PHP sending emails twice and not uploading images correctly :/ - php

I have been designing a website and everything has been working perfectly, until I started adding in little extras so it would work EXACTLY how I wanted it to work.
This is the script for a website that uploads a title, description, name of a person, image, email address and password for the advert that they are putting online. However it no longer wants to correctly name the image and it sends out an email twice, once in the instance that there may be an image and it instantly does it in the instance where someone may not upload an image, but it is reading it as if it is doing both because there is an error with the file upload.
Btw this is the first PHP script I have ever created so it may seem mashy as I have been kind of mixing it up from different things that I have found online :)
p.s the page where the magic happens is www.afterswap.com/give.php
p.p.s I have a global config file that sets all of the DB connection info etc, hence it being non-existent here.
<?PHP
include("inc/header.php");
foreach ($_POST as $key => $val)
$_POST[$key] = mysqli_real_escape_string($con, $val);
$back = "<a href='give.php'>Click Here To Go Back And Try Again</a>";
if (isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) {
$title = mysqli_real_escape_string($title123);
$title123 = mysqli_real_escape_string($_POST['title']);
$description = mysqli_real_escape_string($description123);
$description123 = mysqli_real_escape_string($_POST['description']);
$Sell_by = $_POST['Sell_by'];
$name = mysqli_real_escape_string($name123);
$name123 = mysqli_real_escape_string($_POST['name']);
$email = $_POST['email'];
$password = $_POST['password'];
$imagename = basename($_FILES['userfile']['name']);
$uploadedfile = $_FILES['userfile']['tmp_name'];
if (empty($imagename)) {
$error = 1;
echo "<h2 class='error'>The name of the image was not found.</h2>" . $back;
}
if ($error != 1 && $noimg != 1) {
$filename = stripslashes($_FILES['userfile']['name']);
$extension = substr(strrchr($filename, '.'), 1);
$extension = strtolower($extension);
}
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) {
echo '<h2 class="error">Error. Images Must Be Jpg, Gif, or Png Format! Please Go Back And Try Another Image.</h2>' . $back . '';
$errors = 1;
} else {
$time = time();
$newimage = "/photos/" . $time . $imagename;
$result = move_uploaded_file($_FILES['userfile']['tmp_name'], $newimage);
if (empty($result)) {
$error = 1;
echo "<h2 class='error'>There was an error uploading your image.</h2><br/>" . $back . "";
}
$date = date("Y/m/d H:i:s");
$query = "INSERT INTO classifieds (adid, title, description, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$Sell_by', '$name123', '$email', '$password', '$newimage', '$date', '0', '0')";
mysqli_query($query) or die(mysqli_error());
$pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1";
$query2 = mysqli_query($pullback) or die(mysqli_error());
while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
$newid = $row['adid'];
$pass = $row['pass'];
}
$url = "http://";
$url .= getenv("HTTP_HOST");
$Name = "AfterSwap";
$emailf = "noreply#afterswap.com";
$recipient = $email;
$mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team";
$subject = "AfterSwap Ad Details";
$headers = "From: " . $Name . " <" . $emailf . ">\r\n";
$headers .= "Content-type: text/html\r\n";
mail($recipient, $subject, $mail_body, $headers);
echo "<div align='justify'><div class='success'>Your listing '" . $name123 . "' Has Been Submitted Successfully! <br/><br/>Please take note: Your listing will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>";
}
} elseif (isset($_POST['upload'])) {
$title = mysqli_real_escape_string($title123);
$title123 = mysqli_real_escape_string($_POST['title']);
$description = mysqli_real_escape_string($description123);
$description123 = mysqli_real_escape_string($_POST['description']);
$Sell_by = $_POST['Sell_by'];
$name = mysqli_real_escape_string($name123);
$name123 = mysqli_real_escape_string($_POST['name']);
$email = $_POST['email'];
$password = $_POST['password'];
$date = date("Y/m/d H:i:s");
$query = "INSERT INTO classifieds (adid, title, description, cat, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$category', '$Sell_by', '$name123', '$email', '$password', 'images/noimage.jpg', '$date', '0', '0')";
mysqli_query($query) or die(mysqli_error());
$pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1";
$query2 = mysqli_query($pullback) or die(mysqli_error());
while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
$newid = $row['adid'];
$pass = $row['pass'];
}
$url = "http://";
$url .= getenv("HTTP_HOST");
$Name = "AfterSwap";
$emailf = "noreply#afterswap.com";
$recipient = $email;
$mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team";
$subject = "AfterSwap Ad Details";
$headers = "From: " . $Name . " <" . $emailf . ">\r\n";
$headers .= "Content-type: text/html\r\n";
mail($recipient, $subject, $mail_body, $headers);
echo "<div align='justify'><div class='success'>Thank you " . $name123 . ", your listing has been submitted successfully! <br/><br/>Please take note: Your isting will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>";
} else {
?>
/* HTML Form here */
<?PHP } ?>

Try this
Change this line
} elseif (isset($_POST['upload'])) {
to
} elseif (isset ( $_POST ['upload'] ) && empty($_FILES)) {

The only thing I can think of would be a if, elseif, or else being passed twice because the condition is being met twice. You may want to revise the code with better indentation, and checking when the elseif, if, and else blocks are passed. Also, it would be a really good idea to take the advice from the two people that commented on your post, MYSQLI is a great way to go! One more thing: You should never pass $_POST unsanitized!! Here is a short easy sanitization script!
MYSQLI:
foreach($_POST as $key=>$val)
$_POST[$key] = mysqli_real_escape_string($con, $val);
MYSQL:
foreach($_POST as $key=>$val)
$_POST[$key] = mysql_real_escape_string($con, $val);

Related

Send learners reminder email and admin

Below code should send email to learners but the code is giving me error:
"Fatal error: Call to undefined method mysqli_result::fetch() in /home/train4/public_html/hocotest/cron-email-expire-1.php on line 46"
I replaced fetch(PDO::FETCH_OBJ) with fetch_object() then the file runs fine no error but the learners are not getting emails.
there is 2 parts of this email,
1. it will send email to learners
2. Send email to admin that to whom the system have system have sent the email.
the second part run fine, admin get the email but there is no info to whom the system have sent emails to, as part 1 is not working.
I tried running the script without array, so the system send 1 email for each course, if the learners are enrolled in 7 courses and not completed 5 courses then they will get 5 emails.. it work fine. but i want to send only one email with all not completed course details.
<?php
include 'db.php';
function check_emailaddress($email) {
// First, we check that there is one # symbol, and that the lengths are right
if (!ereg("^[^#]{1,64}#[^#]{1,255}$", $email))
{
// Email invalid because wrong number of characters in one section, or wrong number of # symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("#", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++)
{
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i]))
{
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) // Check if domain is IP. If not, it should be valid domain name
{
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2)
{
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++)
{
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
{
return false;
}
}
}
return true;
}
$extraParam = "";
if (isset($_GET["ex"]) ) {
$extraParam = $_GET["ex"]."---";
}
//get system sender email address from settings table
$srs = $db->query("SELECT adminemail, systememail FROM tbl07systemsettings");
$srow = $srs->fetch(PDO::FETCH_OBJ);
$from = $srow->systememail; //"From: info#visiondesigngroup.ca\r\n";
$email_from = "From: $from\r\n";
$admin_email = "toralhc6#gmail.com";
$email_to = "" ;//"respite#safeguards-training.net";
$tempsql = "SELECT a06subject, a06templatebody, usetemplate FROM tbl06emailtemplates WHERE a06name = 'autoreminder'";
$rs = $db->query($tempsql);
$rowemail = $rs->fetch(PDO::FETCH_OBJ);
$usetemplate = $rowemail->usetemplate;
if ($usetemplate == 0) exit; // not send email if course reminder email template was set not to send email *************
$email_subject = $rowemail->a06subject;
//$from = "From: info#visiondesigngroup.ca\r\n";
$eb = $rowemail->a06templatebody;
$strSQL_expire = "SELECT * FROM tbl01user, tbl04usercourses, tbl03courses
WHERE a01User=a04UserId AND a03CourseId=a04CourseId
AND DATEDIFF(CURDATE(),a04StartDate) > 0 AND a04Completion=0
AND a01UserRoll=0 AND a01Status=1 AND a04Status=1";
$query = $db->query($strSQL_expire) or die ("Error querying database.<br>$strSQL_expire");
$nofinish = array();
$course = "";
$pre_email = "";
$pre_fn = "";
$n = 0;
while($email_row=$query->fetch(PDO::FETCH_OBJ)){
$fn = $email_row->a01FirstName;
$email = $email_row->a01Email;
$password = $email_row->a002password;
if ($pre_email == $email){
$course .= "web url" . $email_row->a03CourseName . "</a><br>";
$pre_email = $email;
$pre_fn = $fn;
$pre_password = $password;
}else{
$nofinish[] = array('firstname'=>$pre_fn, 'email'=>$pre_email, 'courses'=>$course, 'password'=>$pre_password);
$course = "web url" . $email_row->a03CourseName . "</a><br>";
$pre_email = $email;
$pre_fn = $fn;
$pre_password = $password;
}
}
$nofinish[] = array('firstname'=>$pre_fn, 'email'=>$pre_email, 'courses'=>$course, 'password'=>$pre_password);
array_shift($nofinish);
set_time_limit(600);
$eb1 = nl2br($eb);
$i = 0;
foreach($nofinish as $no){
$email_from = $from;
$email_address = $no['email'];
// $email_address = "lyan3000#gmail.com";
// if ($i++ >= 4) exit;
// need to comment the above two lines before go live***********************************************
$email_subject = "Course Completion Reminder";
$top = "<div style='font-family:Arial'>";
$top .= "<div style='background-color:#045FB4; color:white;width:100%;padding:10px 10px;'><h1>Service Centre</h1></div>";
$variable = array(
'{$firstname}' => $no['firstname'],
'{$course}' => $no['courses'],
'{$password}'=> $no['password'],
'{$email}'=> $no['email']
);
$email_body = strtr($eb1, $variable);
$bottom = "<p><img src='cid:logoimg'></p>";
$bottom .="<div style='background-color:#045FB4; height:25px;width:100%'> </div></div>";
$email_message = $top . $email_body . $bottom;
/*
echo $email_from . "<br>";
echo $email_address . "<br>";
echo $email_subject . "<br>";
echo $email_message;
echo "<hr>";
*/
if (mail($email_address, $email_subject, $email_message, $email_from))
{
//echo "Reminder email sent to: " . $no['firstname'] . "<br>";
echo "Yes. <br>";
}else{
//echo "Sorry, There is a mail server error. Please try it again later " . $no['firstname'] . "<br>";
echo "No. <br>";
}
}
$file_name = "record_for_cron_expire_email.txt";
$tz = 'EST';
$timestamp = time();
$dt = new DateTime("now", new DateTimeZone($tz)); //first argument "must" be a string
$dt->setTimestamp($timestamp); //adjust the object to correct timestamp
$date = $dt->format('Y-m-d h:i:s A');
$text = "This script runs on $date " . PHP_EOL;
file_put_contents ( $file_name , $text, FILE_APPEND);
//send summurized email to admin
$sql = "SELECT a06subject, a06templatebody FROM tbl06emailtemplates WHERE a06name = 'remindertoadmin'";
$rs = $db->query($sql);
$row = $rs->fetch_object();
$email_subject = $row->a06subject;
//$from = "From: $email_from\r\n";
$date = date('Y-m-d');
$eb = $row->a06templatebody;
$variable = array(
'{$learnerCourse}' => $learnercourse,
'{$date}' => $date
);
$email_body = strtr($eb, $variable);
mail($admin_email, $email_subject, $email_body, $email_from);
//SET inactive all expired courses
$expiredRightNow = date("Y-m-d");
$strSQL_setExpire = "UPDATE tbl04usercourses
SET a04Status = 0
WHERE a04ExpirationDate <= '$expiredRightNow'
AND a04Completion = 0";
$query = $db->query($strSQL_setExpire) or die ("Error querying database.<br>$strSQL_setExpire");
?>
mysqli_result::fetch_all() requires MySQL Native Driver (mysqlnd).
chances are you might be missing it.
have a look at this posts, that might help you.
mysqli fetch_all() not a valid function?
below is the minimal code I can think of:
$strSQL_expire = "SELECT * FROM tbl01user, tbl04usercourses, tbl03courses
WHERE a01User=a04UserId AND a03CourseId=a04CourseId
AND DATEDIFF(CURDATE(),a04StartDate) > 0 AND a04Completion=0
AND a01UserRoll=0 AND a01Status=1 AND a04Status=1";
$query = $db->query($strSQL_expire) or die ("Error querying database.<br>$strSQL_expire");
$nofinish = array();
$course = "";
$pre_email = "";
$pre_fn = "";
$n = 0;
while($email_row=$query->fetch(PDO::FETCH_OBJ)){
$fn = $email_row->a01FirstName;
$email = $email_row->a01Email;
$password = $email_row->a002password;
if ($pre_email == $email){
$course .= "web url" . $email_row->a03CourseName . "</a><br>";
$pre_email = $email;
$pre_fn = $fn;
$pre_password = $password;
}else{
$nofinish[] = array('firstname'=>$pre_fn, 'email'=>$pre_email, 'courses'=>$course, 'password'=>$pre_password);
$course = "web url" . $email_row->a03CourseName . "</a><br>";
$pre_email = $email;
$pre_fn = $fn;
$pre_password = $password;
}
}
$nofinish[] = array('firstname'=>$pre_fn, 'email'=>$pre_email, 'courses'=>$course, 'password'=>$pre_password);
array_shift($nofinish);
set_time_limit(600);
$eb1 = nl2br($eb);
$i = 0;
foreach($nofinish as $no){
$email_from = $from;
$email_address = $no['email'];
$email_subject = "Course Completion Reminder";
$top = "<div style='font-family:Arial'>";
$top .= "<div style='background-color:#045FB4; color:white;width:100%;padding:10px 10px;'><h1>Service Centre</h1></div>";
$variable = array(
'{$firstname}' => $no['firstname'],
'{$course}' => $no['courses'],
'{$password}'=> $no['password'],
'{$email}'=> $no['email']
);
$email_body = strtr($eb1, $variable);
$bottom = "<p><img src='cid:logoimg'></p>";
$bottom .="<div style='background-color:#045FB4; height:25px;width:100%'> </div></div>";
$email_message = $top . $email_body . $bottom;
if (mail($email_address, $email_subject, $email_message, $email_from))
{
echo "Yes. <br>";
}else{
echo "No. <br>";
}
}

Sending email with mixed data from both form inputs and database data

I am trying to send email of which one of the data is from database, i tried to look on some post here in stack-overflow but they were different;
I tried to send without the data from the database and it works fine,but after adding database fetch its not working
<?php
include 'include/connect.php';
if (isset($_POST['book2'])) {
$id = mysqli_real_escape_string($conn, $_GET['id']);
$sql = "SELECT room_price FROM room_details WHERE id='$id';";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$room_price = $row['room_price'];
$email = $_POST['email'];
$room_type = $_POST['room_type'];
$checkin = $_POST['checkin'];
$checkout = $_POST['checkout'];
$adults = $_POST['adults'];
$children = $_POST['children'];
$mailTo = "booking#johndoexxx.com";
$headers = "Guest sent e-mail from: " . $email;
$txt = "New booking received, room for " . $adults . " adults and " . $children . " child / children, reservation starts on " . $checkin . " up to " . $checkout . " whereby " . $room_type . " room is selected, Please respond to the sender!";
$heading = "New Booking!";
mail($mailTo, $heading, $headers, $txt);
header("Location: index.php?bookingsent");
}
}
} else {
echo "Booking failed to process!, observe your inputs carefully!";
}
?>
was expecting it will fetch data from form and will send the data into the targeted email.

how to send an emails to a list while updating MYSQL Database

i have wrote a php script to send an emails.In this script it checks whether current date is equal with the emailfly_date and email is = o.if that satisfies email will sent to the user.this script is working for one user at a one time.that if database has five records that that matches current criteria it sends the email only to the last id.what is the reason for this?
id
250
251
252
253
it will send the email only to the ID 253.but not to the others.
Here is mycode
<?php
include_once 'dbconnect.php';
$query = "SELECT ID,email, emailfly_date, CURRENT_DATE AS nowtime FROM xxx WHERE reqnum = '' AND email_sent = '0'";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result)) {
$regid = $row['ID'];
$activemail= $row['nowtime'];
/*echo $regid . '<br />';
echo $activemail. '<br />';*/
}
$query = mysql_query("SELECT ID, email, reqnum, emailfly_date, email_sent FROM xxx WHERE ID = '$regid' AND emailfly_date = '$activemail'");
$rowdata = mysql_fetch_array($query);
$ID = $rowdata['ID'];
$email = $rowdata['email'];
$reqnum = $rowdata['reqnum'];
$emailfly_date = $rowdata['emailfly_date'];
$email_sent = $rowdata['email_sent'];
if ($reqnum != '') {
/* echo "not sucess";*/
} elseif ($email_sent == '1') {
/* echo "email already sent";*/
} elseif ($email_sent == '1' && $reqnum != '') {
/* echo "no way to send";*/
}
elseif($email_sent == '0' && $reqnum == '' ){
$ulink = "http://xxx.eewfewt.net/tttt/yyyy.php?ID=$regid";
$to = $email;
$subject = 'hoo'; // Give the email a subject
$message = '
Thanks for Using Trial Version!
If You Wish to Continue with the Monthly Paid Package.
------------------------
Click Below
Site Renewal link: ' . $ulink . '
'.$emailfly_date.'
------------------------ ';
$headers .= 'From:werwerwer.aaa.net' . "\r\n";
$headers .= 'Bcc:ewrwerer.aaa.net' . "\r\n";
mail($to, $subject, $message, $headers);
$upadtequery = mysql_query("UPDATE xxx SET email_sent ='1' WHERE ID = '$regid'");
echo "sucess";
}
else{
echo "bye";
}
?>
From $query = mysql_query(.....bla...bla... to last else{
echo "bye";
} Put all this inside your while loop.
Also if you fetch data from same table try to use single query.
mysql_() is depreciated now. So try to use mysqli_()
include_once 'dbconnect.php';
$query = "SELECT ID,email, emailfly_date, CURRENT_DATE AS nowtime FROM xxx WHERE id in ('250','251','252','253') AND email_sent = '0'";
$result = mysql_query($query) or die(mysql_error());
while($rowdata = mysql_fetch_array($result))
{
$ID = $rowdata['ID'];
$email = $rowdata['email'];
$reqnum = $rowdata['reqnum'];
$emailfly_date = $rowdata['emailfly_date'];
$email_sent = $rowdata['email_sent'];
$ulink = "http://xxx.eewfewt.net/tttt/yyyy.php?ID=$regid";
$to = $email;
$subject = 'hoo'; // Give the email a subject
$message = '
Thanks for Using Trial Version!
If You Wish to Continue with the Monthly Paid Package.
------------------------
Click Below
Site Renewal link: ' . $ulink . '
'.$emailfly_date.'
------------------------ ';
$headers .= 'From:werwerwer.aaa.net' . "\r\n";
$headers .= 'Bcc:ewrwerer.aaa.net' . "\r\n";
mail($to, $subject, $message, $headers);
$upadtequery = mysql_query("UPDATE xxx SET email_sent ='1' WHERE ID = '$ID'");
echo "sucess";
}

Capture ip address of machine of the user

<?php
if (isset($_GET['action']) && ($_GET['action'] == 'submit')) {
$name = $_POST['name'];
$message = $_POST['message'];
$email = $_POST['email'];
$ip = $_SERVER["REMOTE_ADDR"];
$messageip = "User IP: $ip\n\n" . $messageip;
$sql = "SELECT * FROM tbl_user WHERE email = '" . $email . "'";
$query = mysql_query($sql);
$count = mysql_num_rows($query);
if ($count >= 1) {
echo "User Already in Exists<br/>";
} else {
$newUser = "INSERT INTO tbl_user(name,message,email,ip_address) values('$name','$message','$email','$messageip')";
$query2 = mysql_query($newUser);
if ($query2) {
echo "You are now registered<br/>";
} else {
echo "Error adding user in database<br/>";
}
}
echo $name . '<br/>';
echo $message . '<br/>';
echo $email . '<br/>';
echo $messageip . '<br/>';
}
?>
I am using this code to capture the ip address but i cannot get the machine ip of the particular user from which i can display the address by dynamically, so can anyone help me out on this topic?
You seem to be concatenating a wrong (empty) var.
Try changing this:
$messageip = "User IP: $ip\n\n" . $messageip;
to this:
$messageip = "User IP: $ip\n\n" . $ip;

MySQL/PHP will not insert into database

I've been trying to add an email confirmation system to my website when people sign up and create an account but it will not add the key and the user id in the database. The other problem I'm running across is I'm trying to send a confirmation email but the email does not send. It echo's "message sent successfully" but when I check the email I put in, it is not received. Thanks in advance for your help! And yes, I am aware that mysql is prone to sql injection, but I would like to figure this out with mysql.
Here is my code:
EDIT: I replaced $insert_confirm with $hin and I renamed the table confirm to email_confirmation to maybe get rid of reserved words but I'm still getting an error
<?php
require_once '../scripts2/app_config.php';
require_once '../scripts2/database_connection.php';
$upload_dir = HOST_WWW_ROOT . "/uploads/profile_pics/";
$image_fieldname = "user_pic";
$first_name = trim($_REQUEST['first_name']);
$last_name = trim($_REQUEST['last_name']);
$name = $first_name . " " . $last_name;
$username = trim($_REQUEST['username']);
$password = trim($_REQUEST['password']);
$email = trim($_REQUEST['email']);
$bio = trim($_REQUEST['bio']);
if(isset($_POST['submit1'])) {
if($_POST['picture'] == 'picture1') {
$radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387503042-autopicture2.png";
} else if($_POST['picture'] == 'picture2') {
$radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387547040-auto_pic_grey2.png";
} else if($_POST['picture'] == 'picture3') {
$radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387503042-autopicture2.png";
} else {
$radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387503042-autopicture2.png";
}
}
$bgcolor = "#FF0000";
$check_email = "SELECT `email`" .
" FROM users" .
" WHERE `email` = '$email'";
$query_email = mysql_query($check_email);
$check_username = "SELECT `username`" .
" FROM users" .
" WHERE `username` = '$username'";
$query_username = mysql_query($check_username);
if(mysql_num_rows($query_email)>0 || mysql_num_rows($query_username)>0 ) {
if(mysql_num_rows($query_email)>0) {
$email_msg = "This email is already taken: {$email}";
header("Location:signup2.php?error_message={$email_msg}");
} else if(mysql_num_rows($query_username)>0) {
$username_msg = "This username is already taken: {$username}";
header("Location:signup2.php?error_message={$username_msg}");
} else {
$msg = "This email and username is already taken: {$email} , {$username}";
header("Location:signup2.php?error_message={$msg}");
}
} else {
$insert_sql = sprintf("INSERT INTO users " .
"(first_name, last_name, name, username, " .
"password, email, " .
"bio, " .
"user_pic_path, bgcolor) " .
"VALUES ('%s', '%s', '%s', '%s', '%s', '%s',
'%s', '%s', '%s');",
mysql_real_escape_string($first_name),
mysql_real_escape_string($last_name),
mysql_real_escape_string($name),
mysql_real_escape_string($username),
mysql_real_escape_string(crypt($password, $username)),
mysql_real_escape_string($email),
mysql_real_escape_string($bio),
mysql_real_escape_string($radio_value),
mysql_real_escape_string($bgcolor));
//insert the user into the database
$insert_user = mysql_query($insert_sql);
$private_user_id = mysql_insert_id();
function generateRandomString($length = 20) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, strlen($characters) - 1)];
}
return $randomString;
}
$private_user_key = generateRandomString();
$hin = sprintf("INSERT INTO email_confirmation " .
"(user_id, key) " .
"VALUES (%d, '%s');",
mysql_real_escape_string($private_user_id),
mysql_real_escape_string($private_user_key));
//insert the user into the database
mysql_query($hin);
echo mysql_error();
$name = mysql_real_escape_string($_POST['name']);
$create_user_table = mysql_query("CREATE TABLE `".$email."` ( friend_id INT, friend_status INT)");
if($insert_user && $create_user_table) {
// Email the new user the confirmation key
$to = $email;
$subject = 'Welcome!';
$message = "
<html>
<head>
<title>Welcome!</title>
</head>
<body>
<p>Please click the following link to confirm your email:</p>
<p>Confirm Email</p>
</body>
</html>
";
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
$headers .= 'From: Admin <email#email.com>' . "\r\n";
// Mail it
$retval = mail($to, $subject, $message, $headers);
if( $retval == true )
{
echo "Message sent successfully...";
echo "\n" . $to . "\n" . $message . "\n" . "\n" . $subject;
}
else
{
echo "Message could not be sent...";
}
}
//Redirect this user to the page that displays user information
// $msg = "Please check your email to confirm your email address";
// header("Location: newuser_signinA.php?error_message={$msg}");
// exit();
}
?>

Categories