adhbvklwqdbviabjiawdnbij Posted August 19, 2011 Share Posted August 19, 2011 I dont know why the $school_id = clean($_POST['school']); is not working... register_user.php <?php session_start(); require_once('auth.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Registrar Usuario</title> <link rel="stylesheet" href="../../css/styles.css" type="text/css"> </head> <body> <h1>Registrar Usuario</h1> <?php include("header.php"); ?> <p>Uma senha sera gerada e enviada para o email do usuario.</p> <form id="loginForm" name="loginForm" method="post" action="../../actions/sadmin_register_user.php"> <table width="300" border="0" align="left" cellpadding="2" cellspacing="0"> <tr> <th>Escola</th> <td><select name="school" id="school" > <?php require_once('../../config/config.php'); $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Falha ao conectar ao servidor: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Falha ao selecionar o banco de dados."); } $qry = "SELECT * FROM schools"; $result = mysql_query($qry); while($row = mysql_fetch_array($result)) { echo "<option value=\"" . $row['school_id'] . "\">" . $row['school_name'] . "</option>"; } ?> </select></td> </tr> <tr> <th>Nome Completo</th> <td><input name="name" type="text" class="textfield" id="name" /></td> </tr> <tr> <th width="124">Email</th> <td width="168"><input name="email" type="text" class="textfield" id="email" /></td> </tr> <tr> <th>Confirmar Email</th> <td><input name="cemail" type="text" class="textfield" id="cemail" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="Submit" value="Registrar" /></td> </tr> </table> </form> </body> </html> sadmin_register_user.php <?php //Start session session_start(); //Include database connection details require_once('../config/config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Falha ao conectar ao servidor: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Falha ao selecionar o banco de dados."); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $name = clean($_POST['name']); $school_id = clean($_POST['school']); $email = clean($_POST['email']); $cemail = clean($_POST['cemail']); $category = 3; //Get random password function createRandomPassword() { $chars = "abcdefghijkmnopqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; $pass = '' ; while ($i <= 7) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } $password = createRandomPassword(); //Input Validations if($name == '') { $errmsg_arr[] = 'O campo Nome nao foi preenchido.'; $errflag = true; } if($email == '') { $errmsg_arr[] = 'O campo Email nao foi preenchido.'; $errflag = true; } if($cemail == '') { $errmsg_arr[] = 'O campo Confirmar Email nao foi preenchido.'; $errflag = true; } if( strcmp($email, $cemail) != 0 ) { $errmsg_arr[] = 'O campo Senha e Confirmar Senha nao correpondem.'; $errflag = true; } //Check for duplicate login ID if($email != '') { $qry = "SELECT * FROM members WHERE email='$email'"; $result = mysql_query($qry); if($result) { if(mysql_num_rows($result) > 0) { $errmsg_arr[] = 'Esse email ja se encontra em uso.'; $errflag = true; } @mysql_free_result($result); } else { die("Query failed"); } } //If there are input validations, redirect back to the registration form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: ../users/sadmin/register_user.php"); exit(); } //Create INSERT query $qry = "INSERT INTO members(name, school_id, category, matricula, email, passwd) VALUES('$name','$school_id','$category','$matricula','$email','".md5($password)."')"; $result = @mysql_query($qry); //Check whether the query was successful or not if($result) { mail ( "$email", "Sua Senha", "Sua senha e: ".$password."", "From: you@yoursite.com" ); $errmsg_arr[] = 'O usuario foi registrado com sucesso.'; $errflag = true; $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: ../users/sadmin/register_user.php"); exit(); }else { die("Query failed"); } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.