MOON
Server: Apache
System: Linux smtp.modiva.org 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
User: rtbrisc (1005)
PHP: 8.1.34
Disabled: NONE
Upload Files
File: /home/rtbrisc/public_html/admin/account/server/add.php
<?php
session_start();

require_once('db.php');

if(isset($_POST)) {

	//Escape Special Characters In String First
	$CustomerID = "";
	$Firstname = mysqli_real_escape_string($conn, $_POST['txtFirstname']);
	$Lastname = mysqli_real_escape_string($conn, $_POST['txtLastname']);
	$Email = mysqli_real_escape_string($conn, $_POST['txtEmail']);
	$MobileNumber = mysqli_real_escape_string($conn, $_POST['txtMobileNumber']);
	$Address = mysqli_real_escape_string($conn, $_POST['txtAddress']);
	$SupportPlan = mysqli_real_escape_string($conn, $_POST['txtSupportPlan']);
	$AccountType = mysqli_real_escape_string($conn, $_POST['txtAccountType']);
	$BusinessType = mysqli_real_escape_string($conn, $_POST['txtBusinessType']);
	$EmployeeSize = mysqli_real_escape_string($conn, $_POST['txtEmployeeSize']);
	$Price = mysqli_real_escape_string($conn, $_POST['txtPrice']);
	$Password = mysqli_real_escape_string($conn, $_POST['txtPassword']);
	$realPassword = crypt($Password,"qis");
	$VerificationCode = md5(abs(crc32( uniqid())));

	if($SupportPlan == 1){
		$CustomerID = "QPC" . str_pad(mt_rand(1,99999999),8,'0',STR_PAD_LEFT);
	}else{
		$CustomerID = "QRC" . str_pad(mt_rand(1,99999999),8,'0',STR_PAD_LEFT);
	}

	//echo $Firstname . ", " . $Lastname . ", " . $Email . ", " . $MobileNumber . ", " . $Address . ", ". $SupportPlan . ", " . $AccountType . ", " . $Password;

	if(empty($Firstname) || empty($Lastname) || empty($Email) || empty($MobileNumber) || empty($Address) || 
	   empty($SupportPlan) || empty($AccountType) || empty($Password)){
		$_SESSION['reg_err'] = "All Fields Are Required!!!";
		header("Location:../register.php");
	}else{
		$check = mysqli_query($conn, "SELECT * FROM tblcustomer WHERE MobileNumber = '$MobileNumber' && Email ='$Email'");
		if($check_row = mysqli_fetch_assoc($check))		{
			$_SESSION['reg_err'] = "Email or Phone Number Currently Exists!!!";
			header("Location: ../register.php");
		}else{	
			$contactName = $Firstname . " " . $Lastname;
			$customer = mysqli_query($conn,"INSERT INTO tblcustomer (AccountStatus, CustomerID, Firstname, Lastname, Email, MobileNumber , Address, ContactName, ContactNumber, BranchLayout)
			VALUES (0, '$CustomerID', '$Firstname', '$Lastname', '$Email', '$MobileNumber', '$Address', '$contactName', '$MobileNumber', 0)");
	
			$plan = mysqli_query($conn,"INSERT INTO tblplan (CustomerID, AccountStatus, SupportPlan, AccountType, BusinessType, EmployeeSize, ServiceCharge, PaymentStatus) 
				VALUES ('$CustomerID', 0, '$SupportPlan', '$AccountType', '$BusinessType', '$EmployeeSize', '$Price', 0)");
		
			$verify = mysqli_query($conn,"INSERT INTO tblverify (CustomerID, AccountStatus, VerificationCode, Email) 
				VALUES ('$CustomerID', 0, '$VerificationCode', '$Email')");
		
			$user = mysqli_query($conn,"INSERT INTO tbluser (CustomerID, AccountStatus, Username, Password) 
				VALUES ('$CustomerID', 0, '$Email', '$realPassword')");
		
			if($customer && $plan && $verify && $user){
				header("Location: mailer/?id=" . $CustomerID . "&name=". $Firstname ."&email=". $Email ."&hash=". $VerificationCode);
				// $_SESSION['reg_suc'] = "Your Registration was successful!" . "__" . $email;
				//header("Location: ../success.php");
			}else{
				$_SESSION['reg_err'] = "There was a problem";
				header("Location: ../register.php");
			}
		}
	}
}
?>