function registerFormSubmitted()
{
require 'include/configGlobals.php';
connectDatabase();
slashAllInputs();
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['email'] | !$_POST['firstName'] | !$_POST['lastName']) {
die('You did not complete all of the required fields');
}
if (!isUsernameValid($_POST['username'])) {
die('Sorry, that username is invalid. Please go back and try again.');
}
// checks if the username is in use
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '******'") or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username ' . $_POST['username'] . ' is already in use. Please go back and try again.');
}
$emailcheck = $_POST['email'];
$check = mysql_query("SELECT email FROM users WHERE email = '{$emailcheck}'") or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the email exists it gives an error
if ($check2 != 0) {
die('Sorry, the email ' . $_POST['email'] . ' has already been registered. Please go back and try again.');
}
$tempPassword = rand_string(16);
// here we encrypt the password and add slashes if needed
$hashPassword = md5($tempPassword);
$hashUsername = md5($_POST['username']);
$hash256Password = bin2hex(mhash(MHASH_SHA256, $tempPassword));
$hash256Username = bin2hex(mhash(MHASH_SHA256, $_POST['username']));
$creationDate = date('Y-m-d');
// now we insert it into the database
$insert = "INSERT INTO users (username, pass, sha256_user, sha256_pass, fname, lname, addr1, addr2, city, state, zip, hphone, cphone, email, econtact, econtact_phone, econtact_rel, creation) VALUES (\n '" . $_POST['username'] . "',\n '" . $hashPassword . "',\n\t\t '" . $hash256Username . "',\n\t\t '" . $hash256Password . "',\n '" . $_POST['firstName'] . "',\n '" . $_POST['lastName'] . "',\n '" . $_POST['address1'] . "',\n '" . $_POST['address2'] . "',\n '" . $_POST['city'] . "',\n '" . $_POST['state'] . "',\n '" . $_POST['zipCode'] . "',\n '" . $_POST['homePhone'] . "',\n '" . $_POST['cellPhone'] . "',\n '" . $_POST['email'] . "',\n '" . $_POST['econtact'] . "',\n '" . $_POST['econtactPhone'] . "',\n '" . $_POST['econtactRel'] . "',\n '" . $creationDate . "'\n )";
$add_member = mysql_query($insert);
$to = $_POST['email'];
$from = $email_Administrator;
$subject = 'Registered on ' . $club_Abbr . ' Online Registration Site';
$message = "--{$mime_boundary}\n";
$message .= "Content-Type: text/plain; charset=UTF-8\r\n";
$message .= "Content-Transfer-Encoding: 8bit\r\n";
$message .= 'Thank you for registering on the ' . $club_Abbr . ' Online Registration site.' . "\n" . "\n" . 'Your username is: [ ' . $usercheck . " ]\n" . 'Your temporary password is: [ ' . $tempPassword . " ]\n" . "\n" . 'Login at ' . $http_Logout . ' to change your password and register for events.' . "\n" . "\n" . 'Thank you!' . "\n" . '- ' . $club_Abbr . ' Administration' . "\n";
$message .= "--{$mime_boundary}--\n\n";
if (sendEmail($to, $from, $subject, $message) != false) {
echo "<h1>Registered</h1>\n";
echo "Thank you, you have registered. An email has been sent to " . $to . " \n";
echo "with your username and temporary password. Depending on internal server traffic, this may take some time.<br><br>\n";
echo "When you receive your temporary password you may <a href=\"index.php\">login</a> to continue.\n";
} else {
echo "<h1>Internal Email Error. Please contact administrator at " . $email_Administrator . "</h1>\n";
}
}
function forgotFormSubmitted()
{
require 'include/configGlobals.php';
// Connects to your Database
connectDatabase();
slashAllInputs();
//This makes sure they did not leave any fields blank
if (!$_POST['email']) {
die('You did not complete all of the required fields');
}
// checks if the email is in use
$emailcheck = $_POST['email'];
$check = mysql_query("SELECT username FROM users WHERE email = '{$emailcheck}'") or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the email doesn't exists it gives an error
if ($check2 == 0) {
die('Sorry, no user with email ' . $emailcheck . ' is registered in the database. Please try again.');
}
while ($info = mysql_fetch_array($check)) {
$usercheck = $info['username'];
}
$tempPassword = rand_string(16);
// here we encrypt the password
$sha256_pass = bin2hex(mhash(MHASH_SHA256, $tempPassword));
// now we insert it into the database
$update_member = mysql_query("UPDATE users SET sha256_pass='******' WHERE username='******'");
$sha256_pass = rand_string(128);
// clear md5 hash
$update_member = mysql_query("UPDATE users SET pass='' WHERE username='******'");
$to = $emailcheck;
$from = $email_Administrator;
$subject = 'Reset Info for ' . $club_Abbr . ' Online Registration Site';
$message = "--{$mime_boundary}\n";
$message .= "Content-Type: text/plain; charset=UTF-8\r\n";
$message .= "Content-Transfer-Encoding: 8bit\r\n";
$message .= 'Your password has been reset on the ' . $club_Abbr . ' Online Registration site at your request.' . "\n" . "\n" . 'Your username is: [ ' . $usercheck . " ]\n" . 'Your temporary password is: [ ' . $tempPassword . " ]\n" . "\n" . 'Login at ' . $http_Logout . ' to change your password and register for events.' . "\n" . "\n" . 'Thank you!' . "\n" . '- ' . $club_Abbr . ' Administration' . "\n";
$message .= "--{$mime_boundary}--\n\n";
sendEmail($to, $from, $subject, $message);
$tempPassword = rand_string(16);
// clear variable data
echoMainHeader();
echo "<h1>Email Sent.</h1>\n";
echo "Thank you, you have registered. An email has been sent to " . $_POST['email'] . " \n";
echo "with your username and temporary password. Depending on internal server traffic, this may take some time.<br><br>\n";
echo "When you receive your temporary password you may <a href=\"" . $http_Logout . "\">login</a> to continue.\n";
echoMainFooter();
}
//if there is, it logs you in and directes you to the members page
if (!isset($_POST['submit']) && !getCookie('ID')) {
// if they are not logged in
echoMainHeader();
echo "<div align=\"center\" valign=\"center\">";
displayLogin();
echo "</div>";
echoMainFooter();
} else {
if (!isset($_POST['submit']) && getCookie('ID')) {
validateSession();
header('Location: main.php');
} else {
if (isset($_POST['submit'])) {
// Clean arrays to prevent injection attacks
slashAllInputs();
// Connects to your Database
connectDatabase();
// makes sure they filled it in
if (!$_POST['username'] || !$_POST['password']) {
echoMainHeader();
echo "<h2>You did not fill in a required field.</h2>\n";
displayLogin();
} else {
//Gives error if user dosen't exist
if (!doesUserExist($_POST['username'])) {
echoMainHeader();
echo "<h2>That user does not exist in our database.</h2>\n";
displayLogin();
} else {
if (isValidUserPassword($_POST['username'], $_POST['password'])) {
function validateSession()
{
// 3/6/2010 Current Server does not allow for Server side detection. Now using forceSSL() in functions.js
// see function isSSL() above.
if (!isSSL()) {
header("Location: logout.php");
}
slashAllInputs();
connectDatabase();
validateUser();
// if they are not valid, they don't come back from here.
}