Jump to content

php registration system - added to database even if there's errors


Ruko

Recommended Posts

Ok, first off, I tested my own coded reg system and when I make an error test, the error shows but the user info gets added to the database. How can I stop letting the code add the user to the database when an error occurs.

<?php include "lang.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PokePals - Registering</title>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js" />
<link rel="stylesheet" type="text/css" href="style.css" /></head>
<body>
<?php include "navbar.php"; ?>
<?php 
// Important stuff goes here
include "sql_local.php";
include "ban.php";
// Now for the registration page
  echo "<div class='panel'>";
	if (isset($_POST["submit"])) {
		// Define the variables here
		$user = mysql_real_escape_string ($_POST["user"]);
		$pass1 = mysql_real_escape_string ($_POST["pass"]);
		$pass2 = mysql_real_escape_string ($_POST["passconf"]);
		$email = mysql_real_escape_string ($_POST["email"]);
		$email2 = mysql_real_escape_string ($_POST["email2"]);
		$dpfc = mysql_real_escape_string ($_POST["dpfc"]);
		$platinumfc = mysql_real_escape_string ($_POST["platinumfc"]);
		$hgssfc = mysql_real_escape_string ($_POST["hgssfc"]);
		$otherfc = mysql_real_escape_string ($_POST["otherfc"]);
		$favoritepkmn = mysql_real_escape_string ($_POST["favoritepkmn"]);
		$aboutme = mysql_real_escape_string ($_POST["aboutme"]);
		$hobbies = mysql_real_escape_string ($_POST["hobbies"]);
		$favorites = mysql_real_escape_string ($_POST["favorites"]);
		$gender = mysql_real_escape_string ($_POST["gender"]);

		// Now check for some errors
			// Did he/she fill out the form completely? Lets find out
	function errors() {
			if (!$_POST["user"] | !$_POST["pass"] | !$_POST["email"] ) { 
  echo "<div class='error'>Please fill in the required fields</div>";
			}
			// Passwords match
			 if ($_POST['pass'] != $_POST['passconf']) {
  				echo "<div class='error'>Password does not match with the other one</div>";
			}
			// Email match
			 if ($_POST['email'] != $_POST['email2']) {
				 echo "<div class='error'>Email does not match with the other one</div>";
			 }
	}

						// Is the user banned?
			foreach($banned_ips as $ip_ban) {
    			if($user_ip == $ip_ban) {
		 		die ("<div class='error'>Your IP address is banned from registering. Contact the site administrator for more info</div>");
			}
			}
		// If there are no errors, start adding the information to the database
		if (!errors()) {
		// Secure the passwords
			$securepass = md5($pass1);
		// Submit to the database
			$insertuser = "INSERT INTO users (user, password, email, dpfc, platinumfc, hgssfc, otherfc, favoritepkmn, aboutme, hobbies, favorites, gender, regip) values ('$user', '$securepass', '$email', '$dpfc', '$platinumfc', '$hgssfc', '$otherfc', '$favoritepkmn', '$aboutme', '$hobbies', '$favorites', '$gender', '$user_ip')";
			$add = mysql_query($insertuser, $con) or die ('Error: ' . mysql_error() . ' Please contact an admin');
			if ($add) {
			echo ("<h3>Registration Success</h3><p>You may now login using your username and password. Start hatching some eggs now!</p>"); }
		}
	}
  ?> <div class='registerform'><form action='register.php' method='post'>
      <label>Username *</label>
      <input type='text' name='user' class='form1' value='<?php echo @$_POST['user']; ?>' />
      <fieldset><legend>Password</legend>
      <label>Enter your password *</label>
      <input type='password' name='pass' class='form1' value='<?php echo @$_POST['pass']; ?>' />
      <label>Password again *</label>
      <input type='password' name='passconf' class='form1' value='<?php echo @$_POST['passconf']; ?>' />
      </fieldset>
      <fieldset><legend>Email</legend>
      <label>Enter your email *</label>
      <input type="text" name="email" class="form1" value="<?php echo @$_POST['email']; ?>" />
      <label>Enter email again *</label>
      <input type="text" name="email2" class="form1" value="<?php echo @$_POST['email2']; ?>" />
      </fieldset>
      <input type="submit" name="submit" class="submitbutton" value="Register!" />
      </form>

 

Link to comment
Share on other sites

this is a bit 'cor blimmey' but a simple way is with a flag.

$errors=0;

// add flag to all error checks
if (!$_POST["user"] | !$_POST["pass"] | !$_POST["email"] ) { 
      echo "<div class='error'>Please fill in the required fields</div>";
$errors=1;
                }

// then test the flag before putting data into database

if ($flag < 1){
// add data
}else{
//show error message
}

 

Link to comment
Share on other sites

function errors() {
			$error = 0;
			if (!$_POST["user"] | !$_POST["pass"] | !$_POST["email"] ) { 
				echo "<div class='error'>Please fill in the required fields</div>";
				$error = 1;
			}
			if ($_POST['pass'] != $_POST['passconf']) {
  				echo "<div class='error'>Password does not match with the other one</div>";
				$error = 1;
			} 
			if ($_POST['email'] != $_POST['email2']) {
				 echo "<div class='error'>Email does not match with the other one</div>";
				$error = 1;
			 }

			return $error;
	}

 

if (errors() == 0) {

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.