Jump to content

Users are still registered into my database even though they enter a password

KDM

By KDM
in PHP Coding Help

Recommended Posts

KDM Member

KDM

Posted
Posted

less than 6 characters.  I think it's the way my code is ordered.  I've tried switching the commands around, no luck.

 

Help please.

<?php
//begin register script

$submit = $_POST['submit'];

//form data
$username= strip_tags ($_POST['username']);
$email= strip_tags($_POST['email']);
$pwd= strip_tags($_POST['pwd']);
$confirmpwd= strip_tags($_POST['confirmpwd']);
$date = date("Y-m-d");

if ($submit) {
   //check for required form data
   if($username&&$pwd&&$confirmpwd&&$email) {
      
      
      //check length of username
        if (strlen($username)>25||strlen($username)<6) {
            echo "<p class='warning'>username must be bewteen 6 and 25 characters</p>";
        } else {
      
        //check password length
        if (strlen($pwd)>25||strlen($pwd)<6) {
            echo "<p class='warning'>password must be between 6 and 25 characters</p>";
            } else {
               
       //register the user
      echo "<p class='success'>Thanks for signing up!</p>";
            }
       }
         
       
     //check if passwords match
      if ($pwd==$confirmpwd) {
    
      } else {
         echo "<p class='warning'>your passwords do not match</p>";
      } 
      //encrypt password
      $pwd = md5($pwd);
      $confirmpwd = md5($confirmpwd);
     
       //open database
     $connect = mysql_connect("xxxxxxxx", "xxxxxxxx", "xxxxxxxx");
     mysql_select_db("digital"); //select database
     
     //register the user
     $queryreg = mysql_query("
                       
     INSERT INTO users VALUES ('','$username', '$email', '$pwd')
   
     
     ");
     
    die("<p class='success'>Thank you for signing up you have been registered");
     

      } else {
      echo "<p class='warning'>please fill in all fields</p>";
     
   
   }
}
?>

shlumph Member

shlumph

Posted
Posted

Your code flow continues after this block:

 

if (strlen($pwd)>25||strlen($pwd)<6) {
    echo "<p class='warning'>password must be between 6 and 25 characters</p>";
} else {           
    //register the user
    echo "<p class='success'>Thanks for signing up!</p>";
}

 

Try adding an exit, or die statement:

 

if (strlen($pwd)>25||strlen($pwd)<6) {
    echo "<p class='warning'>password must be between 6 and 25 characters</p>";
    exit;
} else {           
    //register the user
    echo "<p class='success'>Thanks for signing up!</p>";
}

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

I removed your DB login credentials from the OP. It would be a good idea to change the password since they were posted on the internet for over 2 hours.

Psycho Prolific Member

Psycho

Posted
Posted

I would highly recommend taking a more organized approach to your validations. Try to avoid a lot of nested IF/Else statements. I typically do all my validations and then - at the end - do a final check if there were any errors before performing the success scenario.

 

Here is a rewrite of your code in a omre structured format. I did not test it, so there might be some minor syntax errors.

<?php

if ($_POST['submit'])
{
    //form data
    $username = strip_tags ($_POST['username']);
    $email = strip_tags($_POST['email']);
    $pwd = strip_tags($_POST['pwd']);
    $confirmpwd = strip_tags($_POST['confirmpwd']);
    $date = date("Y-m-d");
    
    $errors = array();

    //check for required form data
    if(empty($username))
    {
        $errors[] = "Username is required.";
    }
    elseif(strlen($username)>25 || strlen($username)<6)
    {
        $errors[] = "Username must be bewteen 6 and 25 characters.";
    }
    if(empty($pwd))
    {
        $errors[] = "Password is required.";
    }
    elseif(empty($confirmpwd))
    {
        $errors[] = "Password confirmation is required.";
    }
    elseif($pwd!=$confirmpwd)
    {
        $errors[] = "Your passwords do not match.";
    }
    elseif(strlen($pwd)>25 || strlen($pwd)<6)
    {
        $errors[] = "Password must be bewteen 6 and 25 characters.";
    }
    if(empty($email))
    {
        $errors[] = "Email is required.";
    }
    
    if(count($errors)>0)
    {
        //There were errors
        echo "<p class='warning'>The following errors occured:<br>\n";
        foreach ($errors as $error)
        {
            echo " - {$error}<br>\n";
        }
        echo "</p>";
    }
    else
    {
        //There were no errors, register the user
        $connect = mysql_connect("xxxxxxxx", "xxxxxxxx", "xxxxxxxx");
        mysql_select_db("digital"); //select database
        $pwdSQL = md5($pwd);
        $usernameSQL = mysql_real_escape_string($username);
        $emailSQL = mysql_real_escape_string($email);
        $query = "INSERT INTO users VALUES ('','$usernameSQL', '$emailSQL', '$pwdSQL')";
        $result = mysql_query($query);
        if(!$result)
        {
            echo "<p class='warning'>There was a problem saving your information.</p>";
        }
        else
        {
            echo "<p class='success'>Thanks for signing up!</p>";
        }
    }
}
?>

KDM Member

KDM

Posted
  • Author
Posted

I would highly recommend taking a more organized approach to your validations. Try to avoid a lot of nested IF/Else statements. I typically do all my validations and then - at the end - do a final check if there were any errors before performing the success scenario.

 

Here is a rewrite of your code in a omre structured format. I did not test it, so there might be some minor syntax errors.

<?php

if ($_POST['submit'])
{
    //form data
    $username = strip_tags ($_POST['username']);
    $email = strip_tags($_POST['email']);
    $pwd = strip_tags($_POST['pwd']);
    $confirmpwd = strip_tags($_POST['confirmpwd']);
    $date = date("Y-m-d");
    
    $errors = array();

    //check for required form data
    if(empty($username))
    {
        $errors[] = "Username is required.";
    }
    elseif(strlen($username)>25 || strlen($username)<6)
    {
        $errors[] = "Username must be bewteen 6 and 25 characters.";
    }
    if(empty($pwd))
    {
        $errors[] = "Password is required.";
    }
    elseif(empty($confirmpwd))
    {
        $errors[] = "Password confirmation is required.";
    }
    elseif($pwd!=$confirmpwd)
    {
        $errors[] = "Your passwords do not match.";
    }
    elseif(strlen($pwd)>25 || strlen($pwd)<6)
    {
        $errors[] = "Password must be bewteen 6 and 25 characters.";
    }
    if(empty($email))
    {
        $errors[] = "Email is required.";
    }
    
    if(count($errors)>0)
    {
        //There were errors
        echo "<p class='warning'>The following errors occured:<br>\n";
        foreach ($errors as $error)
        {
            echo " - {$error}<br>\n";
        }
        echo "</p>";
    }
    else
    {
        //There were no errors, register the user
        $connect = mysql_connect("xxxxxxxx", "xxxxxxxx", "xxxxxxxx");
        mysql_select_db("digital"); //select database
        $pwdSQL = md5($pwd);
        $usernameSQL = mysql_real_escape_string($username);
        $emailSQL = mysql_real_escape_string($email);
        $query = "INSERT INTO users VALUES ('','$usernameSQL', '$emailSQL', '$pwdSQL')";
        $result = mysql_query($query);
        if(!$result)
        {
            echo "<p class='warning'>There was a problem saving your information.</p>";
        }
        else
        {
            echo "<p class='success'>Thanks for signing up!</p>";
        }
    }
}
?>

 

That code looks a lot cleaner and makes sense. I'm following a tutorial on youtube and he doesn't show you of all the code. You just have to follow him. He makes SEVERAL edits so it's easy to get lost.

 

I tested your code and got an error with the curly brace under submit. Does this mean I'm missing a closing curly bracket?

<?php

if ($_POST['submit'])
{

 

Psycho Prolific Member

Psycho

Posted
Posted

That code looks a lot cleaner and makes sense. I'm following a tutorial on youtube and he doesn't show you of all the code. You just have to follow him. He makes SEVERAL edits so it's easy to get lost.

 

I tested your code and got an error with the curly brace under submit. Does this mean I'm missing a closing curly bracket?

<?php

if ($_POST['submit'])
{

 

 

Well, I wouldn't "trust" my code. I wrote it on-the-fly without any testing/validation. It was more of an exercise to show an alternative format that - to me - is more logical and easier to write. As for the error, you didn't state what the error was so I have no idea what the problem is. I reviewed the code and don't see any apparent error, but I haven't actually run it.

KDM Member

KDM

Posted
  • Author
Posted

That code looks a lot cleaner and makes sense. I'm following a tutorial on youtube and he doesn't show you of all the code. You just have to follow him. He makes SEVERAL edits so it's easy to get lost.

 

I tested your code and got an error with the curly brace under submit. Does this mean I'm missing a closing curly bracket?

<?php

if ($_POST['submit'])
{

 

 

Well, I wouldn't "trust" my code. I wrote it on-the-fly without any testing/validation. It was more of an exercise to show an alternative format that - to me - is more logical and easier to write. As for the error, you didn't state what the error was so I have no idea what the problem is. I reviewed the code and don't see any apparent error, but I haven't actually run it.

 

This is the error

 

Parse error: syntax error, unexpected '{' in /home/content/13/6987913/html/new/register.php on line 60

<?php

if ($_POST['submit'])
{

KDM Member

KDM

Posted
  • Author
Posted

The error says it is on line 60 so you obviously have code that comes before that line. The error is likely due to a missing quote, paren or other control before that line.

 

The curly brace in the code I just posted is line 60.

Psycho Prolific Member

Psycho

Posted
Posted

Yes, I understand that, read my previous post. The problem that is causing that error is on a line before line 60. The reason the error is showing for line 60 is that is the line where it came upon a character that did not make sense within the context of the previous code!

 

If you were to run this code:

<?php

echo "this is a test"

if($a==$b)
{
    echo "They are equal";
}

?>

 

You will get an error on line 5 (the line with the IF statement)

Parse error: parse error, unexpected T_IF, expecting ',' or ';' in C:\xampp\htdocs\test\test.php on line 5

 

But, the error is actually on line 3 where there is no semi-colon at the end of the echo statement.

KDM Member

KDM

Posted
  • Author
Posted

Yes, I understand that, read my previous post. The problem that is causing that error is on a line before line 60. The reason the error is showing for line 60 is that is the line where it came upon a character that did not make sense within the context of the previous code!

 

If you were to run this code:

<?php

echo "this is a test"

if($a==$b)
{
    echo "They are equal";
}

?>

 

You will get an error on line 5 (the line with the IF statement)

Parse error: parse error, unexpected T_IF, expecting ',' or ';' in C:\xampp\htdocs\test\test.php on line 5

 

But, the error is actually on line 3 where there is no semi-colon at the end of the echo statement.

 

I've just deleted all of my code above the php code and now it says the error is on a different line of course. But it still says the error is with this curly brace in this code.

 

<?php

if ($_POST['submit'])
{

 

KDM Member

KDM

Posted
  • Author
Posted

Thanks for the help everyone.  I rewrote the code to check for validations first. I'm still learning this stuff and it gets easier once you learn the basics. Here is my working code.

<?php

//begin register script

//form data
$submit = $_POST['submit'];
$username= strip_tags ($_POST['username']);
$email= strip_tags($_POST['email']);
$pwd= strip_tags($_POST['pwd']);
$confirmpwd = strip_tags($_POST['confirmpwd']);
$date = date("Y-m-d");


//check for required form data
if ($submit) {

if (empty($username))
{
echo "you must fill out a username.";
}

if (strlen($username)>25 || strlen($username)<6)
{
echo "username must be between 6 and 25 characters.";
}

if (empty($email))
{
echo "you must provide a valid email address.";
}

if (empty($pwd))
{
echo "you must enter a password.";
}

if (empty($confirmpwd))
{
echo "you must confirm your password.";
}

if ($pwd==$confirmpwd)
{
}
else
{
echo "your passwords do not match.";
}

if (strlen($pwd)>25 || strlen($confirmpwd)<6)
{
echo "your password must be between 6 and 25 characters.";
}



// if no errors, register the user
else
{
  //connect to database
  $connect = mysql_connect("XXXXXXXXX", "XXXXXXXXXX", "XXXXXXXXXX");
  mysql_select_db("XXXXXXXX"); 
  
  //insert user data into database
  $queryreg = mysql_query("
						  
  INSERT INTO users VALUES ('','$username', '$email', '$pwd')

  
  ");
  
 die("<p class='success'>Thank you for signing up you have been registered");
  
}
}
?>

 

I just have to add the md5 encryption and it's done.

shlumph Member

shlumph

Posted
Posted

I don't think that would work, you are only echoing out a message if there is an error :) You should put those messages in an error array and then check the count of that array before registering the user. The code looks a lot easier to read now, though.

 

$errors = array();

if (empty($username))
{
    $errors[] = "you must fill out a username.";
}

//Same for other checks

// if no errors, register the user
else if(count($errors) == 0)
{
    //Insert into DB
}
else
{
    //Print out the error messages from the array
    foreach($errors as $error)
    {
          echo $error;
    }
}

KDM Member

KDM

Posted
  • Author
Posted

I don't think that would work, you are only echoing out a message if there is an error :) You should put those messages in an error array and then check the count of that array before registering the user. The code looks a lot easier to read now, though.

 

$errors = array();

if (empty($username))
{
    $errors[] = "you must fill out a username.";
}

//Same for other checks

// if no errors, register the user
else if(count($errors) == 0)
{
    //Insert into DB
}
else
{
    //Print out the error messages from the array
    foreach($errors as $error)
    {
          echo $error;
    }
}

 

You're right, it didn't work the way I thought it would.  I had to make the changes you suggested.  It works perfectly now. Well except for one minor issue.

If I enter a password that is 6 characters in length, but they do not match, I get both of the password errors printed. 

 

I thought it would just tell the user the passwords do not match, but it also tells the user the password must be 6 to 25 characters in length.

 

No biggy though, once a 6 digit matching password is entered, they are registered and the password is encrypted.  This was a great learning experience for me. I just wanna say thanks everyone that helped.

 

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.