Jump to content

User Register Help!

DarnStuckAgain

By DarnStuckAgain
in PHP Coding Help

 Share

Recommended Posts

DarnStuckAgain Newbie

DarnStuckAgain

Posted
Posted

Hi guys I'm trying to fix my user registration page, I've gotten myself into a real mess here so any help would be appreciated  :confused:

I am getting "Notice: Undefined index" message for my variables (firstname,lastname,password,repeatpasswords) and it is not loading the page only the "die" message which is happening because the script is failing.

 

<?php
session_start();

$con = mysql_connect('localhost','root','abc'); 
if (!$con)
   {
   die ("Could not connect to database" . mysql_error()); 
   }

//get data from the form
if (isset($_POST['firstname'])) { $firstname = $_POST['firstname']; }
if (isset($_POST['lastname'])) { $lastname = $_POST['lastname']; }
if (isset($_POST['username'])) { $username = $_POST['username']; }
if (isset($_POST['password'])) { $password = $_POST['password']; }
if (isset($_POST['repeatpassword'])) { $repeatpassword = $_POST['repeatpassword']; }
if (isset($_POST['submit']))
{
//check for existance
if ($firstname&&$lastname&&$username&&$password&&$repeatpassword)
           {
	   //check passwords match
           if ($password==$repeatpassword) 
       {
       //check char length of username and names
       if (strlen($username)>25||strlen($firstname)>25)
       {
       echo "The first name, last name or username fields are too long!";
       }
       else
       {
       //check password length
       if (strlen($password)>25||strlen($password)<6)
       {
       echo "Password must be between 6 and 25characters";
       }
       else 
       {
	   //encrypt password
       $password = md5 ($password); 
           $repeatpassword = md5 ($repeatpassword);
       }
       }
       }
  	       else
           echo "Your passwords do not match!";
       }
           else 
               echo "Please fill in all fields!";
	   }
   
	   //select database table
	   mysql_select_db('theimageworks');
	   //add data to database
	   $sql="INSERT INTO user (firstname, lastname, username, password) 
	   VALUES ('$_POST[firstname]', '$_POST[lastname]', '$_POST[username]', '$_POST[password]')";
  
	   if (!mysql_query($sql,$con))
	   {
	   die ('Error: ' . mysql_error());
	   }
die ("You have been registered! Return to <a href='loginpage.php'>login page</a>");
mysql_close($con);
?>

Link to comment
Share on other sites
MSUK1 Member

MSUK1

Posted
Posted

just a nooby question

 

why do you use the post data instead of variable data for the insert?

 

Your code:

		   VALUES ('$_POST[firstname]', '$_POST[lastname]', '$_POST[username]', '$_POST[password]')";

 

What i would use:

		   VALUES ($firstname, $lastname, $username, $passwprd)";

 

Link to comment
Share on other sites
Eiolon Advanced Member

Eiolon

Posted
Posted

Yeah, I'd say it's a mess.

 

You are assigning variables to things that haven't been posted yet, therefore they are undefined.

 

Start by telling the script to begin when you press the submit button.

 

if (isset($_POST['submit'])) {

   // then start assigning variables here

  // then start validating your data here

  // then start sanitizing your data here

  // then submit to your database here

 

When you submit to your database, make sure it is the variables that have been assigned/validated/sanitized(which you are lacking) and NOT the POST variables.

 

Also, it is easier to check if passwords match when they are still plain text, then hash a single one shortly before inserting into the database.

 

Do all your database connection in one fell swoop.  You have it broken up.  Tell your script to connect to the database as you are inserting.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

In the case of the $password variable, NOT using $password in the query statement will prevent your script from working. If you are going though the trouble of putting lines of code in your script, you must make sure that each line of code contributes something to the goal you are trying to solve and that the line of code is needed.

 

You also need to escape each piece of string data that you are putting into the query statement, to both prevent sql errors when that data contains sql special characters and to prevent sql injection by hackers.

 

Posting the actual error message(s) would be needed to pin down what is causing the problem. You have more than one die() statement and no one here can tell you what the current problem is without knowing at which point the logic is detecting an error.

Link to comment
Share on other sites
DarnStuckAgain Newbie

DarnStuckAgain

Posted
  • Author
Posted

Thanks for the replies.

 

I have made the script run when I press the submit button however I have confused myself so much now that I have no idea how to get myself out of this mess  :(

 

I am commenting out the die message because that is just sending me back to the login even though the script isn't working.

 

I am just aiming to get this working in as basic way as possible for prototype purposes and so I won't be complicating it with extra things so long as it works  :-[

 

<?php
session_start();

$con = mysql_connect('localhost','root','abc'); 
if (!$con)
   {
   die ("Could not connect to database" . mysql_error()); 
   }


if (isset($_POST['submit'])) {
//get data from the form
if (isset($_POST['firstname'])) { $firstname = $_POST['firstname']; }
if (isset($_POST['lastname'])) { $lastname = $_POST['lastname']; }
if (isset($_POST['username'])) { $username = $_POST['username']; }
if (isset($_POST['password'])) { $password = $_POST['password']; }
if (isset($_POST['repeatpassword'])) { $repeatpassword = $_POST['repeatpassword']; }
if (isset($_POST['submit']))
{
//check for existance
if ($firstname&&$lastname&&$username&&$password&&$repeatpassword)
           {
	   //check passwords match
           if ($password==$repeatpassword) 
       {
       //check char length of username and names
       if (strlen($username)>25||strlen($firstname)>25)
       {
       echo "The first name, last name or username fields are too long!";
       }
       else
       {
       //check password length
       if (strlen($password)>25||strlen($password)<6)
       {
       echo "Password must be between 6 and 25characters";
       }
       else 
       {
	   //encrypt password
       $password = md5 ($password); 
           $repeatpassword = md5 ($repeatpassword);
       }
       }
       }
  	       else
           echo "Your passwords do not match!";
       }
           else 
               echo "Please fill in all fields!";
	   }
   
	   //select database table
	   mysql_select_db('theimageworks');
	   //add data to database
	   $sql="INSERT INTO user (firstname, lastname, username, password) 
	   VALUES ('$_POST[firstname]', '$_POST[lastname]', '$_POST[username]', '$_POST[password]')";
  
	   if (!mysql_query($sql,$con))
	   {
	   die ('Error: ' . mysql_error());
	   }
	   //die ("You have been registered! Return to <a href='loginpage.php'>login page</a>");
	   }

mysql_close($con);

?>

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Here's your last posted code, with usable indention. I also moved the query logic inside the else{...} statement so that it will only be executed when your 'validation' passes. I also removed a lot of unneeded statements -

 

<?php
session_start();

$con = mysql_connect('localhost','root','abc');
if (!$con){
die ("Could not connect to database" . mysql_error());
}

if (isset($_POST['submit'])){
//get data from the form
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$password = $_POST['password'];
$repeatpassword = $_POST['repeatpassword'];
//check for existance
if ($firstname&&$lastname&&$username&&$password&&$repeatpassword){
	//check passwords match
	if ($password==$repeatpassword){
		//check char length of username and names
		if (strlen($username)>25||strlen($firstname)>25){
			echo "The first name, last name or username fields are too long!";
		} else {
			//check password length
			if (strlen($password)>25||strlen($password)<6){
				echo "Password must be between 6 and 25characters";
			} else {
				//hash password
				$password = md5($password);
				//select database table
				mysql_select_db('theimageworks');
				//add data to database
				$sql="INSERT INTO user (firstname, lastname, username, password)
					VALUES ('$firstname', '$lastname', '$username', '$password')";
				if (!mysql_query($sql,$con)) {
					die ('Error: ' . mysql_error());
				}
				die ("You have been registered! Return to <a href='loginpage.php'>login page</a>");
			}
		}
	} else 
		echo "Your passwords do not match!";
} else 
	echo "Please fill in all fields!";
}
mysql_close($con);
?>

 

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.