-
Notifications
You must be signed in to change notification settings - Fork 5
/
dealer_register.php
159 lines (146 loc) · 4.96 KB
/
dealer_register.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
<?php
if(isset($_POST["dealerRegister"]))
{
include("dbconnect.php");
//Prepared statement to prevent SQL injection
$dealer_insert= "INSERT INTO DEALER (DName, PhoneNo, Website, D_Email) VALUES (?,?,?,?)";
$d_name = mysqli_real_escape_string($conn, $_REQUEST['D_name']);
$d_phoneno = mysqli_real_escape_string($conn, $_REQUEST['phone_no']);
$d_website = mysqli_real_escape_string($conn, $_REQUEST['website']);
$d_email = mysqli_real_escape_string($conn, $_REQUEST['D_email']);
$d_password = mysqli_real_escape_string($conn, $_REQUEST['D_password']);
if($stmt= mysqli_prepare($conn, $dealer_insert) )
{
//Bind the variables to prepared statements as parameters
mysqli_stmt_bind_param($stmt, "ssss", $d_name, $d_phoneno, $d_website, $d_email);
//Execute the statement
if(mysqli_stmt_execute($stmt))
{
//echo "Inserted successfully";
}
else
{
echo "Error: Could not execute the query: " . mysqli_error($conn);
header("Location: error.php");
}
}
else
{
echo "Error: Could not prepare the query: " . mysqli_error($conn);
header("Location: error.php");
}
//fetching userid
$info_query = "SELECT dealerID FROM dealer where d_email = '$d_email'";
$info_result = mysqli_query($conn, $info_query);
$info = mysqli_fetch_array($info_result, MYSQLI_ASSOC);
$dealerid = $info['dealerID'];
//inserting into branch
$branch_count = 1;
$branch = "";
$location = "";
if(isset($_POST['branch'.$branch_count.'']))
{
$branch = mysqli_real_escape_string($conn,$_POST['branch'.$branch_count.'']);
}
if(isset($_POST['location'.$branch_count.'']))
{
$location = mysqli_real_escape_string($conn,$_POST['location'.$branch_count.'']);
}
$branch_insert = "INSERT INTO branch VALUES (?,?,?)";
if($stmt = mysqli_prepare($conn, $branch_insert))
{
while($branch !== '' && $location !== '')
{
mysqli_stmt_bind_param($stmt, "iss", $dealerid, $branch, $location);
if(mysqli_stmt_execute($stmt))
{
echo "Branch $branch_count Inserted successfully";
$branch_count++;
$branch = "";
$location = "";
if(isset($_POST['branch'.$branch_count.'']))
{
$branch = mysqli_real_escape_string($conn,$_POST['branch'.$branch_count.'']);
}
if(isset($_POST['location'.$branch_count.'']))
{
$location = mysqli_real_escape_string($conn,$_POST['location'.$branch_count.'']);
}
if($branch === '' || $location === '')
{
$branch_count--;
}
}
else
{
echo "Error: Could not execute the query: " . mysqli_error($conn);
header("Location: error.php");
}
}
}
else
{
echo "Error: Could not prepare the query: " . mysqli_error($conn);
header("Location: error.php");
}
//Inserting into dealer login
$dealer_login = "INSERT INTO DEALER_LOGIN (D_Email, Password, vkey) VALUES (?, ?, ?)";
$vkey = md5(time().$d_name);
if($stmt = mysqli_prepare($conn, $dealer_login))
{
mysqli_stmt_bind_param($stmt, "sss", $d_email, $d_password, $vkey);
if(mysqli_stmt_execute($stmt))
{
echo "Login insertion successful";
//Sending verification email
$subject = "Rustom Email Verification";
$message = "Hello $d_name, you are one step away from Rustoming! <a href= 'https://localhost/CARS/verify.php?vkey=$vkey'>Click Here</a> to verify your email address and activate your account!";
$headers = "From: [email protected]" . "\r\n";
// Always set content-type when sending HTML email
$headers .= "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
if(mail($d_email,$subject,$message,$headers))
{
header("Location: thankyou.php");
}
else
{
header("Location: error.php");
}
/*$login_time = "UPDATE DEALER_LOGIN SET lastloggedintime = CURRENT_TIMESTAMP() WHERE D_Email = '$d_email'" ;
$retval = mysqli_query($conn, $login_time);
if($retval)
{
//echo "Updated Successfully";
session_start();
//storing the necessary information in session
$_SESSION['userid'] = $dealerid;
$_SESSION['username'] = $d_name;
$_SESSION['email'] = $email;
$_SESSION['usertype'] = 'dealer';
$_SESSION['logged_in'] = true;
header("Location: dealer_index.php");
}
else
{
echo "Error: Could not update: ". mysqli_error($conn);
header("Location: error.php");
}*/
}
else
{
echo "Error: Could not execute the query: " . mysqli_error($conn);
header("Location: error.php");
}
}
else
{
echo "Error: Could not prepare the query: " . mysqli_error($conn);
header("Location: error.php");
}
}
else
{
header("location: register.html");
}
?>