Jump to content

Check Register script not working -_-

Dark57

By Dark57
in PHP Coding Help

 Share

Recommended Posts

Dark57 Member

Dark57

Posted
Posted

Ok I thought I had as brilliant break through a little earlier and that I got it to detect if anything was already in a datebase when someone was trying to register. Username or email for example.  Now for some reason it was always allowing the submitted info to write to the database, now its not letting it write at all. Infact its giving me all the errors about my information now, even when its not in the database.

 

<html>
<body>

<?php

$username = $_POST['myusername'];
$password = $_POST['mypassword'];
$email = $_POST['myemail'];
$errors[1] = 0;
$errors[2] = 0;
$errors[3] = 0;
$host="localhost"; // Host name
$login="xxxx"; // Mysql username
$password="xxxxxxx"; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
session_start();

$_SESSION['noname']=0;
$_SESSION['nopass']=0;
$_SESSION['noemail']=0;
$_SESSION['usernamefail']=0;
$_SESSION['emailfail']=0;

// Connect to server and select databse.
$con = mysql_connect("$host", "$login", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

//Check for empty fields
if (!isset($username))
{
$_SESSION['noname']=1;
echo "Username = " . $_SESSION['noname'] . "<br />";
}
if (!isset($password));
{
$_SESSION['nopass']=1;
echo "Password = " . $_SESSION['nopass'] . "<br />";
}
if (!isset($email));
{
$_SESSION['noemail']=1;
echo "email = " . $_SESSION['noemail'] . "<br />";
}


//If not empty, compare emails to database

$sql = "SELECT COUNT(*) FROM members WHERE email = '$email'";
$result = mysql_query($sql);
$number=mysql_num_rows($result);

    if($number>0)
    	{
    $_SESSION['emailfail']=1;
    echo "Duplicate Email = 1<br />";
	}

$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$sql = "SELECT COUNT(*) FROM members WHERE username = '$username'";
$result = mysql_query($sql);
if(!$result) die(mysql_error().'<br />'.$sql);
$number=mysql_num_rows($result);
if($number>0)
	{
	echo "Duplicate Username <br />";
	$_SESSION['usernamefail']=1;
	}

if ($_SESSION['noname'] == 0 && $_SESSION['nopass'] == 0 && $_SESSION['noemail'] == 0 && $_SESSION['usernamefail'] == 0 && $_SESSION['emailfail'] == 0)
{
//If emails arent duplicates, write to file.
// To protect MySQL injection
$password = stripslashes($password);
$email = stripslashes($email);
$password = mysql_real_escape_string($password);
$email = mysql_real_escape_string($email);
$password = md5($password);
$register="INSERT INTO $tbl_name (username, password, email)
VALUES
('$username','$password','$email')";

if (!mysql_query($register,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "No Errors";
}


?>

</body>
</html>

 

Does anyone see what I'm doing wrong?

Link to comment
https://forums.phpfreaks.com/topic/199088-check-register-script-not-working-_/
Share on other sites
premiso Regular Member

premiso

Posted
Posted

You never clear you session error variables after displaying the error. So everytime the page is ran it sees those as errors.

 

Clear those out after you display them and that should solve your problem, given that your logic is correct. I kind of just glazed over that part.

Dark57 Member

Dark57

Posted
  • Author
Posted

Ah, I see. The session variables are supposed to be transferred over to the next page where it tells you where you are wrong etc and cleared there.

 

I just removed that part temporarily so I could try to debug it.  Maybe coding this tired is not the best of ideas.

havenpets Newbie

havenpets

Posted
Posted

First off, let's start with a little "OOPS!" I just found XD

$password = $_POST['mypassword'];
$password="xxxxxxx"; // Mysql password

 

Well now, when you go and insert $password into the database... it's going to be your MySQL Password. :D

 

Secondly, anything... ANYTHING that is $_POST[] or $_GET[]... ESCAPE IT immediately!!!

$email = mysql_real_escape_string($_POST[myemail]);

etc.

 

And thirdly, can you post EXACTLY what is showing up on the page after running that script? Just so we can get the full idea of what we're looking at... Well at least me! XD

Dark57 Member

Dark57

Posted
  • Author
Posted

Hrm, I see that oops now. I thought I fixed that, maybe I started over with an older copy. Bah.

 

This is what is displayed. I typed in a brand spanking new username, password and email.

Password = 1 means that it detects there is no password being submitted.

Email = 1 means there is no email being submitted.

Duplicate Email = 1 means it found the same email in the database already.

Duplicate USername means it found the same username in the database.

 

Password = 1

email = 1

Duplicate Email = 1

Duplicate Username

Dark57 Member

Dark57

Posted
  • Author
Posted 

<html>
<body>

<?php

$username = $_POST['myusername'];
$userpassword = $_POST['mypassword'];
$email = $_POST['myemail'];
$errors[1] = 0;
$errors[2] = 0;
$errors[3] = 0;
$host="localhost"; // Host name
$login="xxxx"; // Mysql username
$password="xxxxxxx"; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
session_start();

$_SESSION['noname']=0;
$_SESSION['nopass']=0;
$_SESSION['noemail']=0;
$_SESSION['usernamefail']=0;
$_SESSION['emailfail']=0;

// Connect to server and select databse.
$con = mysql_connect("$host", "$login", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

//Check for empty fields
if (!isset($username))
{
$_SESSION['noname']=1;
echo "Username = " . $_SESSION['noname'] . "<br />";
}
if (!isset($userpassword));
{
$_SESSION['nopass']=1;
echo "Password = " . $_SESSION['nopass'] . "<br />";
}
if (!isset($email));
{
$_SESSION['noemail']=1;
echo "email = " . $_SESSION['noemail'] . "<br />";
}


//If not empty, compare emails to database

$sql = "SELECT COUNT(*) FROM members WHERE email = '$email'";
$result = mysql_query($sql);
$number=mysql_num_rows($result);

    if($number>0)
    	{
    $_SESSION['emailfail']=1;
    echo "Duplicate Email = 1<br />";
	}

$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$sql = "SELECT COUNT(*) FROM members WHERE username = '$username'";
$result = mysql_query($sql);
if(!$result) die(mysql_error().'<br />'.$sql);
$number=mysql_num_rows($result);
if($number>0)
	{
	echo "Duplicate Username <br />";
	$_SESSION['usernamefail']=1;
	}

if ($_SESSION['noname'] == 0 && $_SESSION['nopass'] == 0 && $_SESSION['noemail'] == 0 && $_SESSION['usernamefail'] == 0 && $_SESSION['emailfail'] == 0)
{
//If emails arent duplicates, write to file.
// To protect MySQL injection
$userpassword = stripslashes($userpassword);
$email = stripslashes($email);
$userpassword = mysql_real_escape_string($userpassword);
$email = mysql_real_escape_string($email);
$userpassword = md5($userpassword);
$register="INSERT INTO $tbl_name (username, password, email)
VALUES
('$username','$userpassword','$email')";

if (!mysql_query($register,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "No Errors";
}

session_unset();
session_destroy();
?>

</body>
</html>

 

And the form

 

<html>
<body>
<form name="registerform" method="post" action="check_register.php">
<table width="300" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
            <tr>
              <td colspan="4" bgcolor="#ffffff"><strong>Member Login </strong></td>
            </tr>
            <tr>
              <td width="67">Username</td>
              <td width="4">:</td>
              <td colspan="2"><input name="myusername" type="text" id="myusername"></td>
            </tr>
            <tr>
              <td>Password</td>
              <td>:</td>
              <td colspan="2"><input name="mypassword" type="password" id="mypassword"></td>
            </tr>
            <tr>
              <td>Email</td>
              <td>:</td>
              <td colspan="2"><input name="myemail" type="text" id="myemail"></td>
            </tr>
            <tr>
              <td width="54" align="left"><input type="submit" name="Submit" value="register"></td>
            </tr>
</table>
</form>

</body>
</html>

 

I'm actually going to sign off for the night, but I will be checking back tomorrow.  Thanks for helping, I'm just too tired to continue right now.

havenpets Newbie

havenpets

Posted
Posted

Okay, no problem. I will look at it and see what I can do...

<?php

$errors[1] = 0;
$errors[2] = 0;
$errors[3] = 0;
$host="localhost"; // Host name
$login="xxxx"; // Mysql username
$password="xxxxxxx"; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
session_start();

$_SESSION['noname']=0;
$_SESSION['nopass']=0;
$_SESSION['noemail']=0;
$_SESSION['usernamefail']=0;
$_SESSION['emailfail']=0;

// Connect to server and select databse.
$con = mysql_connect("$host", "$login", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$username = mysql_real_escape_string($_POST['myusername']);
$userpassword = mysql_real_escape_string($_POST['mypassword']);
$email = mysql_real_escape_string($_POST['myemail']);

//Check for empty fields
if (!$username)
{
$_SESSION['noname']=1;
echo "Username = " . $_SESSION['noname'] . "<br />";
}
if (!$userpassword);
{
$_SESSION['nopass']=1;
echo "Password = " . $_SESSION['nopass'] . "<br />";
}
if (!$email);
{
$_SESSION['noemail']=1;
echo "email = " . $_SESSION['noemail'] . "<br />";
}


//If not empty, compare emails to database

$result = mysql_query("SELECT * FROM `".$tbl_name."` WHERE email = '$email'");
$number = mysql_num_rows($result);

    if($number > 0)
    	{
    $_SESSION['emailfail']=1;
    echo "Duplicate Email = 1<br />";
	}

$result = mysql_query("SELECT * FROM `".$tbl_name."` WHERE username = '$username'") or die(mysql_error());
$number = mysql_num_rows($result);
if($number > 0)
	{
	echo "Duplicate Username <br />";
	$_SESSION['usernamefail']=1;
	}

if ($_SESSION['noname'] == 0 && $_SESSION['nopass'] == 0 && $_SESSION['noemail'] == 0 && $_SESSION['usernamefail'] == 0 && $_SESSION['emailfail'] == 0)
{
//If emails arent duplicates, write to file.
// To protect MySQL injection
$userpassword = md5($userpassword);

mysql_query("INSERT INTO `".$tbl_name."` (username, password, email) VALUES ('$username','$userpassword','$email')") or die(mysql_error());
echo 'no errors';
}

session_unset();
session_destroy();
?>

 

Okay give this a shot (please use a new file to prevent any deletion of anything important).

 

Note: I also cleaned up your scripting a bit, for example, you had your variables $variable = $variable, quite often, and I just took care of it at the beginning. I also moved it below the Session_start() and other mysql connect information, just in case. From there I put all your sql into one lines, because having a sql combine 4 different variables was getting confusing... Lastly, I seen $tbl_name and it was only in one sql query, so I edited the rest so it's easier to maintain (edit main variable).

 

Give it a shot, let me know how it goes and we will go from there! Sorry to be so picky about the coding, but... LOL for me to do it, I had to understand it so I put it in my terms, if that's okay.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.