Jump to content

Users are still registered into my database even though they enter a password

KDM

By KDM
in PHP Coding Help

 Share

Recommended Posts

KDM Member

KDM

Posted
Posted

less than 6 characters.  I think it's the way my code is ordered.  I've tried switching the commands around, no luck.

 

Help please.

<?php
//begin register script

$submit = $_POST['submit'];

//form data
$username= strip_tags ($_POST['username']);
$email= strip_tags($_POST['email']);
$pwd= strip_tags($_POST['pwd']);
$confirmpwd= strip_tags($_POST['confirmpwd']);
$date = date("Y-m-d");

if ($submit) {
   //check for required form data
   if($username&&$pwd&&$confirmpwd&&$email) {
      
      
      //check length of username
        if (strlen($username)>25||strlen($username)<6) {
            echo "<p class='warning'>username must be bewteen 6 and 25 characters</p>";
        } else {
      
        //check password length
        if (strlen($pwd)>25||strlen($pwd)<6) {
            echo "<p class='warning'>password must be between 6 and 25 characters</p>";
            } else {
               
       //register the user
      echo "<p class='success'>Thanks for signing up!</p>";
            }
       }
         
       
     //check if passwords match
      if ($pwd==$confirmpwd) {
    
      } else {
         echo "<p class='warning'>your passwords do not match</p>";
      } 
      //encrypt password
      $pwd = md5($pwd);
      $confirmpwd = md5($confirmpwd);
     
       //open database
     $connect = mysql_connect("xxxxxxxx", "xxxxxxxx", "xxxxxxxx");
     mysql_select_db("digital"); //select database
     
     //register the user
     $queryreg = mysql_query("
                       
     INSERT INTO users VALUES ('','$username', '$email', '$pwd')
   
     
     ");
     
    die("<p class='success'>Thank you for signing up you have been registered");
     

      } else {
      echo "<p class='warning'>please fill in all fields</p>";
     
   
   }
}
?>

shlumph Member

shlumph

Posted
Posted

Your code flow continues after this block:

 

if (strlen($pwd)>25||strlen($pwd)<6) {
    echo "<p class='warning'>password must be between 6 and 25 characters</p>";
} else {           
    //register the user
    echo "<p class='success'>Thanks for signing up!</p>";
}

 

Try adding an exit, or die statement:

 

if (strlen($pwd)>25||strlen($pwd)<6) {
    echo "<p class='warning'>password must be between 6 and 25 characters</p>";
    exit;
} else {           
    //register the user
    echo "<p class='success'>Thanks for signing up!</p>";
}

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

I removed your DB login credentials from the OP. It would be a good idea to change the password since they were posted on the internet for over 2 hours.

Psycho Prolific Member

Psycho

Posted
Posted

I would highly recommend taking a more organized approach to your validations. Try to avoid a lot of nested IF/Else statements. I typically do all my validations and then - at the end - do a final check if there were any errors before performing the success scenario.

 

Here is a rewrite of your code in a omre structured format. I did not test it, so there might be some minor syntax errors.

<?php

if ($_POST['submit'])
{
    //form data
    $username = strip_tags ($_POST['username']);
    $email = strip_tags($_POST['email']);
    $pwd = strip_tags($_POST['pwd']);
    $confirmpwd = strip_tags($_POST['confirmpwd']);
    $date = date("Y-m-d");
    
    $errors = array();

    //check for required form data
    if(empty($username))
    {
        $errors[] = "Username is required.";
    }
    elseif(strlen($username)>25 || strlen($username)<6)
    {
        $errors[] = "Username must be bewteen 6 and 25 characters.";
    }
    if(empty($pwd))
    {
        $errors[] = "Password is required.";
    }
    elseif(empty($confirmpwd))
    {
        $errors[] = "Password confirmation is required.";
    }
    elseif($pwd!=$confirmpwd)
    {
        $errors[] = "Your passwords do not match.";
    }
    elseif(strlen($pwd)>25 || strlen($pwd)<6)
    {
        $errors[] = "Password must be bewteen 6 and 25 characters.";
    }
    if(empty($email))
    {
        $errors[] = "Email is required.";
    }
    
    if(count($errors)>0)
    {
        //There were errors
        echo "<p class='warning'>The following errors occured:<br>\n";
        foreach ($errors as $error)
        {
            echo " - {$error}<br>\n";
        }
        echo "</p>";
    }
    else
    {
        //There were no errors, register the user
        $connect = mysql_connect("xxxxxxxx", "xxxxxxxx", "xxxxxxxx");
        mysql_select_db("digital"); //select database
        $pwdSQL = md5($pwd);
        $usernameSQL = mysql_real_escape_string($username);
        $emailSQL = mysql_real_escape_string($email);
        $query = "INSERT INTO users VALUES ('','$usernameSQL', '$emailSQL', '$pwdSQL')";
        $result = mysql_query($query);
        if(!$result)
        {
            echo "<p class='warning'>There was a problem saving your information.</p>";
        }
        else
        {
            echo "<p class='success'>Thanks for signing up!</p>";
        }
    }
}
?>

KDM Member

KDM

Posted
  • Author
Posted

I would highly recommend taking a more organized approach to your validations. Try to avoid a lot of nested IF/Else statements. I typically do all my validations and then - at the end - do a final check if there were any errors before performing the success scenario.

 

Here is a rewrite of your code in a omre structured format. I did not test it, so there might be some minor syntax errors.

<?php

if ($_POST['submit'])
{
    //form data
    $username = strip_tags ($_POST['username']);
    $email = strip_tags($_POST['email']);
    $pwd = strip_tags($_POST['pwd']);
    $confirmpwd = strip_tags($_POST['confirmpwd']);
    $date = date("Y-m-d");
    
    $errors = array();

    //check for required form data
    if(empty($username))
    {
        $errors[] = "Username is required.";
    }
    elseif(strlen($username)>25 || strlen($username)<6)
    {
        $errors[] = "Username must be bewteen 6 and 25 characters.";
    }
    if(empty($pwd))
    {
        $errors[] = "Password is required.";
    }
    elseif(empty($confirmpwd))
    {
        $errors[] = "Password confirmation is required.";
    }
    elseif($pwd!=$confirmpwd)
    {
        $errors[] = "Your passwords do not match.";
    }
    elseif(strlen($pwd)>25 || strlen($pwd)<6)
    {
        $errors[] = "Password must be bewteen 6 and 25 characters.";
    }
    if(empty($email))
    {
        $errors[] = "Email is required.";
    }
    
    if(count($errors)>0)
    {
        //There were errors
        echo "<p class='warning'>The following errors occured:<br>\n";
        foreach ($errors as $error)
        {
            echo " - {$error}<br>\n";
        }
        echo "</p>";
    }
    else
    {
        //There were no errors, register the user
        $connect = mysql_connect("xxxxxxxx", "xxxxxxxx", "xxxxxxxx");
        mysql_select_db("digital"); //select database
        $pwdSQL = md5($pwd);
        $usernameSQL = mysql_real_escape_string($username);
        $emailSQL = mysql_real_escape_string($email);
        $query = "INSERT INTO users VALUES ('','$usernameSQL', '$emailSQL', '$pwdSQL')";
        $result = mysql_query($query);
        if(!$result)
        {
            echo "<p class='warning'>There was a problem saving your information.</p>";
        }
        else
        {
            echo "<p class='success'>Thanks for signing up!</p>";
        }
    }
}
?>

 

That code looks a lot cleaner and makes sense. I'm following a tutorial on youtube and he doesn't show you of all the code. You just have to follow him. He makes SEVERAL edits so it's easy to get lost.

 

I tested your code and got an error with the curly brace under submit. Does this mean I'm missing a closing curly bracket?

<?php

if ($_POST['submit'])
{

 

Psycho Prolific Member

Psycho

Posted
Posted

That code looks a lot cleaner and makes sense. I'm following a tutorial on youtube and he doesn't show you of all the code. You just have to follow him. He makes SEVERAL edits so it's easy to get lost.

 

I tested your code and got an error with the curly brace under submit. Does this mean I'm missing a closing curly bracket?

<?php

if ($_POST['submit'])
{

 

 

Well, I wouldn't "trust" my code. I wrote it on-the-fly without any testing/validation. It was more of an exercise to show an alternative format that - to me - is more logical and easier to write. As for the error, you didn't state what the error was so I have no idea what the problem is. I reviewed the code and don't see any apparent error, but I haven't actually run it.

KDM Member

KDM

Posted
  • Author
Posted

That code looks a lot cleaner and makes sense. I'm following a tutorial on youtube and he doesn't show you of all the code. You just have to follow him. He makes SEVERAL edits so it's easy to get lost.

 

I tested your code and got an error with the curly brace under submit. Does this mean I'm missing a closing curly bracket?

<?php

if ($_POST['submit'])
{

 

 

Well, I wouldn't "trust" my code. I wrote it on-the-fly without any testing/validation. It was more of an exercise to show an alternative format that - to me - is more logical and easier to write. As for the error, you didn't state what the error was so I have no idea what the problem is. I reviewed the code and don't see any apparent error, but I haven't actually run it.

 

This is the error

 

Parse error: syntax error, unexpected '{' in /home/content/13/6987913/html/new/register.php on line 60

<?php

if ($_POST['submit'])
{

KDM Member

KDM

Posted
  • Author
Posted

The error says it is on line 60 so you obviously have code that comes before that line. The error is likely due to a missing quote, paren or other control before that line.

 

The curly brace in the code I just posted is line 60.

Psycho Prolific Member

Psycho

Posted
Posted

Yes, I understand that, read my previous post. The problem that is causing that error is on a line before line 60. The reason the error is showing for line 60 is that is the line where it came upon a character that did not make sense within the context of the previous code!

 

If you were to run this code:

<?php

echo "this is a test"

if($a==$b)
{
    echo "They are equal";
}

?>

 

You will get an error on line 5 (the line with the IF statement)

Parse error: parse error, unexpected T_IF, expecting ',' or ';' in C:\xampp\htdocs\test\test.php on line 5

 

But, the error is actually on line 3 where there is no semi-colon at the end of the echo statement.

KDM Member

KDM

Posted
  • Author
Posted

Yes, I understand that, read my previous post. The problem that is causing that error is on a line before line 60. The reason the error is showing for line 60 is that is the line where it came upon a character that did not make sense within the context of the previous code!

 

If you were to run this code:

<?php

echo "this is a test"

if($a==$b)
{
    echo "They are equal";
}

?>

 

You will get an error on line 5 (the line with the IF statement)

Parse error: parse error, unexpected T_IF, expecting ',' or ';' in C:\xampp\htdocs\test\test.php on line 5

 

But, the error is actually on line 3 where there is no semi-colon at the end of the echo statement.

 

I've just deleted all of my code above the php code and now it says the error is on a different line of course. But it still says the error is with this curly brace in this code.

 

<?php

if ($_POST['submit'])
{

 

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

 

Line terminator is missing

 

<?php

echo "this is a test"   // missing line terminator

if($a==$b)
{
    echo "They are equal";
}

?>

 

Lulz.

KDM Member

KDM

Posted
  • Author
Posted

Thanks for the help everyone.  I rewrote the code to check for validations first. I'm still learning this stuff and it gets easier once you learn the basics. Here is my working code.

<?php

//begin register script

//form data
$submit = $_POST['submit'];
$username= strip_tags ($_POST['username']);
$email= strip_tags($_POST['email']);
$pwd= strip_tags($_POST['pwd']);
$confirmpwd = strip_tags($_POST['confirmpwd']);
$date = date("Y-m-d");


//check for required form data
if ($submit) {

if (empty($username))
{
echo "you must fill out a username.";
}

if (strlen($username)>25 || strlen($username)<6)
{
echo "username must be between 6 and 25 characters.";
}

if (empty($email))
{
echo "you must provide a valid email address.";
}

if (empty($pwd))
{
echo "you must enter a password.";
}

if (empty($confirmpwd))
{
echo "you must confirm your password.";
}

if ($pwd==$confirmpwd)
{
}
else
{
echo "your passwords do not match.";
}

if (strlen($pwd)>25 || strlen($confirmpwd)<6)
{
echo "your password must be between 6 and 25 characters.";
}



// if no errors, register the user
else
{
  //connect to database
  $connect = mysql_connect("XXXXXXXXX", "XXXXXXXXXX", "XXXXXXXXXX");
  mysql_select_db("XXXXXXXX"); 
  
  //insert user data into database
  $queryreg = mysql_query("
						  
  INSERT INTO users VALUES ('','$username', '$email', '$pwd')

  
  ");
  
 die("<p class='success'>Thank you for signing up you have been registered");
  
}
}
?>

 

I just have to add the md5 encryption and it's done.

shlumph Member

shlumph

Posted
Posted

I don't think that would work, you are only echoing out a message if there is an error :) You should put those messages in an error array and then check the count of that array before registering the user. The code looks a lot easier to read now, though.

 

$errors = array();

if (empty($username))
{
    $errors[] = "you must fill out a username.";
}

//Same for other checks

// if no errors, register the user
else if(count($errors) == 0)
{
    //Insert into DB
}
else
{
    //Print out the error messages from the array
    foreach($errors as $error)
    {
          echo $error;
    }
}

KDM Member

KDM

Posted
  • Author
Posted

I don't think that would work, you are only echoing out a message if there is an error :) You should put those messages in an error array and then check the count of that array before registering the user. The code looks a lot easier to read now, though.

 

$errors = array();

if (empty($username))
{
    $errors[] = "you must fill out a username.";
}

//Same for other checks

// if no errors, register the user
else if(count($errors) == 0)
{
    //Insert into DB
}
else
{
    //Print out the error messages from the array
    foreach($errors as $error)
    {
          echo $error;
    }
}

 

You're right, it didn't work the way I thought it would.  I had to make the changes you suggested.  It works perfectly now. Well except for one minor issue.

If I enter a password that is 6 characters in length, but they do not match, I get both of the password errors printed. 

 

I thought it would just tell the user the passwords do not match, but it also tells the user the password must be 6 to 25 characters in length.

 

No biggy though, once a 6 digit matching password is entered, they are registered and the password is encrypted.  This was a great learning experience for me. I just wanna say thanks everyone that helped.

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.