-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathformsubmit.php
107 lines (104 loc) · 3.04 KB
/
formsubmit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<?php
echo "<p id=\"server_reply\" >" ;
if ( $method === POST ) {
$inputs = filter_input_array( INPUT_POST, $filter );
if(empty($inputs['fb']) && $user==null){
echo "Facebook not verified.";
goto a;
}
if(empty($inputs['name'])){
echo "Name was empty or invalid";
goto a;
}
else{
$name = ucfirst(trim(htmlspecialchars(mysql_real_escape_string($inputs['name']))));
$result = mysql_query('SELECT * FROM users WHERE name="'.$name.'"');
if(mysql_num_rows($result)>=1){
echo "Name already exists";
goto a;
}
}
if(empty($inputs['email'])){
echo "Email was empty or invalid";
goto a;
}
else{
$email = ucfirst(trim(htmlspecialchars(mysql_real_escape_string($inputs['email']))));
$result = mysql_query('SELECT * FROM users WHERE email="'.$email.'"');
if(mysql_num_rows($result)>=1){
echo "Email already exists";
goto a;
}
}
if(empty($inputs['mobile'])){
echo "Mobile was not 10 digits.";
goto a;
}
else{
$result=mysql_query('SELECT * FROM users WHERE mobile="'.$inputs['mobile'].'"');
if(mysql_num_rows($result)>=1){
echo "Mobile already exists";
goto a;
}
}
if(empty($inputs['admn'])){
echo "Invalid Admission No.";
goto a;
}
else{
$admn=$_POST['year'].$inputs['admn'];
$result=mysql_query('SELECT * FROM users WHERE admn="'.$admn.'"');
if(mysql_num_rows($result)>=1){
echo "admn already exists";
goto a;
}
}
if(!filter_var($user_profile['email'], FILTER_VALIDATE_EMAIL))
{
$fbemail="[email protected]";
}
else
{
$fbemail=$user_profile['email'];
}
// Build our query here and check each variable with mysql_real_escape_string()
$query = sprintf("INSERT INTO users (fbid,name,fbname,email,fbemail,admn,mobile)
VALUES( '%s','%s','%s', '%s','%s','%s','%s')",
mysql_real_escape_string($user_profile['id']),
mysql_real_escape_string($name),
mysql_real_escape_string($user_profile['name']),
mysql_real_escape_string($email),
mysql_real_escape_string($fbemail),
mysql_real_escape_string($admn),
mysql_real_escape_string($inputs['mobile']));
// run the query
if(!mysql_query($query))
{
echo 'Query failed '.mysql_error();
goto a;
}
else
{
// if all is well we mail off a little thank you email. We know it is
// safe to do so because we have validated the email address.
/* $to='[email protected]';
$subject = 'rooboism Test';
$msg= 'name='.$user_profile['name'].' admn='.$admn.' mobile='.$inputs['mobile'];
$from= $email;
$headers="From:".$from;
if(!mail($to,$subject,$msg,$headers))
{
echo 'Unable to send confirmation mail';
}
else
{
echo 'Thank you for your submission, a confirmation email has bee sent to '.$userEmail;
}*/
$_SESSION['LoggedIn']=1;
$_SESSION['name']=$name;
header( 'location:/php_test/instruction.php' );
exit();
}
}
a: echo "</p>";
?>