Jump to content

Need Help on my Register Page

webby121

By webby121
in PHP Coding Help

 Share

Recommended Posts

webby121 Newbie

webby121

Posted
Posted

 

Hi nothing seems to work! No error messages appear and no data enters my database! Can people please help me please! Needs to be solved by today! Thanks :)

 

 

 

 

 

 

 

<?php

 

//connect to db

$connect = mysql_connect("l", "", "");

mysql_select_db("", $connect);

 

//if submit button gets pressed

if(isset($_POST['submit'])){

 

//Grab data from the form

$username = preg_replace('#[^A-Za-z0-9]#i','', $_POST['username']); // filter everything but letters and numbers

$firstname = preg_replace('#[^A-Za-z]#i', '', $_POST['firstname']); // filter everything but Letters

$lastname = preg_replace('#[^A-Za-z]#i', '', $_POST['lastname']); // filter everything but Letters

$phone = preg_replace('#[^0-9]#i', '', $_POST['phone']); // filter everything but numbers

$address= preg_replace('#[^A-Za-z]#i', '', $_POST['address']); // filter everything but Letters

$postcode= preg_replace('#[^A-Za-z]#i', '', $_POST['postcode']); // filter everything but Letters

$town= preg_replace('#[^A-Za-z]#i', '', $_POST['town']); // filter everything but Letters

$housenumber= preg_replace('#[^0-9]#i', '', $_POST['housenumber']); // filter everything but numbers

$b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); // filter everything but numbers

$b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); // filter everything but numbers

$b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); // filter everything but numbers

   

 

$email1 = mysql_real_escape_string (stripslahes (strip_tags($_POST['email1'])));

$email2 = mysql_real_escape_string (stripslahes (strip_tags($_POST['email2'])));

$pass1 = md5(mysql_real_escape_string (stripslahes (strip_tags($_POST['pass1']))));

$pass2 = stripslashes(strip_tags($_POST['pass2']));

 

$emailCHecker = mysql_real_escape_string($email1);

$emailCHecker = str_replace("`", "", $emailCHecker);

 

// Database duplicate username check setup for use below in the error handling if else conditionals

$sql_uname_check = mysql_query("SELECT username FROM member WHERE username='$username'");

$uname_check = mysql_num_rows($sql_uname_check);

   

// Database duplicate e-mail check setup for use below in the error handling if else conditionals

$sql_email_check = mysql_query("SELECT email FROM member WHERE email='$emailCHecker'");

$email_check = mysql_num_rows($sql_email_check);

 

 

// Convert Birthday to a DATE field type format(YYYY-MM-DD) out of the month, day, and year supplied

$dateofbirth = "$b_y-$b_m-$b_d";

 

 

//If any errors have been found, DO NOT register the member, and instead, redisplay the form

 

 

}

 

if (!isset($username) || !isset($firstname) || !isset ($lastname) || !isset($address) || !isset($postcode) || !isset($town) || !isset($b_m) || !isset($b_d) || !isset($b_y) || !isset($email1) || !isset($email2) || !isset($pass1) || !isset($pass2)) {

 

$errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';

 

if(!isset($username)){

$errorMsg .= ' * User Name<br />';

}

if(!isset($firstname)){

$errorMsg .= ' * First Name<br />';

}

if(!isset($lastname)){

$errorMsg .= ' * Last Name<br />';

}

if(!isset($address)){

$errorMsg .= ' * Address<br />';

}

if(!isset($postcode)){

$errorMsg .= ' * postcode<br />';

}

if(!isset($town)){

$errorMsg .= ' * town<br />';

}

if(!isset($b_m)){

$errorMsg .= ' * Birth Month<br />';     

}

if(!isset($b_d)){

$errorMsg .= ' * Birth Day<br />';       

}

if(!isset($b_y)){

$errorMsg .= ' * Birth year<br />';       

}

if(!isset($email1)){

$errorMsg .= ' * Email Address<br />';     

}

if(!isset($email2)){

$errorMsg .= ' * Confirm Email Address<br />';       

}

if(!isset($pass1)){

$errorMsg .= ' * Login Password<br />';     

 

}

if(!isset($pass2)){

$errorMsg .= ' * Confirm Login Password<br />';       

}

if ($email1!= $email2){

$errorMsg.='ERROR: Your email fields below do not match<br />';

}

if ($pass1!= $pass2){

$errorMsg.='ERROR: Your password fields below do not match<br />';

}

 

if(strlen($username)<6){

$errorMsg.="<u>ERROR:</u><br/>Your User Name is too short. 6-20 characters please. <br/>";

}

 

if(strlen($username)>20){

$errorMsg.="<u>ERROR:</u><br/>Your User Name is too long. 6-20 characters please. <br/>";

}

 

if($username_check>0){

$errorMsg.="<u>ERROR:</u><br/> Your User Name is already in use inside of our system. Please try another.<br/>";

}

 

if($email_check >0){

$errorMsg.="<u>ERROR:</u><br/>Your Email address is already in use inside of our system. Please use another.<br/>";

}

 

 

}

  else{

 

 

mysql_query("INSERT INTO member (username, firstname, lastname, email, password, dateofbirth, phone, lastlogin)

VALUES('$username','$firstname','$lastname','$email1','$password', '$dateofbirth','$phone', now())") 

 

or die (mysql_error());

 

 

$sql = mysql_query("INSERT INTO address (address, postcode, town, housenumber)

VALUES('$adress','$postcode,'$town','$housenumber'")

 

or die (mysql_error());

 

mysql_close();

 

Echo "Welcome to my site, $username! You may now <a href=\"index.php\">login</a>.";

 

}

 

 

 

 

?>

Link to comment
Share on other sites
ChemicalBliss Newbie

ChemicalBliss

Posted
Posted

A) Not the reason, but all your preg_match functions are completely vulnerable to nijection as they only check for the "first character" and only if its one character long, it does not validate the length, or any other characters past the first character.

 

B) You have an error in your SQL syntax, check the braces...

 

To fix your preg_match add a $ symbol to denote END OF SUBJECT at the end of your pattern before the ending delimeter.

 

To fix your sql query add the missing closing brace.

Link to comment
Share on other sites
Sleeper Member

Sleeper

Posted
Posted

From what I can see you need to put in a "; after your values to close out the insert.

 

You have

 

$sql = mysql_query("INSERT INTO address (address, postcode, town, housenumber)
            VALUES('$adress','$postcode,'$town','$housenumber'")

 

I believe it should be

 

$sql = mysql_query("INSERT INTO address (address, postcode, town, housenumber)
            VALUES('$adress','$postcode,'$town','$housenumber')";

Link to comment
Share on other sites
ChemicalBliss Newbie

ChemicalBliss

Posted
Posted

Sleeper is correct, and also spotted something i missed on my "scan" ;).

- Make sure you count your quotes and braces through the string properly, ie, it would be counted as such:

 

nothing

1 brace (we MUST find a right brace now)

1 dbl quote + brace (we MUST find another double quote BEFORE we find another brace now)

1 dbl quote + 2 braces (now we MUST find a right brace BEFORE another double quote)

1 dbl quote + brace (We found a right brace so we forget about those  pair of braces)

1 dbl quote + 2 braces

1 brace (note, we lost the dbl quotes too early, also note, we dont go any further, ie, we dont lose this brace to get "nothing" again, so we need to add another right brace.)

 

Just wondering if you actually coded this :P?

 

Anyway, the Regex (Regular Expression) that you need to change to I will explain:

Regex uses certain symbols/characters in the pattern to determine what to look out for and sometimes what to do when it does find something.

 

#[^A-Za-z0-9]#i

Your Regex Basically states this: "Find one character from anwhere in the SUBJECT where it is NOT ( ^ ) any of these character ranges... (a-z0-9)"

Also the "i" at the ends basically means you dont need to A-Za-z, you just need a-z as "i" turns the character matches as case-insensitive.

Basically the opposite of what you want.

 

You want something like:

"From the Start of the string( ^ ) to the End of the string ( $ ), Match Any of these character ranges (a-z0-9) that have a a length of between 3 and 16 ( {3,16})"

#^[a-z0-9]{3,16}$#i

 

<?php

// Test Strings
$test1 = "some user name"; // 14 chars OK. SPACE characters make it INVALID
$test2 = "someusernamethathastoomanycharacters"; // all Valid except too many characters
$test3 = "somevaliduser"; // A valid username in every way

# ORIGINAL REGEX
// Test 1
var_dump(preg_match("#[^A-Za-z0-9]#i", $test1));	// VALID (Spaces make it valid)
echo("<br />");

// Test 2
var_dump(preg_match("#[^A-Za-z0-9]#i", $test2));	// INVALID (Doesn't contain matching characters)
echo("<br />");

// Test 3
var_dump(preg_match("#[^A-Za-z0-9]#i", $test3));	// INVALID (Doesn't contain matching characters)
echo("<br />");

# TARGET REGEX
// Test 4
var_dump(preg_match("#^[a-z0-9]{3,16}$#i", $test1));	// INVALID (Contains invalid space)
echo("<br />");

// Test 5
var_dump(preg_match("#^[a-z0-9]{3,16}$#i", $test2));	// INVALID (Too Long)
echo("<br />");

// Test 6
var_dump(preg_match("#^[a-z0-9]{3,16}$#i", $test3));	// VALID Pattern Matches the WHOLE string

?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.