Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /* Simple functions to save typing */
- function postVal($name){ // Grabs the $_POST value and cleans it up
- $v = (isset($_POST[$name]))? trim($_POST[$name]): '';
- return (get_magic_quotes_gpc())? stripslashes($v) : $v;
- }
- function mres($v){ // Annonymouse function for mysqli_real_escape_string();
- Global $dbc;
- return mysqli_real_escape_string($dbc, $v);
- }
- function mres_pv($name){
- return mres(postVal($name));
- }
- require_once('appvars.php');
- require_once('connectvars.php');
- /* FORM */
- $form = '
- <hr />
- <form enctype="multipart/form-data" method="post" action="' . $_SERVER['PHP_SELF'] . '">
- <input type="hidden" name="MAX_FILE_SIZE" value="' . GW_MAXFILESIZE . '" />
- <label for="username">Username:</label>
- <input type="text" name="username" value="' . postVal('username') . '" /><br />
- <label for="password1">Password:</label>
- <input type="password" name="password1" /><br />
- <label for="password2">Password (retype):</label>
- <input type="password" name="password2" /><br />
- <label for="email">E-mail Address:</label>
- <input type="text" name="email" value="' . postVal('email') . '" /><br />
- <label for="first_name">First Name:</label>
- <input type="text" id="first_name" name="first_name" value="' . postVal('first_name') . '" /></br>
- <label for="last_name">Last Name:</label>
- <input type="text" id="last_name" name="last_name" value="' . postVal('last_name') . '" /><br />
- <label for="gender">Gender:</label>
- <select name="gender">
- <option value="Male">Male</option>
- <option value="Female">Female</option>
- </select> </br>
- <label for="dobdate">Date of Birth:</label>
- <select name="dobdate">
- ';
- for($i=1;$i<=31;++$i){
- $form .= ' <option value="' . $i . '">' . $i . '</option>' . PHP_EOL;
- }
- $form .= '
- </select>
- <label for="dobmonth"></label>
- <select name="dobmonth">
- <option value="" selected="selected">---</option>
- ';
- foreach(Array("JANUARY","FEBRUARY","MARCH","APRIL","MAY","JUNE","JULY","AUGUST","SEPTEMBER","OCTOBER","NOVEMBER","DECEMBER") as $month){
- $form .= ' <option value="' . $month . '">' . $month . '</option>' . PHP_EOL;
- }
- $form .= '
- </select>
- <label for="dobyear"></label>
- <select name="dobyear">
- <option selected="selected" value="">-----</option>
- ';
- foreach(range(1921,1993) as $year){
- $form .= ' <option value="' . $year . '">' . $year . '</option>' . PHP_EOL;
- }
- $form .= '
- </select>
- </br>
- <label for="location">Location:</label>
- <select name="location">
- <option selected="selected" value="">---</option>
- ';
- $locations = Array('Albenia','Iran','India');
- foreach($locations as $local){
- $form .= ' <option value="' . $local . '">' . $local . '</option>';
- }
- $form .= '
- </select>
- </br>
- <label for="about_text">About Me:</label>
- <input type="text" id="about_text" name="about_text" value="' . postVal('about_text') . '" /><br />
- <label for="screenshot">Screen shot:</label>
- <input type="file" id="screenshot" name="screenshot" /><br />
- <hr />
- <input type="submit" value="Add" name="submit" />
- </form>
- ';
- if( isset( $_POST['submit']) ){
- // Grab the score data from the POST
- // Grab the profile data from the POST
- // Rememeber: All user input data is always possibly dangerous, always sanitize it. Even <select> values can be altered.
- $username = mres_pv('username');
- $password1 = $_POST['password1'];
- $password2 = $_POST['password2'];
- $f = $_FILES['screenshot'];
- $screenshot = mysqli_real_escape_string($dbc, trim($f['name']));
- $screenshot_type = $f['type'];
- $screenshot_size = $f['size'];
- $upload_error = $f['error']; // Should be 0, if there's no upload error.
- // Error Checking
- $errors = Array(); // Will hold the error messages.
- // Required Entries
- if(empty($username) || empty($passsword1)){
- $errors[] = "Username and Password are required entries.";
- }
- // Check for existing username
- $stmt = "SELECT username FROM userinfo WHERE username='{$username}' LIMIT 1";
- $result = mysqli_query($dbc, $stmt);
- if( mysqli_num_rows($result) > 0){
- $errors[] = "Username is already Registered, please select another";
- }
- // Check for passwords match
- if( $password1 !== $password2){
- $errors[] = 'Passwords do not match.';
- }
- // Check for an upload error
- if( $upload_error !== UPLOAD_ERR_OK){ // PHP CONSTANT
- $uploadErrorMsgs = Array(
- 1 => 'The selected file exceeds the allowable Server file size. Please select an alternate file. (' . GW_MAXFILESIZE . ' bytes)',
- 2 => 'The selected file exceeds the allowable Upload file size. Please select an alternate file. (' . GW_MAXFILESIZE . ' bytes)',
- 3 => 'Upload connection was interuppted or dropped. Please try again.',
- 4 => 'Please select a file to upload.',
- 6 => 'Internal Server Error (#UP606). Please inform site Admin and please try again later.', // Internal Operations Error
- 7 => 'Internal Server Error (#UP707). Please inform site Admin and please try again.', // Internal Server Error
- 8 => 'Internal Server Error (#UP808). Please inform site Admin and please try again later.' // PHP Extension Library stopped the upload.
- );
- $errors[] = $uploadErrorMsgs[(int)$upload_error];
- }
- // Check for allowed file types.
- $allowedFileTypes = Array( 'image/gif','image/jpeg','image/pjpeg','image/jpg','image/png');
- if( !in_array($screenshot_type, $allowedFileTypes)){
- $errors[] = 'Image type in not allowed. Only gif, jpeg and png images are allowed.';
- }
- // Error Checks Done
- // Check to see if any errors occurred.
- if( count( $errors ) === 0){
- // All Good, continue form processing
- // Move Uploaded File
- $target = GW_UPLOADPATH . $screenshot;
- if(!move_uploaded_file($f['tmp_name'], $target) ){
- die('Internal Server Error. Please try again later. #UP1011');
- }
- $userData = Array(
- 'date' => date('Y-m-d H:i:s', time()),
- 'user_name' => $username,
- 'password' => sha1($password1),
- 'email' => mres_pv('email'),
- 'first_name' => mres_pv('first_name'),
- 'last_name' => mres_pv('last_name'),
- 'gender' => mres_pv('gender'),
- 'dob_date' => mres_pv('dobdate'),
- 'dob_month' => mres_pv('dobmonth'),
- 'dob_year' => mres_pv('dobyear'),
- 'location' => mres_pv('location'),
- 'about_me' => mres_pv('about_text'),
- 'screenshot' => $screenshot
- );
- $stmt = "INSERT INTO userinfo(" . implode(',', array_keys($userData)) . ") VALUES('" . implode("','", $userData) . "')";
- if(mysqli_query($dbc, $stmt)){
- $message = '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>';
- }else{
- $message = '<p>Internal Server Error. Please Try Again Later.</p>';
- }
- mysqli_close($dbc);
- }else{
- $message = "<p>Form errors encountered. Please correct before continueing.<br>";
- foreach($errors as $msg){
- $message .= '• ' . $msg . '<br>';
- }
- $message .= '</p><br>' . $form;
- }
- }else{
- $message = $form;
- }
- ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://cosmicpals.net/signup5.php">
- <html xmlns="http://cosmicpals.net/signup5.php" xml:lang="en" lang="en">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Guitar Wars - Add Your High Score</title>
- <link rel="stylesheet" type="text/css" href="style.css" />
- </head>
- <body>
- <h2>Guitar Wars - Add Your High Score</h2>
- <?php echo $message; ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement