Jump to content


Photo

PHP Membership System problem


  • Please log in to reply
56 replies to this topic

#21 Fruddy

Fruddy
  • Members
  • PipPipPip
  • Advanced Member
  • 43 posts

Posted 03 August 2006 - 03:26 PM

Still not working :-\

#22 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 03 August 2006 - 03:39 PM

the  field name users is using single quotes

They are not the tick thingies.

$user_sql = "SELECT COUNT (*) AS user_match FROM users WHERE 'username' ='$username'";
$email_sql = "SELECT COUNT (*) AS email_match FROM users WHERE 'email_address' ='$email'";
Tell me the problem, I will try tell you the solution

#23 Fruddy

Fruddy
  • Members
  • PipPipPip
  • Advanced Member
  • 43 posts

Posted 03 August 2006 - 03:44 PM

doesnt quite understand you...

#24 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 03 August 2006 - 03:51 PM

change

$user_sql = "SELECT COUNT (*) AS user_match FROM 'users' WHERE 'username' ='$username'";
$email_sql = "SELECT COUNT (*) AS email_match FROM 'users' WHERE 'email_address' ='$email'";


to
$user_sql = "SELECT COUNT (*) AS user_match FROM `users` WHERE 'username' ='$username'";
$email_sql = "SELECT COUNT (*) AS email_match FROM `users` WHERE 'email_address' ='$email'";

Try this and if there are anymore errors I will debug it on my server and post the fixed code.

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#25 Fruddy

Fruddy
  • Members
  • PipPipPip
  • Advanced Member
  • 43 posts

Posted 03 August 2006 - 03:58 PM

didnt work :-\

#26 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 03 August 2006 - 04:03 PM

ok give me a few minutes I am going to test it.

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#27 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 03 August 2006 - 04:39 PM

change
 $user_sql = "SELECT COUNT (*) AS user_match FROM 'users' WHERE 'username' ='$username'";
$email_sql = "SELECT COUNT (*) AS email_match FROM 'users' WHERE 'email_address' ='$email'";
to
 $user_sql = "SELECT COUNT (*) AS user_match FROM users WHERE username ='".$username."'";
$email_sql = "SELECT COUNT (*) AS email_match FROM users WHERE email_address ='".$email."'";

Table names and field names do not have single quotes, you can use ticks (above Tab, left of 1)
Tick = `
Quote = '


Tell me the problem, I will try tell you the solution

#28 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 03 August 2006 - 04:52 PM

it was more then that. I have the script working now. From now on I am going to test everthing that I post(prior to posting)

The join.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Join Us</title>
</head>

<body>
<?php
if (($message == "info") || ($message == "email_check") || ($message == "username_check")) {
    if ($message == "info") {
        echo "You did not submit the following information";
	    if ($error == "username") {
	        echo "Username is a required field";
	    }	
	    if ($error == "first_name") {
	        echo "First Name is a required field";
	    }	
	    if ($error == "last_name") {
	        echo "Last name is a required field";
	    }	
	    if ($error == "email_address") {
	        echo "Your email address is a required field";
	    }
    }
    if ($message == "email_match") {
	    echo "You are already a member.";
	}
	if ($message == "username_match") {
	    echo "Your username is already being used by another member. Please try again.";
    }
}						
?>
<form method="post" action="register.php">
  <table width="100%" border="0" cellpadding="4" cellspacing="0">
    <tr> 
      <td width="24%" align="left" valign="top">Fornavn</td>
      <td width="76%"><input name="first_name" type="text" id="first_name2"></td>
    </tr>
    <tr> 
      <td align="left" valign="top">Efternavne</td>
      <td><input name="last_name" type="text" id="last_name"></td>
    </tr>
    <tr> 
      <td align="left" valign="top">Email</td>
      <td><input name="email_address" type="text" id="email_address"></td>
    </tr>
    <tr> 
      <td align="left" valign="top">Brugernavn</td>
      <td><input name="username" type="text" id="username"></td>
    </tr>
      <td align="left" valign="top"> </td>
      <td><input type="submit" name="Submit" value="opret bruger!"></td>
    </tr>
  </table>
</form>  
</body>
</html>


The register.php

<?php
include("db.php");//your database connection file
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST); 
}
$username = mysql_real_escape_string(trim($_POST['username']));
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));	    

if ((!$username) || (!first_name) || (!$last_name) || (!email_address)) {
    $message = "info";
	if (!username) {
	    $error = "username";
	}
	if (!first_name) {
	    $error = "first_name";
	}
	if (!$last_name) {
	    $error = "last_name";
	}
	if (!email_address) {
	    $error = "email_address";
	}
	include("join.php");
	exit;
}
					
$user_sql = "SELECT COUNT(*) AS user_match FROM `users` WHERE `username` ='$username'";
$email_sql = "SELECT COUNT(*) AS email_match FROM `users` WHERE `email_address` ='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
	    $message = "username_match";
		unset($username); 
	}
	if ($email_match > 0) {
	    $message = "email_match";
		unset($email);
	}
	include("join.php");
	exit;
}

function makepassword() { 
  $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
  srand((double)microtime()*1000000);  
      $i = 0; 
      while ($i <= 7) { 
            $num = rand() % 33; 
            $tmp = substr($salt, $num, 1); 
            $pass = $pass . $tmp; 
            $i++; 
      } 
      return $pass; 
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', now())") or die (mysql_error());
		
					if(!$sql){
    echo 'Det er kommet en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    You are now registered at our website, http://www.my-project.dk!
    
    To activate your membership, please login here: http://www.mywebsite.com/distributors_section/login_form.html
    
    Once you activate your membership, you will be able to login with the following information:
    Username: $username
    Password: $random_password
    Please keep this username and password in a location that is easily accessible by you.
    
    Thanks!
    #Fruddy my-project.dk
    
    This is an automated response, please do not reply!";
    
    mail($email_address, $subject, $message, "From: MyWebSite<email@mywebsite.com>\nX-Mailer: PHP/" . phpversion());
	echo "$randompwd";
}
?>

The Login.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Login Form</title>
</head>

<body>
<?php
if (($message == "login_info") || ($message == "userinfo")) {
    if ($message == "login_info") {
	    echo "You did not enter your username or password. Please try again.";
	}
	if ($message == "userinfo") {
	    echo "Your username and password do not match. Please try again";
	}
}			
?>
<form action="checkuser.php" method="post" name="form1">
  <div align="justify">
    <table width="50%" border="0" align="center" cellpadding="4" cellspacing="0">
      <tr> 
        <td width="20%">Brugernavn</td>
        <td width="80%"><input name="username" type="text" id="username"></td>
      </tr>
      <tr> 
        <td>Kodeord</td>
        <td><input name="password" type="password" id="password"></td>
      </tr>
      <tr> 
        <td> </td>
        <td><input type="submit" name="Submit" value="Submit"></td>
      </td>
    </table>
  </div>
</form>  
</body>
</html>

The checkuser.php
<?php
session_start(); 
include ('db.php');
array_pop($_POST); 
if ( get_magic_quotes_gpc() ) { 
    $_POST= array_map('stripslashes', $_POST); 
}
$username= mysql_real_escape_string(trim($_POST['username'])); 
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);

if ((!$username) || (!$password)) {
    $message = "login_info";
    include("login.php");
	exit();
}			

 

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd); 
$res= mysql_query($sql) or die(mysql_error()); 
$login_match= mysql_result($res, 0, 'login_match'); 

if ( $login_match == 1 ) { 
    $_SESSION['username']= "$username";
    include("somepage.php");
} else { 
    $message = "userinfo";
	include("login.php");
	exit(); 
}
?>

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#29 Fruddy

Fruddy
  • Members
  • PipPipPip
  • Advanced Member
  • 43 posts

Posted 06 August 2006 - 09:10 AM

Parse error: parse error, unexpected T_STRING in /home/virtual/my-project.dk/public_html/register.php on line 3


BTW, thank you very much for the great work!!

#30 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 06 August 2006 - 09:24 AM

This is the exact code that I have on my site(in a testing area). So if there is some kind of parse error then it was most likely do to you changeing something. Post your register script.

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#31 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 06 August 2006 - 09:43 AM

I checked your site and there is a parse error on line three but I am unable to see what you have for line three. If what you have in an exact copy of what I posted then you should not be getting any errors.

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#32 ignace

ignace
  • Moderators
  • Now mod flavored
  • 6,431 posts
  • LocationBelgium

Posted 06 August 2006 - 09:50 AM

tomfmason, why do you use array_pop?

And actually if he copied what you last posted he will be gettin' a few error's, you forgot your a few dollar signs for your variables :P

#33 ignace

ignace
  • Moderators
  • Now mod flavored
  • 6,431 posts
  • LocationBelgium

Posted 06 August 2006 - 10:11 AM

it was more then that. I have the script working now. From now on I am going to test everthing that I post(prior to posting)

*EDIT by ignace on august 06 2006 11:58:15*

The join.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Join Us</title>
</head>

<body>
<?php
if (($message == "info") || ($message == "email_check") || ($message == "username_check")) {
    if ($message == "info") {
        echo "You did not submit the following information.<br />";
	    if ($error == "username") {
	        echo "Username is a required field.<br />";
	    }	
	    if ($error == "first_name") {
	        echo "First Name is a required field.<br />";
	    }	
	    if ($error == "last_name") {
	        echo "Last name is a required field.<br />";
	    }	
	    if ($error == "email_address") {
	        echo "Your email address is a required field.<br />";
	    }
    }
    if ($message == "email_match") {
	    echo "You are already a member.<br />";
	}
	if ($message == "username_match") {
	    echo "Your username is already being used by another member. Please try again.<br />";
    }
}						
?>
<form method="post" action="register.php">
  <table width="100%" border="0" cellpadding="4" cellspacing="0">
    <tr> 
      <td width="24%" align="left" valign="top">Fornavn</td>
      <td width="76%"><input name="first_name" type="text" id="first_name2"></td>
    </tr>
    <tr> 
      <td align="left" valign="top">Efternavne</td>
      <td><input name="last_name" type="text" id="last_name"></td>
    </tr>
    <tr> 
      <td align="left" valign="top">Email</td>
      <td><input name="email_address" type="text" id="email_address"></td>
    </tr>
    <tr> 
      <td align="left" valign="top">Brugernavn</td>
      <td><input name="username" type="text" id="username"></td>
    </tr>
      <td align="left" valign="top"> </td>
      <td><input type="submit" name="Submit" value="opret bruger!"></td>
    </tr>
  </table>
</form>  
</body>
</html>


The register.php

<?php
include_once("db.php");//your database connection file
array_pop($_POST);
if (get_magic_quotes_gpc()) {
    $_POST= array_map('stripslashes', $_POST); 
}
$username = mysql_real_escape_string(trim($_POST['username']));// In my experience mysql_real_escape_string always returned error's
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));	    

if ((!$username) || (!$first_name) || (!$last_name) || (!$email_address)) {
    $message = "info";
	if (!$username) {
	    $error = "username";
	}
	if (!$first_name) {
	    $error = "first_name";
	}
	if (!$last_name) {
	    $error = "last_name";
	}
	if (!$email_address) {
	    $error = "email_address";
	}
	include("join.php");
	exit(1);// Proper manor of exiting
}
					
$user_sql = "SELECT COUNT(*) AS `user_match` FROM `users` WHERE `username`='$username'";
$email_sql = "SELECT COUNT(*) AS `email_match` FROM `users` WHERE `email_address`='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
	    $message = "username_match";
		unset($username); 
	}
	if ($email_match > 0) {
	    $message = "email_match";
		unset($email);
	}
	include("join.php");
	exit(1);
}

function makepassword() { 
  $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
  srand((double)microtime()*1000000);  
      $i = 0; 
      while ($i <= 7) { 
            $num = rand() % 33; 
            $tmp = substr($salt, $num, 1); 
            $pass = $pass . $tmp; 
            $i++; 
      } 
      return $pass; 
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO `users` (`first_name`, `last_name`, `email_address`, `username`, `password`, `signup_date`)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', NOW())") or die (mysql_error());
		
					if(!$sql){
    echo 'Det er kommet en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    You are now registered at our website, http://www.my-project.dk!
    
    To activate your membership, please login here: http://www.mywebsite.com/distributors_section/login_form.html
    
    Once you activate your membership, you will be able to login with the following information:
    Username: $username
    Password: $random_password
    Please keep this username and password in a location that is easily accessible by you.
    
    Thanks!
    #Fruddy my-project.dk
    
    This is an automated response, please do not reply!";
    
    if (mail($email_address, $subject, $message, "From: MyWebSite<email@mywebsite.com>\nX-Mailer: PHP/" . phpversion())) {
	//echo "$randompwd";
        echo "You are now successfully registered at our website, an additional e-mail has been dispatched to your e-mail address, you should receive this e-mail within the next 24 hours. Thank you!";
    } else {
        // Mailing failed.
    }
}
?>

The Login.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Login Form</title>
</head>

<body>
<?php
if (($message == "login_info") || ($message == "userinfo")) {
    if ($message == "login_info") {
	    echo "You did not enter your username or password. Please try again.<br />";
	}
	if ($message == "userinfo") {
	    echo "Your username and password do not match. Please try again.<br />";
	}
}			
?>
<form action="checkuser.php" method="post" name="form1">
  <div align="justify">
    <table width="50%" border="0" align="center" cellpadding="4" cellspacing="0">
      <tr> 
        <td width="20%">Brugernavn</td>
        <td width="80%"><input name="username" type="text" id="username"></td>
      </tr>
      <tr> 
        <td>Kodeord</td>
        <td><input name="password" type="password" id="password"></td>
      </tr>
      <tr> 
        <td> </td>
        <td><input type="submit" name="Submit" value="Submit"></td>
      </td>
    </table>
  </div>
</form>  
</body>
</html>

The checkuser.php
<?php
session_start(); 
include ('db.php');
array_pop($_POST); 
if (get_magic_quotes_gpc()) { 
    $_POST= array_map('stripslashes', $_POST); 
}
$username= mysql_real_escape_string(trim($_POST['username'])); 
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);

if ((!$username) || (!$password)) {
    $message = "login_info";
    include("login.php");
	exit(1);
}			

 

$sql= sprintf("SELECT COUNT(*) AS `login_match` FROM `users` WHERE `username`='%s' AND `password`='%s'", $username, $mdpwd); 
$res= mysql_query($sql) or die(mysql_error()); 
$login_match= mysql_result($res, 0, 'login_match'); 

if ( $login_match == 1 ) { 
    $_SESSION['username']= "$username";
    include("somepage.php");
} else { 
    $message = "userinfo";
	include("login.php");
	exit(1); 
}
?>



#34 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 06 August 2006 - 10:19 AM

Ok so there were some minor issues with the scripts. Manly the exit();. You are right about the proper way to exit.
exit(1);//exit with errors
. The reason that the register script did not have an error message for the mail portion, is that I copied that part from his orginal script.

Now as far as
mysql_real_escape_string
I use it in an attempt to avoid database insertion. I have never had any issues with it. I know that there are a few other ways to prevent insertion but I personaly like mysql_real_escape_string.





Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#35 Fruddy

Fruddy
  • Members
  • PipPipPip
  • Advanced Member
  • 43 posts

Posted 06 August 2006 - 11:01 AM

So hows my register.php going to look like?

<?php
include("database.php")
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST); 
}
$username = mysql_real_escape_string(trim($_POST['username']));
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));	    

if ((!$username) || (!first_name) || (!$last_name) || (!email_address)) {
    $message = "info";
	if (!username) {
	    $error = "username";
	}
	if (!first_name) {
	    $error = "first_name";
	}
	if (!$last_name) {
	    $error = "last_name";
	}
	if (!email_address) {
	    $error = "email_address";
	}
	include("join.php");
	exit;
}
					
$user_sql = "SELECT COUNT(*) AS user_match FROM `users` WHERE `username` ='$username'";
$email_sql = "SELECT COUNT(*) AS email_match FROM `users` WHERE `email_address` ='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
	    $message = "username_match";
		unset($username); 
	}
	if ($email_match > 0) {
	    $message = "email_match";
		unset($email);
	}
	include("join.php");
	exit;
}

function makepassword() { 
  $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
  srand((double)microtime()*1000000);  
      $i = 0; 
      while ($i <= 7) { 
            $num = rand() % 33; 
            $tmp = substr($salt, $num, 1); 
            $pass = $pass . $tmp; 
            $i++; 
      } 
      return $pass; 
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', now())") or die (mysql_error());
		
					if(!$sql){
    echo 'Det er opstået en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    Du er nu registeret som en bruger på, http://www.my-project.dk!
    
    Du kan logge ind med følgende oplysninger
    Username: $username
    Password: $random_password
    
    
    Tak!
    #Fruddy my-project.dk
    
    Dette er en automatisk respons, du skal ikke skrive tilbage.";
    
    mail($email_address, $subject, $message, "From: MyWebSite<email@mywebsite.com>\nX-Mailer: PHP/" . phpversion());
	echo "$randompwd";
}
?>


#36 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 06 August 2006 - 11:08 AM

copy the edited code by ignace and if you still get those errors. I will take out the arrap_pop

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#37 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 06 August 2006 - 11:18 AM

You forgot a ; at the end of the include

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#38 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 06 August 2006 - 11:32 AM

here you go.

<?php
include("database.php");
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST); 
}
$username = mysql_real_escape_string(trim($_POST['username']));
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));	    

if ((!$username) || (!$first_name) || (!$last_name) || (!$email_address)) {
    $message = "info";
	if (!$username) {
	    $error = "username";
	}
	if (!$first_name) {
	    $error = "first_name";
	}
	if (!$last_name) {
	    $error = "last_name";
	}
	if (!$email_address) {
	    $error = "email_address";
	}
	include("join.php");
	exit;
}
					
$user_sql = "SELECT COUNT(*) AS user_match FROM `users` WHERE `username` ='$username'";
$email_sql = "SELECT COUNT(*) AS email_match FROM `users` WHERE `email_address` ='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
	    $message = "username_match";
		unset($username); 
	}
	if ($email_match > 0) {
	    $message = "email_match";
		unset($email);
	}
	include("join.php");
	exit;
}

function makepassword() { 
  $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
  srand((double)microtime()*1000000);  
      $i = 0; 
      while ($i <= 7) { 
            $num = rand() % 33; 
            $tmp = substr($salt, $num, 1); 
            $pass = $pass . $tmp; 
            $i++; 
      } 
      return $pass; 
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', now())") or die (mysql_error());
		
					if(!$sql){
    echo 'Det er opstået en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    Du er nu registeret som en bruger på, http://www.my-project.dk!
    
    Du kan logge ind med følgende oplysninger
    Username: $username
    Password: $random_password
    
    
    Tak!
    #Fruddy my-project.dk
    
    Dette er en automatisk respons, du skal ikke skrive tilbage.";
    
    mail($email_address, $subject, $message, "From: MyWebSite<email@mywebsite.com>\nX-Mailer: PHP/" . phpversion());
}
?>

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#39 Fruddy

Fruddy
  • Members
  • PipPipPip
  • Advanced Member
  • 43 posts

Posted 06 August 2006 - 11:57 AM

i copy-pasted your text, and a error apear on register.php:

Parse error: parse error, unexpected '}' in /home/virtual/my-project.dk/public_html/register.php on line 91

#40 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 06 August 2006 - 12:39 PM

ok try it was a missing ;  I edited my ^ post. Try copying it again.

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users