Click here to continue.";
$showSignupForm = false;
}
// process form
if (@$_REQUEST['save']) {
// error checking
$errorsAndAlerts = "";
if (!@$_REQUEST['fullname']) { $errorsAndAlerts .= "You must enter your full name!
\n"; }
if (!@$_REQUEST['email']) { $errorsAndAlerts .= "You must enter your email!
\n"; }
else if(!isValidEmail(@$_REQUEST['email'])) { $errorsAndAlerts .= "Please enter a valid email (example: user@example.com)
\n"; }
if (!@$_REQUEST['username']) { $errorsAndAlerts .= "You must choose a username!
\n"; }
// check for duplicate usernames and emails
if (!$errorsAndAlerts) {
$count = mysql_select_count_from('accounts', "`username` = '".mysql_escape(@$_REQUEST['username'])."'");
if ($count > 0 && @$_REQUEST['username']) { $errorsAndAlerts .= "That username is already in use, please choose another!
\n"; }
$count = mysql_select_count_from('accounts', "'".mysql_escape($_REQUEST['email'])."' IN (email, username)");
if ($count > 0) { $errorsAndAlerts .= "That email is already in use, please choose another!
\n"; }
}
// turn off strict mysql error checking for: STRICT_ALL_TABLES
mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later)
// add user
if (!$errorsAndAlerts) {
$_REQUEST['password'] = substr(md5(uniqid(rand(), true)), 15); // example output: c5560251ef0b3eef9
mysql_query("INSERT INTO `{$TABLE_PREFIX}accounts` SET
fullname = '".mysql_escape( $_REQUEST['fullname'] )."',
email = '".mysql_escape( $_REQUEST['email'] )."',
username = '".mysql_escape( $_REQUEST['username'] )."',
password = '".mysql_escape( $_REQUEST['password'] )."',
disabled = '0',
isAdmin = '0',
expiresDate = '0000-00-00 00:00:00',
neverExpires = '1',
createdDate = NOW(),
updatedDate = NOW(),
createdByUserNum = '0',
updatedByUserNum = '0'")
or die("MySQL Error Creating Record:
\n". htmlspecialchars(mysql_error()) . "\n");
$userNum = mysql_insert_id();
// create accesslist entry
// replace '_sample' with the table you want the user to access
// replace '6' with the access level they should have: 0=none, 6=author, 9=editor
// replace '1' with the max listings they are allowed
mysql_query("INSERT INTO `{$TABLE_PREFIX}_accesslist`
(userNum, tableName, accessLevel, maxRecords, randomSaveId)
VALUES ($userNum, 'all', '1', NULL, '1234567890'),
($userNum, '_sample', '6', 1, '1234567890'),
($userNum, '_sample', '6', 1, '1234567890'),
($userNum, '_sample', '6', 1, '1234567890')") or die("MySQL Error Creating Access List:
\n". htmlspecialchars(mysql_error()) . "\n");
//
_websiteLogin_sendSignupMessage();
$errorsAndAlerts = "Thanks, We've created an account for you and emailed you your password.
\n";
$errorsAndAlerts .= "If you don't receive an email from us within a few minutes check your spam filter for messages from {$SETTINGS['adminEmail']}
\n";
$errorsAndAlerts .= "Click here to login.";
$_REQUEST = array(); // clear form values
$showSignupForm = false;
}
}
?>
Sample User Signup Form