Jump to content

[SOLVED] Inserting invisible user

jrws

By jrws
in PHP Coding Help

 Share

Recommended Posts

jrws Member

jrws

Posted
Posted

Hey there guys,

I am currently working on a project for someone, and I have run into a little spot, nothing that will destroy the project but something annoying nonetheless.

So what happens is I wipe my table to test that everything is working and continually when I sign up the first user it inserts an empty row looking like this:

id 	u_id 	stat_id 	value
1 	0 	5 	0

And I can't seem to see where in my code this is happening:

Register.php

<?php 
session_start(); 
if($_SESSION['loggedin'] == 'yes')
{
echo'<body bgcolor="#000000"><script>location.replace("members.php");</script>';
}
else
{
$title="Register"; 
include("includes/header.php"); 
?>
<body><center>

<table cellpadding="0" cellspacing="0" class="mainborder">
<tr><td>
<table cellpadding="0" cellspacing="0" border="0">

<tr>
<td class="title"></td>
</tr>

<tr>
<td class="navigation">
<? include("includes/navigation.php"); ?>
</td>
</tr>

<tr>
<td class="content"><center>


<!----------------------------------------------------------->
<form method="POST" action="register.php">

<table cellpadding="0" cellspacing="1" border="0">
<tr>

<td colspan="3" class="registerheader">Registration Form</td>

</tr><tr class="light">

<td colspan="3" class="registerinfo">
<!--------------------------------------------------------->

<?php

$fullname=clean($_POST['fullname']);
$age=clean($_POST['age']);
$email=clean($_POST['email']);
$player=clean($_POST['username']);
$password=clean($_POST['password']);
$password2=clean($_POST['password2']);
$regdate=clean($_POST['regdate']);
$ip=clean($_SERVER['REMOTE_ADDR']); 

$isplayer="SELECT * from users where username='$player'";
$isplayer2=mysql_query($isplayer) or die("");
$isplayer3=mysql_fetch_array($isplayer2);

$isemail="SELECT * from users where email='$email'";
$isemail2=mysql_query($isemail) or die("not able to query for email");
$isemail3=mysql_fetch_array($isemail2);

if($fullname == '' && $age == '' && $player == '')
   {
    echo 'Please enter your details correctly below to register.';
   }
// Check to see if they have left the username field blank /////////////////////////////////////////////
else if(strlen($player)<1)
   {
    echo 'Please enter a username.<br />';
   }
// Check to see if they have entered a username less than 4 characters ////////////////////////////////////////////////
else if(strlen($player)<4)
   {
    echo 'Your username must be longer than 4 characters.<br />';
   }
// Check to see if the username given is already being used ////////////////////////////////////////////
else if($isplayer3)
   {
    echo 'Somebody already has that username.<br />';
   }
////////////////////////////////// Check For Fullname Field ////////////////////////////////////////////
// Check to see if they have left the fullname field blank /////////////////////////////////////////////
else if(strlen($fullname)<1)
   {
    echo 'Please enter your fullname.<br />';
   }
// Check to see if there full name is less than 5 letters long /////////////////////////////////////////
else if(strlen($fullname)<5)
   {
    echo 'If you fullname is less than 5 letters long, please contact an Admin.<br />';
   }
////////////////////////////////// Check For Age Field /////////////////////////////////////////////////
// Check to see if they have left the age field blank //////////////////////////////////////////////////
else if(strlen($age)<1)
   {
    echo 'Please enter your age.<br />';
   }
// Check to see if they have left the age field blank //////////////////////////////////////////////////
// Check to see if they are 8 years old or over ////////////////////////////////////////////////////////
else if($age < '8')
   {
    echo 'You must be at least 8 years old to play.<br />';
   }
////////////////////////////////// Check For Email Field ///////////////////////////////////////////////
// Check to see if they have left the email field blank ////////////////////////////////////////////////
else if(strlen($email)<1)
   {
    echo 'Please enter your e-mail address.<br />';
   }
// Check to see if they have enter a valid length email ////////////////////////////////////////////////
else if(strlen($email)<5)
   {
    echo 'Please enter a valid e-mail address.<br />';
   }
else if($isemail3)
   {
    echo 'That e-mail address is already in use.';
   }
////////////////////////////////// Check For Password Field ////////////////////////////////////////////
// Check to see if they have left the password field blank /////////////////////////////////////////////
else if(strlen($password)<1)
   {
    echo 'Please enter a password.<br />';
   }
// Check to see if they have entered a sercure password longer than 4 characters ///////////////////////
else if(strlen($password)<4)
   {
    echo 'Your password must be longer than 4 characters for sercurity reasons.<br />';
   }
// Check to see if they have left the re-type password field blank /////////////////////////////////////
else if(strlen($password2)<1)
   {
    echo 'Please re-type your password.<br />';
   }
// Check to see if they have entered a sercure re-typed password longer than 4 characters //////////////
else if(strlen($password2)<4)
   {
    echo 'Please re-type your password correctly.<br />';
   }
// Check to see if they have entered a sercure re-typed password longer than 4 characters //////////////
else if($password != $password2)
   {
    echo 'Please re-type your password correctly.<br />';
   }
// All input is valid so register the user so they can login ///////////////////////////////////////////
else
   { 
   //Set the stats:
   	$password = sha1($password);
$SQL = "INSERT into users(fullname, age, email, username, password, ip, regdate) VALUES ('$fullname', '$age', '$email', '$player', '$password', '$ip', '$regdate')"; 
mysql_query($SQL) or die("could not register");
$userID = mysql_insert_id();
setStat('Turns',$userID,100);
setStat('Cash',$userID,100);
setStat('Followers',$userID,100);
setStat('Attack',$userID,100);
setStat('Health Points',$userID,100);
setStat('defense',$userID,100);
setStat('attacks_in',$userID,100);
setStat('attacks_out',$userID,100);
setStat('total_attacks_in',$userID,100);
setStat('total_attacks_out',$userID,100);
setStat('exp',$userID,100);
setStat('rem_exp',$userID,100);
setStat('Current Level',$userID,100);
$message="Hey ".$player.",<br>Just to say a quick hello to you.<br>Hello! <br><br>If you need any help or get stuck post on the forums or send me a message and you will be replied to as soon as possible.<br><br>Thanks for reading and joining,<br><br>Storm Trooper";

$date=date("M jS, Y");
$time=date("g:i:s a");

$SQL2 = "INSERT into messages(recipient, sender, subject, message, date_sent, time_sent) VALUES ('$player', 'Soulstealer', 'Welcome to New Core', '$message', '$date', '$time')"; 
mysql_query($SQL2) or die("could not register");
?>
Registration successful, you may now login.
<? }
?>

<!--------------------------------------------------------->
</td>

</tr><tr class="dark">

<td class="registertype">Fullname</td>
<td class="registerspacer">:</td>
<td class="registerinput"><input class="input" type="text" name="fullname" size="25" value="<?=$fullname?>"></td>

</tr><tr class="light">

<td class="registertype">Age</td>
<td class="registerspacer">:</td>
<td class="registerinput"><input class="input" type="text" name="age" size="25" value="<?=$age?>" onkeyup="valid(this,'notnumbers')" onblur="valid(this,'notnumbers')"></td>

</tr><tr class="dark">

<td class="registertype">E-mail</td>
<td class="registerspacer">:</td>
<td class="registerinput"><input class="input" type="text" name="email" size="25" value="<?=$email?>"></td>

</tr><tr class="light">

<td class="registertype">Username</td>
<td class="registerspacer">:</td>
<td class="registerinput"><input class="input" type="text" name="username" size="25" value="<?=$_POST['username'];?>" onkeyup="valid(this,'special')" onblur="valid(this,'special')"></td>

</tr><tr class="dark">

<td class="registertype">Password</td>
<td class="registerspacer">:</td>
<td class="registerinput"><input class="input" type="password" name="password" size="25" mask="x" onkeyup="valid(this,'quotes')" onblur="valid(this,'quotes')"></td>

</tr><tr class="light">

<td class="registertype">Re-type Password</td>
<td class="registerspacer">:</td>
<td class="registerinput"><input class="input" type="password" name="password2" size="25" mask="x" onkeyup="valid(this,'quotes')" onblur="valid(this,'quotes')"></td>

</tr>
<input type="hidden" name="regdate" size="25" value="<?=date('M d, Y')?>">

<tr>

<td colspan="3" class="registerbutton"><input class="input" type="submit" value="Register" name="submit"></td>

</tr>

</table>


<!----------------------------------------------------------->

<br /><br/></center></td></form>
</tr>
<tr>

<td class="otherlinks">
<? include("includes/otherlinks.php") ?>
</td>
</tr>

<tr>
<td class="footer">
<? include("includes/footer.php") ?>
</td>
</tr>

</table>
</td></tr></table>
</center></body>
</html>

<? } ?>

Functions.php

<?php
include_once("includes/connect.php");
function getStat($statName,$userID) {
createIfNotExists($statName,$userID);
$query = sprintf("SELECT value FROM user_stats WHERE stat_id = (SELECT id FROM stats WHERE display_name = '%s' OR short_name = '%s') AND u_id = '%s'",
	clean($statName),
	clean($statName),
	clean($userID));
$result = mysql_query($query);
list($value) = mysql_fetch_row($result);
return $value;		
}
function setStat($statName,$userID,$value) {
createIfNotExists($statName,$userID);
$query = sprintf("UPDATE user_stats SET value = '%s' WHERE stat_id = (SELECT id FROM stats WHERE display_name = '%s' OR short_name = '%s') AND u_id = '%s'",
	clean($value),
	clean($statName),
	clean($statName),
	clean($userID));
$result = mysql_query($query);
}

function createIfNotExists($statName,$userID) {
$query = sprintf("SELECT count(value) FROM user_stats WHERE stat_id = (SELECT id FROM stats WHERE display_name = '%s' OR short_name = '%s') AND u_id = '%s'",
	clean($statName),
	clean($statName),
	clean($userID));
$result = mysql_query($query);
list($count) = mysql_fetch_row($result);
if($count == 0) {
	// the stat doesn't exist; insert it into the database
	$query = sprintf("INSERT INTO user_stats(stat_id,u_id,value) VALUES ((SELECT id FROM stats WHERE display_name = '%s' OR short_name = '%s'),'%s','%s')",
	clean($statName),
	clean($statName),
	clean($userID),
	'0');
	mysql_query($query);
}	
}
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.