100, "lastname" => 30, "firstname" => 30, "ssnein" => 11, "ssnein2" => 11, "email" => 50, "address1" => 100, "city" => 50, "state" => 20, "zip" => 5, "username" => 20, "password" => 20, "password2" => 20, ); foreach (array_keys($fields) as $x) { if ( (isset($_POST[$x])) and (ctype_space($_POST[$x])) ) { show_registration_form("One of the required fields is blank."); die(); } } // Truncate to specified length foreach (array_keys($fields) as $y) { $_POST[$y] = substr($_POST[$y], 0, $fields[$y]); } $optional_fields = array("address2" => 100 ); foreach (array_keys($optional_fields) as $y) { $_POST[$y] = substr($_POST[$y], 0, $optional_fields[$y]); } // Check that SSNEIN & Password confirm fields match if (strcasecmp($_POST['ssnein'], $_POST['ssnein2'])) { show_registration_form("SSN/EIN entries do not match."); die(); } if (strcasecmp($_POST['password'], $_POST['password2'])) { show_registration_form("Passwords do not match."); die(); } // check if username exists in database. $_POST['username'] = trim(strip_tags($_POST['username'])); if (!get_magic_quotes_gpc()) { //$_POST['username'] = addslashes($_POST['username']); $_POST['username'] = mysql_escape_string($_POST['username']); } $username_check = $dbh->query("SELECT username FROM affiliates WHERE username = '".$_POST['username']."'"); if (!$username_check) { die($dbh->getError()); } $name_in_use = $dbh->num_rows($username_check); if ($name_in_use != 0) { $message = 'Sorry, the username ' . $_POST['username'] . ' is already in use, please pick another one.'; show_registration_form($message); die(); } // check e-mail format if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email']) || preg_match("/(<|>)/", $_POST['email']) ) { show_registration_form("Invalid e-mail address."); die(); } // Check phone number format if (!preg_match("/\d{3}-\d{3}-\d{4}/", $_POST['phone'])) { show_registration_form("Invalid phone number. Please use XXX-XXX-XXXX"); die(); } if (!ctype_digit($_POST['zip'])) { show_registration_form("Invalid zip code."); die(); } // Check SSN/EIN format if ( (!preg_match("/\d{3}-\d{2}-\d{4}/", $_POST['ssnein'])) //|| //(!preg_match("/\d{2}-\d{7}/", $_POST['ssnein'])) ) { show_registration_form("Invalid SSN/EIN. Please use XXX-XX-XXXX (SSN) or XX-XXXXXXX (EIN)."); die(); } // Passed all checks // no HTML tags // strip whitespace before and after $_POST['firstname'] = trim(strip_tags($_POST['firstname'])); $_POST['lastname'] = trim(strip_tags($_POST['lastname'])); $_POST['address1'] = trim(strip_tags($_POST['address1'])); $_POST['address2'] = trim(strip_tags($_POST['address2'])); $_POST['city'] = trim(strip_tags($_POST['city'])); $_POST['state'] = trim(strip_tags($_POST['state'])); $_POST['zip'] = trim(strip_tags($_POST['zip'])); $_POST['phone'] = trim(strip_tags($_POST['phone'])); $_POST['password'] = trim(strip_tags($_POST['password'])); $_POST['ssnein'] = trim(strip_tags($_POST['ssnein'])); $_POST['email'] = trim(strip_tags($_POST['email'])); // Get rid of '-' $_POST['phone'] = preg_replace("/-/", "", $_POST['phone']); $_POST['ssnein'] = preg_replace("/-/", "", $_POST['ssnein']); if (!get_magic_quotes_gpc()) { // Escape any funny stuff $_POST['firstname'] = mysql_escape_string($_POST['firstname']); $_POST['lastname'] = mysql_escape_string($_POST['lastname']); $_POST['address1'] = mysql_escape_string($_POST['address1']); $_POST['address2'] = mysql_escape_string($_POST['address2']); $_POST['city'] = mysql_escape_string($_POST['city']); $_POST['state'] = mysql_escape_string($_POST['state']); $_POST['zip'] = mysql_escape_string($_POST['zip']); $_POST['phone'] = mysql_escape_string($_POST['phone']); // $_POST['username'] was already escaped above $_POST['password'] = mysql_escape_string($_POST['password']); $_POST['ssnein'] = mysql_escape_string($_POST['ssnein']); $_POST['email'] = mysql_escape_string($_POST['email']); } // Encrypt password & SSNEIN $_POST['ssnein'] = base64_encode(my_encrypt($_POST['ssnein'], C_KEY)); $_POST['password'] = base64_encode(my_encrypt($_POST['password'], C_KEY)); // now we can add them to the database. /* if (!get_magic_quotes_gpc()) { $_POST['firstname'] = addslashes($_POST['firstname']); $_POST['lastname'] = addslashes($_POST['lastname']); $_POST['address1'] = addslashes($_POST['address1']); $_POST['address2'] = addslashes($_POST['address2']); $_POST['city'] = addslashes($_POST['city']); $_POST['state'] = addslashes($_POST['state']); $_POST['zip'] = addslashes($_POST['zip']); $_POST['phone'] = addslashes($_POST['phone']); $_POST['username'] = addslashes($_POST['username']); $_POST['password'] = addslashes($_POST['password']); $_POST['ssnein'] = addslashes($_POST['ssnein']); $_POST['email'] = addslashes($_POST['email']); } */ $regdate = date('U'); $insert = array(); $insert['name'] = $_POST['firstname'] . " " . $_POST['lastname']; $insert['address1'] = $_POST['address1']; $insert['address2'] = $_POST['address2']; $insert['city'] = $_POST['city']; $insert['state'] = $_POST['state']; $insert['zip'] = $_POST['zip']; $insert['phone'] = $_POST['phone']; $insert['username'] = $_POST['username']; $insert['password'] = $_POST['password']; $insert['ssnein'] = $_POST['ssnein']; $insert['email'] = $_POST['email']; $insert['date_applied'] = date('Y-m-d'); $insert['email_updates'] = '0'; $insert['partner_emails'] = '0'; // Newsletters/emails if ( (isset($_POST['updates']) and ($_POST['updates'] == "on"))) $insert['email_updates'] = 1; if ( (isset($_POST['partners']) and ($_POST['partners'] == "on"))) $insert['partner_emails'] = 1; /* print "
"; print_r($_POST);
print "

"; print_r($insert); print "
Password: "; print my_decrypt(base64_decode($_POST['ssnein']), C_KEY); exit; */ $add = $dbh->insert("affiliates", $insert); if (!$add) { $message = "Error inserting new affiliate record \n" . $dbh->getError() . "\n"; while (list($key, $val) = each($insert)) { $message .= "$key => $val\n"; } mail($owner, "Database Insert error", $message, "From: affiliate@{$_SERVER['SERVER_NAME']}\r\n" . "Reply-To: affiliate@{$_SERVER['SERVER_NAME']}\r\n" . "X-Mailer: PHP/" . phpversion()); include_once('../core/show_message.inc'); show_message("An error has occurred during your registration.

The administrator has been notified."); unset($insert); die(); } else { // Registration is successful unset($insert); // Subscribe them to Tigerhost mail("thlist-subscribe@tigerhost.com", "subscribe", "subscribe", "From: {$_POST['email']}\r\n" . "Reply-To: {$_POST['email']}\r\n" . "X-Mailer: PHP/" . phpversion()); $message="Thank you for becoming a Tigerhost affiliate! You'll find it a very\n"; $message.="rewarding program. In addition to helping save Tigers, you'll be\n"; $message.="earning money yourself!\n\n"; $message.="Your Affiliate ID is: " . $_POST['username'] . "\n\n"; $message.="You can use your Affiliate ID to log into the Tigerhost web site, and\n"; $message.="see who you've referred, and what to expect for your next quarterly\n"; $message.="payments.\n\n"; $message.="If you have any questions regarding the affiliate program, please don't\n"; $message.="hesitate to send an email to support@tigerhost.com.\n\n"; $message.="Thanks again for joining, and we're looking forward to working with you\n"; $message.="to help save Tigers!\n\n"; $message.="Sincerely,\n\n"; $message.="The Tigerhost Team"; // Send thank you email mail($_POST['email'], "Tigerhost Welcomes You!", $message, "From: support@tigerhost.com\r\n" . "Reply-To: support@tigerhost.com\r\n" . "X-Mailer: PHP/" . phpversion()); // Send email to Tom with details preg_match_all('/^(\d{3})(\d{3})(\d{4})$/', $_POST['phone'], $phone); $message = "Affiliate ID: " . $_POST['username'] . "\n\n" . "Name: " . $_POST['firstname'] . " " . $_POST['lastname'] . "\n" . "Address: " . stripslashes($_POST['address1']) . "\n" . " " . stripslashes($_POST['address2']) . "\n" . "City: " . $_POST['city'] . "\n" . "State: " . $_POST['state'] . "\n" . "Zip: " . $_POST['zip'] . "\n" . "Phone: " . $phone[1][0] . "-" . $phone[2][0] . "-" . $phone[3][0] . "\n" . "Email: " . $_POST['email'] . "\n"; mail($owner, "New Affiliate Info", $message, "From: support@tigerhost.com\r\n" . "Reply-To: support@tigerhost.com\r\n" . "X-Mailer: PHP/" . phpversion()); include_once('../core/show_message.inc'); show_message("Thank you for registering as an affiliate. You will receive an email from the Tigerhost Affiliate Program shortly."); die(); } } // END if (isset($_POST['submit'])) else { // Form hasn't been submitted. Show signup form. show_registration_form($message); } function show_registration_form($message=NULL) { // Display signup form include('affiliate_signup.inc'); } ?>