sirk Posted April 5, 2010 Share Posted April 5, 2010 ok basically i have created a sign up form, though it is more like a password set form as the username for the system will be an employes personal ID which it is assumed that they know. the user has to enter in their employee id and then choose a password. the problem im having is with validating how long the user ID is it shud be 4 digits in length no more no less, but for some reason my code doesnt seem to be counting the length of the user id or even validating it properly to check that the user is on the database (if they arent on the db their not employed, again another assumption) if the user ID is non existant it still takes me to the next page and logs in their session instead of showing me an error message. if i enter in a valid id and valid password though, it does update the table with the new password for that user, and the code does count how long the password entered is. i have done a basic syntax check using http://www.meandeviation.com/tutorials/learnphp/php-syntax-check/ and that says the syntax is fine (and of course when i load the page through local host i get no errors) so im assuming its not syntax i have been looking at this now for the past few hours and cannot see where i am going wrong, any and all help is very much appreciated, thank you in advanced. finally though here is my script <?PHP $EmpID = ""; $EmpPwd = ""; $errorMessage = ""; $num_rows = 0; function quote_smart($value, $handle) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value, $handle) . "'"; } return $value; } if ($_SERVER['REQUEST_METHOD'] == 'POST'){ $EmpID = $_POST['EmpID']; $EmpPwd = $_POST['EmpPwd']; $EmpID = htmlspecialchars($EmpID); $EmpPwd = htmlspecialchars($EmpPwd); $IDLength = strlen($EmpID); $PwdLength = strlen($EmpPwd); if ($IDLength = 4) { $errorMessage = ""; } else{ $errorMessage = "Employee ID is four charecters long. If you cant remember Employee ID, or have not been given one contact your contracts manager." . "<BR>"; } if ($PwdLength >= 8 && $PwdLength <= 16) { $errorMessage = ""; } else { $errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>"; } if ($errorMessage == "") { $host="localhost"; // Host name $username="root"; // Mysql username $password="pass"; // Mysql password $db_name="JMSystemDB"; // Database name $db_handle = mysql_connect($host, $username, $password); $db_found = mysql_select_db($db_name, $db_handle); if ($db_found) { $EmpID = quote_smart($EmpID, $db_handle); $EmpPwd = quote_smart($EmpPwd, $db_handle); $SQL = "SELECT * FROM Employee WHERE EmployeeID = $EmpID"; $result = mysql_query($SQL); $num_rows = mysql_num_rows($result); if ($num_rows = 0) { $errorMessage = "Invalid Employee ID"; } else { $SQL = "UPDATE Employee SET SystemPassword = md5($EmpPwd) WHERE EmployeeID = $EmpID"; $result = mysql_query($SQL); mysql_close($db_handle); session_start(); session_register('EmpID'); header("location:Jobs.php"); } } else { $errorMessage = "Database Not Found"; } } } ?> <html> <head> <title>Set Password</title> </head> <body> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1"> <tr> <form name="form1" method="post" action="signup.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor=> <tr> <td colspan="3"> </td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="EmpID" type="text" id="EmpID"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="EmpPwd" type="password" id="EmpPwd"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Register" /></td> </tr> </table> </td> </form> </tr> </table></p> </FORM> <P> <?PHP print $errorMessage;?> </body> </html> again thanks for all help in advanced Quote Link to comment https://forums.phpfreaks.com/topic/197668-signup-form-help/ Share on other sites More sharing options...
mikesta707 Posted April 5, 2010 Share Posted April 5, 2010 something i spotted quickly if ($IDLength = 4) { there you are doing assignment, you are assigning $IDLength with the value of 4 (which returns true so the if statement runs good. what you are looking for is comparison if ($IDLength == 4) { Quote Link to comment https://forums.phpfreaks.com/topic/197668-signup-form-help/#findComment-1037366 Share on other sites More sharing options...
sirk Posted April 5, 2010 Author Share Posted April 5, 2010 ah ha thankyou very much, that solved both problems i had set numrows to = 0 instead of == 0 aswell everything works fine now though. thanks again Quote Link to comment https://forums.phpfreaks.com/topic/197668-signup-form-help/#findComment-1037372 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.