Jump to content

Recommended Posts

right i have made a sign script but the only thing that does work is the email it don't insert into the database for some reson here is my script

<?php 
// Connects to your Database 
mysql_connect("localhost", "**", "***") or die(mysql_error()); 
mysql_select_db("web160-admin-21") or die(mysql_error()); 

//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2']) {
die('You did not complete all of the required fields');
}

// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") 
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}

// now we insert it into the database
$insert = "INSERT INTO users (username, password, realname, email)
VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['realname']."', '".$_POST['email']."')";
$add_member = mysql_query($insert);
?>


<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>

<?php 
} 
else 
{ 
?>


<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><td>Real Name:</td><td>
<input type="text" name="realname" maxlength="40">
</td></tr>
<tr><td>Email:</td><td>
<input type="text" name="Email" maxlength="40">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table>
</form>

<?php
}
?> 

umm, what?

foum? (forum? form?)

i'm guessing i could translate to "a form that asks about me that I submit to the database".

You would create an HTML form with the fields you need, and then use a the SQL syntax for INSERT to add a new about me section. To update, you'd use a similar technique except that you'd use the SQL syntax for UPDATE.

The code u posted oh so nicely withing code tags below looks like you got a template from some one. Do you understand what each step does? If not, you need to get looking at more tutorials or hope you can get another template from online for what you want to do.

Right i have mananaged to do that about me i was well heappy i fugured it out for my self i looked at the other code and tryed and do it myself also yes this is a temple but i have added email realname and about me to it also changed the form can you have a scan thought this code to make sure its safe and good to user nothing can change about it thanks very much so far

 

<?php 
// Connects to your Database 
mysql_connect("localhost", "***", "***") or die(mysql_error()); 
mysql_select_db("***") or die(mysql_error()); 

//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] | !$_POST['realname'] | !$_POST['email']) {
die('You did not complete all of the required fields');
}

// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") 
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}

// checks if the email is in use
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$usercheck = $_POST['email'];
$check = mysql_query("SELECT username FROM users WHERE email = '$usercheck'") 
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the email '.$_POST['email'].' is already in use.
<a href="signup.php"> Click here to go back</a>');
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}

// now we insert it into the database
$insert = "INSERT INTO users (username, password, realname, email, aboutyou)
VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['realname']."', '".$_POST['email']."', '".$_POST['aboutyou']."')";
$add_member = mysql_query($insert);
?>


<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>

<?php 
} 
else 
{ 
?>


<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td><div align="right">*Username:</div></td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td><div align="right">*Password:</div></td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>*Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><td><div align="right">*Real Name:</div></td><td>
<input type="text" name="realname" maxlength="40">
</td></tr>
<tr><td><div align="right">*Email:</div></td><td>
<input type="text" name="email" maxlength="40">
<tr><td><div align="right">About You:</div></td><td>
  <textarea name="aboutyou" id="aboutyou"></textarea>
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register">
  <label>
  <input type="reset" name="reset" id="reset" value="Reset" />
  </label></th></tr> </table>
</form>

<?php
}
?> 

// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}

 

See that piece of code there? It's defunct. Or will be once PHP 6 comes out.

 

Use this instead:

 

// checks if the username is in use
if (function_exists('mysql_real_escape_string')) {
$_POST['username'] = mysql_real_escape_string($_POST['username']);
}
else{
$_POST['username'] = mysql_escape_string($_POST['username']);
}

ok thanks whens php 6 set to come out

 

Well PHP 5 is just starting to become standard and most production servers, I would say when PHP5.4.x is release they will have a non-beta PHP 6, but you will never know as it is up to the developers to decide when it is ready.

Whoa. Sorry, was looking through your code and realised that the same kind of thing is going on throughout it.

 

Use:

 

<?php 
// Connects to your Database 
mysql_connect("localhost", "***", "***") or die(mysql_error()); 
mysql_select_db("***") or die(mysql_error()); 

//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] | !$_POST['realname'] | !$_POST['email']) {
die('You did not complete all of the required fields');
}

// checks if the username is in use
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") 
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}

// checks if the email is in use
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$usercheck = $_POST['email'];
$check = mysql_query("SELECT username FROM users WHERE email = '$usercheck'") 
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the email '.$_POST['email'].' is already in use.
<a href="signup.php"> Click here to go back</a>');
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
$_POST['pass'] = mysql_real_escape_string($_POST['pass']);
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['aboutyou'] = mysql_real_escape_string($_POST['aboutyou']);
$_POST['realname'] = mysql_real_escape_string($_POST['realname']);


// now we insert it into the database
$insert = "INSERT INTO users (username, password, realname, email, aboutyou)
VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['realname']."', '".$_POST['email']."', '".$_POST['aboutyou']."')";
$add_member = mysql_query($insert);
?>


<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>

<?php 
} 
else 
{ 
?>


<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<table border="0">
<tr><td><div align="right">*Username:</div></td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td><div align="right">*Password:</div></td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>*Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><td><div align="right">*Real Name:</div></td><td>
<input type="text" name="realname" maxlength="40">
</td></tr>
<tr><td><div align="right">*Email:</div></td><td>
<input type="text" name="email" maxlength="40">
<tr><td><div align="right">About You:</div></td><td>
  <textarea name="aboutyou" id="aboutyou"></textarea>
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register">
  <label>
  <input type="reset" name="reset" id="reset" value="Reset" />
  </label></th></tr> </table>
</form>

<?php
}
?> 

This line here....

 

if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] | !$_POST['realname'] | !$_POST['email']) {

 

needs to be....

 

if (!$_POST['username'] || !$_POST['pass'] || !$_POST['pass2'] || !$_POST['realname'] || !$_POST['email']) {

This line here....

 

if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] | !$_POST['realname'] | !$_POST['email']) {

 

needs to be....

 

if (!$_POST['username'] || !$_POST['pass'] || !$_POST['pass2'] || !$_POST['realname'] || !$_POST['email']) {

 

why does that need to be changed

ok my mate helped me with the sciptt but we cant seem to find out wrong with it what ita meat to do is login a user and get his id and store it in a session any one can help

<?php
       session_start();
       /* This page checks user information and
        * logs them in if it's correct.
        *
        * First, we need to check if the form has
        * been submitted. If it has, we need to check
        * form values, to make sure they filled them in
        * right.
        *
        * Connect to MySQL and check if the form has
        * been submitted:
        */
       // Connect to MySQL. Change the values to your information:
       $mysql = mysqli_connect('localhost', 'username', 'password', 'database') or die('An error has occured.');
       // Check if the form has been submitted:
       if(isset($_POST['username']) && isset($_POST['passsword'])) {
              // Now we check that both forms were filled in:
              if(!empty($_POST['username']) && isset($_POST['password'])) {
                     // We're all good, so we can assign the post values to variables:
                     extract($_POST);
                     /* Now we can refer to $_POST['username'] as
                      * $username. It's much faster and easier. We
                      * user extract() because it's easier than
                      * doing it manually. Caution: May make you lazy
                      * 
                      *
                      * Now we can query our database for the username
                      * and password combonation. If it returns no rows
                      * with the inputted password AND username, either
                      * the password does not match the username, or the
                      * user inputted information that does not exist.
                      *
                      * We can assign the user id to a session, and use
                      * that to retrieve all the information about the
                      * user from the table.
                      */
                     if($query = $mysql->prepare('SELECT userid FROM users WHERE username = ? AND password = ?')) {
                            $query->bind_param('ss', $username, $password);
                            $query->execute();
                            $query->store_result();
                            /* Now we count the number of rows returned. As
                             * I stated before, if the number of rows is less
                             * than one, the user has failed to input valid
                             * information.
                             */
                            if($query->num_rows < 1) {
                                   // Login unsuccessful. Echo error:
                                   echo('Incorrect information provided. Login failed.');
                            } else {
                                   /* The login was successful! We need to assign the user
                                    * id to a session for later use (retrieving information,
                                    * etc). First however, we need to retrieve the user id:
                                    */
                                   $query->bind_result($userid);
                                   if($query->fetch()) {
                                          // Assign the user id to a session:
                                          $_SESSION['userid'] = $userid;
                                          // Redirect user to the logged in page:
                                          header('Location: loggedin.php');
                                   }
                            }
                     } else {
                            // The query failed to be prepared:
                            die('An error has occured.');
                     }
              }
       }
?>
<!-- Login Form -->
<form action="login.php" method="post">
       <fieldset>
              <legend>Login To Your Account</legend>
              <label for="username">Username:</label> <input type="text" id="username" name="username" /><br />
              <label for="password">Password:</label> <input type="password" id="password" name="password" /><br />
              <input type="submit" name="submit" value="Login" />
       </fieldset>
</form>
<!-- End Login Form --> 

not trying to infiltrate, just making sure your knew you had to set those. use **** or something and that will let us know you are just censoring. "usename" makes it look like you neglected to fix your template to what you need it to be.

Your "mate" who wrote that isn't very helpful. It is like handing a 2 year old legos instead of megablocks (don't mean that offensively). Its not helpful if you don't understand what it does exactly and you should start with a less complex version of that so that you know what each step is doing without having those comments.

But, basically, that is exactly what that script does, just uses some syntax that isn't exactly novice.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.