NanashiFoundation Posted November 12, 2009 Share Posted November 12, 2009 <html> <head> <title>Gundam Storm : Abyss Registration Area</title> </head> <body> <?php /* ***************************************** * Gundam Storm : Abyss Test Environment * * Lead Programmer: J. Wagner * ***************************************** * This Script Last Updated 10/18/2009 * ***************************************** */ /* ***************************************** * Load Abyss Registration * ***************************************** */ // Connect To The Database require "dbcnx.php"; // Generate Form if(empty($_POST)) { echo '<b>Registration</b><br /><br /> <form action="signup.php" method="post"> Pick a Username: <input type="text" name="username" size="25"><br /> Pick a Password: <input type="password" name="password1" size="40"><br /> Confirm Password: <input type="password" name="password2" size="40"><br /> E-Mail: <input type="email" name="email" size="50"><br /> <input type="submit" value="Sign Up"> '; } else { if(empty($_POST['username'])||empty($_POST['password1'])||empty($_POST['password2'])||empty($_POST['email'])) { echo '<p style="text-align:center;">All fields are required!</p> <script type="text/javascript">setTimeout("window.location=\'signup.php\'",2000); </script>'; } if(strcmp($_POST['password1'],$_POST['password2'])!=0) { echo '<p style="text-align:center;">Passwords do not match!</p> <script type="text/javascript">setTimeout("window.location=\'signup.php\'",2000); </script>'; } if(strlen($_POST['password1'])<4) { echo '<p style="text-align:center;">Passwords must be at least \'4\' characters!</p> <script type="text/javascript">setTimeout("window.location=\'signup.php\'",2000); </script>'; } // Encryption : Add Soon // $_POST['password2']=strtoupper(sha1(md5($_POST['password2']))); if(strlen($_POST['username'])<3) { echo '<p style="text-align:center;">Usernames must be at least \'3\' characters!</p> <script type="text/javascript">setTimeout("window.location=\'signup.php\'",2000); </script>'; } $usercheck = mysql_num_rows(mysql_query("SELECT `username` FROM `abyss_users` WHERE `username` = '".$_POST['username']."'")); if($usercheck!=0) { echo '<p style="text-align:center;">Username Already In Use!</p> <script type="text/javascript">setTimeout("window.location=\'signup.php\'",2000); </script>'; } $emailcheck = mysql_num_rows(mysql_query("SELECT `email` FROM `abyss_users` WHERE `email` = '".$_POST['email']."'")); if($emailcheck!=0) { echo '<p style="text-align:center;">E-Mail Already In Use!</p> <script type="text/javascript">setTimeout("window.location=\'signup.php\'",2000); </script>'; } /* IP Check : Add Soon $ipcheck = mysql_num_rows(mysql_query("SELECT `ipaddress` FROM `gs_users` WHERE `ipaddress` = '".$_SERVER['REMOTE_ADDR']."'")); if($ipcheck!=0) { echo '<p style="text-align:center;">Your IP address has already been logged. If you\'ve forgotten your password, you can always <a href="resetpw.php">reset your password</a>. Or if you want to register a second account with this computer, <a href="mailto:[email protected]">send us an e-mail</a>.</p>'; overallFooter(); exit; } */ $result=mysql_query("INSERT INTO `abyss_users` (`username`,`password`,`email`) VALUES ('".$_POST['username']."','".$_POST['password1']."','".$_POST['email']."'"); if(!$result) { echo '<p style="text-align:center;">We\'re Sorry! There was an error! Please copy the message below and e-mail <a href="mailto:[email protected]">[email protected]</a>! Thank You!</p> <p style="color:red;">MySQL Error: '.mysql_error().'</p>'; } /* Send E-Mail : Add Soon //User registered successfully; mail them their credentials //Mail Headers $headers="From: [email protected] (Gundam Storm)" . "\r\n" . "Reply-To: [email protected]" . "\r\n" . "Mailed-By: gundam-storm.com" . "\r\n" . "Content-type:text/html; charset=utf-8" . "\r\n" . "X-Mailer: PHP/".phpversion(); //Message Body $body='<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Welcome to Gundam Storm!</title> </head> <body> <p>Welcome to Gundam Storm!</p> <p>Here are your account credentials. Please keep this e-mail for your records.<br /><br /></p> <p>Username: '.$_POST['username'].'<br /> Password: '.$_POST['password1'].'<br /> Email: '.$_POST['email'].'<br /><br /></p> <p>You will login with your <b style="color:red;">email address</b> and <b style="color:red;">password</b>. You can change your username and password by visiting <i style="color:green;">Account Preferences</i> after you login.</p> <p>Thanks for joining the Gundam Storm community!<br /><br /></p> <p>Sincerely,</p> <p>The Gundam Storm Staff</p> </body> </html>'; //Email their credentials to them mail($_POST['email'],'Welcome to Gundam Storm!',$body,$headers); */ else { echo '<p style="text-align:center;">Thank you for signing up, <b>'.$_POST['username'].'</b>. An e-mail has (NOT) been sent to <b>'.$_POST['email'].'</b> containing your account information for your records.</p> <p style="text-align:center;">Please wait while you are redirected...</p> <script type="text/javascript">setTimeout("window.location=\'signup.php\'",4000); </script>'; } } // Insert a row of information into the table "members" // mysql_query("INSERT INTO members(firstname, lastname, email, password) VALUES('$firstname','$lastname','$email','$password')") or die(mysql_error()); ?> When running the script page, it will not save to the database, and it displays the following error: We're Sorry! There was an error! Please copy the message below and e-mail [email protected]! Thank You! MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Can someone help me find this problem? It's putting a huge pain in my side Link to comment https://forums.phpfreaks.com/topic/181239-solved-registration-glitch-bug/ Share on other sites More sharing options...
trq Posted November 12, 2009 Share Posted November 12, 2009 Is this your code or something you downloaded? Its quite poorly written. Link to comment https://forums.phpfreaks.com/topic/181239-solved-registration-glitch-bug/#findComment-956097 Share on other sites More sharing options...
NanashiFoundation Posted November 12, 2009 Author Share Posted November 12, 2009 Is this your code or something you downloaded? Its quite poorly written. It's a code I'm putting together. It's poorly written? I'm still new to PHP, and am using scripts from other sources, and trying to splice them together. I was planning to get it working before I cleaned it up. Any advice how I can clean it up, or how to possibly fix the script? Link to comment https://forums.phpfreaks.com/topic/181239-solved-registration-glitch-bug/#findComment-956101 Share on other sites More sharing options...
trq Posted November 12, 2009 Share Posted November 12, 2009 Ok, sorry, I wasn't having a dig at you. One of the worst ways to execute database queries is by chaining your functions together, this eliminates your ability to debug anything. This... $usercheck = mysql_num_rows(mysql_query("SELECT `username` FROM `abyss_users` WHERE `username` = '".$_POST['username']."'")); Should be.... $username = mysql_real_escape_string($_POST['username']); $sql = "SELECT `username` FROM `abyss_users` WHERE `username` = '$username'"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { // you have a valid user. } else { // user not found, do whatever. } } else { // query failed, debug. } This type of logic will at least help you find your bugs. I was planning to get it working before I cleaned it up. Its generally better to do things the other way around entirely. Link to comment https://forums.phpfreaks.com/topic/181239-solved-registration-glitch-bug/#findComment-956103 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.