Saizuchi

I am trying to run a double security validation for an extremely cautious customer who wants a simple to read php coded validation script that: [b][o][/b] 1. Requires User to Submit to Database Values & Emails Site Owners the Information everytime before login. (Complete) [b][o][/b] 2. Requires User to Register Information. (Complete) [b][x][/b] 3. Requires User to Login. (Incomplete/Buggy) Site Example: [a href=\"http://p6.hostingprod.com/@idealrealtyusa.com/\" target=\"_blank\"]http://p6.hostingprod.com/@idealrealtyusa.com/[/a] access.php [code]<? if(empty($_SESSION[EmailID])) {     header("location:login.php");          exit(); } else {     if(empty($_SESSION[AgentID]))     {         header("location:validate.php");         exit();     } } ?>[/code] validate.php [code]<? require_once("conn.php"); if(isset($_POST[s1])) {     $q1 = "select * from re2_agents where email = '$_POST[em]' and password = '$_POST[ps]' ";     $r1 = mysql_query($q1) or die(mysql_error());     if(mysql_num_rows($r1) == '1')     {         //ok         $a1 = mysql_fetch_array($r1);         $_SESSION[AgentID] = $a1[AgentID];         $_SESSION[username] = $al[username];         $_SESSION[MaxOffers] = $a1[offers];         $_SESSION[AccountStatus] = $a1[AccountStatus];         $_SESSION[AccountType] = $a1[AccountType];         $_SESSION[AccountExpireDate] = $a1[ExpDate];         header("location:index.php");         exit();     }     else     {         $error = "<font face=verdana color=red size=2><b>Invalid Email/Password!</b></font>";     } } //get the templates require_once("includes.php"); require_once("templates/HeaderTemplate.php"); require_once("templates/LoginTemplate.php"); require_once("templates/FooterTemplate.php"); ?>[/code] AuthTemplate.php [code]<form method=post action="login.php" name=eform onsubmit="return CheckEmail();"> <table align=center width=300> <caption align=center>     <font face=verdana size=2><b>Email Confirmation</b></font><br>     <?=$error?></caption> <tr>     <td align=right>Email:</td>     <td><input type=text name=email></td> </tr> <tr>     <td align=right>Phone:</td>     <td><input type=text name=phone></td> </tr> <tr>     <td align=right>First Name:</td>     <td><input type=text name=FirstName></td> </tr> <tr>     <td align=right>Last Name:</td>     <td><input type=text name=LastName></td> </tr> <tr>     <td>&nbsp;</td>     <td><input type=submit name=sa value="Submit"></td> </tr> </table> </form> <div align="center">All entries are case sensative.</div>[/code] LoginTemplate.php [code]<form method=post action="validate.php" name=lform onsubmit="return CheckLogin();"> <table align=center width=300> <caption align=center>     <font face=verdana size=2><b>Login</b></font><br>     <?=$error?></caption> <tr>     <td align=right>Email:</td>     <td><input type=text name=em></td> </tr> <tr>     <td align=right>Password:</td>     <td><input type=password name=ps></td> </tr> <tr>     <td>&nbsp;</td>     <td><input type=submit name=s1 value="Submit"></td> </tr> <tr>     <td colspan=2 style="padding-top:20" align=center><a class=BlackLink href="r1.php">New User?</a> | <a class=BlackLink href="forgot.php">Forgot your password?</a></td> </tr> </table> </form> <div align="center">All entries are case sensative.</div>[/code] login.php [code]<? require_once("conn.php"); if(isset($_POST[sa])) {     $qp = "insert into re2_authorize set                         EmailID = '',                         email = '$_POST[email]',                         phone = '$_POST[phone]',                         FirstName = '$_POST[FirstName]',                         LastName = '$_POST[LastName]' ";     mysql_query($qp) or die(mysql_error());          $q1 = "select * from re2_authorize where email = '$_POST[email]'";     $r1 = mysql_query($q1) or die(mysql_error());                  //send an email         $to = "agents@idealrealtyusa.com";         $subject = "New Visitor $_POST[FirstName] $_POST[LastName]";         $message = "$_POST[FirstName] $_POST[LastName] has visited the site.\n\nInformation:\nName: $_POST[FirstName] $_POST[LastName]\nEmail: $_POST[email]\nTelephone: $_POST[phone]\n\nHave a great day!";         $headers = "MIME-Version: 1.0\n";         $headers .= "Content-type: text/plain; charset=iso-8859-1\n";         $headers .= "Content-Transfer-Encoding: 8bit\n";         $headers .= "From: $_SERVER[HTTP_POST] <$aset[ContactEmail]>\n";         $headers .= "X-Priority: 1\n";         $headers .= "X-MSMail-Priority: High\n";         $headers .= "X-Mailer: PHP/" . phpversion()."\n";         mail($to, $subject, $message, $headers);     if(mysql_num_rows($r1) == '1')     {         //ok         $a1 = mysql_fetch_array($r1);         $_SESSION[EmailID] = $a1[EmailID];         $_SESSION[Email] = $a1[email];         $_SESSION[Phone] = $a1[phone];         $_SESSION[FirstName] = $al[FirstName];         $_SESSION[LastName] = $al[LastName];         header("location:validate.php");         exit();     }     else     {         header("location:validate.php");     } } //get the templates require_once("includes.php"); require_once("templates/HeaderTemplate.php"); require_once("templates/AuthTemplate.php"); require_once("templates/FooterTemplate.php"); ?>[/code] Sample Locked Page: advanced.php [code]<? require_once("conn.php"); if(isset($_POST[s1])) {     if(!empty($_POST[cat]))     {         $CatInfo = explode("|", $_POST[cat]);         $c = $CatInfo[0];                  if($CatInfo[1] > '0')         {             $s = $CatInfo[1];         }     }     if(!empty($_POST[search_country]))     {         $search_country = $_POST[search_country];     }     if(!empty($_POST[search_state]))     {         $state = $_POST[search_state];     }     if(!empty($_POST[search_city]))     {         $search_city = $_POST[search_city];     }     if(!empty($_POST[search_PropertyType]))     {         $search_PropertyType = $_POST[search_PropertyType];     }     if(!empty($_POST[MinPrice]))     {         $min = $_POST[MinPrice];     }     if(!empty($_POST[MaxPrice]))     {         $max = $_POST[MaxPrice];     }     if(!empty($_POST[MinRooms]))     {         $rooms1 = $_POST[MinRooms];     }     if(!empty($_POST[MaxRooms]))     {         $rooms2 = $_POST[MaxRooms];     }     if(!empty($_POST[MinBath]))     {         $bath1 = $_POST[MinBath];     }     if(!empty($_POST[MaxBath]))     {         $bath2 = $_POST[MaxBath];     }     if(!empty($_POST[AgentID]))     {         $agent = $_POST[AgentID];     }     if(!empty($_POST[old]))     {         $before = $_POST[old];     }     if(!empty($_POST[NearSchool]))     {         $school = $_POST[NearSchool];     }     if(!empty($_POST[NearTransit]))     {         $transit = $_POST[NearTransit];     }     if(!empty($_POST[NearPark]))     {         $park = $_POST[NearPark];     }     if(!empty($_POST[OceanView]))     {         $ocean_view = $_POST[OceanView];     }     if(!empty($_POST[LakeView]))     {         $lake_view = $_POST[LakeView];     }     if(!empty($_POST[MountainView]))     {         $mountain_view = $_POST[MountainView];     }     if(!empty($_POST[OceanWaterfront]))     {         $ocean_waterfront = $_POST[OceanWaterfront];     }     if(!empty($_POST[LakeWaterfront]))     {         $lake_waterfront = $_POST[LakeWaterfront];     }     if(!empty($_POST[RiverWaterfront]))     {         $river_waterfront = $_POST[RiverWaterfront];     }     $url = "search.php?c=$c&s=$s&search_country=$_POST[search_country]&search_state=$_POST[search_state]&search_city=$_POST[search_city]&search_PropertyType=$_POST[search_PropertyType]&min=$min&max=$max&rooms1=$rooms1&rooms2=$rooms2&bath1=$bath1&bath2=$bath2&AgentID=$agent&before=$before&school=$school&transit=$transit&park=$park&ocean_view=$ocean_view&lake_view=$lake_view&mountain_view=$mountain_view&ocean_waterfront=$ocean_waterfront&lake_waterfront=$lake_waterfront&river_waterfront=$river_waterfront";     header("location:$url");     exit(); } require_once("includes.php"); require_once("access.php"); /* //create the category menu $CategoryMenu = "<select name=cat>\n\t<option value=\"\"></option>\n\t"; $q1 = "select * from re2_categories order by CategoryName"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') {     while($a1 = mysql_fetch_array($r1))     {         $CategoryMenu .= "<option value=\"$a1[CategoryID]|0\">$a1[CategoryName]</option>\n\t";         //get the subcategories         $q2 = "select * from re2_subcategories where CategoryID = '$a1[CategoryID]' order by SubcategoryName ";         $r2 = mysql_query($q2) or die(mysql_error());              while($a2 = mysql_fetch_array($r2))         {             $CategoryMenu .= "<option value=\"$a1[CategoryID]|$a2[SubcategoryID]\">$a1[CategoryName] - $a2[SubcategoryName]</option>\n\t";         }     } } $CategoryMenu .= "</select>\n"; */ //create the state menu $StateMenu = "<select name=search_state>\n\t<option value=\"\">All States</option>\n\t"; $q1 = "select distinct state from re2_listings order by state"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') {     while($a1 = mysql_fetch_array($r1))     {         $StateMenu .= "<option value=\"$a1[state]\">$a1[state]</option>\n\t";     } } $StateMenu .= "</select>\n"; //create the city menu $CityMenu = "<select name=search_city>\n\t<option value=\"\">All Cities</option>\n\t"; $q1 = "select distinct city from re2_listings order by city"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') {     while($a1 = mysql_fetch_array($r1))     {         $CityMenu .= "<option value=\"$a1[city]\">$a1[city]</option>\n\t";     } } $CityMenu .= "</select>\n"; //create the country menu $CountryMenu = "<select name=search_country>\n\t<option value=\"\">All Countries</option>\n\t"; $q1 = "select distinct country from re2_listings order by country"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') {     while($a1 = mysql_fetch_array($r1))     {         $CountryMenu .= "<option value=\"$a1[country]\">$a1[country]</option>\n\t";     } } $CountryMenu .= "</select>\n"; //create the PropertyType menu $TypeMenu = "<select name=search_PropertyType>\n\t<option value=\"\">Any Type</option>\n\t"; $q1 = "select distinct PropertyType from re2_listings order by PropertyType"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') {     while($a1 = mysql_fetch_array($r1))     {         $TypeMenu .= "<option value=\"$a1[PropertyType]\">$a1[PropertyType]</option>\n\t";     } } $TypeMenu .= "</select>\n"; //create the Price Minimum menu $MinPrice = "<select name=min>\n\t<option value=\"\">Minimum</option>\n\t"; $q1 = "select distinct Price from re2_listings order by Price asc"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') {     while($a1 = mysql_fetch_array($r1))     {         $prices .= "<option value=\"$a1[Price]\">$ $a1[Price]</option>\n\t";     } } $MinPrice .= $prices."</select>\n"; //create the max price menu $MaxPrice = "<select name=max>\n\t<option value=\"\">Maximum</option>\n\t"; $MaxPrice .= $prices."</select>\n"; //bedrooms $MinBed = "<select name=MinRooms>\n\t<option value=\"\">Minimum</option>\n\t"; for($i = '1'; $i <= '20'; $i++) {     $bed .= "<option value=\"$i\">$i</option>\n\t"; } $MinBed .= $bed."</select>\n"; $MaxBed = "<select name=MaxRooms>\n\t<option value=\"\">Minimum</option>\n\t"; $MaxBed .= $bed."</select>\n"; //bathrooms $MinBath = "<select name=MinBath>\n\t<option value=\"\">Minimum</option>\n\t"; for($i = '1'; $i <= '10'; $i++) {     $bath .= "<option value=\"$i\">$i</option>\n\t"; } $MinBath .= $bath."</select>\n"; $MaxBath = "<select name=MaxBath>\n\t<option value=\"\">Minimum</option>\n\t"; $MaxBath .= $bath."</select>\n"; //agents menu $q1 = "select AgentID, FirstName, LastName from re2_agents order by FirstName, LastName"; $r1 = mysql_query($q1) or die(mysql_error()); $AgentsMenu = "<select name=AgentID>\n\t<option value=\"\">Any Agent</option>\n\t"; if(mysql_num_rows($r1) > '0') {     while($a1 = mysql_fetch_array($r1))     {         $AgentsMenu .= "<option value=\"$a1[AgentID]\">$a1[FirstName] $a1[LastName]</option>\n\t";     } } $AgentsMenu .= "</select>\n"; require_once("templates/HeaderTemplate.php"); require_once("templates/AdvancedSearchTemplate.php"); if(!ereg("index.php", $_SERVER[SCRIPT_NAME])) {     require_once("templates/FooterTemplate.php");     } ?>[/code][b]