KXMoon Posted December 1, 2009 Share Posted December 1, 2009 Hey, I just started scripting in PHP, and I ran into a few problems. <?php include('config.php'); if (isset($_POST['set'])){ $user=mysql_real_escape_string($_POST['user']); $pass=mysql_real_escape_string(md5($_POST['pass'])); if ($user="" or $pass=""){ echo 'Invalid Username/Password'; } else{ mysql_select_db("db_mycountdown",$db_connect); $sql=mysql_query("SELECT * FROM users WHERE username='$user'",$db_connect); $fetch = mysql_num_rows($sql); if ($fetch>0){ unset($user); echo 'Error: This user already exists!<br>'; } else{ mysql_select_db("db_mycountdown",$db_connect); $sql = mysql_query("INSERT INTO users (username, password) VALUES ('$user','$pass')",$db_connect); echo 'Account Successfully Created!'; } } } echo '<a href="Index.php">Already have an account? Log in!</a> <form action="" method="post"> Username:<br/> <input type="text" name="user"/><br /> Password:<br/> <input type="password" name="pass"/><br /> Confirm Password:<br/> <input type="password" name="passconfirm"/><br /><br /> <input type="submit" name="set" value="Register" /> <br /> </form>'; ?> my php code here seems really buggy. Can anyone point out any errors? Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/ Share on other sites More sharing options...
mrMarcus Posted December 1, 2009 Share Posted December 1, 2009 change: $pass=mysql_real_escape_string(md5($_POST['pass'])); to: $pass=md5($_POST['pass']); and, i'm not following the question. do you want people to fix a mistake? if so, what's the problem? or, do you just want some advice on a better way of forming things? Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/#findComment-968585 Share on other sites More sharing options...
KXMoon Posted December 1, 2009 Author Share Posted December 1, 2009 It keeps on saying that there's already an account registered. I'm not sure why, but this whole system doesn't seem to work. Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/#findComment-968594 Share on other sites More sharing options...
DavidAM Posted December 1, 2009 Share Posted December 1, 2009 First, Indent your code, it makes it much easier to see what is happening <?php include('config.php'); if (isset($_POST['set'])){ $user=mysql_real_escape_string($_POST['user']); $pass=mysql_real_escape_string(md5($_POST['pass'])); if ($user="" or $pass=""){ echo 'Invalid Username/Password'; } else{ mysql_select_db("db_mycountdown",$db_connect); $sql=mysql_query("SELECT * FROM users WHERE username='$user'",$db_connect); $fetch = mysql_num_rows($sql); if ($fetch>0){ unset($user); echo 'Error: This user already exists!<br>'; } else{ mysql_select_db("db_mycountdown",$db_connect); $sql = mysql_query("INSERT INTO users (username, password) VALUES ('$user','$pass')",$db_connect); echo 'Account Successfully Created!'; } } } echo '<a href="Index.php">Already have an account? Log in!</a> <form action="" method="post"> Username:<br/> <input type="text" name="user"/><br /> Password:<br/> <input type="password" name="pass"/><br /> Confirm Password:<br/> <input type="password" name="passconfirm"/><br /><br /> <input type="submit" name="set" value="Register" /> <br /> </form>'; ?> 2) $pass is never going to be empty. You ran MD5 on a possibly empty string, and it will produce results (maybe). I would test for empty($_POST['user']) or empty($_POST['pass']) before processing them. 3) there is no database connection, unless you do that in config.php 4) you do not need to select the database before every query (I do it immediately after connecting and it stays that way unless I select a different one). 5) you should check that pass and passconfirm have the same value before you insert into the database. That's the whole reason for having two password fields. 6) (Actually, this should always be first!) Turn on error reporting to see if any errors are being thrown and ignored: Add error_reporting(E_ALL); at the beginning of your scripts. Also, add ini_set('display_errors', 1); if it is not set in the ini file. 7) After $sql = mysql_query(...), try adding this line: $sql = mysql_query(...); if ($sql === false) { echo mysql_error(); } to see if the query is failing. Let us know how things go and post any error messages you get so we can help further. Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/#findComment-968604 Share on other sites More sharing options...
KXMoon Posted December 1, 2009 Author Share Posted December 1, 2009 I actually added the password=passwordconfirm statement, but it kept on saying that my "passwords were different", so I just got rid of that for now. I also previously had problems with parse errors in my else statements and querys. Anyways, it still says that the user still exists, and the query doesn't seem to be failing. Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/#findComment-968629 Share on other sites More sharing options...
mikesta707 Posted December 1, 2009 Share Posted December 1, 2009 try echoing $fetch before the if statement and see if its value is what you expect it to be. It seems OK to me, but without more information, I can't really say. You are sure you are trying to register with a username that doesn't exist on the database already right? Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/#findComment-968643 Share on other sites More sharing options...
Jnerocorp Posted December 1, 2009 Share Posted December 1, 2009 try this: <?php include('config.php'); $report = "Fill out the fields below"; if(isset($_POST['set'])){ $user = $_POST['user']; $pass = md5($_POST['pass']); $passconfirm = md5($_POST['passconfirm']); mysql_select_db("db_mycountdown",$db_connect); $sql = mysql_query("SELECT * FROM users WHERE username='$user'",$db_connect); $result = mysql_num_rows($sql); if($result['username'] == $user) { $report = 'Error: This user already exists!<br>'; } if($user="" or $pass=""){ $report = 'Invalid Username/Password'; } if($pass == $passconfirm) { mysql_select_db("db_mycountdown",$db_connect); $sql = mysql_query("INSERT INTO users (username, password) VALUES ('$user','$pass')",$db_connect); $report = 'Account Successfully Created!'; } } ?> <?php echo "$report <br>"; ?> <a href="Index.php">Already have an account? Log in!</a> <form action="" method="post"> Username:<br/> <input type="text" name="user"/><br /> Password:<br/> <input type="password" name="pass"/><br /> Confirm Password:<br/> <input type="password" name="passconfirm"/><br /><br /> <input type="submit" name="set" value="Register" /> <br /> </form> Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/#findComment-968658 Share on other sites More sharing options...
mikesta707 Posted December 1, 2009 Share Posted December 1, 2009 this doesn't make sense $result = mysql_num_rows($sql); if($result['username'] == $user) { $report = 'Error: This user already exists!<br>'; } $result is an integer, not a result set. But you probably meant $result = mysql_fetch_array($sql); if($result['username'] == $user) { $report = 'Error: This user already exists!<br>'; } That might help, but its essentially the same thing as what OP had because of the WHERE clause, and the fact that the query will only return rows with the username equal to the $user variable. Also, if that does prove false, you will get an undefined index notice. This isn't bad but if you have error reporting turned on (as was suggested earlier) you will see the error whenever the form was submitted successfully. Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/#findComment-968675 Share on other sites More sharing options...
DavidAM Posted December 1, 2009 Share Posted December 1, 2009 Man you really had me going! Sometimes I hate PHP and equality tests. You are missing two characters //This code actually CHANGES these two variables to empty strings if ($user="" or $pass=""){ // it should be this (two equal-signs to test for equality) if ($user=="" or $pass==""){ Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/#findComment-968707 Share on other sites More sharing options...
KXMoon Posted December 1, 2009 Author Share Posted December 1, 2009 now absolutely nothing happens Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/#findComment-969293 Share on other sites More sharing options...
DavidAM Posted December 2, 2009 Share Posted December 2, 2009 Can you post your code with the changes you have made? Also, post any error messages that you get. Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/#findComment-969406 Share on other sites More sharing options...
KXMoon Posted December 2, 2009 Author Share Posted December 2, 2009 Never mind, I changed a few things and now it works fine. Thanks anyways. Quote Link to comment https://forums.phpfreaks.com/topic/183498-buggy-registration-system/#findComment-969888 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.