Says "Successfully Registered" But doesnt add data into mysql?

[Lukeidiot]

any idea guys?

 

http://lockpick.lukeidiot.com/?go=login

 

Register.php

<?php  
# include the config file 
//included in index.php as my navigation naturally includes all pages "?go=page"..
if ($_POST['Submit']){ 
# check to see if the form was submitted 
# if so... 
$payout = clean($_POST['type']);
//Luke: Adds user's payout..
$type = clean($_POST['type']);
# adds user's account type 

$username = clean($_POST['username']); 
# post the form fields and clean the strings 

$password = clean($_POST['password']); 

$password_con = clean($_POST['password_con']); 

$email = clean($_POST['email']); 

$ip = clean($_SERVER['REMOTE_ADDR']); 
# get the IP of the browsing computer 

$signup = date('m/d/y');
# get the timestamp of the signup 

if (!$username | !$password | !$password_con | !$email){ 
# if any of the strings form the form are empty 
echo 'You must fill in every field. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; 
} 
else { 

if ($password != $password_con){ 
# if the passwords do not match 
echo 'Password fields did not match. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; 
} 
else { 

$username_test = "SELECT * FROM `users` WHERE username = '$username'"; 
$username_test = mysql_query($username_test); 
# check if the username is already in use 

if (mysql_num_rows($username_test) == 1){ 
# if the username is being used 
echo 'Username is already being used. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; 
} 
else { 

$md5pass = md5($password); 
# change the password to an md5 hash 

$type = 'Customer'; //sets default "type"
$payout = '0.00'; //sets default payout when registering. "payout"
#default signup is customer.
$add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', $payout')";
# setup a query to insert the data into the table. 

mysql_query($add); 
# run the query 

echo 'Success. You are now registered.<br />'; 
echo 'Login using the following information:<br />'; 
echo 'Username: '.$username.'<br />'; 
echo 'Password: '.$password; 

} 

} 

} 

} 
else { 
# else the form was not submitted 
?> 
<form method="post" action="<?=$_SERVER['REQUEST_URI']?>"> 
  Username:<br /> 
  <input type="text" name="username"> 
  <br /> 
  Password:<br /> 
  <input type="password" name="password"> 
  <br /> 
  Confirm Password:<br /> 
  <input type="password" name="password_con"> 
  <br /> 
  E-mail:<br /> 
  <input type="text" name="email"> 
  <br /> 
  <input type="submit" name="Submit" value="Register"> 
</form> 
<? 
} 
?> 

[GingerRobot]

No idea. Post your relevant code.

[Lukeidiot]

No idea. Post your relevant code.

also: http://lockpick.lukeidiot.com/?go=register

 

and login.php

<?php

$_SESSION['username'] = $username;

if (empty($online['id'])){ 

if ($_POST['Login']) { 

$user = clean($_POST['username']); 

$pass = clean($_POST['password']); 


if (!$user | !$pass){ 

echo 'You left a field empty. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; 
} 
else { 

$pass = md5($pass); 

$query = "SELECT * FROM `users` WHERE username = '$user' AND password = '$pass'"; 
$query = mysql_query($query); 
$values = mysql_fetch_array($query);

if (mysql_num_rows($query) == 1){ 

$expire = time() + (7*86400); 

setcookie("username", $user, $expire);                                             

echo 'Success, you have been logged in!<br />'; 
echo '<a href="?go=cpanel">Continue to Cpanel</a>.';

} 
else { 

echo 'Incorrect username and password. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; 
} 

} 

} 
else { 

?> 
<form method="post" action="<?=$_SERVER['REQUEST_URI']?>"> 
  Username:<br /> 
  <input name="username" type="text" id="username"> 
  <br /> 
  Password:<br /> 
  <input name="password" type="password" id="password"> 
  <br /> 
  <input name="Login" type="submit" id="Login" value="Login"> 
</form> 
<? 
} 

} 
else { 

echo 'You are already logged in!<br>';
echo '<a href="?go=cpanel">Continue to Cpanel</a>.';

}
?> 

[GingerRobot]

1.) Try adding an or die statement to your query whenever you're having query troubles:

 

mysql_query($add) or die(mysql_error().'<br />Query was:'.$add); 

 

2.) You're not using the md5() function to the password on the registration page, but you are on the registration page - therefore, the passwords will never match.

[Lukeidiot]

This is what it gave me:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1

Query was:INSERT INTO `users` VALUES ('', 'paytest', '098f6bcd4621d373cade4e832627b4f6', 'test', '76.106.186.10', '05/11/08', 'Customer', 0.00')

Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

[GingerRobot]

Well there you are then, you're missing a quote:

$add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', $payout')";

Should be:

$add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', '$payout')";

[Lukeidiot]

Well there you are then, you're missing a quote:

$add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', $payout')";

Should be:

$add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', '$payout')";

 

Thanks, sometimes the small mistakes really get you lol

PS: When I try to login, it says "Successfully logged in" but when i try to goto cpanel, it says "you need to be logged in"?

[Lukeidiot]

Any idea?