<?php # register.php
require ('includes/config.inc.php');
$passage_title = 'Register';
include ('includes/header.html');
if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.
require (MYSQL); // Need the database connection:
$trimmed = array_map('trim', $_POST); // Trim all the incoming data:
// Assume invalid values:
$screenName = $firstName = $lastName = $email = $pass = FALSE;
// Check for a screen name:
if (preg_match ('/^([A-Z0-9-]{2,20})$/i', $trimmed['screen_name'])) {
$screenName = mysqli_real_escape_string ($dbc, $trimmed['screen_name']);
} else {
echo '<p class="error">Please enter a valid screen name!<br>
Use only letters, numbers, and hyphen (-).<br>
Must be between 2 and 20 characters long.</p>';
}
// Check for a first name:
if (preg_match ('/^([A-Z\'-]{2,20})$/i', $trimmed['first_name'])) {
$firstName = mysqli_real_escape_string ($dbc, $trimmed['first_name']);
} else {
echo '<p class="error">Please enter a valid first name!<br>
Use only letters, apostrophe (\'), or dash (-).<br>
Must be between 2 and 20 characters long.</p>';
}
/*
// Check for a middle name:
if (preg_match ('/^()$|^([A-Z\'-]{2,20})$/i', $trimmed['middle_name'])) {
$middleName = mysqli_real_escape_string ($dbc, $trimmed['middle_name']);
} else {
echo '<p class="error">Middle name is invalid!<br>
Use only letters, apostrophe (\'), or dash (-).<br>
Must be between 2 and 20 characters long.</p>';
}
*/
// Check for a last name:
if (preg_match ('/^([A-Z\'-.]{2,40})$/i', $trimmed['last_name'])) {
$lastName = mysqli_real_escape_string ($dbc, $trimmed['last_name']);
} else {
echo '<p class="error">Please enter a valid last name!<br>
Use only letters, apostrophe (\'), period(.) or dash (-).<br>
Must be between 2 and 40 characters long.</p>';
}
// Check for an email address:
if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) {
$email = mysqli_real_escape_string ($dbc, $trimmed['email']);
} else {
echo '<p class="error">Please enter a valid email address!</p>';
}
// Check for a password and match against the confirmed password:
if (preg_match ('/^\w{4,20}$/', $trimmed['password']) ) {
if ($trimmed['password'] == $trimmed['pass2']) {
$pass = mysqli_real_escape_string ($dbc, $trimmed['password']);
} else {
echo '<p class="error">Your password did not match the confirmed password!</p>';
}
} else {
echo '<p class="error">Please enter a valid password!<br>
Must be between 4 and 40 characters long.</p>';
}
if ($screenName && $firstName && $lastName && $email && $pass) { // If everything's OK...
// Make sure the email address is available:
$q = "SELECT person_id FROM person WHERE email='$email'";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />
MySQL Error: " . mysqli_error($dbc));
if (mysqli_num_rows($r) == 0) { // Available.
// Create the activation code:
$a = md5(uniqid(rand(), true));
// Add the user to the database:
try {
$dbc->autocommit(FALSE); // i.e., start transaction
$q1 = "INSERT INTO person (first_name, last_name, email)
VALUES ('$firstName', '$lastName', '$email')";
$result = $dbc->query($q1);
if ( !$result ) {
$result->free();
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
$person_id = $dbc->insert_id; // last auto_inc id from *this* connection
$q2 = "INSERT INTO registered_user (person_id, screen_name, password, user_level, active, registration_date)
VALUES ('$person_id', '$screenName', SHA1('$pass'), 1, '$a', NOW())";
$result = $dbc->query($q2);
if ( !$result ) {
//$result->free();
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
// our SQL queries have been successful. commit them
// and go back to non-transaction mode.
$dbc->commit();
$dbc->autocommit(TRUE); // i.e., end transaction
$passed = TRUE;
}
catch ( Exception $email ) {
$dbc->rollback();
$dbc->autocommit(TRUE); // i.e., end transaction
$passed = FALSE;
}
if ($passed) { // If it ran OK.
// Send the email:
$body = "Thank you for registering at the Beef Slangin Stats website. To activate your
account, please click on this link:\n\n";
$body .= BASE_URL . 'activate.php?x=' . urlencode($email) . "&y=$a";
mail($trimmed['email'], 'Registration Confirmation',
$body, 'From: admin@smith058.com');
// Finish the page:
echo '<h3>Thank you for registering! A confirmation email has been sent to
your address. Please click on the link in that email in order to
activate your account.</h3>';
include ('includes/footer.html'); // Include the HTML footer.
exit(); // Stop the page.
} else { // If it did not run OK.
echo '<p class="error">You could not be registered due to a system error.
We apologize for any inconvenience.</p>';
}
} else { // The email address is not available.
echo '<p class="error">That email address has already been registered. If you
have forgotten your password, use the link at right to have your
password sent to you.</p>';
}
} else { // If one of the data tests failed.
echo '<p class="error">Please try again.</p>';
}
mysqli_close($dbc);
} // End of the main Submit conditional.
?>
<h1>Register</h1>
<form action="register.php" method="post">
<fieldset>
<p>Screen Name: <br />
<small>Who you're known as by your fellow beef slangin' road dawgs.</small>
<input type="text" name="screen_name" size="20" maxlength="20"
value="<?php if (isset($trimmed['screen_name'])) echo $trimmed['screen_name']; ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
<p>First Name: <input type="text" name="first_name" size="20" maxlength="20"
value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
<p>Last Name: <input type="text" name="last_name" size="20" maxlength="40"
value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" /></p>
<p>Email Address: <input type="text" name="email" size="30" maxlength="80"
value="<?php if (isset($trimmed['email'])) echo $trimmed['email']; ?>" /> </p>
<p>Password: <input type="password" name="password" size="10" maxlength="20"
value="<?php if (isset($trimmed['password'])) echo $trimmed['password']; ?>" />
<small>Use only letters, numbers, and the underscore. Must be between 4
and 20 characters long.</small></p>
<p>Confirm Password: <input type="password" name="pass2" size="10" maxlength="20"
value="<?php if (isset($trimmed['pass2'])) echo $trimmed['pass2']; ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
</fieldset>
<div align="center">
<input type="submit" name="submit" value="Register" />
</div>
</form>
<?php
include ('./includes/footer.html');
?>