Hello guys, i am new to php and i am trying to make a registration and login form work but i have been unsucessful so far...the form does not insert the records into the database hence, i cant register a new user or an existing user cant login....i manually inserted some records in my database and tried to login with that but no luck.
This is the code for the form
<?php
include("functions.php"); #7
?>
<head><title>Customer Login Page</title>
<style type='text/css'>
<!--
label {
font-weight: bold;
float: left;
width: 27%;
margin-right: .5em;
text-align: right;
}
legend {
font-weight: bold;
font-size: 1.2em;
margin-bottom: .5em;
}
#wrapper {
margin: 0;
padding: 0;
}
#login {
position: absolute;
left: 0;
width: 40%;
padding: 1em 0;
}
#reg {
position: absolute;
left: 40%;
width: 60%;
padding: 1em 0;
}
#field {padding-bottom: .5em;}
.errors {
font-weight: bold;
font-style: italic;
font-size: 90%;
color: red;
margin-top: 0;
}
-->
</style>
</head>
<body style="margin: 0">
<?php #52
$fields_1 = array("fusername" => "User Name", #53
"fpassword" => "Password"
);
$fields_2 = array("user_name" => "User Name", #56
"password" => "Password",
"email" => "Email",
"first_name" => "First Name",
"last_name" => "Last Name",
"street" => "Street",
"city" => "City",
"state" => "State",
"zip" => "Zip",
"phone" => "Phone",
"fax" => "Fax"
); #67
?>
<div id="wrapper">
<div id="login">
<form action=<?php echo $_SERVER['PHP_SELF']?>
method="POST">
<fieldset style='border: 2px solid #000000'>
<legend>Login Form</legend>
<?php #75
if (isset($message_1)) #76
{
echo "<p class='errors'>$message_1</p>\n";
}
foreach($fields_1 as $field => $value) #80
{
if(preg_match("/pass/i",$field))
$type = "password";
else
$type = "text";
echo "<div id='field'>
<label for='$field'>$value</label>
<input id='$field' name='$field' type='$type'
value='".@$$field."' size='20' maxlength='50' />
</div>\n";
} #91
?>
<input type="submit" name="Button"
style='margin-left: 45%; margin-bottom: .5em'
value="Login" />
</fieldset>
</form>
<h3 style='text-align: center; margin: 1em'>
If you already have an account, log in.</h3>
<h3 style='text-align: center; margin: 1em'>
If you do not have an account, register now.</h3>
</div>
<div id="reg">
<form action=<?php echo $_SERVER['PHP_SELF']?>
method="POST">
<fieldset style='border: 2px solid #000000'>
<legend>Registration Form</legend>
<?php #108
if(isset($message_2)) #109
{
echo "<p class='errors'>$message_2</p>\n";
}
foreach($fields_2 as $field => $value) #113
{
if($field == "state") #115
{
echo "<div id='field'>
<label for='$field'>$value</label>
<select name='state' id='state'>";
$stateName=getStateName();
$stateCode=getStateCode();
for ($n=1;$n<=50;$n++)
{
$state=$stateName[$n];
$scode=$stateCode[$n];
echo "<option value='$scode'";
if ($scode== "AL")
echo " selected";
echo " >$state</option>\n";
}
echo "</select></div>";
}
else #133
{
if(preg_match("/pass/i",$field))
$type = "password";
else
$type = "text";
echo "<div id='field'>
<label for='$field'>$value</label>
<input id='$field' name='$field' type='$type'
value='".@$$field."' size='40' maxlength='65' />
</div>\n";
} //end else
} // end foreach field #145
?>
<input type="submit" name="Button"
style='margin-left: 45%; margin-bottom: .5em'
value="Register">
</fieldset>
</form>
</div>
</div>
</body></html>
Thi is the script which processes the form
<?php
session_start(); #9
switch (@$_POST['Button']) #10
{
case "Login": #12
include("database.php"); #13
$cxn = mysqli_connect($host,$user,$passwd,$dbname)
or die("Query died: connect"); #15
$sql = "SELECT user_name FROM Customer
WHERE user_name='$_POST[fusername]'";
$result = mysqli_query($cxn,$sql)
or die("Query died: fuser_name");
$num = mysqli_num_rows($result); #20
if($num > 0) #21
{
$sql = "SELECT user_name FROM Customer
WHERE user_name='$_POST[fusername]'
AND password=md5('$_POST[fpassword]')";
$result2 = mysqli_query($cxn,$sql)
or die("Query died: fpassword"); #27
$num2 = mysqli_num_rows($result2); #28
if($num2 > 0) //password matches #29
{
$_SESSION['auth']="yes"; #31
$_SESSION['logname'] = $_POST['fusername']; #32
header("Location: SecretPage.php"); #33
}
else // password does not match #35
{
$message_1="The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.";
$fusername = strip_tags(trim($_POST[fusername]));
include("form_login_reg.php");
} #42
} // end if $num > 0 #43
elseif($num == 0) // login name not found #44
{
$message_1 = "The User Name you entered does not
exist! Please try again.";
include("form_login_reg.php");
}
break; #50
case "Register": #52
/* Check for blanks */
foreach($_POST as $field => $value) #54
{
if ($field != "fax") #56
{
if ($value == "")
{
$blanks[] = $field;
}
else
{
$good_data[$field] = strip_tags(trim($value));
}
}
} // end foreach POST #67
if(isset($blanks)) #68
{
$message_2 = "The following fields are blank.
Please enter the required information: ";
foreach($blanks as $value)
{
$message_2 .="$value, ";
}
extract($good_data); #76
include("form_login_reg.php");
exit(); #78
} // end if blanks found #79
/* validate data */
foreach($_POST as $field => $value) #81
{
if(!empty($value)) #83
{
if(preg_match("/name/i",$field) and
!preg_match("/user/i",$field) and
!preg_match("/log/i",$field))
{
if (!preg_match("/^[A-Za-z' -]{1,50}$/",$value))
{
$errors[] = "$value is not a valid name. ";
}
}
if(preg_match("/street/i",$field) or
preg_match("/addr/i",$field) or
preg_match("/city/i",$field))
{
if(!preg_match("/^[A-Za-z0-9.,' -]{1,50}$/",
$value))
{
$errors[] = "$value is not a valid address
or city. ";
}
}
if(preg_match("/state/i",$field))
{
if(!preg_match("/^[A-Z][A-Z]$/",$value))
{
$errors[] = "$value is not a valid state
code. ";
}
}
if(preg_match("/email/i",$field))
{
if(!preg_match("/^.+@.+\\..+$/",$value))
{
$errors[] = "$value is not a valid email
address. ";
}
}
if(preg_match("/zip/i",$field))
{
if(!preg_match("/^[0-9]{5,5}(\-[0-9]{4,4})?$/",
$value))
{
$errors[] = "$value is not a valid zipcode. ";
}
}
if(preg_match("/phone/i",$field) or
preg_match("/fax/i",$field))
{
if(!preg_match("/^[0-9)(xX -]{7,20}$/",$value))
{
$errors[] = "$value is not a valid phone
number. ";
}
}
} // end if not empty #138
} // end foreach POST
foreach($_POST as $field => $value) #140
{
$$field = strip_tags(trim($value));
}
if(@is_array($errors)) #144
{
$message_2 = "";
foreach($errors as $value)
{
$message_2 .= $value." Please try again<br />";
}
include("form_login_reg.php");
exit();
} // end if errors are found #153
/* check to see if user name already exists */
include("database.php"); #156
$cxn = mysqli_connect($host,$user,$passwd,$dbname)
or die("Couldn't connect to server");
$sql = "SELECT user_name FROM Customer
WHERE user_name='$user_name'"; #160
$result = mysqli_query($cxn,$sql)
or die("Query died: user_name.");
$num = mysqli_num_rows($result); #163
if($num > 0) #164
{
$message_2 = "$user_name already used. Select another
User Name.";
include("form_login_reg.php");
exit();
} // end if user name already exists
else #171
{
// $today = date("Y-m-d"); #173
$sql = "INSERT INTO Customer (user_name,
password,first_name,last_name,street,city,
state,zip,phone,fax,email) VALUES
('$user_name',md5('$password'),
'$first_name', '$last_name','$street','$city',
'$state','$zip','$phone','$fax','$email')";
mysqli_query($cxn,$sql); #180
$_SESSION['auth']="yes"; #181
$_SESSION['logname'] = $user_name; #182
/* send email to new Customer */
$emess = "You have successfully registered. ";
$emess .= "Your new user name and password are: ";
$emess .= "\n\n\t$user_name\n\t";
$emess .= "$password\n\n";
$emess .= "We appreciate your interest. \n\n";
$emess .= "If you have any questions or problems,";
$emess .= " email service@ourstore.com"; #190
$subj = "Your new customer registration"; #191
#$mailsend=mail("$email","$subj","$emess"); #192
header("Location: SecretPage.php"); #193
} // end else no errors found
break; #195
default: #197
include("form_login_reg.php");
} // end switch
?>