-
Notifications
You must be signed in to change notification settings - Fork 0
/
registration_validation.php
88 lines (74 loc) · 2.09 KB
/
registration_validation.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
//session_start();
?>
<!-- Stores images into a dababase table converts to binary -->
<?php
$msgResult = array();
$error_flag = 0;
$imageMaxSize = 2 * 1024 * 1024; // 2 MB
$destination = __DIR__ . "\image_temp\\";
//$upload->allowAllTypes();
include("includes/header.php");
include("includes/utility.class.php");
include("includes/config.class.php");
include("includes/db.class.php");
require_once("functions/ep_function.php");
$config = new config();
$db = new db($config);
$db->openConnection();
if(isset($_POST['register']))
{
// add the upload class
require("includes/uploadfile.class.php");
$username = $db->stringEscape($_POST['username']);
$password = $db->stringEscape($_POST['password']);
$password_again = $db->stringEscape($_POST['password_again']);
$email = $db->stringEscape($_POST['email']);
string_validation($username, 8, 15);
//if password matches the retype, encrypt the user's password
if ($password == $password_again)
{
//password encryption
$crypt_password = password_encrypt($password);
}
else
{
$error_flag++;
}
$temp = explode(".", $_FILES["avatar"]["name"]);
$extension = end($temp);
$destination .="$username\\";
// try to create a new upload object
try{
$upload = new UploadFile($destination, "image");
$upload->setMaxSize($imageMaxSize);
$upload->upload(false);
$filename = $upload->getFilename();
$msgResult = $upload->getmessages();
}catch (Exception $e) {
$msgResult[] = $e->getMessage();
}
//upload user and avatar to db
if ($error_flag == 0)
{
$query = "CALL add_user('" . $username . "', '" . $crypt_password . "' ,'" . $filename ."' , '" . $extension . "' , '" . $email . "' , '". date('Y-m-d') ."' )";
if ($result = $db->query($query))
{
$_SESSION['user']= $username;
echo "<script> location.href=\"account.php\" </script>";
if(isset($msgResult))
{
foreach($msgResult as $msg)
{
echo $msg . "*";
}
}
}
else
{
echo "<script> location.href=\"registration.php\" </script>";
$_SESSION['error'] = $msgResult;
}
}
}
?>