Jump to content

mysql_query with PHP

NewcastleFan

By NewcastleFan
in PHP Coding Help

 Share

Recommended Posts

NewcastleFan Member

NewcastleFan

Posted
Posted

Hey guys, I've been playing around with this open source php game, I'm having problems with the registration system. For some reason the script is echoing back that there is no password in the password fields. When in fact there is:

 

Add_player.php:

<?php

session_start();
session_register("pid");
include("common.inc");
include("date.inc");
include("header.inc");
dbConnect();
$res = mysql_query("select id from $dbName.pdm_players where name=\"$name\"") or die(mysql_error());

if ($name == "" || $password1 == "")
{
        echo "<center><div class=\"sheader\">Oh dear me!</div>
        	You have to actually enter a name and password!";
        $name = "";
        include("character_form.inc");
        echo "</center>";
        include("footer.inc");
        return 0;
}
if ($name == $password1)
{
echo "<center><div class=\"sheader\">Oh dear me!</div>
	You can't make the password the same as the name.  
	People will guess your password!";
include("character_form.inc");
        echo "</center>";
        include("footer.inc");
        return 0;
}
if (strlen($password1) < 6)
{
 echo "<center><div class=\"sheader\">Oh dear me!</div>
	Passwords must be at least 6 characters, otherwise they are easy to guess!";
include("character_form.inc");
        echo "</center>";
        include("footer.inc");
        return 0;
}

if (mysql_fetch_row($res))
{
        echo "<center><div class=\"sheader\">Oh dear me!</div>
        	Player $name already exists, try a different name.";
        $name = "";
        include("character_form.inc");
        echo "</center>";
        include("footer.inc");
        return 0;
}
if ($password1 != $password2)
{
        echo "<center><div class=\"sheader\">Oh dear me!</div>";
        echo "The two passwords didn't match - type carefully now!.";
        include("character_form.inc");
        echo "</center>";
        include("footer.inc");
        return 0;
}
echo "<div class=\"sheader\">Registration for $name successful</div>";
$cp = crypt($password1);
$dateArray = getdate(time());
$likeNowScoob = $dateArray["year"] . "-" . $dateArray["mon"] . "-" . $dateArray["mday"];
if ($character < 1 || $character > 9) { die("you are an idiot"); }
pdm_characters();
$res =  mysql_query("select type from  $dbName.pdm_characters where cid = $character")  or die(mysql_error());
$t =  mysql_fetch_row($res);
pdm_stuff();
$specRes =  mysql_query("select sid from $dbName.pdm_stuff where sid >= 28 and sid <= 33 and type like \"%$t[0]%\"") or die(mysql_error());


$res =  mysql_query("BEGIN")  or die(mysql_error());
$res =  mysql_query("insert into $dbName.pdm_players (name, used, dob, cpass, char_id, roundswon, evo, aWeapon, dWeapon) VALUES (\"$name\", 1, \"$likeNowScoob\",  \"$cp\",  $character, 0,0,0,0)") or die(mysql_error());
$res =  mysql_query("select id from $dbName.pdm_players where name=\"$name\" for update") or die(mysql_error());
$row = mysql_fetch_row($res);
$pid = $row[0];
$res = mysql_query("insert into $dbName.pdm_league (id, highest, days_no_1, yesterday, longPoints) VALUES ($pid, 16777215, 0, 16777215, 0)") or die(mysql_error());
$res =  mysql_query("insert into $dbName.pdm_stats (id, level, attack, defence, health, speed, exp, ko, healthpercent, fights) VALUES ($pid, 1, 100, 100, 100, 100, 0, 0, 10, 0)") or die(mysql_error());
$res =  mysql_query("insert into $dbName.pdm_clanmembers2 (id, clanTag, applyTag, utype) VALUES ($pid, NULL, NULL, '')")  or die(mysql_error());
$res =  mysql_query("insert into $dbName.pdm_money (id, bank, wallet, bankdate) VALUES ($pid, 0,0, '0000-00-00')")  or die(mysql_error());
while ($row = mysql_fetch_row($specRes))
{
$res =  mysql_query("insert into $dbName.pdm_specials (id, sid, qty, switch) values ($pid, $row[0], 0, 1)")  or die(mysql_error());
}
$res =  mysql_query("COMMIT") or die(mysql_error());


session_register("playerName");
$playerName = stripper($name);

echo "<P><diV>Welcome  $playerName, click the Fight link down the left to fight your first opponent.</div>";
include("main_screen.inc");
include("footer.inc");
?>

 

Character_form.inc:

 

<center>
<form method="post" action="add_player.php">
<P>
<table cellpadding="0" cellspacing="0"><tr><td align="center">
<?php
dbConnect();
pdm_characters();#check HEAP table exists
$res = mysql_query("select cid, name, type from $dbName.pdm_characters order by type") or die(mysql_error());
$marker = "X";
$firstOne = 1;
$cTypes["A"] = "Alien";
$cTypes["M"] = "Magic";
$cTypes["S"] = "Spirit";
while ($row = mysql_fetch_row($res))
{
        if ($marker != $row[2]) #new type (alien/magic etc)
        {
                if ($marker != "X")
                {
                        echo "</table>\n";
                }
                $cn = $cTypes[$row[2]];
                echo "\n<table cellpadding=\"0\" cellspacing=\"0\" border=1>
                <tr><td colspan=\"3\" align=\"center\"><div class=\"sheader\"> $cn characters</div></td></tr><tr bgcolor=\"#efefef\">";
                $marker = $row[2];
        }
        echo "\n<td><table><tr><td align=center>$row[1]</td></tr><tr><td align=center>
        <img alt=\"Pick me!\" src=\"images/$row[0]0.gif\"></td></tr><tr>
        <td align=center><input type=\"radio\" name=\"character\" value=\"$row[0]\"";
        if ($firstOne and $character == "")
        {
                $firstOne = 0;
                echo " CHECKED ";
        }
        if ($character == $row[0])
        {
                echo " CHECKED ";
        }
        echo "></td></tr></table></td>";
}
echo "</tr></table>
<table width=\"551\" cellpadding=0 cellspacing=0><tr><td colspan=\"3\"><div class=\"sheader\">character details</div></td></tr>
<tr><td align=\"center\">Name<br><input size=20 maxlength=20 type=text name=\"name\" value = \"$name\"></td>";
?>
<td align="center">Password<br><input type="password" name="password1"  size=20 maxlength=20></td>
<td align="center">Password again<br><input type="password" name="password2" size=20 maxlength=20></td></tr>
<tr><td colspan="3" align="center"><input type="submit" value="Register my character"></td></tr></table>
</td></tr></table>
<hr>
</form>
</centER>

 

Anyone able to offer up any advice or where its going wrong, If I remove the validation stuff, it still doesn't insert the user into the database.

 

Cheers

Link to comment
Share on other sites
NewcastleFan Member

NewcastleFan

Posted
  • Author
Posted

You haven't defined the name and password variables

Add this before the query

 

 

 

$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$name = $_POST['name'];

 

Hi Gotharious, Thanks for that! I thought it was declared but guess that was on another copy. I've added that in and now I get the error "you are an idiot" - lol.

 

Which comes from this line:

 

if ($character < 1 || $character > 9) { die("you are an idiot"); }

Link to comment
Share on other sites
Gotharious Member

Gotharious

Posted
Posted

what I meant is, after you posted to add_player.php

you're using the variables $name $password1 and $password2

which are not defined, you have to set them to the right $_POST[''] so when you use them in your query, it's known that password1 is the password the user entered in the form that has the name "password1"

Link to comment
Share on other sites
NewcastleFan Member

NewcastleFan

Posted
  • Author
Posted 

<?php

session_start();
session_register("pid");
include("common.inc");
include("date.inc");
include("header.inc");
dbConnect();
$res = mysql_query("select id from $dbName.pdm_players where name=\"$name\"") or die(mysql_error());

$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$name = $_POST['name'];
$character = $_post['character'];

if ($name == "" || $password1 == "")

 

Character is declared there now. However will character and name work like that? As in the character_form.inc they must have backslashes else it produces and error:

 

        <td align=center><input type=\"radio\" name=\"character\" value=\"$row[0]\"";

 

<tr><td align=\"center\">Name<br><input size=20 maxlength=20 type=text name=\"name\" value = \"$name\"></td>";

 

Will I need to declare them as character\ and name\?

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

I can tell by looking at just the first few lines that the code is old. It's using deprecated functions, and is written to depend on register_globals being On (which is a bad idea). It should be gone through and brought up to date. Also, you should be developing with the following directives in your php.ini file so notices, warnings and errors are reported.

error_reporting = -1

display_errors = On

Link to comment
Share on other sites
NewcastleFan Member

NewcastleFan

Posted
  • Author
Posted

Ok, stupid question but happens often

 

Do you change your mysql connection configuration when you use them in a live environment? cause I've seen lots of people forget that

 

Haha yeh, I always change the configurations. It's often things like unexpected " in Tstring and errors like that I get when moving from local to live.

Link to comment
Share on other sites
Gotharious Member

Gotharious

Posted
Posted

There are few things about php, that are so simple but drives you nuts make you sometimes feel like you want to stop trying, and then suddenly, browsing online you find the answer and PHP is all fun again.

 

I think what you should do, instead of just asking people for help in a code, and then take their input and that's it, is to understand why it didn't work before, and why it now works, if you understand that, you will be able to relate when you encounter a similar problem and be able to figure out the problem.

 

Or you can get a ps3, start playing pro evolution and win for Newcastle... sounds more fun :P lol

Link to comment
Share on other sites
NewcastleFan Member

NewcastleFan

Posted
  • Author
Posted

There are few things about php, that are so simple but drives you nuts make you sometimes feel like you want to stop trying, and then suddenly, browsing online you find the answer and PHP is all fun again.

 

I think what you should do, instead of just asking people for help in a code, and then take their input and that's it, is to understand why it didn't work before, and why it now works, if you understand that, you will be able to relate when you encounter a similar problem and be able to figure out the problem.

 

Or you can get a ps3, start playing pro evolution and win for Newcastle... sounds more fun :P lol

 

Haha don't need to win for newcastle atm! they are doing that themselves! haha.I'm to planning on giving up completely may just change project due to this one basically needed to be re-written to modern php!

 

Thanks for all of the help guys.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.