Help?!?! save in database

Now we want to do such a survey and save the database. We are using the plugin loginbyemailonly and change the file register.php (views \ default \ Account \ forms \ register.php) which was created in the fields. And the file register.php (actions \ register.php) we have a code that takes data from the form and teriocamente runs to save the database. It also created the fields in the database. It's just not safe.

code REGISTER.PHP in VIEW
 
$username = get_input('u');
$email = get_input('e');
$name = get_input('n');
$admin_option = false;
$loggedin_user = get_loggedin_user();
if ($loggedin_user && $loggedin_user->isAdmin() && isset($vars['show_admin'])) {
 $admin_option = true;
}
$form_body = "<p><label>" . elgg_echo('name') . "<br />" . elgg_view('input/text' , array('internalname' => 'name', 'class' => "general-textarea", 'value' => $name)) . "</label><br />";
$form_body .= "<label>" . elgg_echo('email') . "<br />" . elgg_view('input/text' , array('internalname' => 'email', 'class' => "general-textarea", 'value' => $email)) . "</label><br />";
//$form_body .= "<label>" . elgg_echo('username') . "<br />" . elgg_view('input/text' , array('internalname' => 'username', 'class' => "general-textarea", 'value' => $username)) . "</label><br />";
$form_body .= "<label>" . elgg_echo('password') . "<br />" . elgg_view('input/password' , array('internalname' => 'password', 'class' => "general-textarea")) . "</label><br />";
$form_body .= "<label>" . elgg_echo('passwordagain') . "<br />" . elgg_view('input/password' , array('internalname' => 'password2', 'class' => "general-textarea")) . "</label><br />";
 

//  - ucrz i 18/09/2010 i 19:26
$form_body .= "
<script>
function abrir1(){ document.getElementById('perguntas').style.display='block'; document.getElementById('ver1').style.display='block'; document.getElementById('ver2').style.display='none'; }
function abrir2(){ document.getElementById('perguntas').style.display='block'; document.getElementById('ver2').style.display='block'; document.getElementById('ver1').style.display='none'; }
</script>
";
$form_body .= elgg_echo('<label>Você é profissional de tradução</label><br />');
$form_body .= elgg_echo('<input name="p1" id="p1" type="radio" value="s" onclick="abrir1()" /> Sim <input name="p1" id="p1" type="radio" value="n" onclick="abrir2()" /> Não<br />');
$form_body .= "<div id=\"perguntas\" style=\"display:none; background:#f8f8f8; padding:10px;\">";
// fluxo caso sim
$form_body .= "<div id=\"ver1\" style=\"display:none;\">";
$form_body .= elgg_echo('<label>Você é um tradutor juramentado?</label><br />');
$form_body .= elgg_echo('<input name="p2" id="p2" type="radio" value="sim" /> Sim <input name="p2" id="p2" type="radio" value="não" /> Não<br /><br />');
$form_body .= "<label> Para quais idiomais você traduz?<br />" . elgg_view('input/text' , array('internalname' => 'p3', 'class' => "general-textarea", 'value' => '')) . "</label><br />";
$form_body .= "<label> Com que frequência você recebe trabalhos para traduzir?<br />" . elgg_view('input/text' , array('internalname' => 'p4', 'class' => "general-textarea", 'value' => '')) . "</label><br />";
$form_body .= "</div>";
// fluxo caso não
$form_body .= "<div id=\"ver2\" style=\"display:none;\"><br />";
$form_body .= "<label> Indique quais são suas áreas de interesse<br />" . elgg_view('input/text' , array('internalname' => 'p5', 'class' => "general-textarea", 'value' => '')) . "</label><br />";
$form_body .= "</div>";
$form_body .= "</div>";
// ucrz f 19/09/2010 f 19:26

// Add captcha hook
$form_body .= elgg_view('input/captcha');
if ($admin_option) {
 $form_body .= elgg_view('input/checkboxes', array('internalname' => "admin", 'options' => array(elgg_echo('admin_option'))));
}

// view to extend to add more fields to the registration form
$form_body .= elgg_view('register/extend');

$form_body .= elgg_view('input/hidden', array('internalname' => 'friend_guid', 'value' => $vars['friend_guid']));
$form_body .= elgg_view('input/hidden', array('internalname' => 'invitecode', 'value' => $vars['invitecode']));
$form_body .= elgg_view('input/hidden', array('internalname' => 'action', 'value' => 'register'));
$form_body .= elgg_view('input/submit', array('internalname' => 'submit', 'value' => elgg_echo('register'))) . "</p>";
 
?>
<div id="register-box" style="border:1px solid #000;">
<h2><?php echo elgg_echo('register'); ?></h2>
<?php echo elgg_view('input/form', array('action' => "{$vars['url']}action/register", 'body' => $form_body)) ?>
</div>

 
 
code REGISTer.PHP in ACTION
 
// ucrz i 19/11/2010 14:55
global $CONFIG;
//moved to the top for error handeling
$qs = explode('?',$_SERVER['HTTP_REFERER']);
$qs = $qs[0];
$qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name) . "&friend_guid=" . $friend_guid;

// Get variables
$password = get_input('password');
$password2 = get_input('password2');
$email = get_input('email');
$name = get_input('name');
$friend_guid = (int) get_input('friend_guid',0);
$invitecode = get_input('invitecode');
//-------------------------
$pp1 = get_input('p1');
$pp2 = get_input('p2');
$pp3 = get_input('p3');
$pp4 = get_input('p4');
$pp5 = get_input('p5');
//-------------------------

//Lets add in some real error handeling.. why not
if(strlen($name)<2){
 register_error(elgg_echo('register:error:nameshort'));
 forward($qs);
 die();
}
if(strlen($email)<3){
 register_error(elgg_echo('register:error:emailshort'));
 forward($qs);
 die();
}
if(strlen($password)<3 || strlen($password2)<3 ){
 register_error(elgg_echo('register:error:passwordshort'));
 forward($qs);
 die();
}
if($password != $password2){
 register_error(elgg_echo('register:error:passwordmatch'));
 forward($qs);
 die();
}
if(get_user_by_email($email) != false){
 register_error(elgg_echo('register:error:emailtaken'));
 forward($qs);
 die();
}

//generate username
$username = $name;
$username = strToLower(preg_replace("/[^a-zA-Z]/", "", $username));
$uNum="";
while(get_user_by_username($username.$uNum)!==false){
 $uNum++;
}
$username.=$uNum;
$admin = get_input('admin');
if (is_array($admin)) {
 $admin = $admin[0];
}
 

if (!$CONFIG->disable_registration) {
// For now, just try and register the user
 try {
  $guid = register_user($username, $password, $name, $email, $friend_guid, $invitecode, $invitecode, $pp1, $pp2, $pp3, $pp4, $pp5, false);
  if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) {
   $new_user = get_entity($guid);
   if (($guid) && ($admin)) {
    // Only admins can make someone an admin
    admin_gatekeeper();
    $new_user->makeAdmin();
   }
   // Send user validation request on register only
   global $registering_admin;
   if (!$registering_admin) {
    request_user_validation($guid);
   }
   if (!$new_user->isAdmin()) {
    // Now disable if not an admin
    // Don't do a recursive disable.  Any entities owned by the user at this point
    // are products of plugins that hook into create user and might need
    // access to the entities.
    $new_user->disable('new_user', false);
   }
   system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename));
   // Forward on success, assume everything else is an error...
   forward();
  } else {
   register_error(elgg_echo("registerbad"));
  }
 } catch (RegistrationException $r) {
  register_error($r->getMessage());
 }
} else {
 register_error(elgg_echo('registerdisabled'));
}

forward($qs);
// ucrz f 19/11/2010 14:55

  • If you want to save information to the database with Elgg, you'll need to learn Elgg's data model including how to save metadata. See the Elgg Docs (the wiki).