Jump to content


Photo

Login script help


  • Please log in to reply
5 replies to this topic

#1 voyde

voyde
  • Members
  • PipPipPip
  • Advanced Member
  • 34 posts

Posted 16 October 2006 - 07:09 PM

I re-wote a login / register script to have more inputs (forms)
however when i was done I found the following error,

Column count doesn't match value count at row 1


Code is below

<?php
session_start();
require ("config.php");
//checking of install file
if (file_exists ("install.php")) die ("<font color=\"red\">FATAL ERROR. INSTALL.PHP EXISTS! POSSIBLE SECURITY RISK! TERMINATING PROGRAM</font>");
if (isset ($_SESSION['loggedin']) && isset ($_SESSION['time']))
{
	header ('Location: ./');
}
else if ($allow_guest_to_register == TRUE || isset ($_SESSION['alsadmin']))
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Register</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body onLoad="setFocus()">
<?php
if ( isset ($_POST['submit']) )
{
	$error = false;
	$user_login = $_POST['user_login'];
	$user_pass1 = $_POST['user_pass1'];
	$user_pass2 = $_POST['user_pass2'];
	$user_name = $_POST['user_name'];
	$user_nick = $_POST['user_nick'];
	$user_email = $_POST['user_email'];
	$user_url = $_POST['user_url'];
	$user_location = $_POST['user_location'];
	$user_birth = $_POST['user_birth'];
	$user_pic = $_POST['user_pic'];
	//the validation no. user typed
	$imgno = md5 ($_POST['imgno']);
	//the real validation number
	$realno = $_POST['realno'];

	//search if the username exist
	$search1 = "SELECT * from ".$mysql_pretext."users where user_login='$user_login'";
	$search2 = mysql_query ($search1) or die (mysql_error());
	$search3 = mysql_fetch_array ($search2);
	
	$search_email = "SELECT * from ".$mysql_pretext."users where user_email='$user_email'";
   	$search_email2 = mysql_query( $search_email ) or die(mysql_error());
    $search_email3 = mysql_fetch_array( $search_email2 );
	
	if ( $user_pass1 == $user_pass2 )
	{
		if ( empty ($user_pass1) || empty ($user_pass2) )
		{
			print '<p align="center">You need to fill up the password and confirm password fields.</p>';
			$error = true;
		} 
		elseif ( $search3 )
		{
			print '<p align="center">Sorry,but that ID-Number is already taken.</p>';
			$error = true;
		}
		
		elseif ( empty ($user_login) )
		{
			print '<p align="center">You need to fill in the ID-field.</p>';
			$error = true;
		}
		
		elseif ( empty ($user_email) )
		{
			print '<p align="center">You need to fill in your email address.</p>';
			$error = true;
		}
		
		elseif ( $search_email3 )
		{
			print '<p align="center">Your email address already exists on the database!If you have forgotten your password,you can reset it by clicking <a href="reset.php">here</a>.</p>';
			$error = true;
		}
		
		 //if the user typed a validation number of less than 4 chars
		else if (strlen ($imgno) < 4 && $display_bot_image)
		{
			print '<p align="center">You did not enter a valid validation number.</p>';
			$error = true;
		}
	
		//if validation number is wrong
		else if ($imgno != $realno && $display_bot_image)
		{
			print '<p align="center">You did not enter a valid validation number</p>';
			$error = true;
		}
  	
		//if the email address is not valid.need at least 5 chars because the shortest valid email address will be something like a@b.cc and check that the @ sign is there
		else if (strlen ($user_email) < 5 || !eregi ("@.", $user_email))
		{
			print '<p align="center">You did not enter a valid email</p>';
			$error = true;
		}
		
	}
	
	else
	{
		print '<p align="center">Your passwords doesn\'t match.</p>';
		$error = true;
	}
	
	if ( $error )
	{
		print '<p align="center"><a href="'.$_SERVER['PHP_SELF'].'?user_login='.$user_login.'&user_email='.$user_email.'&user_pass='.$user_pass1.'">Retry?</a></p>';
	}
	
	else
	{
		$user_pass = md5 ($user_pass1);
		$date = round (date("U")/1000);
      	srand ($date);
      	$validkey = rand (1,100000000);
      	$validkey = md5 ($validkey);
      	$SQL = "INSERT into ".$mysql_pretext."users (user_login, user_pass, user_name, user_nick, user_email, user_url, user_location, user_birth, user_pic, validkey, validated) VALUES('$user_login','$user_pass','$user_name','$user_nick','$user_email','user_url','user_location','user_birth','user_pic', '$validkey')"; 
      	mysql_query ($SQL) or die(mysql_error());
		if ($need_to_validate_acct == TRUE)
		{
			if (mail ("$user_email","Your Activation key","Click the URL below to activate your account at Voyde.net. \n $path/activate.php?email=$user_email&password=$password&key=$validkey","From: ".$admin_email.""))
			{
				print'<p><center>You are registered!An email has been sent to your email address.You need to activate your account before you can login.</p><p align="center"><a href="javascript:window.close();">Close Window</a></center></p>';
			}
			else 
			{
				print '<p align="center">There is a problem with the mail server. Click on the link below to activate your account.</p><p align="center"><a href="activate.php?email='.$user_email.'&password='.$user_pass1.'&key='.$validkey.'">Activate</a></p>';
			}	
		}
		else
		{
			print'<p>You are registered!You can login now.</p><p align="center"><a href="javascript:window.close();">Close Window</a></p>';
		}
	}
}
else
{
$imgtxt = rand(1000,9999);
?>
<table width="350" cellpadding="5px" align="center" border="1" style="border-style:dashed; border-width:thin; border-collapse:collapse;" cellspacing="0px">
<form action="<?php print $_SERVER['PHP_SELF']; ?>" method="post" name="register">
<input type="hidden" name="realno" value="<?php print md5 ($imgtxt); ?>" />
<tr>
  <td width="100">School ID Number:</td><td><input type="text" name="user_login" size="20" value="2000<?php print $_GET['user_login']; ?>" />
  <br /></td>
</tr>
<tr>
  <td width="100">Password:</td><td> <input type="password" name="user_pass1" size="20" value="<?php print $_GET['user_pass']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Confirm Password:</td><td> <input type="password" name="user_pass2" size="20" value="<?php print $_GET['user_pass']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Full Name:</td><td> <input type="text" name="user_name" size="20" value="<?php print $_GET['user_name']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Nick Name:</td><td> <input type="text" name="user_nick" size="20" value="<?php print $_GET['user_nick']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Email:</td><td> <input type="text" name="user_email" size="20" value="<?php print $_GET['user_email']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Got A Site?:</td><td> <input type="text" name="user_url" size="20" value="<?php print $_GET['user_url']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">State:</td><td> <input type="text" name="user_location" size="20" value="<?php print $_GET['user_location']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Date of Birth :</td><td> <input type="text" name="user_birth" size="20" value="<?php print $_GET['user_birth']; ?>" /><br /></td>
</tr>
<tr>
  <td width="100">Got a avatar? :</td><td> <input type="text" name="user_pic" size="20" value="<?php print $_GET['user_pic']; ?>" /><br /></td>
</tr>

<?php 
if ($display_bot_image)
{
?>
<tr>
  <td width="100">Validation:</td><td>Enter text shown in the image below:<br /><br /><img src="makeimg.php?imgtxt=<?php print base64_encode ($imgtxt); ?>" /><br /><br /><input type="text" name="imgno" size="20" maxlength="4"></td>
</tr>
<?php } ?>
<tr>
<td><input type="submit" name="submit" value="Register" /></td>

</tr></form>
</table>
</body>
</html>
<?php
}
}
//if not allowed for guests to register
else
{
	print '<link rel="stylesheet" type="text/css" href="style.css" />';
	if (isset ($_POST['login']))
	{
		//define variables incase server doesn't support global variables
		$user_login = $_POST['user_login'];
		$user_pass1 = md5 ($_POST['user_pass1']);
		$password = md5 ($mysql_password);
		//check form details against database details. if correct,
		if ($user_login = $mysql_username && $password = $user_pass1)
		{
			//name the session the username,only encoded
			$_SESSION['alsadmin'] = base64_encode ($user_login);
			//redirect to the page again.
			print "<meta http-equiv=\"refresh\" content=\"2; url=".$_SERVER['PHP_SELF']."\" />";
			print "<center><a href=\"".$_SERVER['PHP_SELF']."\">Continue to if browser doesn't redirect you in 3 seconds</a></center>";
		}
		//if details doesn't match
		else
		{
			print "<center><font face=\"verdana\" color=\"red\" size=\"2\"><b>Error!</b></font></center><p align=\"center\">Incorrect Login</p>";
			print "<p align=\"center\"><a href=\"".$_SERVER['PHP_SELF']."?act=view\">Back</a></p>";
			die();
		}
	}
	else
	{
		print "<font color=\"red\"><center>The admin has disabled user registration. If you are the admin,you can login below to create a new user by entering your MySQL database username and MySQl database password</center></font>";
		print "<table width=\"300\" cellpadding=\"5px\" align=\"center\" border=\"1\" style=\"border-style:dashed; border-width:thin; border-collapse:collapse;\" cellspacing=\"0px\">";
		print "<caption style=\"font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:12px\">Login</caption>";
		print "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\" />";
    	print "<tr><td width=\"45%\" style=\"font-size:11\">MySQL username</td><td><input type=\"text\" name=\"username\" size=\"30\" /></td></tr>";
		print "<tr><td width=\"45%\"style=\"font-size:11\">MySQL Password</td><td><input type=\"password\" name=\"pass\" size=\"30\" /></td></tr>";
		print "<tr><td width=\"45%\"></td><td><input type=\"submit\" name=\"login\" value=\"Login\" /></td></tr>";
		print "</form>";
		print "</table>";
		print "<hr width=\"300\" />";
		print "<div class=\"copyright\" align=\"center\"></div>";
	}
}
?>



#2 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 16 October 2006 - 07:21 PM

missing value '$validated' on the end of your insert query.
Also missing several $ on variables there

$SQL = "INSERT into ".$mysql_pretext."users
(user_login, user_pass, user_name, user_nick, user_email, user_url, user_location, user_birth, user_pic, validkey, validated)
VALUES
('$user_login','$user_pass','$user_name','$user_nick','$user_email','$user_url','$user_location','$user_birth','$user_pic', '$validkey','$validated')";

#3 voyde

voyde
  • Members
  • PipPipPip
  • Advanced Member
  • 34 posts

Posted 16 October 2006 - 07:28 PM

haha, thanks. However it still get the same error, Here are the fields in the table

ID
user_login
user_pass
user_name
user_nick
user_email
user_url
user_location
user_birth
user_pic
validkey
validated


#4 voyde

voyde
  • Members
  • PipPipPip
  • Advanced Member
  • 34 posts

Posted 16 October 2006 - 11:08 PM

anyone?

#5 simcoweb

simcoweb
  • Members
  • PipPipPip
  • Advanced Member
  • 1,102 posts
  • LocationCA

Posted 17 October 2006 - 06:34 AM

Yeah, put a blank set of singles quotes ahead of '$user_login'. Like this:

(' ', '$user_login', etc. etc.)

The blank quotes represents the ID field in the database. You have to have a placeholder for that in your values section. That should take care of it.

#6 st_gryphon

st_gryphon
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 17 October 2006 - 03:31 PM

The problem is your fields don't match your values

(user_login, user_pass, user_name, user_nick, user_email, user_url, user_location, user_birth, user_pic, validkey, validated)

('$user_login','$user_pass','$user_name','$user_nick','$user_email','user_url','user_location','user_birth','user_pic', '$validkey')

you are missing a validated value.
Defender of dragons and slayer of fair maidens




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users