Jump to content

[SOLVED] Registration Script Problem

eRott

By eRott
in PHP Coding Help

Recommended Posts

eRott Member

eRott

Posted
Posted

Okay, I am working on a user registration/login/authenticating system and there seems to be a problem with the registration process. I have gone over the code many times and I cannot spot any problems. I have posted the relevant parts of the code below. Any help would be appreciated. Thanks and take care.

 

init.php

<?php

// Start the session
session_start();

// MySQL Settings
$db_host = 'localhost';
$db_user = 'USERNAME';
$db_pass = 'PASSWORD';
$db_database = 'DATABASE';

// Connect to the database
mysql_connect ($db_host, $db_user, $db_pass) or die ('Could not connect to the database.');
mysql_selectdb ($db_database) or die ('Could not select database.');

// Seed the random number generator
srand();

// Include functions
include 'functions.php';

?>

 

functions.php

<?php

function generateSalt()
{
// Declare $salt
$salt = '';

// And create it with random chars
for ($i = 0; $i < 3; $i++)
{
	$salt .= chr(rand(35, 126));
}

return $salt;
}

function userRegister($first_name, $last_name, $email, $username, $password)
{
// Get a salt using our function
$salt = generateSalt();

// Now encrypt the password using that salt
$encrypted = md5(md5($password).$salt);

// grab todays date in a unix time stamp
$join_date = time();

// define default user group upon register :: 1 = admin :: 2 = normal
$group = "2";

// And lastly, store the information in the database
$query = "INSERT INTO users (first_name, last_name, email, username, password, salt, group, join_date) VALUES ('$first_name', '$last_name', '$email', '$username', '$encrypted', '$salt', '$group', '$join_date')";
mysql_query($query) or die (mysql_error());
}

// Checks if the field value contains only alpha-numeric values
function alpha_numeric($str)
{
return ( ! preg_match("/^([-a-zA-Z0-9])+$/i", $str)) ? FALSE : TRUE;
}

// Checks if the field value contains only alphabetical values
function only_alpha($str)
{
return ( ! preg_match("/^([a-zA-Z])+$/i", $str)) ? FALSE : TRUE;
}

// Checks if the email provided from the form is a valid email address
function valid_email($str)
{
return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
}

?>

 

register_form.inc.php

<?php if (isset($reg_error)) { ?>
There was an error: <?php echo $reg_error; ?>, please try again.
<?php } ?>
<form action="register.php" method="post">

<b>First Name:</b><br />
<input name="first_name" type="text" class="input" maxlength="30" <?php if (isset($_POST['first_name'])) { echo 'value="'.$_POST['first_name'].'"'; } ?> /><br /><br />

<b>Last Name:</b><br />
<input name="last_name" type="text" class="input" maxlength="30" <?php if (isset($_POST['last_name'])) { echo 'value="'.$_POST['last_name'].'"'; } ?> /><br /><br />

<b>Email Address:</b><br />
<input name="email" type="text" class="input" maxlength="50" <?php if (isset($_POST['email'])) { echo 'value="'.$_POST['email'].'"'; } ?> /><br /><br />

<b>Username:</b><br />
<input name="username" type="text" class="input" maxlength="8" <?php if (isset($_POST['username'])) { echo 'value="'.$_POST['username'].'"'; } ?> /><br /><br />

<b>Password:</b><br />
<input name="password" type="password" class="input" maxlength="10" /><br /><br />

<b>Confirm Password:</b><br />
<input name="confirmpass" type="password" class="input" maxlength="10" /><br /><br />

<input type="submit" name="submit" value="Register" />
</form>

 

register.php

<?php

// Include init file
include 'init.php';

if (!isset($_POST['submit']))
{
// Show the form
include 'register_form.inc.php';
exit;
}
else
{
// Check if any of the fields are missing
if (empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['email']) || empty($_POST['username']) || empty($_POST['password']) || empty($_POST['confirmpass']))
{
	// Reshow the form with an error
	$reg_error = 'One or more fields are missing';
	include 'register_form.inc.php';
	exit;
}

// Check if any of the fields contain invalid characters
if (only_alpha($_POST['first_name'])==FALSE || only_alpha($_POST['last_name'])==FALSE || alpha_numeric($_POST['username'])==FALSE)
{
	// Reshow the form with an error
	$reg_error = 'One ore more fields contain invalid characters';
	include 'register_form.inc.php';
	exit;
}

// Check if the passwords match
if ($_POST['password'] != $_POST['confirmpass'])
{
	// Reshow the form with an error
	$reg_error = 'Your passwords do not match';
	include 'register_form.inc.php';
	exit;
}

// Check if the provided email address is valid
if (valid_email($_POST['email'])==FALSE)
{
	// Reshow the form with an error
	$reg_error = 'Your email address is invalid';
	include 'register_form.inc.php';
	exit;
}

// Everything is ok, register
userRegister($_POST['first_name'], $_POST['last_name'], $_POST['email'], $_POST['username'], $_POST['password']);
echo 'Success! Thank you for registering on our site. <meta http-equiv="refresh" content="0;url=index.php" />';
}

?>

Link to comment
https://forums.phpfreaks.com/topic/100252-solved-registration-script-problem/
Share on other sites
eRott Member

eRott

Posted
  • Author
Posted

Oh sorry, forgot to post the error.

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group, join_date) VALUES ('John', 'Doe', '[email protected]', 'johnnyd', 'cb8db8999f2' at line 1

 

I believe it has something to do with the password and salt but I do not see any problems.

eRott Member

eRott

Posted
  • Author
Posted

Thank you for the tip. I never think to echo out the results before the query.

 

INSERT INTO users (first_name, last_name, email, username, password, salt, group, join_date) VALUES ('John', 'Doe', '[email protected]', 'johnnyd', 'e8465dc1ba6f8bfd0c3fd7592f5f1911', 's0;', '2', '1207705981')

 

The problem is definitely with the salt generator. It uses characters between 35 and 126 of the ASCII table, and in between those characters are some invalid ones such as [;] or [/] which I never really thought of before this. So instead I just chose to use the characters a-Z, 0-9, and A-B in the ASCII table. As a result, it outputs salts like: [9Fg4Zp].

 

<?php

function generateSalt()
{
// Declare $salt
$salt = '';

// And create it with random chars
for ($i = 0; $i < 2; $i++)
{
$salt .= chr(rand(48, 57)) . chr(rand(65, 90)) . chr(rand(97, 122));
}

return $salt;
}

?>

 

Thanks for the help.

Take care.

eRott Member

eRott

Posted
  • Author
Posted

New problem now. For some reason, my query gives me an error and yet I see absolutely nothing wrong with it. Now I am truly confused. Any ideas?

 

echo before query

INSERT INTO users (first_name, last_name, email, username, password, salt, group, join_date) VALUES ('John', 'Doe', '[email protected]', 'johnnyd', 'ed65b73054d128ee3a2bde75f2adb62a', '7Tq5Dm', '2', '1207708945')

 

echo after query

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group, join_date) VALUES ('John', 'Doe', '[email protected]', 'johnnyd', 'ed65b73054d' at line 1

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.