RegisterUser.php | searchcode

/test/subjects/benchmarks/RUBiS/RegisterUser.php

https://github.com/pbiggar/phc · PHP · 135 lines · 118 code · 14 blank · 3 comment · 27 complexity · 017c9b1a32d567d65571132f20f3ec6f MD5 · raw file


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <body>
    <?php
    $scriptName = "RegisterUser.php";
    include("PHPprinter.php");
    $startTime = getMicroTime();
    
    $firstname = $HTTP_POST_VARS['firstname'];
    if ($firstname == null)
    {
      $firstname = $HTTP_GET_VARS['firstname'];
      if ($firstname == null)
      {
         printError($scriptName, $startTime, "Register user", "You must provide a first name!<br>");
         exit();
      }
    }
      
    $lastname = $HTTP_POST_VARS['lastname'];
    if ($lastname == null)
    {
      $lastname = $HTTP_GET_VARS['lastname'];
      if ($lastname == null)
      {
         printError($scriptName, $startTime, "Register user", "You must provide a last name!<br>");
         exit();
      }
    }
      
    $nickname = $HTTP_POST_VARS['nickname'];
    if ($nickname == null)
    {
      $nickname = $HTTP_GET_VARS['nickname'];
      if ($nickname == null)
      {
         printError($scriptName, $startTime, "Register user", "You must provide a nick name!<br>");
         exit();
      }
    }

    $email = $HTTP_POST_VARS['email'];
    if ($email == null)
    {
      $email = $HTTP_GET_VARS['email'];
      if ($email == null)
      {
         printError($scriptName, $startTime, "Register user", "You must provide an email address!<br>");
         exit();
      }
    }

    $password = $HTTP_POST_VARS['password'];
    if ($password == null)
    {
      $password = $HTTP_GET_VARS['password'];
      if ($password == null)
      {
         printError($scriptName, $startTime, "Register user", "You must provide a password!<br>");
         exit();
      }
    }

    $region = $HTTP_POST_VARS['region'];
    if ($region == null)
    {
      $region = $HTTP_GET_VARS['region'];
      if ($region == null)
      {
         printError($scriptName, $startTime, "Register user", "You must provide a region!<br>");
         exit();
      }
    }

    getDatabaseLink($link);

    begin($link);
    // Check if the region really exists
    $regionResult = mysql_query("SELECT * FROM regions WHERE name=\"$region\"", $link) or die("ERROR: Region query failed");
    if (mysql_num_rows($regionResult) == 0)
    {
      printError($scriptName, $startTime, "Register user", "Region $region does not exist in the database!<br>\n");
      mysql_free_result($regionResult);
      commit($link);
      exit();
    }
    else
    {
      $regionRow = mysql_fetch_array($regionResult);
      $regionId = $regionRow["id"];
      commit($link);
      mysql_free_result($regionResult);
    }

    // Check if the nick name already exists
    $nicknameResult = mysql_query("SELECT * FROM users WHERE nickname=\"$nickname\"", $link) or die("ERROR: Nickname query failed");
    if (mysql_num_rows($nicknameResult) > 0)
    {
      printError($scriptName, $startTime, "Register user", "The nickname you have choosen is already taken by someone else. Please choose a new nickname.<br>\n");
      mysql_free_result($nicknameResult);
      exit();
    }
    mysql_free_result($nicknameResult);

    // Add user to database
    $now = date("Y:m:d H:i:s");
    $result = mysql_query("INSERT INTO users VALUES (NULL, \"$firstname\", \"$lastname\", \"$nickname\", \"$password\", \"$email\", 0, 0, '$now', $regionId)", $link) or die("ERROR: Failed to insert new user in database.");

    $result = mysql_query("SELECT * FROM users WHERE nickname=\"$nickname\"", $link) or die("ERROR: Query user failed");
    $row = mysql_fetch_array($result);
    commit($link);

    printHTMLheader("RUBiS: Welcome to $nickname");
    print("<h2>Your registration has been processed successfully</h2><br>\n");
    print("<h3>Welcome $nickname</h3>\n");
    print("RUBiS has stored the following information about you:<br>\n");
    print("First Name : ".$row["firstname"]."<br>\n");
    print("Last Name  : ".$row["lastname"]."<br>\n");
    print("Nick Name  : ".$row["nickname"]."<br>\n");
    print("Email      : ".$row["email"]."<br>\n");
    print("Password   : ".$row["password"]."<br>\n");
    print("Region     : $region<br>\n"); 
    print("<br>The following information has been automatically generated by RUBiS:<br>\n");
    print("User id       :".$row["id"]."<br>\n");
    print("Creation date :".$row["creation_date"]."<br>\n");
    print("Rating        :".$row["rating"]."<br>\n");
    print("Balance       :".$row["balance"]."<br>\n");
    
    mysql_free_result($result);
    mysql_close($link);
    
    printHTMLfooter($scriptName, $startTime);
    ?>
  </body>
</html>

Alerts (9)

'SELECT * FROM' Avoid SELECT *; specify columns for better performance and maintainability
79
'die(' Abrupt termination detected; use try-catch or custom error handlers for better control
79 96 107 109
'exit(' Abrupt termination detected; use try-catch or custom error handlers for better control
85 101
'mysql_fetch_array(' Deprecated mysql_* functions; use PDO or MySQLi for modern database access
89 110