chunkymonkey11 Posted August 15, 2012 Share Posted August 15, 2012 Hey Guys! I have ran into a problem that is above my level of PHP knowledge. I have been working on a registration script. My database is XAMPP and my table name is member. The fields inside member are as follow: id, businessname, username, password, sign_up_date, email, taxnumber, account_permissions, email_activation (I am working on helping my Uncle create a website for his consulting company, and he said he needs these fields) Anyways, I went on to create this php file (code below) called register.php it has html in it and I saved the file in htdocs. When I saved it, I went on to test it, and for some strange reason when I put nothing in the fields is should say: All fields are required, but for some strange reason when I click Create Account nothing happens. Just seems like it takes a second to refresh and that's it. It does not even tell me: All fields are required. Any help would be appreciated, and I'm a newbie so an explanation would also be great. <?php error_reporting(0); if($_POST['submit']) { $businessname= $_POST['businessname']; $username = $_POST['username']; $password = $_POST['password']; $password1 = $_POST['password1']; $email = $_POST['email']; $taxnumber = $_POST['taxnumber']; $enc_password = md5($password); if($businessname && $username && $password && $password1 && $email && $taxnumber) { if(strlen($businessname)>40) { echo "Your Business Name is too long"; } if(strlen($username)>15) { echo "Your username is too long"; } else { if(strlen($password)>15 || strlen($password)<6) { echo "Your password must be between 6 and 15 characters"; } if($password == $password1) { $connect = mysql_connect("127.0.0.1","root","") or die ("Couldnt connect to database"); mysql_select_db("test_database") or die ("Couldnt find database"); $query = mysql_query ("INSERT INTO member VALUES ('','$businessname','$usersname','$enc_password','$email','taxnumber')"); die("Registration Complete! <a href='index.html'>Click here to login</a>"); } else { echo "Passwords must match"; } } } else echo "All fields are required"; } ?> <style type="text/css"> #apDiv1 { position:absolute; left:739px; top:79px; width:313px; height:325px; z-index:1; } </style> <div id="apDiv1"> <form action="register.php" method="POST"> Business Name: <input type="text" name="businessname" value=""> <p> Username: <input type="text" name="username" value""> <p> Password: <input type="password" name="password"> <p> Re-Enter Password: <input type="password1" name="password1"> <p> Email: <input type"text" name="email"> <p> Federal Tax ID: <input type="text" name="taxnumber" value=""> <p> <input type="submit" value="Create Account"> <p> </form> </div> Quote Link to comment Share on other sites More sharing options...
krash11554 Posted August 15, 2012 Share Posted August 15, 2012 The last } needs to be above the else echo 'All fields are required' . Quote Link to comment Share on other sites More sharing options...
chunkymonkey11 Posted August 15, 2012 Author Share Posted August 15, 2012 Hey krash11554, thanks for replying. When I put the } above else } } else echo "All fields are required"; and reload the page; the page says All fields are required when I have not clicked Create Account (I want that message to appear if somebody has not filled out the required fields and clicked Create Account), also for some reason when I put two passwords that are not the same it should say: Passwords must match Also I have been looking at some PHP books and there seems to be PHP tags in the html like: <form action="register.php" method="POST"> Business Name: <input type="text" name="businessname" value="<?php echo "$businessname"; ?>"> <p> Username: <input type="text" name="username" value"<?php echo "$username"; ?>"> Any help on identifying the issues on this script would be appreciated Quote Link to comment Share on other sites More sharing options...
MMDE Posted August 15, 2012 Share Posted August 15, 2012 Please use the code tags when you post code. Thank you! Quote Link to comment Share on other sites More sharing options...
krash11554 Posted August 15, 2012 Share Posted August 15, 2012 Srry about the wrong answer. and its saying the two passwords match bc the value dosent have an = sign. <input type="text" name="username" value""> Quote Link to comment Share on other sites More sharing options...
krash11554 Posted August 15, 2012 Share Posted August 15, 2012 Ah ha! the reason its not working is because you didnt name the submit button. Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 15, 2012 Share Posted August 15, 2012 Ah ha! the reason its not working is because you didnt name the submit button. That is one of the problems with the script, the biggest one. OP: Enable error reporting. And use code tags here. Quote Link to comment Share on other sites More sharing options...
chunkymonkey11 Posted August 15, 2012 Author Share Posted August 15, 2012 I am sorry guys, but I am honestly confused about what's wrong (newbie at it's finest). I put the = by the value, but I lost you guys at naming the submit button. How would you do that? Also thanks again for responding and helping me, the other forums I went to only gave me one answer: "give up". Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 15, 2012 Share Posted August 15, 2012 See how all of your other form elements have a name="name goes here"? You need one on submit. Preferably it should be submit since that's what you're testing for. if($_POST['submit']) Quote Link to comment Share on other sites More sharing options...
chunkymonkey11 Posted August 15, 2012 Author Share Posted August 15, 2012 jesirose & krash11554 you guys ROCK!! I spent soo much time trying to fix this issue that I thought of just giving up!!! Thanks for the help! This case is solved Quote Link to comment Share on other sites More sharing options...
Christian F. Posted August 15, 2012 Share Posted August 15, 2012 I've rewritten the code a bit for you, to showcase what I think you should have done. Note how I'm using functions to cut up the code, so that I have a lot more control over what gets executed and what gets output to the browser (and when). There are also a few extra security measures in place here, which you will need before pushing the script to production. I've escaped all of the output for you, but I've left the input validation part up to you. Not to mention that you'll need to write the salt generation function as well, which I think will be a nice exercise for you. <?php function show_form ($business = '', $username = '', $email = '', $taxID = '') { // Escape output to prevent HTML injection attacks. $business = htmlspecialchars ($business); $username = htmlspecialchars ($username); $email = htmlspecialchars ($email); $taxID = htmlspecialchars ($taxID); // Build and return the completed form. return <<<FormData <form id="apDiv1" action="register.php" method="post"> <fieldset> <label for="bname">Business Name:</label> <input id="bname" type="text" name="businessname" value="$business"> <label for="uname">Username:</label> <input id="uname" type="text" name="username" value="$username"> <label for="passwd">Password:</label> <input id="passwd" type="password" name="password"> <label for="passrp">Re-Enter Password:</label> <input id="passrp" type="password" name="password1"> <label for="email">Email:</label> <input id="email" type="text" name="email" value="$email"> <label for="ftid">Federal Tax ID:</label> <input id="ftid" type="text" name="taxnumber" value="$taxID"> </fieldset> <fieldset class="buttons"> <input type="submit" value="Create Account"> </fieldset> </form> FormData; } function parse_form () { // TODO: Validate input. $businessname = $_POST['businessname']; $username = $_POST['username']; $password = $_POST['password']; $password1 = $_POST['password1']; $email = $_POST['email']; $taxnumber = $_POST['taxnumber']; // Define an array to hold any potential error messages. $error = array (); if (!$businessname || !$username || !$password || !$password1 || !$email || !$taxnumber) { $error[] = "All fields are required"; } if (strlen ($businessname) > 40) { $error[] = "Your Business Name is too long."; } if (strlen ($username) > 15) { $error[] = "Your username is too long."; } // NEVER set a maximum length on passwords! Especially not when you hash it. if (strlen ($password) < 6) { $error[] = "Your password must be minimum 6 characters long."; } if ($password != $password1) { $error[] = "Passwords must match."; } // Has there been any errors inthe validation? if (!empty ($error)) { // Generate list of faults, and show the form again. $output = '<p>'.implode ("<br>\n", $error)."</p>\n"; return $output.show_form ($business, $username, $email, $taxnumber); } // Generate a new 16-char long salt for the user, to use when hashing the password. // TODO: Add gen_salt () yourself. $salt = '$5$'.gen_salt (); // Hash the password, '$5$' at the start of the salt signals that it should be hashed with SHA256. $pwHash = crypt ($password, $salt); // Connect to the database, using MySQLi. $db = new mysqli ("127.0.0.1", "root", "", "test_database") or die ("Couldnt connect to database"); // Build the query. Using sprintf () and real_escape_string () to prevent SQL injections. $query = "INSERT INTO member VALUES ('','%s','%s','%s','%s','%s', %s)"; $query = sprintf ($query, $db->real_escape_string ($businessname), $db->real_escape_string ($username), $db->real_escape_string ($pwHash), $db->real_escape_string ($salt), $db->real_escape_string ($email), $db->real_escape_string ($taxnumber)); // Execute the query, and check for errors. if (!$db->query ($query)) { die ('Failed to save data'); } // Send user to confirmation page. header ("Location: ?reg=ok"); die (); } /** * This code below is executed upon page load, and determines what * the user has done prior to opening this page. */ $regForm = ''; // Determine what actions to take. if ($_POST['submit']) { // User has submitted data, check it and capture any returning output in case of errors. $regForm .= parse_form (); } elseif (isset ($_GET['reg']) && $_GET['reg'] == 'ok') { // Form was submitted sucessfully. $regForm .= "<p>Registration Complete! <a href='index.html'>Click here to login</a></p>"; } else { // No content submitted, show the form without any content. $regForm .= show_form (); } Now all you need to do, is to echo $regForm where you want the form, and/or the messages related to it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.