Jump to content

Archived

This topic is now archived and is closed to further replies.

voyde

Login script help

Recommended Posts

I re-wote a login / register script to have more inputs (forms)
however when i was done I found the following error,

[quote]Column count doesn't match value count at row 1[/quote]

Code is below

[code]<?php
session_start();
require ("config.php");
//checking of install file
if (file_exists ("install.php")) die ("<font color=\"red\">FATAL ERROR. INSTALL.PHP EXISTS! POSSIBLE SECURITY RISK! TERMINATING PROGRAM</font>");
if (isset ($_SESSION['loggedin']) && isset ($_SESSION['time']))
{
header ('Location: ./');
}
else if ($allow_guest_to_register == TRUE || isset ($_SESSION['alsadmin']))
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Register</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body onLoad="setFocus()">
<?php
if ( isset ($_POST['submit']) )
{
$error = false;
$user_login = $_POST['user_login'];
$user_pass1 = $_POST['user_pass1'];
$user_pass2 = $_POST['user_pass2'];
$user_name = $_POST['user_name'];
$user_nick = $_POST['user_nick'];
$user_email = $_POST['user_email'];
$user_url = $_POST['user_url'];
$user_location = $_POST['user_location'];
$user_birth = $_POST['user_birth'];
$user_pic = $_POST['user_pic'];
//the validation no. user typed
$imgno = md5 ($_POST['imgno']);
//the real validation number
$realno = $_POST['realno'];

//search if the username exist
$search1 = "SELECT * from ".$mysql_pretext."users where user_login='$user_login'";
$search2 = mysql_query ($search1) or die (mysql_error());
$search3 = mysql_fetch_array ($search2);

$search_email = "SELECT * from ".$mysql_pretext."users where user_email='$user_email'";
  $search_email2 = mysql_query( $search_email ) or die(mysql_error());
    $search_email3 = mysql_fetch_array( $search_email2 );

if ( $user_pass1 == $user_pass2 )
{
if ( empty ($user_pass1) || empty ($user_pass2) )
{
print '<p align="center">You need to fill up the password and confirm password fields.</p>';
$error = true;
}
elseif ( $search3 )
{
print '<p align="center">Sorry,but that ID-Number is already taken.</p>';
$error = true;
}

elseif ( empty ($user_login) )
{
print '<p align="center">You need to fill in the ID-field.</p>';
$error = true;
}

elseif ( empty ($user_email) )
{
print '<p align="center">You need to fill in your email address.</p>';
$error = true;
}

elseif ( $search_email3 )
{
print '<p align="center">Your email address already exists on the database!If you have forgotten your password,you can reset it by clicking <a href="reset.php">here</a>.</p>';
$error = true;
}

//if the user typed a validation number of less than 4 chars
else if (strlen ($imgno) < 4 && $display_bot_image)
{
print '<p align="center">You did not enter a valid validation number.</p>';
$error = true;
}

//if validation number is wrong
else if ($imgno != $realno && $display_bot_image)
{
print '<p align="center">You did not enter a valid validation number</p>';
$error = true;
}
 
//if the email address is not valid.need at least 5 chars because the shortest valid email address will be something like a@b.cc and check that the @ sign is there
else if (strlen ($user_email) < 5 || !eregi ("@.", $user_email))
{
print '<p align="center">You did not enter a valid email</p>';
$error = true;
}

}

else
{
print '<p align="center">Your passwords doesn\'t match.</p>';
$error = true;
}

if ( $error )
{
print '<p align="center"><a href="'.$_SERVER['PHP_SELF'].'?user_login='.$user_login.'&user_email='.$user_email.'&user_pass='.$user_pass1.'">Retry?</a></p>';
}

else
{
$user_pass = md5 ($user_pass1);
$date = round (date("U")/1000);
      srand ($date);
      $validkey = rand (1,100000000);
      $validkey = md5 ($validkey);
      $SQL = "INSERT into ".$mysql_pretext."users (user_login, user_pass, user_name, user_nick, user_email, user_url, user_location, user_birth, user_pic, validkey, validated) VALUES('$user_login','$user_pass','$user_name','$user_nick','$user_email','user_url','user_location','user_birth','user_pic', '$validkey')";
      mysql_query ($SQL) or die(mysql_error());
if ($need_to_validate_acct == TRUE)
{
if (mail ("$user_email","Your Activation key","Click the URL below to activate your account at Voyde.net. \n $path/activate.php?email=$user_email&password=$password&key=$validkey","From: ".$admin_email.""))
{
print'<p><center>You are registered!An email has been sent to your email address.You need to activate your account before you can login.</p><p align="center"><a href="javascript:window.close();">Close Window</a></center></p>';
}
else
{
print '<p align="center">There is a problem with the mail server. Click on the link below to activate your account.</p><p align="center"><a href="activate.php?email='.$user_email.'&password='.$user_pass1.'&key='.$validkey.'">Activate</a></p>';
}
}
else
{
print'<p>You are registered!You can login now.</p><p align="center"><a href="javascript:window.close();">Close Window</a></p>';
}
}
}
else
{
$imgtxt = rand(1000,9999);
?>
<table width="350" cellpadding="5px" align="center" border="1" style="border-style:dashed; border-width:thin; border-collapse:collapse;" cellspacing="0px">
<form action="<?php print $_SERVER['PHP_SELF']; ?>" method="post" name="register">
<input type="hidden" name="realno" value="<?php print md5 ($imgtxt); ?>" />
<tr>
  <td width="100">School ID Number:</td><td><input type="text" name="user_login" size="20" value="2000<?php print $_GET['user_login']; ?>" />
  <br /></td>
</tr>
<tr>
  <td width="100">Password:</td><td> <input type="password" name="user_pass1" size="20" value="<?php print $_GET['user_pass']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Confirm Password:</td><td> <input type="password" name="user_pass2" size="20" value="<?php print $_GET['user_pass']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Full Name:</td><td> <input type="text" name="user_name" size="20" value="<?php print $_GET['user_name']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Nick Name:</td><td> <input type="text" name="user_nick" size="20" value="<?php print $_GET['user_nick']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Email:</td><td> <input type="text" name="user_email" size="20" value="<?php print $_GET['user_email']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Got A Site?:</td><td> <input type="text" name="user_url" size="20" value="<?php print $_GET['user_url']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">State:</td><td> <input type="text" name="user_location" size="20" value="<?php print $_GET['user_location']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Date of Birth :</td><td> <input type="text" name="user_birth" size="20" value="<?php print $_GET['user_birth']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Got a avatar? :</td><td> <input type="text" name="user_pic" size="20" value="<?php print $_GET['user_pic']; ?>" /><br /></td>
</tr>

<?php
if ($display_bot_image)
{
?>
<tr>
  <td width="100">Validation:</td><td>Enter text shown in the image below:<br /><br /><img src="makeimg.php?imgtxt=<?php print base64_encode ($imgtxt); ?>" /><br /><br /><input type="text" name="imgno" size="20" maxlength="4"></td>
</tr>
<?php } ?>
<tr>
<td><input type="submit" name="submit" value="Register" /></td>

</tr></form>
</table>
</body>
</html>
<?php
}
}
//if not allowed for guests to register
else
{
print '<link rel="stylesheet" type="text/css" href="style.css" />';
if (isset ($_POST['login']))
{
//define variables incase server doesn't support global variables
$user_login = $_POST['user_login'];
$user_pass1 = md5 ($_POST['user_pass1']);
$password = md5 ($mysql_password);
//check form details against database details. if correct,
if ($user_login = $mysql_username && $password = $user_pass1)
{
//name the session the username,only encoded
$_SESSION['alsadmin'] = base64_encode ($user_login);
//redirect to the page again.
print "<meta http-equiv=\"refresh\" content=\"2; url=".$_SERVER['PHP_SELF']."\" />";
print "<center><a href=\"".$_SERVER['PHP_SELF']."\">Continue to if browser doesn't redirect you in 3 seconds</a></center>";
}
//if details doesn't match
else
{
print "<center><font face=\"verdana\" color=\"red\" size=\"2\"><b>Error!</b></font></center><p align=\"center\">Incorrect Login</p>";
print "<p align=\"center\"><a href=\"".$_SERVER['PHP_SELF']."?act=view\">Back</a></p>";
die();
}
}
else
{
print "<font color=\"red\"><center>The admin has disabled user registration. If you are the admin,you can login below to create a new user by entering your MySQL database username and MySQl database password</center></font>";
print "<table width=\"300\" cellpadding=\"5px\" align=\"center\" border=\"1\" style=\"border-style:dashed; border-width:thin; border-collapse:collapse;\" cellspacing=\"0px\">";
print "<caption style=\"font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:12px\">Login</caption>";
print "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\" />";
    print "<tr><td width=\"45%\" style=\"font-size:11\">MySQL username</td><td><input type=\"text\" name=\"username\" size=\"30\" /></td></tr>";
print "<tr><td width=\"45%\"style=\"font-size:11\">MySQL Password</td><td><input type=\"password\" name=\"pass\" size=\"30\" /></td></tr>";
print "<tr><td width=\"45%\"></td><td><input type=\"submit\" name=\"login\" value=\"Login\" /></td></tr>";
print "</form>";
print "</table>";
print "<hr width=\"300\" />";
print "<div class=\"copyright\" align=\"center\"></div>";
}
}
?>

[/code]

Share this post


Link to post
Share on other sites
missing value '$validated' on the end of your insert query.
Also missing several $ on variables there

$SQL = "INSERT into ".$mysql_pretext."users
(user_login, user_pass, user_name, user_nick, user_email, user_url, user_location, user_birth, user_pic, validkey, validated)
VALUES
('$user_login','$user_pass','$user_name','$user_nick','$user_email','[color=red]$[/color]user_url','[color=red]$[/color]user_location','[color=red]$[/color]user_birth','[color=red]$[/color]user_pic', '$validkey',[color=red]'$validated'[/color])";

Share this post


Link to post
Share on other sites
haha, thanks. However it still get the same error, Here are the fields in the table

ID
user_login
user_pass
user_name
user_nick
user_email
user_url
user_location
user_birth
user_pic
validkey
validated

Share this post


Link to post
Share on other sites
Yeah, put a blank set of singles quotes ahead of '$user_login'. Like this:

(' ', '$user_login', etc. etc.)

The blank quotes represents the ID field in the database. You have to have a placeholder for that in your values section. That should take care of it.

Share this post


Link to post
Share on other sites
The problem is your fields don't match your values

(user_login, user_pass, user_name, user_nick, user_email, user_url, user_location, user_birth, user_pic, validkey, validated)

('$user_login','$user_pass','$user_name','$user_nick','$user_email','user_url','user_location','user_birth','user_pic', '$validkey')

you are missing a validated value.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.