[SOLVED] I have a problem with my register.php, I could use some help.

[vetman]

I have this login system that I trying to get the register.php part of it to work. I can login as admin, change password and go to the members site. But when I try to register a new user, I get the error message, "Registration failed! Please try again."

I have tried for several hours to find the problem, but it still avoids me.

Here is the code:

<?php
require_once ('header.php');
require_once ('user.functions.inc.php');
if (isset($_POST['register'])){
if (registerNewUser($_POST['username'], $_POST['password'], $_POST['password2'], $_POST['email'])){
	echo "Thank you for registering, an email has been sent to your inbox, Please activate your account.
	<a href='index.php'>Click here to login.</a>
	";
}else {
	echo "Registration failed! Please try again.";
	show_registration_form();
}
} else {
// has not pressed the register button
show_registration_form();
}
require_once ('footer.php');
?>

 

I have enclosed the user.functions.inc.php file also.

 

<?php
##### User Functions #####
function changePassword($username,$currentpassword,$newpassword,$newpassword2){
global $seed;
if (!valid_username($username) || !user_exists($username))
{
	return false;
}
if (! valid_password($newpassword) || ($newpassword != $newpassword2)){
	return false;
}
// we get the current password from the database
$query = sprintf("SELECT password FROM login WHERE username = '%s' LIMIT 1",
	mysql_real_escape_string($username));
$result = mysql_query($query);
$row= mysql_fetch_row($result);
// compare it with the password the user entered, if they don't match, we return false, he needs to enter the correct password.
if ($row[0] != sha1($currentpassword.$seed)){
	return false;
}
// now we update the password in the database
$query = sprintf("update login set password = '%s' where username = '%s'",
	mysql_real_escape_string(sha1($newpassword.$seed)), mysql_real_escape_string($username));
if (mysql_query($query))
{
	return true;
}else {return false;}
return false;
}
function user_exists($username)
{
if (!valid_username($username))
{
	return false;
}
$query = sprintf("SELECT loginid FROM login WHERE username = '%s' LIMIT 1",
	mysql_real_escape_string($username));
$result = mysql_query($query);
if (mysql_num_rows($result) > 0)
{
	return true;
} else
{
	return false;
}
return false;
}
function activateUser($uid, $actcode)
{
$query = sprintf("select activated from login where loginid = '%s' and actcode = '%s' and activated = 0  limit 1",
	mysql_real_escape_string($uid), mysql_real_escape_string($actcode));
$result = mysql_query($query);
if (mysql_num_rows($result) == 1)
{
	$sql = sprintf("update login set activated = '1'  where loginid = '%s' and actcode = '%s'",
		mysql_real_escape_string($uid), mysql_real_escape_string($actcode));
	if (mysql_query($sql))
	{
		return true;
	} else
	{
		return false;
	}
} else
{
	return false;
}
}
function registerNewUser($username, $password, $password2, $email)
{
global $seed;
if (valid_username($username) || valid_password($password) ||valid_email($email) || $password = $password2 || user_exists($username))
{
	return false;
}
$code = generate_code(20);
$sql = sprintf("insert into login (username,password,email,actcode) value ('%s','%s','%s','%s')",
	mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
	, mysql_real_escape_string($email), mysql_real_escape_string($code));
if (mysql_query($sql))
{
	$id = mysql_insert_id();
	if (sendActivationEmail($username, $password, $id, $email, $code))
	{
		return true;
	} else
	{
		return false;
	}
} else
{
	return false;
}
return false;
}
function lostPassword($username, $email)
{
global $seed;
if (!valid_username($username) || !user_exists($username) || !valid_email($email))
{
	return false;
}
$query = sprintf("select loginid from login where username = '%s' and email = '%s' limit 1",
	$username, $email);
$result = mysql_query($query);
if (mysql_num_rows($result) != 1)
{
	return false;
}
$newpass = generate_code(;
$query = sprintf("update login set password = '%s' where username = '%s'",
	mysql_real_escape_string(sha1($newpass.$seed)), mysql_real_escape_string($username));
if (mysql_query($query))
{
		if (sendLostPasswordEmail($username, $email, $newpass))
	{
		return true;
	} else
	{
		return false;
	}
} else
{
	return false;
}
return false;
}
?>

I would appreciate any help that you can provide.

 

Thanks in advance.

 

[.josh]

Did you echo out your posted vars to see if they contain what you expect?

 

if (valid_username($username) || valid_password($password) ||valid_email($email) || $password = $password2 || user_exists($username))

 

Where is valid_username(), valid_password(), valid_email() and user_exists?

 

Also this should be $password == $password2

 

 

[vetman]

I echo out the vars, they are correct. I put  the $password == $password in. I tried to put in the valid_username(), valid_password(), valid_email() and user_exists, but had no luck in the correct place to put it.

I'm still trying to figure it out.

Thanks again.

[.josh]

well if vars echo out correct then perhaps those functions are not evaluating as expected.  When I asked where they were, I meant I don't see them anywhere (you did not post them), so I can't see if they are evaluating correctly....what do you mean by this?

 

I tried to put in the valid_username(), valid_password(), valid_email() and user_exists, but had no luck in the correct place to put it.

 

Are you saying they don't exist? You can't just call functions that don't exist.

 

edit: well okay I see user_exists() but not the other ones.

[vetman]

I figured it out, I was missing these (!) .

 

if (!valid_username($username) || !valid_password($password) ||!valid_email($email) || $password != $password2 || user_exists($username))

 

I am able to login a new user now.

Thanks for your help.