</div> <div class="col-lg-7 col-md-7"> <input type="tel" name="CC_userTel" class="form-control input" id="Mobile" onkeypress='return isNumberKey(event)' value="<?php echo isset($userTel) ? $userTel : ''; ?> " maxlength="13"/> </div> </div> <div class="row col-lg-12"> <div class="col-lg-5 col-md-5"> </div> <div class="col-lg-7 col-md-7"> <div class="col-lg-7 col-md-7 captcha thumbnail noselect"> <?php $xHash = generateRandomString(); $temp = $xHash; $xHash = hashString($xHash); ?> <input type="hidden" name="Sec" value="<?php echo $xHash; ?> "/> <?php echo setFont($temp); ?> <input type="text" name="captcha" class="form-control"/> </div> </div> </div> <?php if (isset($msg1) and isset($_GET['error'])) { ?>
<?php require_once 'connection_functions.php'; if (isset($_REQUEST['username']) && isset($_REQUEST['password']) && isset($_REQUEST['employeeID'])) { $username = $_REQUEST['username']; $password = $_REQUEST['password']; $employeeID = $_REQUEST['employeeID']; } //All string input in the form must be sanitized before inserting into the database $username = sanitizeString($username, $mysqli); $password = sanitizeString($password, $mysqli); $employeeID = sanitizeString($employeeID, $mysqli); //hashString function in the connection_functions.php file used to hash password //before inserting into the database, salt variables defined in connection_functions.php $password = hashString($password, $salt1, $salt2); //Invoke the add_user function which will insert a new row into the database. add_user($mysqli, $username, $password, $employeeID); //Inserts user into database with sanitized strings and hashed password //the employee ID and username are unique and duplicates are checked before inserting function add_user($mysqli, $username, $hashedPassword, $employeeID) { //check for duplicate employee ID $result = $mysqli->query("SELECT * FROM employee WHERE employee_id = '{$employeeID}' OR username = '******' "); if ($result->num_rows > 0) { //if a result is returned then a duplicate entry was found echo "duplicate"; } else { if ($mysqli->query("INSERT INTO employee VALUES ('{$employeeID}', '{$username}', '{$hashedPassword}')")) { //printf("%d Row inserted. \n", $mysqli->affected_rows); echo "true"; } else {