trying to add some validation to make sure all forms are filled out and i am runing into snag. it is still allowing registration even though all fields arent filled out.
can anyone lend a hand?
here is the code:
// add user
if($action=='addUser')
{
$username = $_POST['uname'];
$password = $_POST['pwd'];
$password2 = $_POST['pwd2'];
$company = $_POST['company'];
$fullname = $_POST['fullname'];
$email = $_POST['email'];
$city = $_POST['city'];
$state = $_POST['state'];
$phone = $_POST['phone'];
$referredby = $_POST['referredby'];
if(!isset($_POST['uname']) || !isset($_POST['pwd']) || !isset($_POST['company']) || !isset($_POST['fullname']) || !isset($_POST['email']) || !isset($_POST['city']) || !isset($_POST['state']) || !isset($_POST['phone']) || !isset($_POST['referredby']))
{
header("Location: index.php?id=92&p=yo");
}
if($username!='')
{
if($password==$password2)
{
$conn = mysql_connect("$dbhost","$dbuser","$dbpass") or die ("Cant connect to Database");
$db = mysql_select_db("$dbname") or die ("database gone.");
$sql1 = "INSERT INTO etomite_web_users (id, username, password) VALUES ('NULL', '$username', MD5('$password'))";
$result1 = mysql_query($sql1) or die ("SQL1 not working, couldn't insert user into db");
if($result1)
{
$id = mysql_insert_id();
$sql3 = "INSERT INTO etomite_web_user_attributes (id, internalKey, company, fullname, email, city, state, phone, referredby) VALUES ('NULL', '$id', '$company', '$fullname', '$email', '$city', '$state', '$phone', '$referredby')";
$result3 = mysql_query($sql3) or die ("SQL3 not working, unable to add user attributes");
if($result3)
{
$sql4 = "INSERT INTO etomite_web_groups (id, webgroup, webuser) VALUES ('NULL', '1', '$id')";
$result4 = mysql_query($sql4) or die ("SQL4 not working, unable to add group attributes");
if($result4)
{
$sql5 = "INSERT INTO etomite_web_user_settings (webuser, setting_name, setting_value) VALUES ('$id', 'login_home', '81')";
$result5 = mysql_query($sql5) or die ("SQL5 not working, unable to add user settings");
if($result4)
{
$sender = '[email protected]';
$emailto = '[email protected]';
$sub = 'New xxxx User Created';
$sub2 = 'Your xxxx Login Credentials';
$message = $fullname." has just signed up to xxx xxx The new users information is listed below."."\n\n"."Username = $username"."\n\n"."Company Name = $company"."\n\n"."Full Name = $fullname"."\n\n"."Email Address = $email"."\n\n"."City = $city"."\n\n"."State = $state"."\n\n"."Phone Number = $phone"."\n\n"."Referred By = $referredby"."\n\n";
$message2 = "Welcome ".$fullname.". Thank you for signing up to xxx xxx Your login information is listed below."."\n\n"."Username = $username"."\n\n"."Password = $password"."\n\n"."HOME PAGE: http://www.xxx.com/"."\n\n";
$header = "From: ".$sender."\n";
$header .= "Reply-To: ".$sender."\n";
mail($emailto, $sub, $message, $header);
mail($email, $sub2, $message2, $header);
header("Location: index.php?id=74");
}
}
}
}
}
else
{
header("Location: index.php?id=80");
}
}
else
{
header("Location: index.php?id=92");
}
}