System error, failed to create account: ' . mysqli_error($dbc);
}
mysqli_close($dbc);
}
}
?>
<div class="content">
<img class="responsive" src="images/glasses.jpg" alt="reading glasses and book">
</div>
<div class="contentwidth">
<div class="row flush">
// Run stored procedure
complete_procedure($dbc);
while ($userid_row = mysqli_fetch_array($r)) {
if ($userid_row[0] == -1) {
//Not a match or incomplete fields
$errors[] = 'Username or password is incorrect';
} else {
//Stores the user ID
$temp_userid = $userid_row[0];
if ($userid_row[2] == 0) {
//User account isn't active
$errors[] = 'Username or password is incorrect';
} else {
if ($userid_row[1] == 2) {
//User needs to click the new verify email link
sendVerificationEmail($dbc, $temp_userid, 1);
$errors[] = 'Account needs to be verified, please check your email.';
} else {
if (session_status() == PHP_SESSION_NONE) {
// Only start the session if one doesn't exist
session_start();
}
//sets the user ID
$_SESSION['UserID'] = $temp_userid;
//Roles are set to 0 by default
$_SESSION['isAuthor'] = 0;
$_SESSION['isReviewer'] = 0;
$_SESSION['isEditor'] = 0;
// boolean set for condition shortcut
$_SESSION['is_author'] = false;
$_SESSION['is_reviewer'] = false;
