jeicrash Posted May 11, 2008 Share Posted May 11, 2008 I am still trying to sort php out, I have learned how to do some neat stuff but I am completely stuck on this problem. php version: 5.2.5 Mysql version: 5.0.45-community-log Apache version: 2.2.8 hosting co.: bluehost.com domain: http://sandbox.jeicrash.net When I fill out the reg form I click the "submit" button and it takes me back to the form with no errors. I am using PHP_SELF for submitting the form and including another script with functions. I have commented out some of the lines to make the code a bit smaller and to try to remove any extras for testing. I have tried opening the files in aptana and dreamweaver to check for errors. register.php (http://sandbox.jeicrash.net/register.php) <?php require_once('includes/register_func.inc.php'); $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $username = $_POST['username']; $email = $_POST['email']; if ($submit == 'Mail confirmation') { $feedback = user_register(); //Give feedback reguardless $feedback_str = "<P class=\"errormess\">$feedback</P>"; } else { //show form for the first time $feedback_str = ''; } //The form //include_once('includes/header_footer.php'); //site_header('Registration'); //superglobals don't work with heredoc $php_self = $_SERVER['PHP_SELF']; $reg_str = <<< EOREGSTR <Table cellpadding=0 cellspacing=0 border=0 align=center width=621> <tr> <td rowspan=10><img width=15 height=1 src="../images/spacer.gif"></td> <td width=606></td> </tr> <tr> <td> $feedback_str <P classh="left"><B>REGISTER</B><br> Fill this shit out so we will send you an email with stuff in it</p> <form action="$php_self" method="post"> <p class="bold">First Name<br> <input type="text" name="first_name" value="$first_name" size="20" maxlength="25"></p> <p class="bold">Last Name<br> <input type="text" name="last_name" value="$last_name" size="20" maxlength="25"></p> <p class="bold">Username<br> <input type="text" name="username" value="$username" size="10" maxlength="25"></p> <p classh="bold">Password<br> <input type="password" name="password1" value="" size="10" maxlength="25"></p> <p class="left"><b>Password</b>(again)<br> <input type="password" name="password2" value="" size="10" maxlength="25"></p> <p class="left"><b>Email</b> (Required for confirmation)<br> <input type="text" name="email" value="$email" size="30" maxlength="50"> </p> <p><input type="SUBMIT" name="submit" value="Mail Confirmation"> </p> </form> </td> </tr> </table> EOREGSTR; echo $reg_str; //site_footer(); ?> register_func.inc.php (http://sandbox.jeicrash.net/includes/register_func.inc.php) <?php include_once('db_vars.inc.php'); //Connect to mysql server $link = mysql_connect("$db_host","$db_user","$db_secret"); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db("$db_selected"); if(!$db) { die("Unable to select database"); } //$supersecret_hash_padding = 'midgets rule the world with monkeys on stilts.'; //global $supersecret_hash_padding; if (strlen($_POST['username']) <= 25 && strlen($_POST['password1']) <= 25 && ($_POST['password1'] == $_POST['password2']) && strlen($_POST['email']) <= 50 && validate_email($_POST['email'])) { //validate username and password if (account_namevalid($_POST['username']) || strlen($_POST['password1'] >= 6)) { $username = strtolower($_POST['username']); $username = trim($username); //don't need to escape, because single quotes //aren't allowed $email = $_POST['email']; //Don't allow duplicate users or emails $query = "SELECT user_id FROM users WHERE username = '$username' AND email = '$email'"; $result = mysql_query($query); if ($result && mysql_num_rows($result) > 0) { $feedback = 'ERROR -- Username or email already exists, Please choose another'; return $feedback; } else { $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $password = md5($_POST['password1']); $user_ip = $_SERVER['REMOTE_ADDR']; //create a new hash to insert into the db and //the confirmation email $hash = md5($email); $query = "INSERT INTO users (username, first_name, last_name, password, email, remote_addr, confirm_hash, is_confirmed, date_created) VALUES ('$username', '$first_name', '$last_name', '$password', '$email', '$user_ip', '$hash', '0', NOW())"; $result = mysql_query($query); if (!$result) { $feedback = 'ERROR -- Database error'; return $feedback; } else { //send confirmation emaiml $encoded_mail = urlencode($_POST['email']); $mail_body = <<< EOMAILBODY Thank you for registering at sandbox.jeicrash.net. Click the link below to confirm registration: http://sandbox.jeicrash.net/confirm.php?hash=$hash&email=$encoded_email Once you confirm you will be logged into sandbox.jeicrash.net EOMAILBODY; mail ($email, 'Sandbox.jeicrash.net confirmation', $mail_body, 'From: webmaster@jeicrash.net'); // Successful reg message $feedback = 'You have successfully registered. Your confirmation email will arrive in your inbox soon'; return $feedback; } } } else { $feedback = 'ERROR -- Username or password is invalid'; return $feedback; } } else { $feedback = 'ERROR -- Please fill in all fields correctly'; return $feedback; } function account_namevalid() { // parameter for use with strspan $span_str = "abcdefghijklmnopqrstuvwxyz" . "ABCDEFGHIJKLMNOPQRSTUVWXYZ012345689-"; //must have at least one character if (strspn($_POST['username'],$span_str) == 0) { return false; } //must contain all legal characters if (strspn($_POST['username'],$span_str) != strlen($username)) { return false; } //min and max length if (strlen($_POST['username']) < 5) { return false; } if (strlen($_POST['username']) > 25) { return false; } //illegal names if (eregi("^((root)|(bin)|(daemon)|(adm)|(lp)|(sync)|(shutdown)|(halt)|(mail)|(news)|(uucp)|(operator)|(games)|(mysql)|(httpd)|(nobody)|(dummy)|(www)|(cvs)|(shell)|(ftp)|(irc)|(debian)|(ns)|(download))$", $_POST['username'])) { return false; } if (eregi("^(anoncvs_)", $_POST['username'])) { return false; } return true; } function validate_email () { return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $_POST['email'])); } function user_confirm() { //global $supersecret_hash_padding; //verify they didn't tamper with the email address $new_hash = md5($_GET['email']); if ($new_hash && ($new_hash == $_GET['hash'])) { $query = "SELECT username FROM users WHERE confirm_hash = $new_hash'"; $result = mysql_query($query); if (!$result || mysql_num_rows($result) < 1) { $feedback = 'ERROR -- Hash not found'; return $feedback; } else { //Confirm email and set account active $email = $_GET['email']; $hash = $_GET['hash']; $query = "UPDATE users SET email='$email', is_confirmed='1' WHERE confirm_hash='$hash'"; $result = mysql_query($query); return 1; } } else { $feedback = 'ERROR -- Values do not match'; return $feedback; } } ?> I took the code right out of php5 and mysql bible, I have went line for line from the book and checking myself for errors as well. I am sure its something simple like a missing comma or mistyped word. But I don't have a fresh pair of eyes here. Thanks again. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 11, 2008 Share Posted May 11, 2008 Try getting php to tell you what the problem is. Add the following two lines after the first opening <?php tag - ini_set ("display_errors", "1"); error_reporting(E_ALL); Quote Link to comment Share on other sites More sharing options...
AndyB Posted May 11, 2008 Share Posted May 11, 2008 Straight out of a php5 book? Really?? if ($submit == 'Mail confirmation') { Surely that should be if ($_POST['submit'] ... And since the form method is post, where do all those $_GET variables come from? Quote Link to comment Share on other sites More sharing options...
jeicrash Posted May 11, 2008 Author Share Posted May 11, 2008 Ok I added ini_set ("display_errors", "1"); error_reporting(E_ALL); to register.php and this is what I got, after filling out the form. Before I filled it out I got errors on all the unset variables in the script. Notice: Undefined variable: username in /home/jeicrash/public_html/sandbox/includes/register_func.inc.php on line 80 Notice: Undefined variable: submit in /home/jeicrash/public_html/sandbox/register.php on line 9 Line 79-81 read: //must contain all legal characters if (strspn($_POST['username'],$span_str) != strlen($username)) { return false; } Straight out of a php5 book? Really?? if ($submit == 'Mail confirmation') { Surely that should be if ($_POST['submit'] ... And since the form method is post, where do all those $_GET variables come from? Yes as I said above the book is "php5 and mysql bible" by Tim Converse and Joyce Park. Chapter 44. I was asking myself where and why all the GET variables. I have also changed the value of submit from "Mail confirmation" to "submit" with no change. Thanks again. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 11, 2008 Share Posted May 11, 2008 first, remove those error reporting lines you added. then change all $_GET to $_POST. see what happens and let us know. Quote Link to comment Share on other sites More sharing options...
jeicrash Posted May 11, 2008 Author Share Posted May 11, 2008 Backed up register_func.inc.php and changed all _GET to _POST, no change. Commented out the //ini_set ("display_errors", "1"); //error_reporting(E_ALL); still no change. Later I'm going to check for more typos. I'll keep checking back. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 11, 2008 Share Posted May 11, 2008 okay, post the latest code when you're done. i highly recommend you check all mysql_query()'s for errors via addition of or die(mysql_error()): $result = mysql_query($query) or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 11, 2008 Share Posted May 11, 2008 The point of adding the error reporting was to get php to help point out why the code is not seeing that the form has been submitted - Notice: Undefined variable: submit in /home/jeicrash/public_html/sandbox/register.php on line 9 The code is dependent on register globals being on (which is why AndyB pointed out that the line of code should be using $_POST['submit'].) Please read error messages, they provide important information about what is or is not going on. Quote Link to comment Share on other sites More sharing options...
AndyB Posted May 11, 2008 Share Posted May 11, 2008 The code is dependent on register globals being on ... Which meant it was extremely unlikely the code came from a php5 book. If it did, ask for your money back! Quote Link to comment Share on other sites More sharing options...
jeicrash Posted May 11, 2008 Author Share Posted May 11, 2008 The book covers globals and states to keep them off, and they are. All the php books I have read this far talk about globals and how in 5 they are no longer on by default. All the information is being sent via the POST and not GET. Reading through this book I am finding other things that don't make since as well. Like saving include files as just .inc instead of .inc.php so the code can't be viewed by a browser. Regardless of the book ($1.00 pdf download). Is their anything in the pasted code, or an alternative I can use or do? I have a working reg form but it does not have any error checking or validation built in right now. And for some reason none of my login forms work. Here is the full errors from the page http://sandbox.jeicrash.net/register.php Notice: Undefined index: username in /home/jeicrash/public_html/sandbox/includes/register_func.inc.php on line 17 Notice: Undefined index: password1 in /home/jeicrash/public_html/sandbox/includes/register_func.inc.php on line 17 Notice: Undefined index: password1 in /home/jeicrash/public_html/sandbox/includes/register_func.inc.php on line 17 Notice: Undefined index: password2 in /home/jeicrash/public_html/sandbox/includes/register_func.inc.php on line 17 Notice: Undefined index: email in /home/jeicrash/public_html/sandbox/includes/register_func.inc.php on line 17 Notice: Undefined index: email in /home/jeicrash/public_html/sandbox/includes/register_func.inc.php on line 17 Notice: Undefined index: email in /home/jeicrash/public_html/sandbox/includes/register_func.inc.php on line 105 Notice: Undefined index: first_name in /home/jeicrash/public_html/sandbox/register.php on line 5 Notice: Undefined index: last_name in /home/jeicrash/public_html/sandbox/register.php on line 6 Notice: Undefined index: username in /home/jeicrash/public_html/sandbox/register.php on line 7 Notice: Undefined index: email in /home/jeicrash/public_html/sandbox/register.php on line 8 Notice: Undefined variable: submit in /home/jeicrash/public_html/sandbox/register.php on line 9 REGISTER Fill this out so we will send you an email with stuff in it These errors are simply due to the form having a <? $_POST['varname']; ?> in the value= field of the form. I am assuming submit is shown since it is not an actual variable however I may be wrong. I have looked back through the code and so far can not see any typos between them or the database. For example having 'ID' in the form but 'id' in the database. Perhaps I am overlooking something else. But the code I see is the exact to what I pasted above. and when I change if ($submit == 'submit') to if ($submit == $_POST['submit']) I get this extra error Fatal error: Call to undefined function user_register() in /home/jeicrash/public_html/sandbox/register.php on line 10 Quote Link to comment Share on other sites More sharing options...
jeicrash Posted May 11, 2008 Author Share Posted May 11, 2008 ok I miss-read . I changed if ($submit == 'submit') { to if ($_POST['submit'] == 'submit') { and if ($_POST['submit']) { and the error is now Notice: Undefined variable: username in /home/jeicrash/public_html/sandbox/includes/register_func.inc.php on line 80 Fatal error: Call to undefined function user_register() in /home/jeicrash/public_html/sandbox/register.php on line 12 I checked both register.php and the inc file and no user_register exists. except that one small part of code that read. $feedback = user_register(); I think i'm getting closer to finding out what is wrong. 1. This book is not laid out very well 2. code is left out 3. ini_set ("display_errors", "1"); error_reporting(E_ALL); Should be covered more in these books. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 11, 2008 Share Posted May 11, 2008 The point of adding the error reporting was to get php to help point out why the code is not seeing that the form has been submitted - Notice: Undefined variable: submit in /home/jeicrash/public_html/sandbox/register.php on line 9 The code is dependent on register globals being on (which is why AndyB pointed out that the line of code should be using $_POST['submit'].) Please read error messages, they provide important information about what is or is not going on. yes, but error reporting is already on. he ended up changing it from 'report just errors' to 'report every single thing, including notices', which isn't helping him solve his problem. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 11, 2008 Share Posted May 11, 2008 yes, you appear to be missing the function user_register. Quote Link to comment Share on other sites More sharing options...
jeicrash Posted May 11, 2008 Author Share Posted May 11, 2008 Ok, getting closer. Found out user_register existed, but for some reason did not have the function user_register anywhere. I put it in and now I have new errors. Fatal error: Call to undefined function validate_email() in /home/jeicrash/public_html/sandbox/includes/register_func.inc.php on line 19 New code: for register_func.inc.php <?php include_once('db_vars.inc.php'); //Connect to mysql server $link = mysql_connect("$db_host","$db_user","$db_secret"); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db("$db_selected"); if(!$db) { die("Unable to select database"); } //$supersecret_hash_padding = 'midgets rule the world with monkeys on stilts.'; //global $supersecret_hash_padding; function user_register() { if (strlen($_POST['username']) <= 25 && strlen($_POST['password1']) <= 25 && ($_POST['password1'] == $_POST['password2']) && strlen($_POST['email']) <= 50 && validate_email($_POST['email'])) { //validate username and password if (account_namevalid($_POST['username']) || strlen($_POST['password1'] >= 6)) { $username = strtolower($_POST['username']); $username = trim($username); //don't need to escape, because single quotes //aren't allowed $email = $_POST['email']; //Don't allow duplicate users or emails $query = "SELECT user_id FROM users WHERE username = '$username' AND email = '$email'"; $result = mysql_query($query); if ($result && mysql_num_rows($result) > 0) { $feedback = 'ERROR -- Username or email already exists, Please choose another'; return $feedback; } else { $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $password = md5($_POST['password1']); $user_ip = $_SERVER['REMOTE_ADDR']; //create a new hash to insert into the db and //the confirmation email $hash = md5($email); $query = "INSERT INTO users (username, first_name, last_name, password, email, remote_addr, confirm_hash, is_confirmed, date_created) VALUES ('$username', '$first_name', '$last_name', '$password', '$email', '$user_ip', '$hash', '0', NOW())"; $result = mysql_query($query); if (!$result) { $feedback = 'ERROR -- Database error'; return $feedback; } else { //send confirmation emaiml $encoded_mail = urlencode($_POST['email']); $mail_body = <<< EOMAILBODY Thank you for registering at sandbox.jeicrash.net. Click the link below to confirm registration: http://sandbox.jeicrash.net/confirm.php?hash=$hash&email=$encoded_email Once you confirm you will be logged into sandbox.jeicrash.net EOMAILBODY; mail ($email, 'Sandbox.jeicrash.net confirmation', $mail_body, 'From: webmaster@jeicrash.net'); // Successful reg message $feedback = 'You have successfully registered. Your confirmation email will arrive in your inbox soon'; return $feedback; } } } else { $feedback = 'ERROR -- Username or password is invalid'; return $feedback; } } else { $feedback = 'ERROR -- Please fill in all fields correctly'; return $feedback; } function account_namevalid() { // parameter for use with strspan $span_str = "abcdefghijklmnopqrstuvwxyz" . "ABCDEFGHIJKLMNOPQRSTUVWXYZ012345689-"; //must have at least one character if (strspn($_POST['username'],$span_str) == 0) { return false; } //must contain all legal characters if (strspn($_POST['username'],$span_str) != strlen($username)) { return false; } //min and max length if (strlen($_POST['username']) < 5) { return false; } if (strlen($_POST['username']) > 25) { return false; } //illegal names if (eregi("^((root)|(bin)|(daemon)|(adm)|(lp)|(sync)|(shutdown)|(halt)|(mail)|(news)|(uucp)|(operator)|(games)|(mysql)|(httpd)|(nobody)|(dummy)|(www)|(cvs)|(shell)|(ftp)|(irc)|(debian)|(ns)|(download))$", $_POST['username'])) { return false; } if (eregi("^(anoncvs_)", $_POST['username'])) { return false; } return true; } function validate_email() { return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $_POST['email'])); } function user_confirm() { //global $supersecret_hash_padding; //verify they didn't tamper with the email address $new_hash = md5($_GET['email']); if ($new_hash && ($new_hash == $_GET['hash'])) { $query = "SELECT username FROM users WHERE confirm_hash = $new_hash'"; $result = mysql_query($query); if (!$result || mysql_num_rows($result) < 1) { $feedback = 'ERROR -- Hash not found'; return $feedback; } else { //Confirm email and set account active $email = $_GET['email']; $hash = $_GET['hash']; $query = "UPDATE users SET email='$email', is_confirmed='1' WHERE confirm_hash='$hash'"; $result = mysql_query($query); return 1; } } else { $feedback = 'ERROR -- Values do not match'; return $feedback; } } } ?> However I see function validate_email() function validate_email() { return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $_POST['email'])); } Image of code from pdf http://sandbox.jeicrash.net/val_email.jpg So i'll be spending more time now going back through things, I am beginning to think a lot of my problems are coming from how the code is shown in the pdf possibly they way they continue code from one page to another. Quote Link to comment Share on other sites More sharing options...
jeicrash Posted May 12, 2008 Author Share Posted May 12, 2008 Ok got most of it sorted out now and figured out what all the _GET are for. after registering the user receives and email with a link in it. It then sends them to this part of code to verify. function user_confirm() { //global $supersecret_hash_padding; //verify they didn't tamper with the email address $new_hash = md5($_GET['email']); if ($new_hash && ($new_hash == $_GET['hash'])) { $query = "SELECT username FROM users WHERE confirm_hash = $new_hash'"; $result = mysql_query($query); if (!$result || mysql_num_rows($result) < 1) { $feedback = 'ERROR -- Hash not found'; return $feedback; } else { //Confirm email and set account active $email = $_GET['email']; $hash = $_GET['hash']; $query = "UPDATE users SET email='$email', is_confirmed='1' WHERE confirm_hash='$hash'"; $result = mysql_query($query); return 1; } } else { $feedback = 'ERROR -- Values do not match'; return $feedback; } } ?> Which is at the bottom of the register_func.inc.php file. and here is confirm.php <?php //confirmation page for email link ini_set ("display_errors", "1"); error_reporting(E_ALL); require_once('includes/register_func.inc.php'); if ($_GET['hash'] && $_GET['email']) { $worked = user_confirm(); } else { $feedback_str = "<P class=\"errormess\">ERROR -- Bad link</p>"; } if ($worked != 1) { $noconfirm = '<P class="errormess">Something went wrong. ' . 'Send email to webmaster@jeicrash.net for help.</p>'; } else { $confirm = '<P class="big">You are now confirmed. <a ' . 'href="login.php">Log in</a> to start browsing the ' . 'site.</p>'; } $page = <<< EOPAGE <table cellpadding=0 cellspacing=0 border=0 align=center width=621> <tr> <td><img width=15 height=1 src=../images/spacer.gif></td> <td width=606 class=left> $feedback_str $noconfirm $confirm </td> </tr> </table> EOPAGE; echo $page; ?> Now no matter what I get the error: Notice: Undefined variable: feedback_str in /home/jeicrash/public_html/sandbox/confirm.php on line 22 Notice: Undefined variable: confirm in /home/jeicrash/public_html/sandbox/confirm.php on line 26 Something went wrong. Send email to webmaster@jeicrash.net for help. even though I am using one email address for register and confirm. I'm wondering if its this line $new_hash = md5($_GET['email']); if ($new_hash && ($new_hash == $_GET['hash'])) from register_func.inc.php. Thanks again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.