/**
* Insert into the database an array for a new user
* Assumes input has not been sanitised
* Returns TRUE if succeeded
* FALSE if otherwise
*/
function db_table_user_insert($conn, $table, $data)
{
if ($conn->connect_error) {
print "Something went wrong with the connection<br/>";
}
if (!(empty($table) && empty($data))) {
$username = $data['username'];
$fullname = $data['fullname'];
$password = crypt($data['password'], $username);
$sex = $data['sex'];
$interest_1 = $data['interest-1'];
$interest_2 = $data['interest-2'];
$interest_3 = $data['interest-3'];
$query = sanitize_MySQL($conn, "INSERT INTO {$table} VALUES ('{$username}', '{$fullname}', '{$password}', '{$sex}', '{$interest_1}', '{$interest_2}', '{$interest_3}')");
$result = $conn->query($query);
if (!$result) {
die("Database access failed: " . $conn->error . "<br />");
}
}
}
$table = 'users_sfu';
$username = $_POST['username'];
$fullname = $_POST['fullname'];
$password_1 = $_POST['password_1'];
$password_2 = $_POST['password_2'];
$sex = $_POST['sex'];
$interest_1 = $_POST['interest-1'];
$interest_2 = $_POST['interest-2'];
$interest_3 = $_POST['interest-3'];
$fail = validate_username($username);
$fail .= validate_password($password_1, $password_2);
$fail .= validate_fullname($fullname);
$fail .= validate_sex($sex);
// No errors
if ($fail === "") {
$data = array("username" => sanitize_MySQL($conn, $username), "fullname" => sanitize_MySQL($conn, $fullname), "password" => sanitize_MySQL($conn, crypt($password_1, 'moneys')), "sex" => sanitize_MySQL($conn, $sex), "interest-1" => sanitize_MySQL($conn, $interest_1), "interest-2" => sanitize_MySQL($conn, $interest_2), "interest-3" => sanitize_MySQL($conn, $interest_3));
/*
// Mail isn't working
$to = $username . '@sfu.ca';
$subject = 'hi';
$body = 'i am body';
$headers = 'From: admin@jumpstart.ca';
if (mail($to, $subject, $body, $headers)) {
print 'mail sent';
}
else {
print 'mail not sent';
}
*/
} else {
setcookie('username', $username, time() - 2592000, '/');
setcookie('password', $password, time() - 2592000, '/');
setcookie('table', $table, time() - 2592000, '/');
}
}
// Form was submitted
if (isset($_POST['email']) && isset($_POST['password'])) {
$email = sanitize_MySQL($conn, $_POST['email']);
$password = crypt(sanitize_MySQL($conn, $_POST['password']), 'moneys');
// Encrypt password
if (substr($email, -7) === '@sfu.ca') {
$username = sanitize_MySQL($conn, substr($email, 0, -7));
$table = 'users_sfu';
} elseif (substr($email, -7) === '@ubc.ca') {
$username = sanitize_MySQL($conn, substr($email, 0, -7));
$table = 'users_ubc';
} else {
$username = NULL;
$password = NULL;
$table = NULL;
}
$result = db_table_user_read($conn, $table, $username, $password);
if ($result) {
setcookie('username', $username, NULL, '/');
setcookie('password', $password, NULL, '/');
setcookie('table', $table, NULL, '/');
// redirect to the user's profile
header("Location: profile.php");
die;
} else {
