drumhrd Posted May 4, 2009 Share Posted May 4, 2009 Hello, I am trying to get this script to work, but having issues. For some reason my html <form> by default is loading the page with a Username of "root" and a password of "*******". I do not know where the php inside the html form is getting a $username of "root". the table that is being called is a test table and does not have a username of root in it. mysql> select * from users; +---------+------------+-----------+----------+----------------------------------+ | user_id | first_name | last_name | username | password | +---------+------------+-----------+----------+----------------------------------+ | 1 | Michele | Davis | mdavis | 5ebe2294ecd0e0f08eab7690d2a6ee69 | +---------+------------+-----------+----------+----------------------------------+ 1 row in set (0.00 sec) Here is my code <html> <head> <title>Sample Form</title> <script type="text/javascript" src="source.js"></script> <script type="text/javascript"> function check_valid(form) { var error = ""; error += verify_username(form.username.value); error += verify_password(form.password.value); error += verify_phone(form.phone.value); error += verify_email(form.email.value); if (error != "") { alert(error); return false; } return true; } </script> </head> <body> <?php // Check for form post submit if ($_POST["submit"]){ require_once('db_login.php'); require_once('DB.php'); $connection = DB::connect("mysql://$db_username:$db_password@$db_host/$db_database"); if (DB::isError($connection)){ die ("Could not connect to the database: <br />". DB::errorMessage($connection)); } // Remember to use htmlentities to prevent cross-site scripting vulnerabilities $username = $_POST["username"]; $username=mysql_real_escape_string(get_magic_quotes_gpc( ) ? stripslashes($username) : $username); $password = $_POST["password"]; $password=htmlentities(get_magic_quotes_gpc( ) ? stripslashes($password) :$password); $email = $_POST["email"]; $email=htmlentities(get_magic_quotes_gpc( ) ? stripslashes($email) :$email); $phone = $_POST["phone"]; $phone=htmlentities(get_magic_quotes_gpc( ) ? stripslashes($phone) : $phone); $error = ""; if (is_null($username == "")){ $error .= "Username must not be null.<br />"; } if ($password == ""){ $error .= "Password must not be null.<br />"; } if ($email == ""){ $error .= "Email must not be null.<br />"; } if ($phone == ""){ $error .= "Phone must not be null.<br />"; } // Query the posts with categories and user information $query = "SELECT * FROM users WHERE username='$username'"; // Execute the database query $result = $connection->query($query); if (DB::isError($result)){ die("Could not query the database: <br />".$query." ".DB::errorMessage($result)); } $user_count = $result->numRows( ); if ($user_count > 0) { $error .= "Error: Username $username is taken already. Please select another.<br />"; } if ($error){ echo $error; } else { echo "Username is available."; exit; } } ?> <!-- This script will process the results as well as display the form --> <form action="<?php echo htmlentities($_SERVER["PHP_SELF"]); ?>" method="POST" onsubmit="return check_valid(this);" id="test1" name="test1"> <table> <tr> <td width="30%" align="right">Username:</td> <td><input type="text" name="username"value="<?php echo ($username); ?>" /> </td> </tr> <tr> <td align="right">Password:</td> <td><input type="password" name="password"value="<?php echo ($password); ?>" /> </td> </tr> <tr> <td align="right">Phone:</td> <td><input type="phone" name="phone" value="<?php echo($phone); ?>" /></td> </tr> <tr> <td align="right">Email:</td> <td><input type="email" name="email" value="<?php echo($email); ?>" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Submit" /></td> </tr> </table> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
Potatis Posted May 4, 2009 Share Posted May 4, 2009 Check this file: db_login.php The settings are most likely in there. Sorry, I get what you mean. It is searching the database for user: root? Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 4, 2009 Share Posted May 4, 2009 Sorry, I get what you mean. It is searching the database for user: root? I doesn't query the DB upon first page load. Quote Link to comment Share on other sites More sharing options...
drumhrd Posted May 4, 2009 Author Share Posted May 4, 2009 db_login.php contains $db_username...not $username. I also thought that it may have been coming from the pear DB.php I changed all instances of $username to $form_username and am getting the same result. new code <html> <head> <title>Sample Form</title> <script type="text/javascript" src="source.js"></script> <script type="text/javascript"> function check_valid(form) { var error = ""; error += verify_username(form.username.value); error += verify_password(form.password.value); error += verify_phone(form.phone.value); error += verify_email(form.email.value); if (error != "") { alert(error); return false; } return true; } </script> </head> <body> <?php // Check for form post submit if ($_POST["submit"]){ require_once('db_login.php'); require_once('DB.php'); $connection = DB::connect("mysql://$db_username:$db_password@$db_host/$db_database"); if (DB::isError($connection)){ die ("Could not connect to the database: <br />". DB::errorMessage($connection)); } // Remember to use htmlentities to prevent cross-site scripting vulnerabilities $form_username = $_POST["form_username"]; $form_username=mysql_real_escape_string(get_magic_quotes_gpc( ) ? stripslashes($form_username) : $form_username); $password = $_POST["password"]; $password=htmlentities(get_magic_quotes_gpc( ) ? stripslashes($password) :$password); $email = $_POST["email"]; $email=htmlentities(get_magic_quotes_gpc( ) ? stripslashes($email) :$email); $phone = $_POST["phone"]; $phone=htmlentities(get_magic_quotes_gpc( ) ? stripslashes($phone) : $phone); $error = ""; if (is_null($form_username == "")){ $error .= "Username must not be null.<br />"; } if ($password == ""){ $error .= "Password must not be null.<br />"; } if ($email == ""){ $error .= "Email must not be null.<br />"; } if ($phone == ""){ $error .= "Phone must not be null.<br />"; } // Query the posts with categories and user information $query = "SELECT * FROM users WHERE username='$form_username'"; // Execute the database query $result = $connection->query($query); if (DB::isError($result)){ die("Could not query the database: <br />".$query." ".DB::errorMessage($result)); } $user_count = $result->numRows( ); if ($user_count > 0) { $error .= "Error: Username $form_username is taken already. Please select another.<br />"; } if ($error){ echo $error; } else { echo "Username is available."; exit; } } ?> <!-- This script will process the results as well as display the form --> <form action="<?php echo htmlentities($_SERVER["PHP_SELF"]); ?>" method="POST" onsubmit="return check_valid(this);" id="test1" name="test1"> <table> <tr> <td width="30%" align="right">Username:</td> <td><input type="text" name="form_username"value="<?php echo ($form_username); ?>" /> </td> </tr> <tr> <td align="right">Password:</td> <td><input type="password" name="password"value="<?php echo ($password); ?>" /> </td> </tr> <tr> <td align="right">Phone:</td> <td><input type="phone" name="phone" value="<?php echo($phone); ?>" /></td> </tr> <tr> <td align="right">Email:</td> <td><input type="email" name="email" value="<?php echo($email); ?>" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Submit" /></td> </tr> </table> </form> </body> </html> [attachment deleted by admin] Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 4, 2009 Share Posted May 4, 2009 Can you view that page with JavaScript disabled? Maybe the JS is doing it? Quote Link to comment Share on other sites More sharing options...
Potatis Posted May 4, 2009 Share Posted May 4, 2009 What is it you are echoing here? A variable that is created after the form is submitted? <td><input type="text" name="username"value="<?php echo ($username); ?>" /> If the form isn't processed until it is submitted, what is the value of $username? Quote Link to comment Share on other sites More sharing options...
drumhrd Posted May 4, 2009 Author Share Posted May 4, 2009 I removed the JS and same result. The idea of the form is to initially load blank. If a user picks a username that is already in use. The form will stay populated but give an error (so the user doesn't have to reinput the other data). Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 4, 2009 Share Posted May 4, 2009 What if you changed <td><input type="text" name="username"value="<?php echo ($username); ?>" /> To <td><input type="text" name="username"value="<?php echo $user_name; ?>" /> I just want to see if it's always "root". Quote Link to comment Share on other sites More sharing options...
drumhrd Posted May 4, 2009 Author Share Posted May 4, 2009 Very strang..yes...it's still root. <td><input type="text" name="form_username"value="<?php echo ($user_name); ?>" /> Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 4, 2009 Share Posted May 4, 2009 What if you delete root from the input field and then reload the page? Quote Link to comment Share on other sites More sharing options...
drumhrd Posted May 4, 2009 Author Share Posted May 4, 2009 tried it..it repopulates username and password. this sucks. show can this form possibly know what to put into the fields..there is no $form_username object!!!!! Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 4, 2009 Share Posted May 4, 2009 Do you have this page up live for me to view? Quote Link to comment Share on other sites More sharing options...
drumhrd Posted May 4, 2009 Author Share Posted May 4, 2009 Dammit..I feel like a fool!!!!!!! it was firefox all along. it was autopopulating the freaking fields based on saved passwords. I removed the <?php echo ($form_username); ?> from the input type...and when I still saw the username of root...I had to suspect something else besides PHP..I cleared my private data and it worked. Guys, I am so sorry for wasting all your time. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.