Dada78

I tried the above suggestions and I am getting this error. Parse error: syntax error, unexpected T_ELSE in /home/mesquit1/public_html/local/login.php on line 44 Here is the code, did I put it in the wrong place or do something else wrong? <?php session_start(); include ('db_connect.php'); if(isset($_POST['submit'])) { if(empty($_POST['email'])) $error = 'Please fill in email field.'; elseif(empty($_POST['password'])) $error = 'Please fill in desired password field.'; else { // email and password sent from signup form $email=$_POST['email']; $password=$_POST['password']; $sql="SELECT * FROM users WHERE email='$email' and password='" . md5($password) . "'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $email and $password, table row must be 1 row if($count==1) { // Register $email, $password and redirect to file "user.php" $_SESSION['hasLoggedIn'] = 1; //get the users id that is associated with him $SQL2 = "SELECT * FROM users WHERE email='$email'"; $result2 = mysql_query($SQL); $row = mysql_fetch_assoc($result); //store the id in the session for use $_SESSION['userID'] = $row['id']; session_register("email"); header("location:user.php"); } } else { $error = 'Wrong email or password, try again.'; } } } ?> -Thanks

I have a piece of code in my registration form that is suppose to make sure the user is registering with an email instead of just random text. I am getting this error from it when someone tries to register. Warning: mail() expects at least 3 parameters, 1 given in /home/mesquit1/public_html/local/register.php on line 47 Here is line 47 if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i",$product_name)||!mail($product_name)) This is the entire php for registration form. <?php // here, we check if the form has been submitted, because we need to handle // redirection before we handle outputting the HTML stuff. if(isset($_POST['submit'])) { if(empty($_POST['email'])) $error = 'Please fill in email field.'; elseif(empty($_POST['password'])) $error = 'Please fill in desired password field.'; else { // MAKE CONNECTION include ('db_connect.php'); // connect to the mysql server $link = mysql_connect($host, $username, $password) or die ("Could not connect to mysql because ".mysql_error()); // select the database mysql_select_db($database) or die ("Could not select database because ".mysql_error()); $error = ""; $email = $_POST['email']; $pwd = $_POST['password']; // check if the email is taken (safe query): $query = sprintf("SELECT `email` FROM `users` WHERE `email` = '%s'", mysql_real_escape_string($_POST['email'])); $qry = mysql_query($query) or die ("Could not match data because ".mysql_error()); $num_rows = mysql_num_rows($qry); if ($num_rows < 1) { // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON. if(get_magic_quotes_gpc()) { $product_name = stripslashes($_POST['email']); $product_description = stripslashes($_POST['password']); } else { $product_name = $_POST['email']; $product_description = $_POST['password']; } if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i",$product_name)||!mail($product_name)) $error = "Invalid email"; else { // Make a safe query $query = sprintf("INSERT INTO users (`email`, `password`) VALUES ('%s', '%s')", mysql_real_escape_string($email, $link), mysql_real_escape_string($password, $link)); $result = mysql_query($query, $link); // If there is no result, or there was not at least 1 row affected, die... if(!$result || mysql_affected_rows() < 1) { $error = 'Could not insert user because ' . mysql_error(); } else { // redirect them to the user account page, because we successfully ran the SQL // notice how we haven't output ANYTHING to the browser yet- header() works header('Location: user.php'); exit(); } } } else { $error = 'That email is already in use, please select a different one.'; } } } // If they've posted but there was an error, kindly show their email address for them again. if(isset($_POST['email'])) $email = $_POST['email']; else $email = ''; ?>

If you did not understand the problem please go back and read my original post again.

I have a login form and it works great but I need to add a script to it that will check for a registered email when you login and if you try to login with an email that isn't registered then it will show an error like "That isn't a registered email, try again". Here is the code for my login <?php session_start(); include ('db_connect.php'); if(isset($_POST['submit'])) { if(empty($_POST['email'])) $error = 'Please fill in email field.'; elseif(empty($_POST['password'])) $error = 'Please fill in desired password field.'; else { // email and password sent from signup form $email=$_POST['email']; $password=$_POST['password']; $sql="SELECT * FROM users WHERE email='$email' and password='" . md5($password) . "'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $email and $password, table row must be 1 row if($count==1) { // Register $email, $password and redirect to file "user.php" $_SESSION['hasLoggedIn'] = 1; //get the users id that is associated with him $SQL2 = "SELECT * FROM users WHERE email='$email'"; $result2 = mysql_query($SQL); $row = mysql_fetch_assoc($result); //store the id in the session for use $_SESSION['userID'] = $row['id']; session_register("email"); header("location:user.php"); } } } ?> If anyone can help me with this that would be great. -Thanks

Anyone know how I can get a lat/long from an address in my DB and plot it on Google Maps? -Thanks

Ok I have got the error to show but now it won't go away as you can see here http://mesquitechristmas.com/local/register.php The code that produces this error is this. } if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i",$product_name)||!mail($product_name)) $error = "Invalid email"; else { It is suppose to show the error if you enter a non email format. For example "This is my email" instead of [email protected] It does work and reject no email formats but now the error will not go away. For the full code look at my first post. If anyone can help that would be great -Thanks

That still doesn't work, it doesn't show any error if a user tries to register with a non email format. Their is was nothing wrong with the code I was using. It rejected non email formats, the problem I am having is ITS NOT POSTING AN ERROR when it rejects a non email.

anyone?

This is sad, my resolved threads get more response then my threads still needing help. I am not a developer, I do not use PHP on regular basis. This is the first time in 3 yrs I have used it and I wasn't suppose to do the PHP on this. I work with HTML XHTML and CSS. This site doesn't hide anything and the passwords are protected in MD and Salt which is the only information they can steal. So if they steal that then woo freaking do. Not to mention I have stated this several times. I will probably only have 20 users at the most ever. The rest of the site is just HTML informational pages. So this is just a personal seasonal hobby site and their is nothing they can steal that they can not already view by browsing the site. If they want to hack such a small site then so be it, they have no life. I will just run a back up and be back to normal. So before I am told what to do again and explain myself which I shouldn't have to do. Their is no need nor do I need to take extra measures to secure anything. The rest of the site is secure enough as it is which YOU and others do know about. So drop it and leave it alone.

Did you notice the this has been resolved as of yesterday? This other guy seems to want to tell me how to build my site.

Thank you for your help but you didn't read my first post or I don't think you understand what I am trying to do. Look at my first post.

This is the peice of code above I am talking about. Is this problem to hard? } if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i",$product_name)||!mail($product_name)) $error = "Invalid email"; else {

Good for them, get over it, you don't get it.

People are displaying their personal address and pictures of their house. How much more private information can they steal that they are not voluntarily listing for people to see. Like I said, I really don't care, if people want to hack such a small site more power to them. They won't be stealing anything that they can not already view on the site.

I appreciate your concern but I don't care. This is a seasonal web site with very few users and the HTML is fair secured so I really don't go because my server does hourly backups and if someone wanted to take a hack it have at it. It you want to make it hack proof then go for it. I don't have the time nor the knowledge to learn about it right now.

That was not the problem but nice try. Also I have no idea what XSS is nor do I care. This is a hobby site that will have probably no more then 20 users so if someone wants to hack it go for. They have no life to attack such a small fish in the sea.

On my registration form I use preg match so people can not just enter random text to register, they have to enter in a email format. For example if you just entered "This is my email" it will reject it and show and error. The only problem is it doesn't show any error. It will reject it and it works like it is suppose to but it doesn't show the user that it is an invalid email like it is suppose to. All the other errors on the page works and I get no errors that nothing is wrong. Everything works like it is suppose to with the exception the error "Invalid Email" doesn't show when it rejects a non email format. The code for the preg match is right above the query <?php // here, we check if the form has been submitted, because we need to handle // redirection before we handle outputting the HTML stuff. if (isset($_POST['submit'])) { if (empty($_POST['email'])) { $error = 'Please fill in email field.'; } if (empty($_POST['password'])) { $error = 'Please fill in desired password field.'; } } else { // MAKE CONNECTION include ('db_connect.php'); // connect to the mysql server $link = mysql_connect($host, $username, $password) or die ("Could not connect to mysql because ".mysql_error()); // select the database mysql_select_db($database) or die ("Could not select database because ".mysql_error()); $error = ""; $email = $_POST['email']; $pwd = $_POST['password']; // check if the email is taken (safe query): $query = sprintf("SELECT `email` FROM `users` WHERE `email` = '%s'", mysql_real_escape_string($_POST['email'])); $qry = mysql_query($query) or die ("Could not match data because ".mysql_error()); $num_rows = mysql_num_rows($qry); if ($num_rows < 1) { // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON. if(get_magic_quotes_gpc()) { $product_name = stripslashes($_POST['email']); $product_description = stripslashes($_POST['password']); } else { $product_name = $_POST['email']; $product_description = $_POST['password']; } if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i",$product_name)||!mail($product_name)) $error = "Invalid email"; else { // Make a safe query $query = sprintf("INSERT INTO users (`email`, `password`) VALUES ('%s', '%s')", mysql_real_escape_string($email, $link), mysql_real_escape_string($password, $link)); $result = mysql_query($query, $link); // If there is no result, or there was not at least 1 row affected, die... if(!$result || mysql_affected_rows() < 1) { $error = 'Could not insert user because ' . mysql_error(); } else { // redirect them to the user account page, because we successfully ran the SQL // notice how we haven't output ANYTHING to the browser yet- header() works header('Location: user.php'); exit(); } } } else { $error = 'That email is already in use, please select a different one.'; } } // If they've posted but there was an error, kindly show their email address for them again. if(isset($_POST['email'])) $email = $_POST['email']; else $email = ''; ?> -Thanks

I understand what you are saying but when you update the email field your session will still be registered by the email field regardless if you change the email or not. Once you navigate to another part of the User CP it will break session and ask for you to login again because you have redefined the variable for the session.

I have never used those marks on any of my other UPDATE queries and they work. I tried the above suggestion and still doesn't work.

What are backtick marks and what do you mean I blindly set $update?

You said "will produce MySQL syntax error" I don't get any syntax error and I have even seen it recommend many times and it works for me like a dream with no problems. Here is one example where I use them and I have no problems mysql_query("UPDATE users SET displayname = '$displayname', displaytype = '$displaytype', description = '$description', address = '$address', address2 = '$address2', city = '$city', state = '$state', postal = '$postal', country = '$country', website = '$website' WHERE email='$email'");

I understand that perfectly, that is exactly what I already said. Yes you can use commas between values, I do it all the time with no problem.

Ok I reworked the code and this is the errors I am getting. Notice: Undefined index: displayname in /home/mesquit1/public_html/local/submit.php on line 54 Notice: Undefined index: displaytype in /home/mesquit1/public_html/local/submit.php on line 55 Notice: Undefined index: description in /home/mesquit1/public_html/local/submit.php on line 56 Notice: Undefined index: address in /home/mesquit1/public_html/local/submit.php on line 57 Notice: Undefined index: address2 in /home/mesquit1/public_html/local/submit.php on line 58 Notice: Undefined index: city in /home/mesquit1/public_html/local/submit.php on line 59 Notice: Undefined index: state in /home/mesquit1/public_html/local/submit.php on line 60 Notice: Undefined index: postal in /home/mesquit1/public_html/local/submit.php on line 61 Notice: Undefined index: country in /home/mesquit1/public_html/local/submit.php on line 62 Notice: Undefined index: website in /home/mesquit1/public_html/local/submit.php on line 63 Notice: Undefined index: image in /home/mesquit1/public_html/local/submit.php on line 65 Notice: Undefined index: image in /home/mesquit1/public_html/local/submit.php on line 66 File was not uploaded Here is the code for the entire file. <?php ini_set('error_reporting', E_ALL); // here, we check if the form has been submitted, because we need to handle // redirection before we handle outputting the HTML stuff. if (isset($_POST['submit'])) { if (empty($_POST['displayname'])) { $error = 'Please enter a name for your display.'; } if (empty($_POST['displaytype'])) { $error = 'Please select a display type.'; } if (empty($_POST['description'])) { $error = 'Please include a brief description about your display.'; } if (empty($_POST['address'])) { $error = 'Please enter your display address.'; } if (empty($_POST['city'])) { $error = 'Please enter your city.'; } if (empty($_POST['state'])) { $error = 'Please enter your state.'; } if (empty($_POST['postal'])) { $error = 'Please enter your zipcode.'; } if (empty($_POST['country'])) { $error = 'Please enter your country.'; } if (empty($_POST['image'])) { $error = 'Please upload an picture of your display.'; } } else { // MAKE CONNECTION include ('db_connect.php'); $displayname = $_POST['displayname']; $displaytype = $_POST['displaytype']; $description = $_POST['description']; $address = $_POST['address']; $address2 = $_POST['address2']; $city = $_POST['city']; $state = $_POST['state']; $postal = $_POST['postal']; $country = $_POST['country']; $website = $_POST['website']; $file=$_FILES['image']['tmp_name']; // its an image, get its temp name $type = $_FILES['image']['type']; if(is_uploaded_file($file)) // make sure the file is uploaded before we proceed { if($type == 'image/gif' || $type == 'image/jpeg') // check and see if the file type is an image { $image_name=$_FILES['image']['name']; // get image name $uploaddir='/local/submitted/'; // set the path to the image dir $uploaddir.=$image_name; // set upload path including the filename } else { // set error message because file was not an image $error='The file you have attempted to upload is not an image. For security reasons, only images are allowed'; } if(move_uploaded_file($_FILES['image']['tmp_name'], $uploaddir)) { // if file was moved into the directory $message.= 'Successfully uploaded file '.$image_name ; } else { // set error message saying that file was not uploaded $error='There was a problem uploading the file'; } $query = "INSERT INTO users (displayname, displaytype, description, address, address2, city, state, postal, country, website, image_path) VALUES ('$displayname', '$displaytype', '$description', '$address', '$address2', '$city', '$state', '$postal', '$country', '$website', '$image_name')"; // setup our query echo $query.'<br>'.$message; $result=mysql_query($query) or die(mysql_error()); // run our query // set our message to say it was successful $message='Successfully added info to database'; header('Location: user.php'); exit(); } else { echo 'File was not uploaded'; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" /> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="description" content="Mesquite Texas Country Christmas" /> <meta name="keywords" content="Mesquite, Texas, Country Christmas" /> <meta name="author" content="NA" /> <link rel="stylesheet" type="text/css" href="/stylesheet.css" media="screen" title="FBC" /> <script type="text/javascript" src="drop_down.js"></script> <title>A Mesquite Country Christmas</title> </head> <body> <div id="wrap"> <a href="/index.html"> <img id="frontphoto" src="/images/header.png" width="760" height="237" alt="Mesquite Country Christmas" border="0"></a> <div id="menu"> <h2 class="hide">Menu:</h2> <ul id="avmenu"> <li><a href="/index.html">Home</a></li> <li><a href="/christmasstory.html">The Christmas Story</a></li> <li><a href="/directions.html">Directions</a></li> <li><a href="#">Information</a><ul> <li><a href="/information.html">Display Facts & Info</a></li> <li><a href="/faq.html">FAQ</a></li> <li><a href="/playlist.html">2008 Playlist</a></li> <li><a href="#">Christmas History</a></li> </ul></li> <li><a href="#">Photos</a> <ul> <li><a href="/2007photos.html">2007</a></li> </ul></li> <li><a href="#">Videos</a> <ul> <li><a href="/2007videos.html">2007</a></li> </ul></li> <li><a href="/guestbook.php">Guestbook</a></li> <li><a href="/webcam.html">Web Cam</a></li> <li><a href="/webradio.html">Internet Radio</a></li> <li><a href="http://www.noradsanta.org/" TARGET="_blank">Track Santa</a></li> <li><a href="/projects.html">Projects & How Tos</a></li> <li><a href="/links.html">Links</a></li> <li><a href="/contact_us.html">Contact Us</a></li> </ul> <center><a href="http://www.toysfortots.org/" TARGET="_blank"><img src="/images/toys_for_tots.jpg" border="0" width="110" height="153" vspace="10"></a></center> <center><a href="http://christmas.bronners.com/2007/house/534.html"><img src="http://christmas.bronners.com/voteforme/vote.jpg" border="0" width="110" height="153" alt="christmas decorations" vspace="10"></a></center> </div> <div id="content"> <div class="fadebox"> <h2> Submit your Lights</h2> <hr /> <p><img src="/images/christmas-lights.jpg" width="153" height="208" alt="Submit Lights" align="left" border="0" hspace="10"> Thank you for submitting your home to the Mesquites Country Christmas display finder database. There are some things you should know before submitting to make your experience a pleasant one.</p><p>First of all, we do not release your personal information to anyone for any reason. The only exception to this, obviously, is the address of the display, the website (if it has one), and a picture of the display.</p><p>Secondly, please have a picture available to use for your display. You won't be able to submit your display without one. When submitting a picture, please make sure that the file is less than one megabyte (1 Meg or 1024k), and if possible, resize it to 640x480. Please also be sure your picture is in JPG format.</p><p>Your display will not immediately be entered into the Christmas Light Finder database. We will first have to approve your submission. This is so that those unscrupulous folks out there can't submit unacceptable pictures (not family friendly). Please allow up to 48 hours to be included into the database, though, the time before insertion is usually much shorter than that.</p> </div> <div class="fadebox"> <h2> Ready to submit? Fill out the form below:</h2> <hr /> <br /> <form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table> <tr> <td>Display Name*</td><td><input name="displayname" size="40" type="text"></td></tr> <tr> <td>Display Type*</td><td><select name="displaytype"><option value="Residential">Residential</option><option value="Neighborhood">Neighborhood</option><option value="Commercial">Commercial</option><option value="City/Government">City/Government</option><option value="Sponsored">Sponsored</option></select></td></tr> <tr><td>Description*</td><td><textarea name="description" cols="30" rows="5"></textarea></td></tr> <tr><td>Address*</td><td><input name="address" size="40" type="text"></td></tr><tr><td>Address 2</td><td><input name="address2" size="40" type="text"></td></tr> <tr><td>City*</td><td><input name="city" size="30" type="text" value="Mesquite"></td></tr> <tr><td>State/Province*</td><td><input name="state" size="30" type="text" value="Texas"></td></tr> <tr><td>Postal Code*</td><td><select name="postal"><option value="75149">75149</option><option value="75150">75150</option><option value="75180">75180</option><option value="75181">75181</option><option value="75185">75185</option><option value="75187">75187</option></select></td></tr> <tr><td>Country*</td><td><input name="country" size="30" type="text" value="United States"></td></tr> <tr><td>Website</td><td><input name="website" size="50" value="http://" type="text"></td></tr> <tr><td>Picture*</td><td><input type="file" name="image" id="image" size="35"></td></tr> <tr> <td colspan="2" align="right" class="errorText"> <?PHP // then we check for the error message if (isset($error)) { echo $error . '<br />'; } ?> </td> </tr> <tr> <td colspan="2" style="border-top: 1px solid black;"> </td> </tr> <tr> <td align="left"> * Fields are required.</td> <td align="right"> <input name="submitted" value="Submit Now" type="submit"></td></tr> </tbody></table></form> </div> </div> <div id="footer"> © 2007 Mesquite Country Christmas <br /> <br /> <script type="text/javascript"><!-- google_ad_client = "pub-8048181801684156"; //468x60, created 1/8/08 google_ad_slot = "0360766123"; google_ad_width = 468; google_ad_height = 60; //--></script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> </div> </div> </body> </html> -Thanks

It is possible if they have a column ID in the DB that is auto-increment and they want to select from those certain rows.

Yes you would do it just like that mysql_query("SELECT * FROM table WHERE id='1', id='2', id='3', id='4', id='5'");