File: /home/rtbrisc/public_html/admin/account/server/add.php
<?php
session_start();
require_once('db.php');
if(isset($_POST)) {
//Escape Special Characters In String First
$CustomerID = "";
$Firstname = mysqli_real_escape_string($conn, $_POST['txtFirstname']);
$Lastname = mysqli_real_escape_string($conn, $_POST['txtLastname']);
$Email = mysqli_real_escape_string($conn, $_POST['txtEmail']);
$MobileNumber = mysqli_real_escape_string($conn, $_POST['txtMobileNumber']);
$Address = mysqli_real_escape_string($conn, $_POST['txtAddress']);
$SupportPlan = mysqli_real_escape_string($conn, $_POST['txtSupportPlan']);
$AccountType = mysqli_real_escape_string($conn, $_POST['txtAccountType']);
$BusinessType = mysqli_real_escape_string($conn, $_POST['txtBusinessType']);
$EmployeeSize = mysqli_real_escape_string($conn, $_POST['txtEmployeeSize']);
$Price = mysqli_real_escape_string($conn, $_POST['txtPrice']);
$Password = mysqli_real_escape_string($conn, $_POST['txtPassword']);
$realPassword = crypt($Password,"qis");
$VerificationCode = md5(abs(crc32( uniqid())));
if($SupportPlan == 1){
$CustomerID = "QPC" . str_pad(mt_rand(1,99999999),8,'0',STR_PAD_LEFT);
}else{
$CustomerID = "QRC" . str_pad(mt_rand(1,99999999),8,'0',STR_PAD_LEFT);
}
//echo $Firstname . ", " . $Lastname . ", " . $Email . ", " . $MobileNumber . ", " . $Address . ", ". $SupportPlan . ", " . $AccountType . ", " . $Password;
if(empty($Firstname) || empty($Lastname) || empty($Email) || empty($MobileNumber) || empty($Address) ||
empty($SupportPlan) || empty($AccountType) || empty($Password)){
$_SESSION['reg_err'] = "All Fields Are Required!!!";
header("Location:../register.php");
}else{
$check = mysqli_query($conn, "SELECT * FROM tblcustomer WHERE MobileNumber = '$MobileNumber' && Email ='$Email'");
if($check_row = mysqli_fetch_assoc($check)) {
$_SESSION['reg_err'] = "Email or Phone Number Currently Exists!!!";
header("Location: ../register.php");
}else{
$contactName = $Firstname . " " . $Lastname;
$customer = mysqli_query($conn,"INSERT INTO tblcustomer (AccountStatus, CustomerID, Firstname, Lastname, Email, MobileNumber , Address, ContactName, ContactNumber, BranchLayout)
VALUES (0, '$CustomerID', '$Firstname', '$Lastname', '$Email', '$MobileNumber', '$Address', '$contactName', '$MobileNumber', 0)");
$plan = mysqli_query($conn,"INSERT INTO tblplan (CustomerID, AccountStatus, SupportPlan, AccountType, BusinessType, EmployeeSize, ServiceCharge, PaymentStatus)
VALUES ('$CustomerID', 0, '$SupportPlan', '$AccountType', '$BusinessType', '$EmployeeSize', '$Price', 0)");
$verify = mysqli_query($conn,"INSERT INTO tblverify (CustomerID, AccountStatus, VerificationCode, Email)
VALUES ('$CustomerID', 0, '$VerificationCode', '$Email')");
$user = mysqli_query($conn,"INSERT INTO tbluser (CustomerID, AccountStatus, Username, Password)
VALUES ('$CustomerID', 0, '$Email', '$realPassword')");
if($customer && $plan && $verify && $user){
header("Location: mailer/?id=" . $CustomerID . "&name=". $Firstname ."&email=". $Email ."&hash=". $VerificationCode);
// $_SESSION['reg_suc'] = "Your Registration was successful!" . "__" . $email;
//header("Location: ../success.php");
}else{
$_SESSION['reg_err'] = "There was a problem";
header("Location: ../register.php");
}
}
}
}
?>