function join($title) { global $log; if ($this->login) { $check = mysql_select_string("SELECT `username` FROM `joined` WHERE `username` = '" . mysql_rescue($this->name) . "' AND `event_title` = '" . mysql_rescue($title) . "'"); if ($check == false) { $result = mysql_insert("INSERT INTO `joined` (`username`, `event_title`) VALUES('" . mysql_rescue($this->name) . "', '" . mysql_rescue($title) . "')"); $log .= '[ joined ' . $title . ' as ' . $this->name . ': ' . $result . '(' . mysql_error() . ') ]'; } else { $log .= '[ already joined ' . $title . ' as ' . $this->name . ' ]'; } } else { $title = str_replace(' ', '_', $title); $result = $this->set_cookie('joined', $title); $log .= '[ joined ' . $title . ' in cookie ]'; } return $result; }
} /*--- check username ---*/ $check = $user->check_username($registration['username']); $loggedin = $registration['username'] == $user->name ? true : false; if ($check == true && $loggedin == false) { $errors['username'] = '******'; } /*--- all ok? ---*/ if (empty($errors)) { // save extra info $registration['ip'] = $_SERVER['REMOTE_ADDR']; $registration['time'] = date('c'); // generate code do { $payment_code = generate_payment_code(); } while (mysql_select_string("SELECT `payment_code` FROM `registers` WHERE `payment_code` = '" . mysql_rescue($payment_code) . "'")); // save info $insert = ''; foreach ($registration as $key => $val) { // skip user/pass when logged in if ($user->login && $key == 'username' || $user->login && $key == 'password') { continue; } // save fields for query $insert .= "`" . $key . "` = '" . mysql_rescue($val) . "',"; } $insert .= "`payment_code` = '" . $payment_code . "'"; // already loggedin? if ($user->login) { // update account $input = mysql_update("UPDATE `registers` SET " . $insert . " WHERE `username` = '" . mysql_rescue($user->name) . "'");