anevins Posted March 10, 2011 Share Posted March 10, 2011 Hi there, There's something wrong with this register form, it's submitting without validation. <?php require_once('./includes/connectvars.php'); // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (isset($_POST['submit'])) { // Grab the profile data from the POST $username = mysqli_real_escape_string($dbc, trim($_POST['username'])); $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1'])); $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2'])); $firstname = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); $lastname = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); if (!empty($username) && !empty($password1) && !empty($password2) && ($password1 == $password2) && !empty($firstname) && !empty($lastname)) { // Make sure someone isn't already registered using this username $query = "SELECT * FROM users WHERE username = '$username'"; $data = mysqli_query($dbc, $query); if (mysqli_num_rows($data) == 0) { // The username is unique, so insert the data into the database $query = "INSERT INTO users (username, password, join_date, first_name, last_name) VALUES ('$username', SHA('$password1'), NOW(), '$firstname', '$lastname')"; mysqli_query($dbc, $query); // Confirm success with the user echo '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>'; mysqli_close($dbc); exit(); } else { // An account already exists for this username, so display an error message echo '<p class="error">An account already exists for this username. Please use a different address.</p>'; $username = ""; } } else { echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>'; } } mysqli_close($dbc); ?> <p>Please enter your username and desired password to sign up to Mismatch.</p> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <legend>Registration Info</legend> <label for="username">Username:</label> <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br /> <label for="password1">Password:</label> <input type="password" id="password1" name="password1" /><br /> <label for="password2">Password (retype):</label> <input type="password" id="password2" name="password2" /><br /> <label for="first_name">first name:</label> <input type="text" id="first_name" name="first_name" /><br /> <label for="last_name">last name:</label> <input type="text" id="last_name" name="last_name" /><br /> <input type="submit" value="Sign Up" name="submit" /> </form> </body> </html> I've had this problem for a while now and can't figure it out, any suggestions are appreciated. Thank you. Link to comment https://forums.phpfreaks.com/topic/230266-register/ Share on other sites More sharing options...
btherl Posted March 10, 2011 Share Posted March 10, 2011 Does "without validation" mean it stores the data even when some items are empty? Link to comment https://forums.phpfreaks.com/topic/230266-register/#findComment-1185816 Share on other sites More sharing options...
anevins Posted March 10, 2011 Author Share Posted March 10, 2011 Sorry for being unclear, what I meant as 'without validation' is the form submits but does not enter data. I've now noticed when I enter data into the input fields and press on the submit button, I get an error for another form; a log in form which works fine by itself. Here's the error I get when I submit my register form with input data: An error occurred in script 'G:\xampp\htdocs\xampp\wp\assignment2\framework\modules\login.php' on line 16: <br />Undefined index: password I'll show you code for both files; since it seems both are involed. register.php <?php require_once('./includes/connectvars.php'); // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (isset($_POST['submit'])) { // Grab the profile data from the POST $username = mysqli_real_escape_string($dbc, trim($_POST['username'])); $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1'])); $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2'])); $firstname = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); $lastname = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); if (!empty($username) && !empty($password1) && !empty($password2) && ($password1 == $password2) && !empty($firstname) && !empty($lastname)) { // Make sure someone isn't already registered using this username $query = "SELECT * FROM users WHERE username = '$username'"; $data = mysqli_query($dbc, $query); if (mysqli_num_rows($data) == 0) { // The username is unique, so insert the data into the database $query = "INSERT INTO users (username, password, join_date, first_name, last_name) VALUES ('$username', SHA('$password1'), NOW(), '$firstname', '$lastname')"; mysqli_query($dbc, $query); // Confirm success with the user echo '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>'; mysqli_close($dbc); exit(); } else { // An account already exists for this username, so display an error message echo '<p class="error">An account already exists for this username. Please use a different address.</p>'; $username = ""; } } else { echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>'; } } mysqli_close($dbc); ?> <p>Please enter your username and desired password to sign up to Mismatch.</p> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <legend>Registration Info</legend> <label for="username">Username:</label> <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br /> <label for="password1">Password:</label> <input type="password" id="password1" name="password1" /><br /> <label for="password2">Password (retype):</label> <input type="password" id="password2" name="password2" /><br /> <label for="first_name">first name:</label> <input type="text" id="first_name" name="first_name" /><br /> <label for="last_name">last name:</label> <input type="text" id="last_name" name="last_name" /><br /> <input type="submit" value="Sign Up" name="submit" /> </form> </body> </html> login.php <?php require_once('./includes/connectvars.php'); // Clear the error message $error_msg = ""; // If the user isn't logged in, try to log them in if (!isset($_SESSION['user_id'])) { if (isset($_POST['submit'])) { // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // Grab the user-entered log-in data $user_username = mysqli_real_escape_string($dbc, trim($_POST['username'])); $user_password = mysqli_real_escape_string($dbc, trim($_POST['password'])); if (!empty($user_username) && !empty($user_password)) { // Look up the username and password in the database $query = "SELECT user_id, username FROM users WHERE username = '$user_username' AND password = SHA('$user_password')"; $data = mysqli_query($dbc, $query); if (mysqli_num_rows($data) == 1) { // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page $row = mysqli_fetch_array($data); $_SESSION['user_id'] = $row['user_id']; $_SESSION['username'] = $row['username']; setcookie('user_id', $row['user_id'], time() + (60 * 60 * 24 * 30)); // expires in 30 days setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30)); // expires in 30 days $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php'; header('Location: ' . $home_url); } else { // The username/password are incorrect so set an error message $error_msg = 'Invalid'; } } else { // The username/password weren't entered so set an error message $error_msg = 'Enter all fields'; } } } // If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in if (empty($_SESSION['user_id'])) { echo '<p>' . $error_msg . '</p>'; ?> <form id="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <span style=" padding-left:52px;"> <legend>Log In or <a href="index.php?p=register">Register</a></span></legend> <table> <tr> <td> <label for="username">Username:</label> </td> <td> <input type="text" name="username" value="<?php if (!empty($user_username)) echo $user_username; ?>" /><br /> </td> </tr> <tr> <td> <label for="password">Password:</label> </td> <td> <input type="password" name="password" /> </td> <td> <input type="submit" value="Log In" name="submit" /> </td> </tr> </table> </form> <?php } else { // Confirm the successful log-in echo '<p>You are logged in as ' . $_SESSION['username'] . '.</p>'; echo '<br /><a href="index.php?p=logout">Log Out (' . $_SESSION['username'] . ')</a>'; echo '<br /><a href="index.php?p=viewprofile">View Profile</a></p>'; } ?> If you're wondering about sessions, I've already sent them in another file. Thanks Link to comment https://forums.phpfreaks.com/topic/230266-register/#findComment-1185823 Share on other sites More sharing options...
btherl Posted March 10, 2011 Share Posted March 10, 2011 This is line 16 of your login script: $user_password = mysqli_real_escape_string($dbc, trim($_POST['password'])); The form did not send "password", that is causing the error. Are you saying that you got an error from login.php when you submitted the register.php form? Is the data getting submitted to the wrong script? Link to comment https://forums.phpfreaks.com/topic/230266-register/#findComment-1185842 Share on other sites More sharing options...
anevins Posted March 10, 2011 Author Share Posted March 10, 2011 It would seem so. Scenario: I click on submit button from the file 'register.php', I receive an error on line ... 'login.php' Link to comment https://forums.phpfreaks.com/topic/230266-register/#findComment-1185849 Share on other sites More sharing options...
btherl Posted March 10, 2011 Share Posted March 10, 2011 Can you "view source" on the form on your register page, and see what this line looks like: <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" It's the contents of the action field that I'm interested in. Link to comment https://forums.phpfreaks.com/topic/230266-register/#findComment-1185874 Share on other sites More sharing options...
anevins Posted March 10, 2011 Author Share Posted March 10, 2011 Sorry this thread will have to be postponed for a day. Night Link to comment https://forums.phpfreaks.com/topic/230266-register/#findComment-1185882 Share on other sites More sharing options...
anevins Posted March 11, 2011 Author Share Posted March 11, 2011 I have viewed the source; as through a browse, which showed: <form id="login" method="post" action="/xampp/wp/assignment2/framework/index.php"> Link to comment https://forums.phpfreaks.com/topic/230266-register/#findComment-1186077 Share on other sites More sharing options...
anevins Posted March 11, 2011 Author Share Posted March 11, 2011 Forgive me if I'm late to reply, I'll try and visit these threads in my timetable intervals between lectures. Link to comment https://forums.phpfreaks.com/topic/230266-register/#findComment-1186081 Share on other sites More sharing options...
btherl Posted March 14, 2011 Share Posted March 14, 2011 I think PHP_SELF might not be the right action for your form. What url do you see in the address bar when viewing the register script? You should be seeing the same url in the form action for submitting that script. Or at least the path portion, such as "/register.php" Link to comment https://forums.phpfreaks.com/topic/230266-register/#findComment-1187539 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.