gamerzfuse Posted April 28, 2009 Share Posted April 28, 2009 I'm sure this is a simple fix, but I've been staring at this code for too long (still an amateur here): <?php // signup.php include("common.php"); include("db.php"); if (!isset($_POST['submitok'])): // Display the user signup form ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> New User Registration </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1 </head> <body> <h3>New User Registration Form</h3> <p><font color="orangered" size="+1"><tt><b>*</b></tt></font> indicates a required field</p> <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> <table border="0" cellpadding="0" cellspacing="5"> <tr> <td align="right"> <p>User ID</p> </td> <td> <input name="newid" type="text" maxlength="50" size="25" /> <font color="orangered" size="+1"><tt><b>*</b></tt></font> </td> </tr> <tr> <td align="right"> <p>Password</p> </td> <td> <input name="newpass" type="password" maxlength="50" size="25" /> <font color="orangered" size="+1"><tt><b>*</b></tt></font> </td> </tr> <tr> <td align="right"> <p>Full Name</p> </td> <td> <input name="newname" type="text" maxlength="100" size="25" /> <font color="orangered" size="+1"><tt><b>*</b></tt></font> </td> </tr> <tr> <td align="right"> <p>E-Mail Address</p> </td> <td> <input name="newemail" type="text" maxlength="100" size="25" /> <font color="orangered" size="+1"><tt><b>*</b></tt></font> </td> </tr> <tr> <td align="right" colspan="2"> <hr noshade="noshade" /> <input type="reset" value="Reset Form" /> <input type="submit" name="submitok" value=" OK " /> </td> </tr> </table> </form> </body> </html> <?php else: // Process signup submission dbConnect('craighoo_sessions'); if ($_POST['newid']=='' or $_POST['newname']=='' or $_POST['newemail']=='') { error('One or more required fields were left blank.\\n'. 'Please fill them in and try again.'); } // Check for existing user with the new id $sql = "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'"; $result = mysql_query($sql); if (!$result) { error('A database error occurred in processing your '. 'submission.\\nIf this error persists, please '. 'contact you@example.com.'); } if (mysql_result($result,0,0)>0) { error('A user already exists with your chosen userid.\\n'. 'Please try another.'); } $sql = "INSERT INTO user SET userid = '$_POST[newid]', password = PASSWORD('$newpass'), fullname = '$_POST[newname]', email = '$_POST[newemail]', notes = '$_POST[newnotes]'"; if (!mysql_query($sql)) error('A database error occurred in processing your '. 'submission.\\nIf this error persists, please '. 'contact you@example.com.\\n' . mysql_error()); // Email the new password to the person. $message = "G'Day! Your personal account for the Project Web Site has been created! To log in, proceed to the following address: http://www.example.com/ Your personal login ID and password are as follows: userid: $_POST[newid] password: $newpass You aren't stuck with this password! Your can change it at any time after you have logged in. If you have any problems, feel free to contact me at <you@example.com>. -Your Name Your Site Webmaster "; mail($_POST['newemail'],"Your Password for the Project Website", $message, "From:Your Name <you@example.com>"); ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Registration Complete </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <p><strong>User registration successful!</strong></p> <p>Your userid and password have been emailed to <strong><?=$_POST['newemail']?></strong>, the email address you just provided in your registration form. To log in, click <a href="index.php">here</a> to return to the login page, and enter your new personal userid and password.</p> </body> </html> <?php endif; ?> Issue #1: The password is not storing in the database. I can enter a password and username, no errors are shown, but the email has no password shown and when I login in the password does not work, but.. Issue #2: I can login to the account with JUST the username and no password. If you need any other files, please let me know. Demo: http://www.craighooghiem.com/testing/signup.php AND http://www.craighooghiem.com/testing/protectedpage.php Quote Link to comment Share on other sites More sharing options...
ignace Posted April 28, 2009 Share Posted April 28, 2009 You never declared $newpass. You use it for the first time in your insert query $newpass doesn't exist prior to that event thus evaluating to null or an empty string. Quote Link to comment Share on other sites More sharing options...
gamerzfuse Posted April 28, 2009 Author Share Posted April 28, 2009 Beginners question then, because I'm missing something... Where are the others defined? Or how can I define this one? Once I figure that out, I'll know it for life.. I just don't know it off the top of my head. Quote Link to comment Share on other sites More sharing options...
revraz Posted April 28, 2009 Share Posted April 28, 2009 You need to do something like this $newpass = $_POST['newpass']; $sql = "INSERT INTO user SET userid = '$_POST[newid]', password = PASSWORD($newpass), fullname = '$_POST[newname]', email = '$_POST[newemail]', notes = '$_POST[newnotes]'"; But you should sanitize all your POST variables. Quote Link to comment Share on other sites More sharing options...
gamerzfuse Posted April 28, 2009 Author Share Posted April 28, 2009 Alright, so the first issue is resolved as the password is now stored in the database using the PASSWORD PHP function. Unfortunately, none of the accounts work with the username/password. Here's the latest signup.php code if anyone can help: <?php // signup.php include("common.php"); include("db.php"); if (!isset($_POST['submitok'])): // Display the user signup form ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> New User Registration </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1 </head> <body> <h3>New User Registration Form</h3> <p><font color="orangered" size="+1"><tt><b>*</b></tt></font> indicates a required field</p> <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> <table border="0" cellpadding="0" cellspacing="5"> <tr> <td align="right"> <p>User ID</p> </td> <td> <input name="newid" type="text" maxlength="50" size="25" /> <font color="orangered" size="+1"><tt><b>*</b></tt></font> </td> </tr> <tr> <td align="right"> <p>Password</p> </td> <td> <input name="newpass" type="password" maxlength="50" size="25" /> <font color="orangered" size="+1"><tt><b>*</b></tt></font> </td> </tr> <tr> <td align="right"> <p>Full Name</p> </td> <td> <input name="newname" type="text" maxlength="100" size="25" /> <font color="orangered" size="+1"><tt><b>*</b></tt></font> </td> </tr> <tr> <td align="right"> <p>E-Mail Address</p> </td> <td> <input name="newemail" type="text" maxlength="100" size="25" /> <font color="orangered" size="+1"><tt><b>*</b></tt></font> </td> </tr> <tr> <td align="right" colspan="2"> <hr noshade="noshade" /> <input type="reset" value="Reset Form" /> <input type="submit" name="submitok" value=" OK " /> </td> </tr> </table> </form> </body> </html> <?php else: // Process signup submission dbConnect('craighoo_sessions'); if ($_POST['newid']=='' or $_POST['newpass']=='' or $_POST['newname']=='' or $_POST['newemail']=='') { error('One or more required fields were left blank.\\n'. 'Please fill them in and try again.'); } // Check for existing user with the new id $sql = "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'"; $result = mysql_query($sql); if (!$result) { error('A database error occurred in processing your '. 'submission.\\nIf this error persists, please '. 'contact you@example.com.'); } if (mysql_result($result,0,0)>0) { error('A user already exists with your chosen userid.\\n'. 'Please try another.'); } $newpass = $_POST['newpass']; $sql = "INSERT INTO user SET userid = '$_POST[newid]', password = PASSWORD('$_POST[newpass]'), fullname = '$_POST[newname]', email = '$_POST[newemail]', notes = '$_POST[newnotes]'"; if (!mysql_query($sql)) error('A database error occurred in processing your '. 'submission.\\nIf this error persists, please '. 'contact you@example.com.\\n' . mysql_error()); // Email the new password to the person. $message = "G'Day! Your personal account for the Project Web Site has been created! To log in, proceed to the following address: http://www.example.com/ Your personal login ID and password are as follows: userid: $_POST[newid] password: $newpass You aren't stuck with this password! Your can change it at any time after you have logged in. If you have any problems, feel free to contact me at <you@example.com>. -Your Name Your Site Webmaster "; mail($_POST['newemail'],"Your Password for the Project Website", $message, "From:Your Name <you@example.com>"); ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Registration Complete </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <p><strong>User registration successful!</strong></p> <p>Your userid and password have been emailed to <strong><?=$_POST['newemail']?></strong>, the email address you just provided in your registration form. To log in, click <a href="index.php">here</a> to return to the login page, and enter your new personal userid and password.</p> </body> </html> <?php endif; ?> Thanks! Quote Link to comment Share on other sites More sharing options...
revraz Posted April 28, 2009 Share Posted April 28, 2009 PASSWORD is not a PHP function, it's a mysql hash. You should consider changing to SHA1 or MD5 actually. Alright, so the first issue is resolved as the password is now stored in the database using the PASSWORD PHP function. Quote Link to comment Share on other sites More sharing options...
gamerzfuse Posted April 28, 2009 Author Share Posted April 28, 2009 PASSWORD is not a PHP function, it's a mysql hash. You should consider changing to SHA1 or MD5 actually. Alright, so the first issue is resolved as the password is now stored in the database using the PASSWORD PHP function. Ok.. can I just change the term PASSWORD to MD5 then? I'll do this, but this won't actually change the situation will it? (testing now) I changed the PASSWORD to MD5 and also changed this bit from my accesscontrol.php file: $sql = "SELECT * FROM user WHERE userid = '$uid' AND password = MD5('$pwd')"; Still not working. Still Access Denied. I removed the encoding completely and it sends it to MySQL exactly as typed and this works fine. Must be in the encoding/decoding somewhere. Quote Link to comment Share on other sites More sharing options...
ignace Posted April 29, 2009 Share Posted April 29, 2009 That is because you need to change the password in the users table first so when they sign up their password is stored using md5 instead of password and when you check if the user exsits you perform the same algorithm. Btw you could have kept using password. insert the user into the database: INSERT INTO users SET username = '$username', password = PASSWORD('$password') then to check if the user exists: SELECT * FROM users WHERE username = '$username' AND password = PASSWORD('$password') Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.