133 register_fig.php
View file
@@ -1,85 +1,87 @@
<?php
include ('includes/header.php');
include('includes/print_messages.php');
require ('mysqli_connect.php');

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
require ('mysqli_connect.php');
$errors = array();
if (empty($_POST['name'])) {
$errors[] = 'You forgot to enter the figure name.';
} else {
if (strlen($_POST['name']) < 5) {
$errors[] = 'The name is too short.';
} else if (strlen($_POST['name']) > 50) {
$errors[] = 'The name is too long.';
if (check_cookie()) {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
require ('mysqli_connect.php');
$errors = array();
if (empty($_POST['name'])) {
$errors[] = 'You forgot to enter the figure name.';
} else {
$name = mysqli_real_escape_string($dbc, trim($_POST['name']));
if (strlen($_POST['name']) < 5) {
$errors[] = 'The name is too short.';
} else if (strlen($_POST['name']) > 50) {
$errors[] = 'The name is too long.';
} else {
$name = mysqli_real_escape_string($dbc, trim($_POST['name']));
}
}
}
if (empty($_POST['desc'])) {
$errors[] = 'You forgot to enter the figure description.';
} else {
if (strlen($_POST['desc']) > 1000) {
$errors[] = 'The description is too long.';
}else {
$desc = mysqli_real_escape_string($dbc, trim($_POST['desc']));
if (empty($_POST['desc'])) {
$errors[] = 'You forgot to enter the figure description.';
} else {
if (strlen($_POST['desc']) > 1000) {
$errors[] = 'The description is too long.';
}else {
$desc = mysqli_real_escape_string($dbc, trim($_POST['desc']));
}
}
}
if (empty($_POST['price'])) {
$errors[] = 'You forgot to enter the figure price.';
} else {
if ($_POST['price'] <= 0) {
$errors[] = 'The price must be more than 0.';
}else {
$price = mysqli_real_escape_string($dbc, trim($_POST['price']));
if (empty($_POST['price'])) {
$errors[] = 'You forgot to enter the figure price.';
} else {
if ($_POST['price'] <= 0) {
$errors[] = 'The price must be more than 0.';
}else {
$price = mysqli_real_escape_string($dbc, trim($_POST['price']));
}
}
}
if (empty($_POST['image'])) {
$errors[] = 'You forgot to enter the figure image.';
} else {
$pattern = "/(https?:\/\/.*\.(?:png|jpg|jpeg|gif))/";
if (preg_match ($pattern, trim($_POST['image']))) {
if (strlen(trim($_POST['image'])) <= 250) {
$image[] = mysqli_real_escape_string($dbc, trim($_POST['image']));
for ($i=0; !empty($_POST['image'.$i]); $i++) {
if (preg_match ($pattern, trim($_POST['image'.$i]))) {
if (strlen(trim($_POST['image'])) <= 250) {
$image[] = mysqli_real_escape_string($dbc, trim($_POST['image'.$i]));
if (empty($_POST['image'])) {
$errors[] = 'You forgot to enter the figure image.';
} else {
$pattern = "/(https?:\/\/.*\.(?:png|jpg|jpeg|gif))/";
if (preg_match ($pattern, trim($_POST['image']))) {
if (strlen(trim($_POST['image'])) <= 250) {
$image[] = mysqli_real_escape_string($dbc, trim($_POST['image']));
for ($i=0; !empty($_POST['image'.$i]); $i++) {
if (preg_match ($pattern, trim($_POST['image'.$i]))) {
if (strlen(trim($_POST['image'])) <= 250) {
$image[] = mysqli_real_escape_string($dbc, trim($_POST['image'.$i]));
}
}
}
$strimg = implode(",", $image);
} else {
$errors[] = 'The link is too long.';
}
$strimg = implode(",", $image);
} else {
$errors[] = 'The link is too long.';
}else {
$errors[] = 'The link is not an image.';
}
}else {
$errors[] = 'The link is not an image.';
}
}

if (empty($errors)) {
$uid = $_COOKIE['username'];
$q = "SELECT user_id FROM users WHERE username='$uid'";
$r = @mysqli_query($dbc, $q);
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
$id = $row['user_id'];
$q = "INSERT INTO figures (user_id, name, description, price, images, status, published) VALUES ('$id', '$name', '$desc', '$price', '$strimg', 0, NOW())";
$r = @mysqli_query ($dbc, $q);
if ($r) {
echo print_message('success', 'Thank you. We will review the register and post it as soon as posible.');
if (empty($errors)) {
$uid = $_COOKIE['username'];
$q = "SELECT user_id FROM users WHERE username='$uid'";
$r = @mysqli_query($dbc, $q);
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
$id = $row['user_id'];
$q = "INSERT INTO figures (user_id, name, description, price, images, status, published) VALUES ('$id', '$name', '$desc', '$price', '$strimg', 0, NOW())";
$r = @mysqli_query ($dbc, $q);
if ($r) {
echo print_message('success', 'Thank you. We will review the register and post it as soon as posible.');
} else {
echo print_message('danger', 'Something went wrong due to our system. Sorry for the inconvenience.');
echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>';
}
mysqli_close($dbc);
include ('includes/footer.html');
exit();
} else {
echo print_message('danger', 'Something went wrong due to our system. Sorry for the inconvenience.');
echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>';
}
mysqli_close($dbc);
include ('includes/footer.html');
exit();
} else {
foreach ($errors as $msg) {
echo print_message('danger', $msg);
foreach ($errors as $msg) {
echo print_message('danger', $msg);
}
}
}
}
?>
<div class="row text-center login-title">
<div class="col-sm-12 text-center">
@@ -142,5 +144,6 @@ function addImages() {
}
</script>
<?php
} else echo print_message('danger', 'You must be logged in to register a figure.');
include ('includes/footer.html');
?>
214 register_user.php
View file
@@ -2,132 +2,133 @@
include ('includes/header.php');
include('includes/print_messages.php');

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
require ('mysqli_connect.php');
$errors = array();
if (empty($_POST['email'])) {
$errors[] = 'You forgot to enter your email.';
} else {
$email = mysqli_real_escape_string($dbc, trim($_POST['email']));
}
if (empty($_POST['pwd1']) || empty($_POST['pwd2'])) {
$errors[] = 'You forgot to enter your password.';
} else {
if (strlen($_POST['pwd1']) < 5) {
$errors[] = 'The password is too short.';
} else if ($_POST['pwd1'] == $_POST['pwd2']) {
$pw = mysqli_real_escape_string($dbc, trim($_POST['pwd1']));
} else {
$errors[] = 'The passwords did not match.';
}
}
if (empty($_POST['username'])) {
$errors[] = 'You forgot to enter the username.';
} else {
if (5 > strlen($_POST['username'])) {
$errors[] = 'Username is too short.';
}else if (20 < strlen($_POST['username'])) {
$errors[] = 'Username is too long.';
if (!isset($_COOKIE['username'])) {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
require ('mysqli_connect.php');
$errors = array();
if (empty($_POST['email'])) {
$errors[] = 'You forgot to enter your email.';
} else {
$usr = mysqli_real_escape_string($dbc, trim($_POST['username']));
$email = mysqli_real_escape_string($dbc, trim($_POST['email']));
}
}
if (empty($_POST['firstname'])) {
$errors[] = 'You forgot to enter your first name.';
} else {
if (3 > strlen($_POST['firstname'])) {
$errors[] = 'The first name is too short.';
}else if (20 < strlen($_POST['firstname'])) {
$errors[] = 'The first name is too long.';
if (empty($_POST['pwd1']) || empty($_POST['pwd2'])) {
$errors[] = 'You forgot to enter your password.';
} else {
$fn = mysqli_real_escape_string($dbc, trim($_POST['firstname']));
if (strlen($_POST['pwd1']) < 5) {
$errors[] = 'The password is too short.';
} else if ($_POST['pwd1'] == $_POST['pwd2']) {
$pw = mysqli_real_escape_string($dbc, trim($_POST['pwd1']));
} else {
$errors[] = 'The passwords did not match.';
}
}
}
if (empty($_POST['lastname'])) {
$errors[] = 'You forgot to enter your last name.';
} else {
if (3 > strlen($_POST['lastname'])) {
$errors[] = 'The last name is too short.';
}else if (40 < strlen($_POST['lastname'])) {
$errors[] = 'The last name is too long.';
if (empty($_POST['username'])) {
$errors[] = 'You forgot to enter the username.';
} else {
$ln = mysqli_real_escape_string($dbc, trim($_POST['lastname']));
if (5 > strlen($_POST['username'])) {
$errors[] = 'Username is too short.';
}else if (20 < strlen($_POST['username'])) {
$errors[] = 'Username is too long.';
} else {
$usr = mysqli_real_escape_string($dbc, trim($_POST['username']));
}
}
}
if (empty($_POST['telephone'])) {
$errors[] = 'You forgot to enter your telephone.';
} else {
$pattern = "/^\d{9}$/";
if (preg_match ($pattern, trim($_POST['telephone']))) {
$t = mysqli_real_escape_string($dbc, trim($_POST['telephone']));
}else {
$errors[] = 'The telephone is invalid.';
if (empty($_POST['firstname'])) {
$errors[] = 'You forgot to enter your first name.';
} else {
if (3 > strlen($_POST['firstname'])) {
$errors[] = 'The first name is too short.';
}else if (20 < strlen($_POST['firstname'])) {
$errors[] = 'The first name is too long.';
} else {
$fn = mysqli_real_escape_string($dbc, trim($_POST['firstname']));
}
}
}
if (!empty($_POST['desc'])) {
if (strlen($_POST['desc']) <= 500) {
$d = mysqli_real_escape_string($dbc, trim($_POST['desc']));
if (empty($_POST['lastname'])) {
$errors[] = 'You forgot to enter your last name.';
} else {
$errors[] = 'The description is too long.';
if (3 > strlen($_POST['lastname'])) {
$errors[] = 'The last name is too short.';
}else if (40 < strlen($_POST['lastname'])) {
$errors[] = 'The last name is too long.';
} else {
$ln = mysqli_real_escape_string($dbc, trim($_POST['lastname']));
}
}
}else {
$d = '';
}
if (!empty($_POST['image'])) {
$pattern = "/(https?:\/\/.*\.(?:png|jpg|jpeg|gif))/";
if (preg_match ($pattern, trim($_POST['image']))) {
if (strlen(trim($_POST['image'])) <= 250) {
$img = mysqli_real_escape_string($dbc, trim($_POST['image']));
if (empty($_POST['telephone'])) {
$errors[] = 'You forgot to enter your telephone.';
} else {
$pattern = "/^\d{9}$/";
if (preg_match ($pattern, trim($_POST['telephone']))) {
$t = mysqli_real_escape_string($dbc, trim($_POST['telephone']));
}else {
$errors[] = 'The telephone is invalid.';
}
}
if (!empty($_POST['desc'])) {
if (strlen($_POST['desc']) <= 500) {
$d = mysqli_real_escape_string($dbc, trim($_POST['desc']));
} else {
$errors[] = 'The link image is too long.';
$errors[] = 'The description is too long.';
}
}else {
$errors[] = 'The link is not an image.';
$d = '';
}
} else {
$img = '';
}

if (empty($errors)) {
$q = "SELECT COUNT(user_id) AS total FROM users WHERE username='$usr' OR email='$email'";
$r = @mysqli_query ($dbc, $q);
$num = mysqli_num_rows($r);
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
if ($row['total'] > 0) {
echo print_message('danger', 'The username and/or email are/is already taken.');
} else {
if ($d == '') {
if ($img == '') {
$q = "INSERT INTO users (username, first_name, last_name, email, telephone, pass, image, description, registration_date) VALUES ('$usr', '$fn', '$ln', '$email', '$t', SHA1('$pw'), DEFAULT, DEFAULT, NOW())";
if (!empty($_POST['image'])) {
$pattern = "/(https?:\/\/.*\.(?:png|jpg|jpeg|gif))/";
if (preg_match ($pattern, trim($_POST['image']))) {
if (strlen(trim($_POST['image'])) <= 250) {
$img = mysqli_real_escape_string($dbc, trim($_POST['image']));
} else {
$q = "INSERT INTO users (username, first_name, last_name, email, telephone, pass, image, description, registration_date) VALUES ('$usr', '$fn', '$ln', '$email', '$t', SHA1('$pw'), '$img', DEFAULT, NOW())";
$errors[] = 'The link image is too long.';
}
}else {
$errors[] = 'The link is not an image.';
}
} else {
$img = '';
}

if (empty($errors)) {
$q = "SELECT COUNT(user_id) AS total FROM users WHERE username='$usr' OR email='$email'";
$r = @mysqli_query ($dbc, $q);
$num = mysqli_num_rows($r);
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
if ($row['total'] > 0) {
echo print_message('danger', 'The username and/or email are/is already taken.');
} else {
if ($img == '') {
$q = "INSERT INTO users (username, first_name, last_name, email, telephone, pass, image, description, registration_date) VALUES ('$usr', '$fn', '$ln', '$email', '$t', SHA1('$pw'), DEFAULT, '$d', NOW())";
if ($d == '') {
if ($img == '') {
$q = "INSERT INTO users (username, first_name, last_name, email, telephone, pass, image, description, registration_date) VALUES ('$usr', '$fn', '$ln', '$email', '$t', SHA1('$pw'), DEFAULT, DEFAULT, NOW())";
} else {
$q = "INSERT INTO users (username, first_name, last_name, email, telephone, pass, image, description, registration_date) VALUES ('$usr', '$fn', '$ln', '$email', '$t', SHA1('$pw'), '$img', DEFAULT, NOW())";
}
} else {
if ($img == '') {
$q = "INSERT INTO users (username, first_name, last_name, email, telephone, pass, image, description, registration_date) VALUES ('$usr', '$fn', '$ln', '$email', '$t', SHA1('$pw'), DEFAULT, '$d', NOW())";
} else {
$q = "INSERT INTO users (username, first_name, last_name, email, telephone, pass, image, description, registration_date) VALUES ('$usr', '$fn', '$ln', '$email', '$t', SHA1('$pw'), '$img', '$d', NOW())";
}
}
$r = @mysqli_query ($dbc, $q);
if ($r) {
echo print_message('success', 'Thank you. You can now sign in and register your figures to sell or buy some of them!');
} else {
$q = "INSERT INTO users (username, first_name, last_name, email, telephone, pass, image, description, registration_date) VALUES ('$usr', '$fn', '$ln', '$email', '$t', SHA1('$pw'), '$img', '$d', NOW())";
echo print_message('danger', 'Something went wrong due to our system. Sorry for the inconvenience.');
echo '<p>'.mysqli_error($dbc).'<br /><br />Query: '.$q.'</p>';
}
}
$r = @mysqli_query ($dbc, $q);
if ($r) {
echo print_message('success', 'Thank you. You can now sign in and register your figures to sell or buy some of them!');
} else {
echo print_message('danger', 'Something went wrong due to our system. Sorry for the inconvenience.');
echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>';
mysqli_close($dbc);
include ('includes/footer.html');
exit();
}
} else {
foreach ($errors as $msg) {
echo print_message('danger', $msg);
}
mysqli_close($dbc);
include ('includes/footer.html');
exit();
}
} else {
foreach ($errors as $msg) {
echo print_message('danger', $msg);
}
}
}
?>
<div class="row text-center login-title">
?>
<div class="row text-center login-title">
<div class="col-sm-12 text-center">
<h1 style="color: #8E44AD; font-size: 4em; text-align: center !important;">Register</h1>
</div>
@@ -208,6 +209,7 @@
</form>
</div>
</div>
<?php
<?php
} else echo print_message('danger', 'You cannot register being logged in.');
include ('includes/footer.html');
?>