the php code at line 50 - 118:
<?php require_once("webassist/security_assist/wa_cryptencryption.php"); ?>
<?php require_once('Connections/beeritual.php'); ?>
<?php require_once("webassist/form_validations/wavt_scripts_php.php"); ?>
<?php require_once("webassist/form_validations/wavt_validatedform_php.php"); ?>
<?php require_once( "webassist/security_assist/helper_php.php" ); ?>
<?php require_once("webassist/database_management/wa_appbuilder_php.php"); ?>
<?php
if (isset($_POST["Registration_submit"])) {
$WAFV_Redirect = "".(htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES)) ."?invalid=true";
$_SESSION['WAVT_registration_Errors'] = "";
if ($WAFV_Redirect == "") {
$WAFV_Redirect = $_SERVER["PHP_SELF"];
}
$WAFV_Errors = "";
$WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_Email"])?$_POST["Registration_group_Email"]:"") . "",true,1);
$WAFV_Errors .= WAValidateUnique(("beeritual"),$beeritual,$database_beeritual,"pcms2_users","UserID","none,none,NULL","".((isset($_SESSION["SecurityAssist_UserID"]))?$_SESSION["SecurityAssist_UserID"]:"0") ."","UserEmail","',none,''","".((isset($_POST["Registration_group_Email"]))?$_POST["Registration_group_Email"]:"") ."",true,2);
$WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_Password"])?$_POST["Registration_group_Password"]:"") . "",true,3);
$WAFV_Errors .= WAValidateEL((isset($_POST["Registration_group_Password"])?$_POST["Registration_group_Password"]:"") . "",6,500,true,4);
$WAFV_Errors .= WAValidateLE((isset($_POST["Registration_group_Confirm"])?$_POST["Registration_group_Confirm"]:"") . "",(isset($_POST["Registration_group_Confirm"])?$_POST["Registration_group_Confirm"]:"") . "",true,5);
$WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_First_Name"])?$_POST["Registration_group_First_Name"]:"") . "",true,6);
$WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_Last_Name"])?$_POST["Registration_group_Last_Name"]:"") . "",true,7);
$WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_Address"])?$_POST["Registration_group_Address"]:"") . "",true,8);
$WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_City"])?$_POST["Registration_group_City"]:"") . "",true,9);
$WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_State"])?$_POST["Registration_group_State"]:"") . "",true,10);
$WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_10_Zip"])?$_POST["Registration_group_10_Zip"]:"") . "",true,11);
$WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_1_Phone"])?$_POST["Registration_group_1_Phone"]:"") . "",true,12);
$WAFV_Errors .= WAValidateLE((strtolower(isset($_POST["Security_Code"])?$_POST["Security_Code"]:"")) . "",((isset($_SESSION["captcha_Security_Code"]))?strtolower($_SESSION["captcha_Security_Code"]):"") . "",true,13);
$WAFV_Errors .= WAValidateLE((strtolower(isset($_POST["Security_Answer"])?$_POST["Security_Answer"]:"")) . "",((isset($_SESSION["random_answer"]))?strtolower($_SESSION["random_answer"]):"") . "",true,14);
$WAFV_Errors .= WAValidateRX((isset($_POST["Hidden_Field"])?$_POST["Hidden_Field"]:"") . "","/.* /",false,15);
if ($WAFV_Errors != "") {
PostResult($WAFV_Redirect,$WAFV_Errors,"registration");
}
}
?>
<?php
// WA DataAssist Insert
if ((isset($_POST["Registration_submit"]) && $_POST["Registration_submit"] != "")) // Trigger
{
$WA_connection = $beeritual;
$WA_table = "pcms2_users";
$WA_sessionName = "SecurityAssist_UserID";
$WA_redirectURL = "login.php?success=1";
if (function_exists("rel2abs")) $WA_redirectURL = $WA_redirectURL?rel2abs($WA_redirectURL,dirname(__FILE__)):"";
$WA_keepQueryString = true;
$WA_fieldNamesStr = "UserEmail|UserPassword|UserFirstName|UserLastName|UserAddress|UserAddress2|UserCity|UserState|UserZip|UserCountry|UserPhone|UserFax";
$WA_fieldValuesStr = "".((isset($_POST["Registration_group_Email"]))?$_POST["Registration_group_Email"]:"") ."" . $WA_AB_Split . "".((($_POST["Registration_group_Password"] != ""))?WA_CryptEncryption($_POST["Registration_group_Password"]):$row_SecurityAssistpcms2users["UserPassword"]) ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_First_Name"]))?$_POST["Registration_group_First_Name"]:"") ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_Last_Name"]))?$_POST["Registration_group_Last_Name"]:"") ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_Address"]))?$_POST["Registration_group_Address"]:"") ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_Address_2"]))?$_POST["Registration_group_Address_2"]:"") ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_City"]))?$_POST["Registration_group_City"]:"") ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_State"]))?$_POST["Registration_group_State"]:"") ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_10_Zip"]))?$_POST["Registration_group_10_Zip"]:"") ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_11_Country"]))?$_POST["Registration_group_11_Country"]:"") ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_1_Phone"]))?$_POST["Registration_group_1_Phone"]:"") ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_1_Fax"]))?$_POST["Registration_group_1_Fax"]:"") ."";
$WA_columnTypesStr = "',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''";
$WA_fieldNames = explode("|", $WA_fieldNamesStr);
$WA_fieldValues = explode($WA_AB_Split, $WA_fieldValuesStr);
$WA_columns = explode("|", $WA_columnTypesStr);
$WA_connectionDB = $database_beeritual;
mysql_select_db($WA_connectionDB, $WA_connection);
@session_start();
$insertParamsObj = WA_AB_generateInsertParams($WA_fieldNames, $WA_columns, $WA_fieldValues, -1);
$WA_Sql = "INSERT INTO `" . $WA_table . "` (" . $insertParamsObj->WA_tableValues . ") VALUES (" . $insertParamsObj->WA_dbValues . ")";
$MM_editCmd = mysql_query($WA_Sql, $WA_connection) or die(mysql_error());
$_SESSION[$WA_sessionName] = mysql_insert_id($WA_connection);
if ($WA_redirectURL != "") {
$WA_redirectURL = str_replace("[Insert_ID]",$_SESSION[$WA_sessionName],$WA_redirectURL);
if ($WA_keepQueryString && $WA_redirectURL != "" && isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] !== "" && sizeof($_POST) > 0) {
$WA_redirectURL .= ((strpos($WA_redirectURL, '?') === false)?"?":"&").$_SERVER["QUERY_STRING"];
}
header("Location: ".$WA_redirectURL);
}
}
?>
<?php
require_once("webassist/security_assist/wa_cryptencryption.php"); ?>
should be at line 1 of the page, this php code needs to come before the HTML code on your page.
In fact this page is very badly formatted altogether.
there is a doctype, <head> and <body section started at lines 1 - 49 and a second doctype, <head> and <body> section started at lines 118 - 135. this is not valid HTML. having the 2 doctype tags in place is probably why the Security assist code was placed incorrectly