From f20236975d7b1e1f26d628f06d8f55de7c56a86e Mon Sep 17 00:00:00 2001
From: teezyfortune <30442140+teezyfortune@users.noreply.github.com>
Date: Mon, 1 Apr 2019 13:12:52 +0100
Subject: [PATCH 1/2] added via upload

---
 user/user.php | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 user/user.php

diff --git a/user/user.php b/user/user.php
new file mode 100644
index 0000000..6a143ba
--- /dev/null
+++ b/user/user.php
@@ -0,0 +1,56 @@
+
+
+<?php
+
+include'conn.php';
+session_start();
+// echo $surName = check($conn,$_POST["surname"]);
+if($_SERVER['REQUEST_METHOD']==='POST'){
+$surName = check($conn,$_POST["surname"]);
+$otherName = check($conn,$_POST["otherName"]);
+$gender = check($conn,$_POST["gender"]);
+$email = check($conn,$_POST["email"]);
+$filter= filter_var($email, FILTER_VALIDATE_EMAIL);
+$username = check($conn,$_POST["username"]);
+$password = check($conn,$_POST["password"]);
+$hashpass = password_hash($password, PASSWORD_DEFAULT);
+$confirm = check($conn,$_POST["confirm"]);
+$dob = check($conn,$_POST["dob"]);
+// $created_at =  htmlspecialchars($_POST["created_at"]);
+$userType = check($conn,$_POST["user_type"]);
+
+if(empty($surName) ||empty($otherName) || empty($gender) ||empty($email)||empty($password) ||empty($userType) || empty($confirm) ||empty($dob)){
+	echo "some fields are empty";
+}
+else{
+    $sql1 = " SELECT * FROM user WHERE email = '$email'  OR  `password` = '$hashpass'";
+    $que = $conn->query($sql1);
+    if(mysqli_num_rows($que) > 0){
+        echo " user already exist";
+    }elseif( $password !== $confirm){
+        echo "password not match";
+    }else{
+$sql = "INSERT INTO `user`(`surname`, `othername`, `gender_id`, `email`, `username`, `password`, `c_password`, `dob`, `date_created`, `user_type_id`) VALUES ('$surName','$otherName','$gender','$filter','$username','$password','$confirm','$dob',NOW(),'$userType')";
+$query = $conn->query($sql);
+	if($query){
+	echo 'data uploaded successfully';
+	}else{
+	    echo 'sonething went wrong';
+	}
+}
+}
+
+}
+
+
+
+
+function check($conn,$val){
+	return htmlspecialchars($conn->real_escape_string($val));
+}
+
+
+
+
+
+?>

From 2d6807f70649bb083402ad7647e8a56967b42a5d Mon Sep 17 00:00:00 2001
From: teezyfortune <30442140+teezyfortune@users.noreply.github.com>
Date: Fri, 5 Apr 2019 23:49:14 +0100
Subject: [PATCH 2/2] Add files via upload

---
 user/user.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/user/user.php b/user/user.php
index 6a143ba..83d1269 100644
--- a/user/user.php
+++ b/user/user.php
@@ -30,7 +30,7 @@
     }elseif( $password !== $confirm){
         echo "password not match";
     }else{
-$sql = "INSERT INTO `user`(`surname`, `othername`, `gender_id`, `email`, `username`, `password`, `c_password`, `dob`, `date_created`, `user_type_id`) VALUES ('$surName','$otherName','$gender','$filter','$username','$password','$confirm','$dob',NOW(),'$userType')";
+$sql = "INSERT INTO `user`(`surname`, `othername`, `gender_id`, `email`, `username`, `password`, `c_password`, `dob`, `date_created`, `user_type_id`) VALUES ('$surName','$otherName','$gender','$filter','$username','$hashpass','$confirm','$dob',NOW(),'$userType')";
 $query = $conn->query($sql);
 	if($query){
 	echo 'data uploaded successfully';