Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
164 lines (133 sloc) 6.3 KB
<?php
session_start();
$_SESSION["CustomerID"] = 0;
require("../dbCon.php");
//if posted data is not empty
if (!empty($_POST)) {
//If the username or password is empty when the user submits
//the form, the page will die.
//Using die isn't a very good practice, you may want to look into
//displaying an error message within the form instead.
//We could also do front-end form validation from within our Android App,
//but it is good to have a have the back-end code do a double check.
if (empty($_POST['CustomerID']) || empty($_POST['password1']) || empty($_POST['password2'])) {
// Create some data that will be the JSON response
$response["success"] = 0;
$response["message"] = "Please complete all required fields";
//die will kill the page and not execute any code below, it will also
//display the parameter... in this case the JSON data our Android
//app will parse
die(json_encode($response));
}
if ($_POST['password1'] <> $_POST['password2']){
$response["success"] = 0;
$response["message"] = "Password entries must match";
header("Location:register.php?message=matchrequired");
exit();
die(json_encode($response));
}
//if the page hasn't died, we will check with our database to see if there is
//already a user with the username specificed in the form. ":user" is just
//a blank variable that we will change before we execute the query. We
//do it this way to increase security, and defend against sql injections
try {
$query = "SELECT CustomerID FROM customers WHERE CustomerID = ?";
$stmt = $con->prepare($query);
$stmt ->bind_param("s", $_POST['CustomerID']);
$stmt ->execute();
$result = $stmt->get_result();
}
catch (PDOException $ex) {
// For testing, you could use a die and message.
//die("Failed to run query: " . $ex->getMessage());
//or just use this use this one to product JSON data:
$response["success"] = 0;
$response["message"] = "Database Error1. Please Try Again!";
header("Location:register.php?message=invalid");
exit();
die(json_encode($response));
}
//fetch is an array of returned data. If any data is returned,
//we know that the username is already in use, so we murder our
//page
$row = $result->fetch_assoc();
if ($row) {
// For testing, you could use a die and message.
//die("This username is already in use");
//You could comment out the above die and use this one:
$response["success"] = 0;
$response["message"] = "I'm sorry, this username is already in use";
header("Location:register.php?message=unavail");
exit();
die(json_encode($response));
}
//$query = "INSERT INTO person ( FirstName, LastName, Address, City, State, Country, PostalCode, Phone, Fax, Email ) VALUES ( :FirstName, :LastName, :Address, :City, :State, :Country, :PostalCode, :Phone, :Fax, :Email ) ";
$query = "INSERT INTO customers ( CustomerID, password, CompanyName, ContactName, ContactTitle, Address, City, Region, Country, Phone, Fax ) VALUES (?,?,?,?,?,?,?,?,?,?,?)";
try {
$stmt = $con->prepare($query);
$stmt ->bind_param("sssssssssss", $_POST['CustomerID'], $_POST['password1'], $_POST['CompanyName'], $_POST['ContactName'], $_POST['ContactTitle'],
$_POST['Address'], $_POST['City'], $_POST['Region'], $_POST['Country'], $_POST['Phone'], $_POST['Fax']);
$stmt ->execute();
//$conn->close();
//$stmt = $db->prepare($query);
//$result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
// For testing, you could use a die and message.
//die("Failed to run query: " . $ex->getMessage());
//or just use this use this one:
$response["success"] = 0;
$response["message"] = "Database Error2.5 Please Try Again!";
header("Location:register.php?message=invalid");
exit();
die(json_encode($response));
}
header("Location:login.php?message=success");
exit();
} else {
?>
<link rel="stylesheet" href="../style.css">
<body>
<div id='contentwrapper'>
<a href = "login.php"> <img src="http://mixvassallo.com/website/frontend/css/images/back-button.png" width='100' alt='Return' id = "backbutton"></a>
<h1 id=title> Customer Registration </h3>
<form action="register.php" method="post">
<div class="form-group">
<h1>Required</h1>
<label>User Name (5 characters or less)</label>
<input type="text" name="CustomerID" required id="CustomerID">
<label>Password</label>
<input type="password" name="password1" required id="password1">
<label>Re-enter Password</label>
<input type="password" name="password2" required id="password2">
</div>
<div class="form-group">
<h1>Optional</h1>
<label>Company Name</label>
<input type="text" name="CompanyName" id="CompanyName">
<label>Customer Name</label>
<input type="text" name="ContactName" id="ContactName">
<label>Contact Title</label>
<input type="text" name="ContactTitle" id="ContactTitle">
<label>Address</label>
<input type="text" name="Address" id="Address">
<label>City</label>
<input type="text" name="City" id="City">
<label>Region</label>
<input type="text" name="Region" id="Region">
<label>Postal Code</label>
<input type="text" name="PostalCode" id="PostalCode">
<label>Country</label>
<input type="text" name="Country" id="Country">
<label>Phone</label>
<input type="text" name="Phone" id="Phone">
<label>Fax</label>
<input type="text" name="Fax" id="Fax">
<input type="submit" id="submit">
</div>
</form>
</div>
</body>
<?php
}
?>
You can’t perform that action at this time.