Jump to content

Problem with a script.

cmanhatton

By cmanhatton
in PHP Coding Help

Recommended Posts

cmanhatton Newbie

cmanhatton

Posted
Posted

Im trying to interact with php and flash and make a little registration system but it seems theres some sort of

error somewhere in my script completely oblivious to me.

 

When I run the html script to POST the registration form info it runs this script but yet nothing is output'd.

and as you can see if there were to be an error or success, regardless something should be displayed am I wrong?

 

I'd appreciate any help.

 

<?php
$link = mysql_connect('localhost', 'root', '') or die (mysql_error());
mysql_select_db("webapp", $link) or die (mysql_error());

$act=$_GET['userFunc'];
$keyCode=$_GET['ChallengeCode'];

if($act != ""){
if($act == "authorize"){
	$expireTime = time() - 15;
	$deleteOldKeys = mysql_query("DELETE FROM `keystorage` WHERE timeCreatedOn < '".$expireTime."'") or die (mysql_error());
	$sKey = rand(10000,35000);
	$currTime = time();
	$insertNewKey = mysql_query("INSERT INTO `keystorage` (challenge_id, challenge_code, timeCreatedOn) VALUES ('', '$sKey', '$currTime')") or die (mysql_error());
	$flashKey = rand(0,9) . $sKey . rand(0,9);
	echo "&process=register&keyCode=".$flashKey;
} elseif ($act == "userReg"){
	if($keyCode != ""){
		$expireTime = time() - 50;
		$deleteOldKeys = mysql_query("DELETE FROM `keystorage` WHERE timeCreatedOn < '$expireTime'") or die (mysql_error());
		$mysqlDBQuery = mysql_query("SELECT * FROM `keystorage` WHERE challenge_code='$keyCode'") or die (mysql_error());
		$retrieveKey = mysql_num_rows($mysqlDBQuery) or die (mysql_error());

		if($retrieveKey > 0){ 
			$username = $_POST['user'];
			$password = $_POST['pass'];
			$userEmail = $_POST['email'];
			$dobAnswer = $_POST['DOB'];
			$userGender = $_POST['gender'];
			$sQuestion = $_POST['question'];
			$sAnswer = $_POST['answer'];

			if($username != ""){
				if($password != ""){
					if( check_email_address($userEmail) ) {
						if($dobAnswer != ""){
							if($sQuestion != ""){
								if($sAnswer != ""){
									//Check to see if username is available.
									if( check_username($username) ){
										if( check_email($userEmail) ){
											//Okay thats enough checking for now, but do more later..
											$addUser = mysql_query("INSERT into `users` (user_id, username, password, email, dob, gender, question, answer, regDate) Values('','$username','$password', '$userEmail', '$dobAnswer', '$userGender', '$sQuestion', '$sAnswer', '$expireTime')") or die (mysql_error()); 
											echo "&process=completed";
										} else {
											echo "&process=email+in+use";
										}	
									} else {
										echo "&process=username+taken";
									}
								} else {
									echo "&process=secret_answer";
								}
							} else {
								echo "&process=secret_prob";
							}
						} else {
							echo "&process=dob_error";
						}
					} else {
						echo "&process=email+error";
					}

				} else {
					echo "&process=password_error";
				}
			} else {
				echo "&process=username_error";
			}
		} else {
			echo "&process=hacking";
		}

	} else {
		echo "&process=failed+to+auth";
	}
} else {
	echo "WTF??";
}

} else {
echo "ANOTHERE WTF@#@!!";
}

function check_email($emailAdd){
$queryDb = mysql_query("SELECT * FROM `users` WHERE email = '" . $emailAdd . "'") or die(mysql_error());
$ResultQuery = mysql_num_rows($queryDb) or die (mysql_error());
	if($ResultQuery > 0){
		return false;
	}
	return true;
}

function check_username($userCheck) {
$queryDb = mysql_query("SELECT * FROM `users` WHERE username = '" . $userCheck . "'") or die(mysql_error());
	$ResultQuery = mysql_num_rows($queryDb) or die(mysql_error());
	if($ResultQuery > 0){
		return false;
	}
	return true;
}

function check_email_address($emailCheck) {
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $emailCheck)) {
	// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
	return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $emailCheck);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
	if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
		return false;
	}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
	$domain_array = explode(".", $email_array[1]);
	if (sizeof($domain_array) < 2) {
		return false; // Not enough parts to domain
	}
	for ($i = 0; $i < sizeof($domain_array); $i++) {
		if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
			return false;
		}
	}
}
return true;
}
?>

Link to comment
https://forums.phpfreaks.com/topic/140621-problem-with-a-script/
Share on other sites
cmanhatton Newbie

cmanhatton

Posted
  • Author
Posted

Sorry for the double post, im a new member and couldnt find the edit post button. Im assuming theirs not one?

 

The script does in fact completely execute the entire script inside the if statement where $act == "authorize", including both of the mysql_query's. but when i run through the registration part I dont get anything back, not even a parse error.

DarkSuperHero Newbie

DarkSuperHero

Posted
Posted

i see you have

<?php
....
echo "&process=register&keyCode=".$flashKey;
} elseif ($act == "userReg"){
......

 

did you maybe mean something like.....

echo "&process=register&keyCode=".$flashKey;
} elseif ($_GET['process'] == "register"){

 

 

cmanhatton Newbie

cmanhatton

Posted
  • Author
Posted

userFunc is the GET variable i chose to use for flash.

 

flash would send the userFunc as either "userReg" or "authorize"

 

The authorize one is for a security key to be made and stored and then later grabbed.  Just a way to step up security measures between flash and php.

 

It would require a key to authenticate any script throughout this program so their is no hacking. (Each key also expires after 10 seconds.)

 

I really do appreciate your help DarkSuperHero, its just sometimes you feel like you've looked and looked and couldnt find what was wrong.  Their should be a parse error coming back if there was something wrong with the script am i wrong? lol

 

I went through the entire thing character by character looking for an error.  I did in fact find a missing quote on a mysql_query but that was fixed with no provail.

 

I'd appreciate just a good pair of fresh eyes give it a good scan.

cmanhatton Newbie

cmanhatton

Posted
  • Author
Posted

okay i now changed the check_user function to this:

 

function check_username($userCheck) {
$getUsername = mysql_query("SELECT * FROM users WHERE username = '".$userCheck."'") or die('Mysql_Code_Error:99');
$ResultQuery = mysql_num_rows($getUsername) or die(mysql_error($ResultQuery));
	if($ResultQuery > 0){
		return false;
	}
	return true;
}

 

And i'm getting a mysql error at line 100.

im getting a mysql-Link resource is invalid.  Whats the deal im stumped. The code looks flawless.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.