'.mysqli_error($db));
}
mysqli_select_db($db, $mysql_database) or die('Failed to select database
'.mysqli_error($db));
mysqli_set_charset($db, 'utf8');
$sql = "SELECT * FROM ".$mysql_table." WHERE username = '".mysqli_real_escape_string($db, $_POST['username'])."'";
$result = mysqli_query($db, $sql);
if ($data = mysqli_fetch_array($result))
{
if ($crypt_pass == $data['password'] && $data['active'] != 0)
{
$found = true;
$db_email = $data['email'];
$db_fullname = $data['fullname'];
$db_username = $data['username'];
$db_role = $data['role'];
$folder = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '/') + 1);
$db_avatar = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$folder" . "avatars/" . $data['avatar'];
}
}
mysqli_close($db);
if ($found == false)
{
header('Location: '.$error_page);
exit;
}
else
{
$_SESSION['email'] = $db_email;
$_SESSION['fullname'] = $db_fullname;
$_SESSION['username'] = $db_username;
$_SESSION['role'] = $db_role;
$_SESSION['avatar'] = $db_avatar;
$_SESSION['expires_by'] = time() + $session_timeout;
$_SESSION['expires_timeout'] = $session_timeout;
$rememberme = isset($_POST['rememberme']) ? true : false;
if ($rememberme)
{
setcookie('username', $db_username, time() + 3600*24*30);
setcookie('password', $_POST['password'], time() + 3600*24*30);
}
header('Location: '.$success_page);
exit;
}
}
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$password = isset($_COOKIE['password']) ? $_COOKIE['password'] : '';
$mysql_server = 'sql2.7m.pl';
$mysql_username = 'elger_mcscprptesto';
$mysql_password = 'elgerusa200616';
$mysql_database = 'elger_mcscprptesto';
$mysql_table = 'elger_mcscprptesto';
$success_page = './page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['form_name']) && $_POST['form_name'] == 'signupform')
{
$newusername = $_POST['username'];
$newemail = $_POST['email'];
$newpassword = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$newfullname = $_POST['fullname'];
$code = 'NA';
if ($newpassword != $confirmpassword)
{
$error_message = 'Password and Confirm Password are not the same!';
}
else
if (!preg_match("/^[A-Za-z0-9-_!@$]{1,50}$/", $newusername))
{
$error_message = 'Username is not valid, please check and try again!';
}
else
if (!preg_match("/^[A-Za-z0-9-_!@$]{1,50}$/", $newpassword))
{
$error_message = 'Password is not valid, please check and try again!';
}
else
if (!preg_match("/^[A-Za-z0-9-_!@$.' &]{1,50}$/", $newfullname))
{
$error_message = 'Fullname is not valid, please check and try again!';
}
else
if (!preg_match("/^.+@.+\..+$/", $newemail))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
if (empty($error_message))
{
$db = mysqli_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!
'.mysqli_error($db));
}
mysqli_select_db($db, $mysql_database) or die('Failed to select database
'.mysqli_error($db));
mysqli_set_charset($db, 'utf8');
$sql = "SELECT username FROM ".$mysql_table." WHERE username = '".$newusername."'";
$result = mysqli_query($db, $sql);
if ($data = mysqli_fetch_array($result))
{
$error_message = 'Username already used. Please select another username.';
}
}
if (empty($error_message))
{
$crypt_pass = md5($newpassword);
$newusername = mysqli_real_escape_string($db, $newusername);
$newemail = mysqli_real_escape_string($db, $newemail);
$newfullname = mysqli_real_escape_string($db, $newfullname);
$sql = "INSERT `".$mysql_table."` (`username`, `password`, `fullname`, `email`, `active`, `code`, `role`) VALUES ('$newusername', '$crypt_pass', '$newfullname', '$newemail', 1, '$code', '')";
$result = mysqli_query($db, $sql);
mysqli_close($db);
$subject = 'Your new account';
$message = 'A new account has been setup.';
$message .= "\r\nUsername: ";
$message .= $newusername;
$message .= "\r\nPassword: ";
$message .= $newpassword;
$message .= "\r\n";
$header = "From: webmaster@yourwebsite.com"."\r\n";
$header .= "Reply-To: webmaster@yourwebsite.com"."\r\n";
$header .= "MIME-Version: 1.0"."\r\n";
$header .= "Content-Type: text/plain; charset=utf-8"."\r\n";
$header .= "Content-Transfer-Encoding: 8bit"."\r\n";
$header .= "X-Mailer: PHP v".phpversion();
mail($newemail, $subject, $message, $header);
header('Location: '.$success_page);
exit;
}
}
?>