Code: Select all
<?php //register.php
//DB Login information & Errors
$path = $_SERVER['DOCUMENT_ROOT'];
require "$path/Smarty/Smarty.class.php";
$smarty = new Smarty();
$smarty->template_dir = "$path/temp/smarty/templates";
$smarty->compile_dir = "$path/temp/smarty/templates_c";
$smarty->cache_dir = "$path/temp/smarty/cache";
$smarty->config_dir = "$path/temp/smarty/configs";
require_once 'login.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());
mysql_select_db($db_database)
or die("Unable to select database: " . mysql_error());
//Salt Declaration
$salt1 = "qm&h*";
$salt2 = "pg!@";
if (isset($_POST['delete']) && $deleteuser != "")
{
$deleteuser = mysql_entities_fix_string($_POST['deleteuser']);
$query = "DELETE FROM users WHERE username='$deleteuser'";
mysql_query($query);
if (!mysql_query($query))
{
echo "DELETE failed: $query<br>" .
mysql_error() . "<p>";
}
}
if(isset($_POST['fname']) && ($_POST['sname']) && ($_POST['user']) && ($_POST['pass']))
{
//Move info from the form, if it has been filled out, clean it, and pass it to new variables
$fnametemp = mysql_entities_fix_string($_POST['fname']);
$snametemp = mysql_entities_fix_string($_POST['sname']);
$usertemp = mysql_entities_fix_string($_POST['user']);
$passtemp = mysql_entities_fix_string($_POST['pass']);
$dupcheck = "SELECT * FROM users WHERE username = '$usertemp'";
$testresult = mysql_query($dupcheck);
$rows = mysql_num_rows($testresult);
if($rows==0)
{
//Create an MD5 hash of the password line utilizing the salts declared above
$passfinal = MD5("$salt1$passtemp$salt2");
$query = "INSERT INTO users VALUES ('$fnametemp','$snametemp','$usertemp','$passfinal')";
$result = mysql_query($query);
if (!$result) die ("Database access failed: " . mysql_error());
echo <<<_END
<pre>
Thank you $fnametemp, you have successfully registered. Please continue to <a href=/TempProject/authenticate.php>Log In</a>
</pre>
_END;
}
else die("Duplicate User");
}
else
{
echo <<<_END
_END;
}
$query = "SELECT * FROM users";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
for ($j = 0 ; $j < $rows ; ++$j)
{
$results[] = mysql_fetch_array($result);
}
mysql_close($db_server);
$smarty->assign('results', $results);
$smarty->display("register.tpl");
function mysql_entities_fix_string($string)
{
return htmlentities(mysql_fix_string($string));
}
function mysql_fix_string($string)
{
if (get_magic_quotes_gpc()) $string = stripslashes($string);
return mysql_real_escape_string($string);
}
?>