/**
* function to process a town
* @param: $town
* @param: $country
*/
function processTown($town,$country) {
global $datetime,$user;
//a townID is usually what is submitted in the $town variable
if(!getTown($town)) {
$query=0;
$query=mysqlquery("select distinct town from vl_countries where (lower(town)=lower('$town') or townID='$town') and lower(country)=lower('$country')");
//if no town but country exists
if(!mysqlnumrows($query) && getCountryID($country)) {
//process a townID
$tquery=0;
$tquery=mysqlquery("select max(townID) maxID from vl_countries");
$townID=0;
$townID=mysqlresult($tquery,0,'maxID')+1;
mysqlquery("insert into vl_countries
(countryID,country,townID,town,phonecode,created,createdby)
values
('".getCountryID($country)."','$country','$townID','$town','".getPhoneCode($country)."','$datetime','$user')");
return $townID;
}
}
}
}
if (isset($_POST['val'])) {
if ($siteUser->isLoggedIn() == false) {
return;
}
if ($_POST['val'] == "cpupdate") {
if (isset($_POST['change']) && $_POST['change'] === "name") {
if (isset($_POST["data"])) {
$name_check = validateName($_POST['data']);
if ($name_check === true) {
$stmt = $mysql->prepare("UPDATE users SET name = ? WHERE user_id = {$siteUser->getUserId()} ");
$stmt->bind_param("s", $_POST['data']);
$stmt->execute();
echo "Your name has been updated.";
} else {
echo $name_check;
}
}
} elseif (isset($_POST['change']) && $_POST['change'] === "country") {
$id = getCountryID($_POST['data'], $mysql);
if ($id != null) {
$mysql->query("UPDATE users SET country_id = '" . $id . "' WHERE user_id = {$siteUser->getUserId()} ");
echo "Country Updated.";
} else {
echo "Invalid country";
}
} else {
echo "Invalid data change request.";
}
}
}
echo json_encode($result);
return;
}
}
}
}
}
if (strlen($_POST['title']) < 5) {
array_push($errors, "Title must be at least 5 characters long.");
} else {
if (strlen($_POST['title']) > 50) {
array_push($errors, "Title can be maximum 50 characters long.");
}
}
$countryId = -1;
if (($countryId = getCountryID($_POST['country'], $mysql)) == null) {
array_push($errors, "Invalid country.");
}
if (strlen($_POST['description']) < 5) {
array_push($errors, "Description must be at least 10 characters long.");
} else {
if (strlen($_POST['description']) > 1000) {
array_push($errors, "Description can be maximum 1000 characters long.");
}
}
$rearrayedPictureFILES = rearrayFiles($_FILES['picture']);
$mainPicture = $_FILES['main_picture'];
if ($mainPicture['name'] != "") {
$output = validateUploadedImageFile($mainPicture);
if ($output !== true) {
array_push($errors, "{$mainPicture['name']} - {$output}");
function register($username, $password, $cppassword, $name, $country)
{
if (empty($username)) {
$this->registrationResult .= "Username field is required.<br>";
} else {
if (strlen($username) < 3) {
$this->registrationResult .= "Username must be at least 6 characters long.<br>";
} else {
if (strlen($username) > 50) {
$this->registrationResult .= "Username can be maximum 50 characters long.<br>";
} else {
if ($this->sql->selectUser($username)) {
$this->registrationResult .= "Username is already taken<br>";
}
}
}
}
if (empty($password)) {
$this->registrationResult .= "Password field is required.\n";
} else {
if (strlen($password) < 6) {
$this->registrationResult .= "Password must be at least 6 characters long.<br>";
} else {
if (strlen($password) > 50) {
$this->registrationResult .= "Password cannot be longer than 50 characters.<br>";
}
}
}
if (!preg_match("/^[a-zA-Z1-9]*\$/", $username)) {
$this->registrationResult .= "Username can only contain letters and digits.";
}
if ($password != $cppassword) {
$this->registrationResult .= "Passwords do not match.";
}
//echo "<script type='text/javascript'>alert('".$this->registrationResult."');</script>";
if ($this->registrationResult != '') {
//echo "<script type='text/javascript'>alert('yo');</script>";
return 0;
}
$hash = password_hash($password . $this->salt, PASSWORD_DEFAULT);
$name = polish($name);
$country = polish($country);
$country = $this->sql->getMysqli()->real_escape_string($country);
if ($id = getCountryID($country, $this->sql) == null) {
$this->registrationResult .= "An error occurred. Please try again later.";
return 0;
}
$this->sql->query("INSERT INTO users (username, password, name, country_id)\n VALUES ('" . $username . "', '" . $hash . "','" . $name . "', " . (int) $id . ")");
}
public static function register($username, $password, $cppassword, $name, $country, $mySQL)
{
$username = htmlentities($username);
$name = htmlentities($name);
$country = htmlentities($country);
$registrationResult = array();
if (empty($username)) {
array_push($registrationResult, "Username field is required.");
} else {
if (strlen($username) < 3) {
array_push($registrationResult, "Username must be at least 6 characters long.");
} else {
if (strlen($username) > 50) {
array_push($registrationResult, "Username can be maximum 50 characters long.");
} else {
if ($mySQL->selectUser($username)) {
array_push($registrationResult, "Username is already taken");
} else {
if (!preg_match("/^[a-zA-Z1-9]*\$/", $username)) {
array_push($registrationResult, "Username can only contain letters and digits.");
}
}
}
}
}
if (empty($password)) {
array_push($registrationResult, "Password field is required.");
} else {
if (strlen($password) < 6) {
array_push($registrationResult, "Password must be at least 6 characters long.");
} else {
if (strlen($password) > 50) {
array_push($registrationResult, "Password cannot be longer than 50 characters.");
}
}
}
if ($password != $cppassword) {
array_push($registrationResult, "Passwords do not match.");
}
$name_check = validateName($name);
if ($name_check !== true) {
array_push($registrationResult, $name_check);
}
if (!empty($registrationResult)) {
return $registrationResult;
}
$hash = password_hash($password . SiteUser::$salt, PASSWORD_DEFAULT);
if (($id = getCountryID($country, $mySQL)) == null) {
array_push($registrationResult, "An error occurred. Please try again later.");
return $registrationResult;
}
$type = "Reader";
$stmt = $mySQL->prepare("INSERT INTO users (username, password, name, country_id, type) VALUES (?,?,?,?,?)");
$stmt->bind_param("sssis", $username, $hash, $name, $id, $type);
$stmt->execute();
return true;
}