I have tryed to fix the first name and last name for the register system. But i can't get it to work it well not put the date to my mysql.
here is the register.php code:
<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])) {
if (empty($_POST['username'])) {
$errors[] = 'The username cannot be empty.';
}
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'The email address you entered does not appear to be valid.';
}
if (empty($_POST['password']) || empty($_POST['repeat_password'])) {
$errors[] = 'The password cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']) {
$errors[] = 'Password verification failed.';
}
if (user_exists($_POST['username'])) {
$errors[] = 'The username you entered is already taken.';
}
if (empty($errors)) {
add_user($_POST['username'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['password']);
header('Location: protected.php');
die();
}
}
?>
<!DOCTYPE html>
<html lang="da">
<head>
<meta charset="utf-8">
<title></title>
<link rel="stylesheet" type="text/css" href="ext/css/style.css" />
</head>
<body>
<div>
<?php
if (empty($errors) === false) {
?>
<ul>
<?php
foreach ($errors as $error) {
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}
?>
</div>
<form action="" method="post">
<p>
<label for="username"><b>Username:</b><br/></label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="username"><b>Firstname:</b><br/></label>
<input type="text" name="firstname" id="firstname" value="<?php if (isset($_POST['firstname'])) echo htmlentities($_POST['firstname']); ?>" />
</p>
<p>
<label for="username"><b>Lastname:</b><br/></label>
<input type="text" name="lastname" id="lastname" value="<?php if (isset($_POST['lastname'])) echo htmlentities($_POST['lastname']); ?>" />
</p>
<p>
<label for="email"><b>Email:</b><br/></label>
<input type="text" name="email" id="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email']); ?>" />
</p>
<p>
<label for="password"><b>Password:</b><br/></label>
<input type="password" name="password" id="password" />
</p>
<p>
<label for="repeat_password"><b>Repeat Password:</b><br/></label>
<input type="password" name="repeat_password" id="repeat_password" />
</p>
<p>
<input type="submit" value="Register" />
</p>
</form>
</body>
</html>
And here is the user.inc.php code:<?php
// fetches the right profile with id.
function fetch_current_user_id($username){
$username = mysql_real_escape_string($username);
$sql = "SELECT `user_id` FROM `users` WHERE `user_name` = '{$username}'";
$result = mysql_query($sql);
return mysql_result($result, 0);
}
if(empty($_SESSION['uid'])){
$_SESSION['uid'] = fetch_current_user_id($_SESSION['username']);
}
// fetches all of the users from the table.
function fetch_users() {
$result = mysql_query('SELECT `user_id` AS `id`, `user_name` AS `username` FROM `users`');
$users = array();
while (($row = mysql_fetch_assoc($result)) !== false) {
$users[] = $row;
}
return $users;
}
// fetches profile infomation for the given user.
function fetch_user_info($uid) {
$uid = (int)$uid;
$sql = "SELECT
`user_id` AS `id`,
`user_name` AS `username`,
`user_firstname` AS `firstname`,
`user_lastname` AS `lastname`,
`user_email` AS `email`,
`user_about` AS `about`,
`user_location` AS `location`,
`user_gender` AS `gender`
FROM `users`
WHERE `user_id` = {$uid}";
$result = mysql_query($sql);
$info = mysql_fetch_assoc($result);
$info['avatar'] = (file_exists("{$GLOBALS['path']}/user_avatars/{$info['id']}.jpg")) ? "core/user_avatars/{$info['id']}.jpg" : "core/user_avatars/default.jpg";
return $info;
}
// updates the current users profile info.
function set_profile_info($email, $about, $location ,$avatar) {
$email = mysql_real_escape_string(htmlentities($email));
$about = mysql_real_escape_string(nl2br(htmlentities($about)));
$location = mysql_real_escape_string($location);
if (file_exists($avatar)) {
$src_size = getimagesize($avatar);
if ($src_size['mime'] === 'image/jpeg') {
$src_img = imagecreatefromjpeg($avatar);
}else if ($src_size['mime'] === 'image/png') {
$src_img = imagecreatefrompng($avatar);
}else if ($src_size['mime'] === 'image/gif') {
$src_img = imagecreatefromgif($avatar);
}else {
$src_img = false;
}
if ($src_img !== false) {
$thumb_width = 200;
if ($src_size[0] <= $thumb_width) {
$thumb = $src_img;
}else {
$new_size[0] = $thumb_width;
$new_size[1] = ($src_size[1] / $src_size[0]) * $thumb_width;
$thumb = imagecreatetruecolor($new_size[0], $new_size[1]);
imagecopyresampled($thumb, $src_img, 0, 0, 0, 0, $new_size[0], $new_size[1], $src_size[0], $src_size[1]);
}
imagejpeg($thumb, "{$GLOBALS['path']}/user_avatars/{$_SESSION['uid']}.jpg");
}
}
$sql = "UPDATE `users` SET
`user_email` = '{$email}',
`user_about` = '{$about}',
`user_location` = '{$location}'
WHERE `user_id` = {$_SESSION['uid']}";
mysql_query($sql);
}
// check if the given username exists in the database.
function user_exists($user) {
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
// check if the given username and password combination is valid.
function valid_credentials($user, $pass) {
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
// checks is the given user account is active.
function is_active($user) {
$user = mysql_real_escape_string($user);
$sql = "SELECT
COUNT(`user_activations`.`user_id`)
FROM `users`
INNER JOIN `user_activations`
ON `users`.`user_id` = `user_activations`.`user_id`
WHERE `users`.`user_name` = '{$user}'";
$result = mysql_query($sql);
return (mysql_result($result, 0) == '0') ? true : false;
}
// activates the account related to the given activation code.
function activate_account($aid) {
$aid = mysql_real_escape_string($aid);
mysql_query("DELETE FROM `user_activations` WHERE `activation_code` = '{$aid}'");
}
// adds a user to the database
function add_user($user, $firstname, $lastname, $email, $pass) {
$user = mysql_real_escape_string(htmlentities($user));
$firstname = mysql_real_escape_string(htmlentities($firstname));
$lastname = mysql_real_escape_string(htmlentities($lastname));
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
$aid = implode('', array_rand($charset, 10));
$body = <<<EMAIL
Hi,
Thanks for registering, before you login you need to activate your account.
To do that simply click the following link.
http://localhost:8888/UserSystem/activate.php?aid={$aid}
EMAIL;
mail($email, 'Your new account at onslowdemolering.dk', $body, 'From: ekim@onslowdemolering.dk');
mysql_query("INSERT INTO `users` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')");
$user_id = mysql_insert_id();
mysql_query("INSERT INTO `user_activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");
}
?>
But i have edited this part in user.inc.php code:// adds a user to the database
function add_user($user, $firstname, $lastname, $email, $pass) {
$user = mysql_real_escape_string(htmlentities($user));
$firstname = mysql_real_escape_string(htmlentities($firstname));
$lastname = mysql_real_escape_string(htmlentities($lastname));
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
$aid = implode('', array_rand($charset, 10));
Hope u can help me with that.// Hys
