<?php

// this script can be called with
// a) user and pass set - someone wants to login
// b) user and pass set, and action set to "newuser" - someone wants to register
// c) other options for action ..

// configure
$dbhost = "localhost";
$dbuser = "joeroe_joe";
$dbpass = "password";
$dbname = "joeroe_test";
$dbtable = "members";

$webmaster = "you@yourserver.com";

if(isset($_POST["user"]) && isset($_POST["pass"]))
{      $u = $_POST["user"];
        $p = $_POST["pass"];
}
else if(count($_COOKIE) > 0)
{      if(isset($_COOKIE["user"]))
                $u = $_COOKIE["user"];
        if(isset($_COOKIE["pass"]))
                $p = $_COOKIE["pass"];
}
$action = $_POST['action'];
$email = $_POST["email"];
function result($x)
{      print "&status=$x";
        exit;
}

$uservars = array("cara" => Auto1, "carb" => Auto2, "carc" => Auto3, "card" => auto4, "oila" => Date, "oilb" => Date, "oilc" => Date, "oild" => Date, "milesa" => Miles, "milesb" => Miles, "milesc" => Miles, "milesd" => Miles);

function retvals()
{      global $uservars;
        print "status=ok";
        foreach($uservars as $key => $value)
                print "&$key=" . urlencode($value);
        exit;
}

if(!mysql_connect($dbhost, $dbuser, $dbpass) || !mysql_select_db($dbname))
        result("fail&error=cannot+connect+database"); 

if(empty($action))      # plain login
{      $qry = mysql_query("SELECT * FROM $dbtable WHERE user = '$u' AND pass = '$p'");
        if(!$qry || (mysql_num_rows($qry) != 1))
                result("fail&error=no+such+user");
        else
        {      $r = mysql_fetch_array($qry);
                print "status=ok";
                foreach($uservars as $key => $value)
                        print "&$key=" . urlencode($r[$key]);
        }
}

if($action == "newuser")
{      if(ereg("[^0-9a-zA-Z_]", $u) || ereg("[^0-9a-zA-Z_]", $p))
                result("badname");
        if(!eregi('^[0-9a-z._-]+@[0-9a-z_-]+\.[0-9a-z_-]', $email))
                result("badmail");
        $qry = mysql_query("SELECT * FROM $dbtable WHERE user = '$u' OR email = '$email'");
        if(!$qry) result("fail&error=database+error");
        if(mysql_num_rows($qry) > 0)
        {      $r = mysql_fetch_array($qry);
                if($r['user'] == $u)
                        result("dupuser");
                else
                        result("dupmail");
        }
        ## success
        # set default vars for 1st login here
        $sql1 = "INSERT INTO $dbtable (user, pass, email";
        $sql2 = ") VALUES ('$u', '$p', '$email'";
        foreach($uservars as $key => $value)
        {      $sql1 .= ", $key";
                $sql2 .= ", '$value'";
        }
        mysql_query("$sql1 $sql2)") /* or die("sql problem: \"$sql1 $sql2)\"" . mysql_error()) */;
        retvals();
}

if($action == 'details')
{      if(empty($u) || empty($p))
                result('badlogin');    // not logged in
        $oldpass = $_POST['oldpass'];
        $newpass = $_POST['newpass'];
        $email = $_POST['email'];
        if($oldpass != $p)
                result('badpass');
        if(!empty($email))
                if(!eregi('^[0-9a-z._-]+@[0-9a-z_-]+\.[0-9a-z_-]', $email))
                        result("badmail");
        $qry = mysql_query("SELECT * FROM $dbtable WHERE email = '$email'");
        if(!$qry) result("fail&error=database+error");
        if(mysql_num_rows($qry) > 0)
                result("dupmail");
        $sql = "UPDATE $dbtable SET ";
        $cnt = 0;
        if(!empty($newpass))
        {      $sql .= "pass = '$newpass'";
                $cnt = 1;
        }
        else
                $newpass = $p;
        if(!empty($email))
        {      if($cnt) $sql .= ", ";
                $sql .= "email = '$email'";
                $cnt++;
        }
        if($cnt)
        {      $ret = mysql_query("$sql WHERE user = '$u'");
                if(mysql_affected_rows() != 1)
                        result('badlogin');
                result("ok&pass=$newpass");
        }
}

if($action == 'save')
{      $sql = "UPDATE $dbtable SET";
        $cnt = 0;
        foreach($uservars as $key => $value)
        {      if(isset($_POST[$key]))
                {      if($cnt++)
                                $sql .= ",";
                        $sql .= " $key = '" . $_POST[$key] . "'";
                }
        }
        $ret = mysql_query("$sql WHERE user = '$u' AND pass = '$p'");
        if(mysql_affected_rows() != 1)      
                result('Car Updated');
        result('ok');
}
?>