ok here is the code:
Code: Select all
//mY CLASS
class Registration {
public $db;
public $data;
private $sucess = false;
//constructor
public function __construct() {
$this->db = new DB();
}
// Register/insert new user
public function insert($user,$pwd,$email,$name,$surname,$country,$image,$previledges)
{
try{
$_user = $this->db->mysqli->real_escape_string($user);
$_pwd = $this->db->mysqli->real_escape_string($pwd);
$_email = $this->db->mysqli->real_escape_string($email);
$_name = $this->db->mysqli->real_escape_string($name);
$_surname = $this->db->mysqli->real_escape_string($surname);
$_country = $this->db->mysqli->real_escape_string($country);
$_previledges = $this->db->mysqli->real_escape_string($previledges);
//Check to see it the user already exists
$sql = "SELECT COUNT(*) AS regist_count FROM registration WHERE email='{$_email}' OR user='{$_user}'";
$result = $this->db->mysqli->query($sql);
if(!$result){
throw new Exception("Query failed: " . $sql . " - " . $this->db->mysqli->error);
}else{
$this->data[] = $result->fetch_assoc();
if( 0 == $this->data['regist_count']){
if( "" != $image['picture']['name'] && 0 != $image['picture']['size'] ){
// file to upload
$file_upload = true;
$img_name = time() . $image['picture']['name'];
} else {
// no file to upload
$img_name = 'noimage2.jpg';
}
$sql = "INSERT into registration VALUES(NULL,'{$_user}','{$_pwd}','{$_email}','{$_name}','{$_surname}','{$_country}','{$img_name}','{$_previledges}', NOW())";
$result = $this->db->mysqli->query($sql);
if(!$result){
throw new Exception("Query failed: " . $sql . " - " . $this->db->mysqli->error);
}else{
// check for upload
if( true == $file_upload ){
move_uploaded_file($image['picture']['tmp_name'], 'images/registration/' . $img_name);
}
$this->success = true;
}
}
}
} catch(Exception $e){
echo("");
}
}
//Login function for registered user
public function Login($user,$pwd)
{
try{
$_user = $this->db->mysqli->real_escape_string($user);
$_pwd = $this->db->mysqli->real_escape_string($pwd);
$sql = "SELECT COUNT(*) AS user_count FROM registration WHERE user='{$_user}' AND pwd='{$_pwd}'";
$result = $this->db->mysqli->query($sql);
if(!$result){
throw new Exception("Query failed: " . $sql . " - " . $this->db->mysqli->error);
}else{
$count = $result->fetch_assoc();
if(1 == $count['user_count'] )
{
$this->success=true;
}
}
} catch(Exception $e){
echo("Message: " . $e->getMessage());
}
}
// function to help access the return value from login function
public function Success()
{
return $this->success;
}
}
Code: Select all
//register.php page
//load inc ..... etc
if("Register" == $_POST['submit']){
$_user =FilterData($_POST['user']);
$_pwd =FilterData($_POST['pwd']);
$_pwd2 =FilterData($_POST['pwd2']);
$_email =FilterData($_POST['email']);
$_name =FilterData($_POST['name']);
$_surname =FilterData($_POST['surname']);
$_country =FilterData($_POST['country']);
$_nospam = FilterData($_POST['6_letters_code']);
$_previledges =FilterData($_POST['previledges']);
//error handling
//all fields are required
if("" != $_user && "" != $_pwd && "" != $_pwd2 && "" != $_email && "" != $_name && "" != $_surname && "" != $_country && "" != $_nospam){
// cheking the captcha(security random number validation) for valid input
if(empty($_SESSION['6_letters_code'] ) ||
strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0)
{
$message_spam= "\n The security code does not match!";
}elseif($_pwd == $_pwd2){
//Filter email and check for valid email
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_email)) {
$hash_val = md5($_pwd);
$register = new Registration();
$register->insert($_user, $hash_val, $_email, $_name, $_surname, $_country, $_FILES, $_previledges);
if(true == $register->Success()){
$_SESSION['temp_user'] = $_user;
header("location: registration-confirm.php");
}else{
$message_regis ="This email/user already exists in our database,
Please <a style='color:blue'href='login.php'>Login </a>or try again";
//timer for message readability
}}
else {
$message_email = "Invalid email address.";
}
}if($_pwd != $_pwd2){
$message_pwd = "passwords don't match!";
}if("" == $_country){
$message_country = "Please select country!";
}
// $regist = new Registration();
//$regist->insert($_user, $_pwd, $_email, $_name, $_surname);
}else{
$message_empty = "Please check required fields!";
}
}
?>
form .....
// My Login.php page
<?php
//load include (inc) file
require_once 'inc.php';
/*page logic */
if("Login" == $_POST['submit'])
{
$_user = FilterData($_POST['name']);
$_pwd = FilterData($_POST['pwd']);
//check for required fields
if( "" != $_user && "" != $_pwd )
{
$hash_val = md5($_pwd);
//compare field values with database values
$auth = new Registration();
$auth->Login($_user, $hash_val);
if(true == $auth->Success())
{
$_SESSION['regis_user'] = $_user;
//redirect to home page
header("location:index.php");
exit();
}else{
$warning = "wrong details";
}
}else{
$warning = "check required fields!";
}
}
?>
<div id="main_content">
<fieldset id="login_box">
<legend>Login</legend>
<br><br>
<?php if($warning){ echo("<p class='error_msg'>{$warning}</p>");}?>
<form id="login_form"method="post" action="<?php echo($_SERVER['PHP_SELF']);?>">
<ul>
<label for="name" class="required"><b style="color: red;font-size: 20px">*</b>Name:</label>
<li style="padding-left:10%"> <!-- this fixes i.e. -->
<input type="text" name="name" id="name" size="19" value="<?php echo($_user)?>"/>
</li>
<label for="pwd" class="required"><b style="color: red;font-size: 20px">*</b>Password :</label>
<li>
<input type="password" name="pwd" id="pwd" size="20" >
</li>
<li class="log_btn">
<input type="submit" name="submit" value="Login" class="button">
</li>
</ul>
</form>
</div>
<?php Footer();?>
[/syntax]
This is it.
Mike Spider