Subject: ".$subject." Body: ".$body." Headers: ".$headers);
}
/*
Registers a users details into the database
*/
function RegisterUser($username, $password, $firstName, $lastName, $emailAddress, $parentsEmail
, $postcode, $dobday, $dobmonth, $dobyear, $gender, $randomhouseUpdates
, $stewartriddellUpdates, $competitionEntered)
{
$message = "";
$dbController = new Database();
$dbController->Connect();
// check to see if username already exists?
$result = $dbController->ExecuteCommand("SELECT username FROM Users WHERE username= '" . trim($username)."';");
if ($result != null)
{
$message = "The username '".$username."' is already in use, please try another.";
}
else
{
if ($randomhouseUpdates == "") {
$randomhouseUpdates = 0;
}
if ($stewartriddellUpdates == "") {
$stewartriddellUpdates = 0;
}
$result = $dbController->ExecuteCommand("INSERT INTO Users (username, password, firstName, lastName, emailAddress, parentsEmail, postcode, dobday, dobmonth, dobyear, gender, randomhouseUpdates, stewartriddellUpdates, competitionEntered) VALUES ('" . trim($username)."', '". $password."', '". $firstName.
"', '". $lastName."', '". trim($emailAddress)."', '". $parentsEmail
."', '". $postcode."', '". $dobday."', '". $dobmonth."', '". $dobyear."', '". $gender."', '". $randomhouseUpdates
."', '". $stewartriddellUpdates."', '".$competitionEntered."')");
// check if an error occured in writing the details to the database
if (mysql_error() != "")
{
$message = "There was an error trying to register your details, please try again.";
}
else
{
// Sucessful regisration
// send out user details to their email address
// and add user details to session
global $REGISTRATION_EMAIL;
SendMail($REGISTRATION_EMAIL, trim($emailAddress), "Stewart & Riddell registration", "Thank you for registering with us. Please find your
username and password below for future reference.
Username: ". $username.
" Password: ". $password, true);
// add user details to session
$user = new User($username, $password, $firstName, $lastName
,$emailAddress, $parentsEmail, $postcode
,$dobday, $dobmonth, $dobyear, $gender
,$randomhouseUpdates, $stewartriddellUpdates, 0);
SetSessionUser($user);
//$message = "Your details have been entered sucessfully.";
}
}
$dbController->Disconnect();
return $message;
}
/*
Logs a user out on the login page
*/
function Logout()
{
// expire the cookie
// clear user session
// and redirect to login page to refresh headers
setcookie ("loggedin", "", time() - 3600);
@ session_destroy();
RedirectTo("login.php");
}
/*
Checks if user is logged in or not
*/
function UserLoggedIn()
{
return isset($_COOKIE['loggedin']);
}
/*
Gets the user details stored in the session
*/
function GetSessionUser()
{
if (UserLoggedIn())
{
return unserialize($_SESSION[$USER_SESSION_ALIAS]);
}
else
{
return null;
}
}
/*
Sets the userdetails for the session
*/
function SetSessionUser($user)
{
$_SESSION[$USER_SESSION_ALIAS] = serialize($user) ;
}
/*
Logs user in. If credentials match then the page is redirected to it's specified origin
in the query string. If this is not available, then the redirection is to the homepage.
If login fails then it returns true, a flag to indicate login has failed.
The user is not redirected.
*/
function Login($username, $password)
{
$db = new Database();
$db->Connect();
$results = $db->ExecuteCommand("SELECT * FROM Users WHERE username = '" . $username . "' AND password = '" . $password . "';");
if ($results == null)
{
// login has failed
return true;
}
else
{
// set logged in cookie and expire in 1 hour
setcookie("loggedin", 1, time() + 3600);
//setcookie("loggedin", 1, time() + 3600, "/", "www.stewartandriddell.co.uk");
// set user details to session
$userDetails = mysql_fetch_array($results);
$user = new User($userDetails['username'], $userDetails['password'], $userDetails['firstName'],
$userDetails['lastName'], $userDetails['emailAddress'], $userDetails['parentsEmail'],
$userDetails['postcode'], $userDetails['dobday'], $userDetails['dobmonth'],
$userDetails['dobyear'], $userDetails['gender'], $userDetails['randomhouseUpdates'],
$userDetails['stewartriddellUpdates'], $userDetails['competitionEntered']);
$_SESSION['USER'] = serialize($user);
// append query string for redirect. Set default to redirect to homepage
$queryString = "?id=home";
if (isset ($_GET["id"]))
{
$queryString = "?id=" . $_GET["id"];
}
RedirectTo("login.php" . $queryString);
}
}
/*
Sets a user in the database as entered into the database
*/
function EnterUserIntoCompetition($username)
{
$message = "";
$dbController = new Database();
$dbController->Connect();
$result = $dbController->ExecuteCommand("UPDATE Users SET competitionEntered = 1 WHERE userName = '".$username."'");
//echo(mysql_affected_rows());
if (mysql_affected_rows() == 0)
{
$message = "There was problem adding your details to the competition. Please try again";
}
else
{
$message = "Your details were sucessfully added to the competion. Good luck!";
// now update session user
$user = GetSessionUser();
$user->competitionEntered = 1;
$_SESSION['USER'] = serialize($user);
global $competitionEntered;
$competitionEntered = 1;
}
$dbController->Disconnect();
return $message;
}
/*
Sends out a password reminder to
*/
function SendPasswordReminder($email)
{
$message = "";
$dbController = new Database();
$dbController->Connect();
$result = $dbController->ExecuteCommand("SELECT username,password FROM Users WHERE emailAddress = '".trim($email)."'");
//$row = $dbController->GetRowFromResults($result);
@ $row = mysql_fetch_array($result);
$dbController->Disconnect();
if ($row == null)
{
$message = "Sorry, we could not find your email address in our records";
}
else
{
global $REMINDER_FROM_EMAIL;
SendMail($REMINDER_FROM_EMAIL, trim($email), "Login reminder – Stewart & Riddell", "Your login details are detailed below:
Username: " . $row['username']."
Password: " . $row['password'], true);
$message = "A reminder of your password has been sent to your email address";
}
return $message;
}
/*
Compares one string to another and returns selected='selected' if true
*/
function isSelected($string, $comparison)
{
if ($string == $comparison) {
return "selected='selected'";
} else {
return "";
}
}
/*
Compares one string to another and returns checked='checked' if true
*/
function isChecked($string, $comparison)
{
if ($string == $comparison) {
return "checked='checked'";
} else {
return "";
}
}
?>
Paul Stewart and Chris Riddell - Sign up
