Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- switch (@$_POST['Button'])
- {
- case "Log in":
- include("rmb.php");
- $cxn = mysqli_connect($host,$user,$passmilah,$dbase)
- or die("Query died: connect");
- $sql = "SELECT username FROM user
- WHERE username='$_POST[fusername]'";
- $result = mysqli_query($cxn,$sql)
- or die("Query died: fusername ");
- //.mysqli_error($cxn));
- $num = mysqli_num_rows($result);
- if($num > 0) //login name was found
- {
- $sql = "SELECT username FROM user
- WHERE username='{$_POST['fusername']}'
- AND password='".md5($_POST['fpassword'])."'";
- $result2 = mysqli_query($cxn,$sql)
- or die(mysqli_error($cxn));
- $num2 = mysqli_num_rows($result2);
- if($num2 > 0) //password matches
- {
- $_SESSION['auth']="yes";
- $_SESSION['logname'] = $_POST['fusername'];
- $sql = "INSERT INTO login (username,logintime)
- VALUES( '" . $_SESSION [ 'logname' ] . "', NOW() )";
- //VALUES ($_SESSION[logname],NOW())";
- $result = mysqli_query($cxn,$sql) or die(mysqli_error($cxn));
- header('Location: home.php');
- }
- else // password does not match
- {
- $message_1="The Login Name, '$_POST[fusername]'
- exists, but you have not entered the
- correct password! Please try again.";
- $fusername = strip_tags(trim($_POST['fusername']));
- include("form.php");
- }
- }
- else // login name not found
- {
- $message_1 = "The User Name you entered does not
- exist! Please try again.";
- include("form.php");
- }
- break;
- case "Register":
- /* Check for blanks */
- foreach($_POST as $field => $value)
- {
- if(empty($value))
- {
- $blanks[] = $field;
- }
- else
- {
- $good_data[$field] = strip_tags(trim($value));
- }
- }
- //password confirmation VVVV
- if ($password2 != $_POST['fpassword'])
- {
- $message_2 = "your passwords do not match, please re-type them.";
- //echo $password2 . $password;
- include("form.php");
- exit();
- }
- if(isset($blanks))
- {
- $message_2 = "The following fields are blank.
- Please enter the required information: ";
- foreach($blanks as $value)
- {
- $message_2 .="$value, ";
- }
- extract($good_data);
- include("form.php");
- exit();
- }
- /* validate data */
- foreach($_POST as $field => $value)
- {
- if(!empty($value))
- {
- if(preg_match("/name/i",$field) and
- !preg_match("/user/i",$field) and
- !preg_match("/log/i",$field))
- {
- if (!preg_match("/^[A-Za-z' -]{1,50}$/",$value))
- {
- $errors[] = "$value is not a valid name. ";
- }
- }
- if(preg_match("/street/i",$field) or
- preg_match("/addr/i",$field) or
- preg_match("/city/i",$field))
- {
- if(!preg_match("/^[A-Za-z0-9.,' -]{1,50}$/",
- $value))
- {
- $errors[] = "$value is not a valid address
- or city.";
- }
- }
- if(preg_match("/state/i",$field))
- {
- if(!preg_match("/^[A-Z][A-Z]$/",$value))
- {
- $errors[] = "$value is not a valid state code.";
- }
- }
- if(preg_match("/email/i",$field))
- {
- if(!preg_match("/^.+@.+\\..+$/",$value))
- {
- $errors[]="$value is not a valid email address.";
- }
- }
- if(preg_match("/zip/i",$field))
- {
- if(!preg_match("/^[0-9]{5}(\-[0-9]{4})?$/",$value))
- {
- $errors[] = "$value is not a valid zipcode. ";
- }
- }
- if(preg_match("/phone/i",$field) or
- preg_match("/fax/i",$field))
- {
- if(!preg_match("/^[0-9)(xX -]{7,20}$/",$value))
- {
- $errors[]="$value is not a valid phone number.";
- }
- }
- } // end if not empty
- }
- foreach($_POST as $field => $value)
- {
- $$field = strip_tags(trim($value));
- }
- if(@is_array($errors))
- {
- $message_2 = "";
- foreach($errors as $value)
- {
- $message_2 .= $value." Please try again<br />";
- }
- include("form.php");
- exit();
- } // end if errors are found
- /* check to see if user name already exists */
- include("rmb.php");
- $cxn = mysqli_connect($host,$user,$passmilah,$dbase)
- or die("Couldn't connect to server");
- $sql = "SELECT username FROM user
- WHERE username='$username'";
- $result = mysqli_query($cxn,$sql)
- or die("Query died: username.");
- $num = mysqli_num_rows($result);
- if($num > 0)
- {
- $message_2 = "$username already used. Select
- another User Name.";
- include("form.php");
- exit();
- } // end if user name already exists
- else // Add new user to database
- {
- $sql = "INSERT INTO user (username,password,firstName,lastName,email)
- VALUES ('$username',md5('$password'),
- '$firstName', '$lastName','$email')";
- mysqli_query($cxn,$sql);
- $_SESSION['auth']="yes";
- $_SESSION['logname'] = $username;
- /* send email to new Customer */
- $emess = "You have successfully registered. ";
- $emess .= "Your new user name and password are: ";
- $emess .= "\n\n\t$username\n\t";
- $emess .= "$password\n\n";
- $emess .= "We appreciate your interest. \n\n";
- $emess .= "If you have any questions or problems,";
- $emess .= " email service@ourstore.com";
- $subj = "Your new customer registration";
- # $mailsend=mail("$email","$subj","$emess");
- header("Location: home.php");
- }
- break;
- default:
- include("form.php");
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement