$login_info = bronto_user_login($fm_username, $fm_password, $fm_sitename, $fm_siteid); process_login($login_info, $fm_username, $fm_password, $fm_sitename); } } } else { if ($fm_stage == "userinfo") { $dbh = open_db(); // we could obtain the username from the userinfo form itself, but this could allow a malicious user to // change the user information for a user other than him/herself; a DB lookup is used instead $username = db_get_session_user($dbh, $fm_sessionid); if ($username) { $got_error = false; $userinfo = array('firstname' => $fm_firstname, 'lastname' => $fm_lastname, 'email' => $fm_email, 'phone' => $fm_phone); if ($fm_firstname && $fm_lastname && $fm_email && $fm_phone) { if (is_valid_email($fm_email)) { if (db_update_user_info($dbh, $username, $userinfo) == true) { print_message_select_form($bapi, $fm_sessionid); } else { display_errorbox("Unable to update user information for user " . $username . "."); print_request_login_form($username); } } else { display_errorbox("Must provide a valid e-mail address."); $got_error = true; } } else { display_errorbox("Must provide first name, last name, phone number, and e-mail address."); $got_error = true; } if ($got_error) { $userinfo['username'] = $username;
function db_update_user_last_login($dbh, $username) { $userinfo['last_login'] = "******"; return db_update_user_info($dbh, $username, $userinfo); }