register.php
Code: Select all
<?php
require('db_connect.php'); // database connect script.
?>
<?php
if (isset($_POSTї'submit'])) { // if form has been submitted
/* check they arent ripping you off */
$first_buy = $_POSTї'first_shares'];
if($first_buy<4)
header ("Location: register.php");
/* check they filled in what they supposed to,
passwords matched, username
isn't already taken, etc. */
if (!$_POSTї'uname'] | !$_POSTї'passwd'] | !$_POSTї'passwd_again'] | !$_POSTї'email']) {
die('You missed something');
}
// check if username exists in database.
if (!get_magic_quotes_gpc()) {
$_POSTї'uname'] = addslashes($_POSTї'uname']);
}
$name_check = $db_object->query("SELECT username FROM users WHERE username = '".$_POSTї'uname']."'");
if (DB::isError($name_check)) {
die($name_check->getMessage());
}
$name_checkk = $name_check->numRows();
if ($name_checkk != 0) {
die('Sorry, the username: <strong>'.$_POSTї'uname'].'</strong> is already taken, please pick another one.');
}
// check passwords match
if ($_POSTї'passwd'] != $_POSTї'passwd_again']) {
die('Passwords did not match.');
}
// check e-mail format
if (!preg_match("/.*@.*..*/", $_POSTї'email']) | preg_match("/(<|>)/", $_POSTї'email'])) {
die('Invalid e-mail address.');
}
// no HTML tags in username, website, location, password
$_POSTї'uname'] = strip_tags($_POSTї'uname']);
$_POSTї'passwd'] = strip_tags($_POSTї'passwd']);
$_POSTї'website'] = strip_tags($_POSTї'website']);
$_POSTї'location'] = strip_tags($_POSTї'location']);
// check show_email data
if ($_POSTї'show_email'] != 0 & $_POSTї'show_email'] != 1) {
die('Nope');
}
// now we can add them to the database.
// encrypt password
$_POSTї'passwd'] = md5($_POSTї'passwd']);
if (!get_magic_quotes_gpc()) {
$_POSTї'passwd'] = addslashes($_POSTї'passwd']);
$_POSTї'email'] = addslashes($_POSTї'email']);
$_POSTї'website'] = addslashes($_POSTї'website']);
$_POSTї'location'] = addslashes($_POSTї'location']);
}
$regdate = date('m d, Y');
$insert = "INSERT INTO users (
username,
password,
regdate,
email,
website,
location,
show_email,
last_login)
VALUES (
'".$_POSTї'uname']."',
'".$_POSTї'passwd']."',
'$regdate',
'".$_POSTї'email']."',
'".$_POSTї'website']."',
'".$_POSTї'location']."',
'".$_POSTї'show_email']."',
'Never')";
$add_member = $db_object->query($insert);
if (DB::isError($add_member)) {
die($add_member->getMessage());
}
$db_object->disconnect();
$username="---";
$password="---";
$database="---";
$payment=$_POSTї'payment'];
$requesting=$_POSTї'first_shares'];
$value=$_POSTї'value'];
$compliment=$_POSTї'compliment'];
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query = "UPDATE users SET stocks = '$compliment' WHERE username = '".$_POSTї'uname']."'";
mysql_query($query);
$query2 = "UPDATE users SET payment = '$payment' WHERE username = '".$_POSTї'uname']."'";
mysql_query($query2);
$query3 = "UPDATE users SET value = '$value' WHERE username = '".$_POSTї'uname']."'";
mysql_query($query3);
$query4 = "UPDATE users SET requesting = '$requesting' WHERE username = '".$_POSTї'uname']."'";
mysql_query($query4);
?>
<html>
<head>
<title>Root32Shares</title>
<script type="text/javascript" language="JavaScript1.2" src="stm31.js"></script>
<style type="text/css">
<!--
A:link { COLOR: 08475C; TEXT-DECORATION: none; font-weight: normal }
A:visited { COLOR: 08475C; TEXT-DECORATION: none; font-weight: normal }
A:active { COLOR: 08475C; TEXT-DECORATION: none }
A:hover { COLOR: 0B6988; TEXT-DECORATION: none; font-weight: normal }
-->
</style>
<style type="text/css">
a:link {text-decoration: none}
a:active {text-decoration: none}
a:visited {text-decoration: none}
a:hover {text-decoration: none}
</style>
</head>
<body bgcolor=#ffffff text=#000000 marginwidth=0 marginheight=0 leftmargin=0 rightmargin=0 bottommargin=0 topmargin=0">
<BR>
<table cellpadding="0" cellspacing="1" bgcolor="000000" align="center" width="600">
<tr>
<td bgcolor="0B6988">
<CENTER>
<img src="banner.jpg"></CENTER></td>
</tr>
<tr>
<td bgcolor="eeeef0">
<BR>
<font face="verdana" size="2" color="000000">
<table cellpadding="5" cellspacing="0" bgcolor="FFFFFF" align="center">
<tr>
<td bgcolor="eeeef0">
<font face="verdana" size="2" color="000000">
Your account has been created. You have <B><?php echo $_POSTї'first_shares']; ?></B> stock and a complimentary <B>1</B> stock.<BR><BR>
Thanks for your interest! You can login <a href="login.php">here</A>
</td>
</tr>
</table>
<BR>
</td>
</tr>
</table>
<BR>
<CENTER><font face="verdana" size="1" color="666666">
© Copyright, 2004 - Root32<BR>
| <a href="mailto:masters@root32mail.com">contact</a> | <a href="http://root32.com">root32 computing and security</A> | <a href="http://root32.info">root32 hosting</A> | <a href="http://root32mail.com">root32 mail</A> |
<BR>
<?php
} else { // if form hasn't been submitted
?>
<html>
<head>
<title>Root32Shares</title>
<script type="text/javascript" language="JavaScript1.2" src="stm31.js"></script>
<style type="text/css">
<!--
A:link { COLOR: 08475C; TEXT-DECORATION: none; font-weight: normal }
A:visited { COLOR: 08475C; TEXT-DECORATION: none; font-weight: normal }
A:active { COLOR: 08475C; TEXT-DECORATION: none }
A:hover { COLOR: 0B6988; TEXT-DECORATION: none; font-weight: normal }
-->
</style>
<style type="text/css">
a:link {text-decoration: none}
a:active {text-decoration: none}
a:visited {text-decoration: none}
a:hover {text-decoration: none}
</style>
</head>
<body bgcolor=#ffffff text=#000000 marginwidth=0 marginheight=0 leftmargin=0 rightmargin=0 bottommargin=0 topmargin=0">
<BR>
<table cellpadding="0" cellspacing="1" bgcolor="000000" align="center" width="600">
<tr>
<td bgcolor="0B6988">
<CENTER>
<img src="banner.jpg"></CENTER></td>
</tr>
<tr>
<td bgcolor="eeeef0">
<BR>
<form action="<?php echo $_SERVERї'PHP_SELF']; ?>" method="post">
<table align="center" cellpadding="5">
<tr><td bgcolor="eeeef0"><font face="Verdana" color="000000" size="2"><B> Username*:</td><td bgcolor="eeeef0">
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td bgcolor="eeeef0"><font face="Verdana" color="000000" size="2"><B> Password*:</td><td bgcolor="eeeef0">
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td bgcolor="eeeef0"><font face="Verdana" color="000000" size="2"><B> Confirm Password*:</td><td bgcolor="eeeef0">
<input type="password" name="passwd_again" maxlength="50">
</td></tr>
<tr><td bgcolor="eeeef0"><font face="Verdana" color="000000" size="2"><B> E-Mail*:</td><td bgcolor="eeeef0">
<input type="text" name="email" maxlength="100">
</td></tr>
<tr><td bgcolor="eeeef0"><font face="Verdana" color="000000" size="2"><B> Website:</td><td bgcolor="eeeef0">
<input type="text" name="website" maxlength="150">
</td></tr>
<tr><td bgcolor="eeeef0"><font face="Verdana" color="000000" size="2"><B> Location</td><td bgcolor="eeeef0">
<input type="text" name="location" maxlength="150">
</td></tr>
<tr><td bgcolor="eeeef0"><font face="Verdana" color="000000" size="2"><B> Show E-Mail?</td><td bgcolor="eeeef0">
<select name="show_email">
<option value="1" selected="selected">Yes</option>
<option value="0">No</option></select>
</td></tr>
<tr><td bgcolor="eeeef0"><font face="Verdana" color="000000" size="2"><B> Stocks:</td><td bgcolor="eeeef0">
<input type="text" name="first_shares" maxlength="3" value="5" size="5"> <font face="Verdana" color="000000" size="2"> (£1 each)
</td></tr>
<tr><td align="center" colspan="2"><center><font face="verdana" size="1">* You must purchase at least 5 stocks when signing up. Stocks are £1 each. *
</td>
</tr>
<tr><td colspan="2" align="center" bgcolor="eeeef0">
<input type="hidden" value="1" name="payment">
<input type="hidden" value="71000" name="value">
<input type="hidden" value="1" name="compliment">
<input type="submit" name="submit" value="Sign Up">
</td></tr>
</table>
</form>
</td>
</tr>
</table>
<BR>
<CENTER><font face="verdana" size="1" color="666666">
© Copyright, 2004 - Root32<BR>
| <a href="mailto:masters@root32mail.com">contact</a> | <a href="http://root32.com">root32 computing and security</A> | <a href="http://root32.info">root32 hosting</A> | <a href="http://root32mail.com">root32 mail</A> |
</body>
</html>
<BR><BR>
<?php
}
?>
</body>
</html>
db_connect.php
Code: Select all
<?php
//require the PEAR::DB classes.
require_once 'DB.php';
$db_engine = 'mysql';
$db_user = '---';
$db_pass = '---';
$db_host = 'localhost';
$db_name = '---';
$datasource = $db_engine.'://'.
$db_user.':'.
$db_pass.'@'.
$db_host.'/'.
$db_name;
$db_object = DB::connect($datasource, TRUE);
/* assign database object in $db_object,
if the connection fails $db_object will contain
the error message. */
// If $db_object contains an error:
// error and exit.
if(DB::isError($db_object)) {
die($db_object->getMessage());
}
$db_object->setFetchMode(DB_FETCHMODE_ASSOC);
// we write this later on, ignore for now.
include('check_login.php');
?>
login.php
Code: Select all
<?php
// database connect script.
require 'db_connect.php';
if($logged_in == 1) {
die('You are already logged in, '.$_SESSIONї'username'].'.');
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<?php
if (isset($_POSTї'submit'])) { // if form has been submitted
/* check they filled in what they were supposed to and authenticate */
if(!$_POSTї'uname'] | !$_POSTї'passwd']) {
die('You did not fill in a required field.');
}
// authenticate.
if (!get_magic_quotes_gpc()) {
$_POSTї'uname'] = addslashes($_POSTї'uname']);
}
$check = $db_object->query("SELECT username, password FROM users WHERE username = '".$_POSTї'uname']."'");
if (DB::isError($check) || $check->numRows() == 0) {
die('That username does not exist in our database.');
}
$info = $check->fetchRow();
// check passwords match
$_POSTї'passwd'] = stripslashes($_POSTї'passwd']);
$infoї'password'] = stripslashes($infoї'password']);
$_POSTї'passwd'] = md5($_POSTї'passwd']);
if ($_POSTї'passwd'] != $infoї'password']) {
die('Incorrect password, please try again.');
}
// if we get here username and password are correct,
//register session variables and set last login time.
$date = date('m d, Y');
$update_login = $db_object->query("UPDATE users SET last_login = '$date' WHERE username = '".$_POSTї'uname']."'");
$_POSTї'uname'] = stripslashes($_POSTї'uname']);
$_SESSIONї'username'] = $_POSTї'uname'];
$_SESSIONї'password'] = $_POSTї'passwd'];
$db_object->disconnect();
?>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse; border-width: 0" bordercolor="#111111" width="100%" id="AutoNumber1" height="100%">
<tr>
<td width="60%" style="border-style: none; border-width: medium" height="31">
<font face="verdana"><blockquote>
Login was successful.
<p> </td>
</tr>
</table>
<?php
} else { // if form hasn't been submitted
?>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse; border-width: 0" bordercolor="#111111" width="100%" id="AutoNumber1" height="100%">
<td width="60%" style="border-style: none; border-width: medium" height="31">
<form action="<?php echo $_SERVERї'PHP_SELF']?>" method="post">
<table border="0" cellspacing="1" bgcolor="ffffff" class=bordercolor align=left cellpadding="3" width="400">
<tr><td bgcolor="ffffff"><font face="Verdana" color="000000" size="1">Username:</td><td bgcolor="ffffff">
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td bgcolor="ffffff"><font face="Verdana" color="000000" size="1">Password:</td><td bgcolor="ffffff">
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td colspan="2" align="center" bgcolor="ffffff">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<p> </td>
</tr>
</table>
<?php
}
?>
</body>
</html>
Anything else you think you'll need?