<?phpsession_start();/* registration* import variables* open database co

1. <?php
2. session_start();
3. /*  registration
4. *   import variables
5. *   open database connection
6. *   strip slashes and escape characters
7. *
8. *   run query on username
9. *   run query on email address
10. *
11. *   if they already exist:
12. *       - present user with username alternatives (birth year? town?)
13. *       - ask user to login or request a new password (for existing email address)
14. *
15. *   upload data to tables
16. *   redirect user to homepage (LOGGED IN)
17. *
18. */
19.  
20. //import variables
21. //Make sure that applicant is over 18
22.  
23. $legal = array();
24. $legal = $_POST['legal'];
25.  
26. if(isset($legal[0]) && $legal[0] == "of_age") {
27.     if(isset($legal[1]) && $legal[1] == "read_it") {
28.     $username = $_POST['username_'];
29.     $password = $_POST['password_'];
30.     $fname = $_POST['fname_'];
31.     $lname = $_POST['lname_'];
32.     $email = $_POST['email_'];
33.     $location = $_POST['location_'];
34.        
35.     //fire up a mysql server connection
36.     $uid="accname";
37.     $pid="password";
38.     $dbname = "database";
39.     $lcn = "localhost";
40.  
41.     $link = mysql_connect($lcn, $uid, $pid);
42.     if(!$link) {
43.         die('Could not connect: '.mysql_error());
44.     }
45.  
46. /*  function for stripping slashes and protecting from SQL injection    */
47. function safedata($input) {
48.  
49.     // strip slashes from input
50.     if(get_magic_quotes_gpc()) {
51.         $input = stripslashes($input);
52.     }
53.    
54.     //quote if not a number
55.     if(!is_numeric($input)) {
56.         $input = mysql_real_escape_string($input);
57.     }
58. return $input;
59. }
60.  
61. $username = safedata($username);
62. $password = safedata($password);
63. $fname = safedata($fname);
64. $lname = safedata($lname);
65. $email = safedata($email);
66. $location = safedata($location);
67.    
68.     //open database
69.     $connectdb = mysql_select_db($dbname, $link);
70.     if(!$connectdb) {
71.     die('Could not connect to '.$dbname.': '.mysql_error());
72.     } else {
73.     $testConn = "<br /><small>(connected to <b>".$dbname."</b>)</small>";
74.     }
75.  
76. //check username and email availability and return suggestions if necessary
77.  
78.     function username_avail($username) {
79.         if(isset($username) && $username !=null) {
80.         //sql to check user.username for the same username
81.         $checkuser = mysql_query("SELECT userid, username from user where username='$username'");
82.         $getRows_user = mysql_num_rows($checkuser);
83.             if($getRows_user > 0) {
84.                 //need to choose another username. Suggest using current UTC date as suffix?
85.                 $message = "<br />Unfortunately <b>$username</b> is taken, please choose another username.";
86.                 $message = $message." available alternatives include: $username".(Date("s")-2*Date("H"));
87.             } else {
88.                 //call an email check function to see if the email address is already registered to an account.
89.             }
90.            
91.         } else {
92.             $message = "Please make sure to complete all required fields, thank you.";
93.         }
94.         return $message;
95.     }
96.    
97.    
98.    
99.     //TEMPORARY
100.     $field1 = "email";
101.     $tblname = "user";
102.     $email_query = mysql_query("SELECT $field1 from $tblname where $field1='$email'");
103.     $row_email = mysql_fetch_array($email_query);
104.     $getRows_email = mysql_num_rows($email_query);
105.                 if($getRows_email > 0) {
106.                     echo "Email account already registered to a user, please check that you have entered your email address correctly.<br />";
107.                 } else {
108.                 echo " Email is A-Okay.<br />";
109.                 }
110.    
111.     //WORK IN PROGRESS - GENERIC FUNCTION
112.     function in_db($input, $fld, $tbl) {
113.         //generic function to compare input variable with database field to see if it already exists
114.         $sql = mysql_query("SELECT $fld FROM $tbl WHERE $fld='$input'");
115.         $getRows = mysql_num_rows($sql);
116.         if($getRows > 0) {
117.             $found = 1;
118.         } else {
119.             $found = 0;
120.         }
121.         return $found;
122.     }
123.    
124.     //test
125.     echo $username.": $fname $lname.";
126.     echo "<br />email address: ".$email;
127.     echo $testConn."<br />";
128.     echo username_avail($username)."<br />";
129.     echo "same job on ($email), but done with a generic function (in_db()): ";
130.     $fld = "email";
131.     $tbl = "user";
132.     echo in_db($email, $fld, $tbl);
133.     echo "<br /> Return to <a href='index.php'>homepage</a>.";
134.  
135.     } else {
136.     echo "Sorry, you must agree to the conditions outlined to participate in this website.";
137.     echo "<br />value of \$terms: ".$legal[1];
138.     echo "<br />value of \$over18: ".$legal[0];
139. }
140. } else {
141.     echo "Sorry, you are not old enough to participate in this website.";
142.     echo "<br />value of \$terms: ".$legal[1];
143.     echo "<br />value of \$over18: ".$legal[0];
144. }
145.  
146.  
147. //connection close
148. mysql_close($link);
149. ?>