Nightasy Posted October 12, 2012 Share Posted October 12, 2012 (edited) Greetings, Weirdly enough, this page worked yesterday and now it will not work. I'm not sure what the issue is. The error I am recieving is. An error has occured. Your account was not created. Here is the entire page: <?php error_reporting (E_ALL ^ E_NOTICE); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]"> <html xmlns="[url="http://www.w3.org/1999/xhtml"]http://www.w3.org/1999/xhtml[/url]"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <link href="CSS/oneColFixCtrHdr.css" rel="stylesheet" type="text/css" /> <style type="text/css"> body { background-attachment: fixed; background-image: url(Images/MainBackground.jpg); background-repeat: no-repeat; background-position: center center; } </style> </head> <body> <div class="container"> <div class="header"><!-- end .header --><img src="Images/SiteHeaderComplete.jpg" width="960" height="256" /></div> <div class="content"> <?php if ( $_POST['registerbtn']){ $getuser = $_POST['user']; $getemail = $_POST['email']; $getpass = $_POST['pass']; $getretypepass = $_POST['retypepass']; if ($getuser){ if ($getemail){ if ($getpass){ if ($getretypepass){ if ( $getpass === $getretypepass ){ if ( (strlen($getemail) >= 7) && (strstr($getemail, "@")) && (strstr($getemail, ".")) ){ require("./connect/connect.php"); $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $query = mysql_query("SELECT * FROM users WHERE email='$getemail'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $password = md5(md5("82dWa89dw7a".$getpass."F904Hh88w8hjOoiIilLiI")); $date = date("F d, Y"); $code = md5(rand()); mysql_query("INSERT INTO users VALUES ( '', '$getuser', '$password', '$getemail', '0', '$code', '$date' )"); $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); $numrows = mysql_num_rows($query); if ($numrows == 1){ $site = "[url="http://www.editedoutforprivacy.com"]http://www.editedoutforprivacy.com[/url]"; $webmaster = "Nightasy <[email="admin@editedoutforprivacy.com"]admin@editedoutforprivacy.com[/email]>"; $headers = "From: $webmaster"; $subject = "Activate your account."; $message = "Thank you for registering at editedoutforprivacy.com. Please click the link below to activate your account.\n"; $message .= "$site/activate.php?user=$getuser&code=$code\n"; $message .= "You must activate your account to login."; if ( mail($getemail, $subject, $message, $headers)){ $errormsg = "You have been registered. In order to complete the registration you must activate your account from the email sent to <b>$getemail</b>"; $getuser = ""; $getemail = ""; } else $errormsg = "An error has occured. Your activation email was not sent."; } else $errormsg = "An error has occured. Your account was not created."; } else $errormsg = "That email is already in use."; } else $errormsg = "That username is already taken."; mysql_close(); } else $errormsg = "You must enter a valid email to register."; } else $errormsg = "Your passwords did not match."; } else $errormsg = "You must retype your password to register."; } else $errormsg = "You must enter your password to register."; } else $errormsg = "You must enter your email to register."; } else $errormsg = "You must enter your username to register."; } $form = "<form action='./register.php' method='post'> <table> <tr> <td></td> <td><font color='red'>$errormsg</font></td> </tr> <tr> <td>Username:</td> <td><input type='text' name='user' value='$getuser' /></td> </tr> <tr> <td>Email:</td> <td><input type='text' name='email' value='$getemail' /></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='pass' value='' /></td> </tr> <tr> <td>Confirm Password:</td> <td><input type='password' name='retypepass' value='' /></td> </tr> <tr> <td></td> <td><input type='submit' name='registerbtn' value='Register' /></td> </tr> </table> </form>"; echo $form; ?> <!-- end .content --></div> <div class="footer"> <p>Footer</p> <!-- end .footer --></div> <!-- end .container --></div> </body> </html> Does anyone have any idea what I might have done wrong or what is wrong with this page? Thanks in advance. Edited October 12, 2012 by Nightasy Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 12, 2012 Share Posted October 12, 2012 When posting code, enclose it within the forum's . . . BBCode tags. Quote Link to comment Share on other sites More sharing options...
Nightasy Posted October 12, 2012 Author Share Posted October 12, 2012 (edited) Sorry, here you go. <?php error_reporting (E_ALL ^ E_NOTICE); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"]http://www.w3.org/TR...ransitional.dtd[/url]"> <html xmlns="[url="http://www.w3.org/1999/xhtml"]http://www.w3.org/1999/xhtml[/url]"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <link href="CSS/oneColFixCtrHdr.css" rel="stylesheet" type="text/css" /> <style type="text/css"> body { background-attachment: fixed; background-image: url(Images/MainBackground.jpg); background-repeat: no-repeat; background-position: center center; } </style> </head> <body> <div class="container"> <div class="header"><!-- end .header --><img src="Images/SiteHeaderComplete.jpg" width="960" height="256" /></div> <div class="content"> <?php if ( $_POST['registerbtn']){ $getuser = $_POST['user']; $getemail = $_POST['email']; $getpass = $_POST['pass']; $getretypepass = $_POST['retypepass']; if ($getuser){ if ($getemail){ if ($getpass){ if ($getretypepass){ if ( $getpass === $getretypepass ){ if ( (strlen($getemail) >= 7) && (strstr($getemail, "@")) && (strstr($getemail, ".")) ){ require("./connect/connect.php"); $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $query = mysql_query("SELECT * FROM users WHERE email='$getemail'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $password = md5(md5("82dWa89dw7a".$getpass."F904Hh88w8hjOoiIilLiI")); $date = date("F d, Y"); $code = md5(rand()); mysql_query("INSERT INTO users VALUES ( '', '$getuser', '$password', '$getemail', '0', '$code', '$date' )"); $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); $numrows = mysql_num_rows($query); if ($numrows == 1){ $site = "[url="http://www.editedoutforprivacy.com"]http://www.editedoutforprivacy.com[/url]"; $webmaster = "Nightasy <[email="admin@editedoutforprivacy.com"]admin@editedoutforprivacy.com[/email]>"; $headers = "From: $webmaster"; $subject = "Activate your account."; $message = "Thank you for registering at editedoutforprivacy.com. Please click the link below to activate your account.\n"; $message .= "$site/activate.php?user=$getuser&code=$code\n"; $message .= "You must activate your account to login."; if ( mail($getemail, $subject, $message, $headers)){ $errormsg = "You have been registered. In order to complete the registration you must activate your account from the email sent to <b>$getemail</b>"; $getuser = ""; $getemail = ""; } else $errormsg = "An error has occured. Your activation email was not sent."; } else $errormsg = "An error has occured. Your account was not created."; } else $errormsg = "That email is already in use."; } else $errormsg = "That username is already taken."; mysql_close(); } else $errormsg = "You must enter a valid email to register."; } else $errormsg = "Your passwords did not match."; } else $errormsg = "You must retype your password to register."; } else $errormsg = "You must enter your password to register."; } else $errormsg = "You must enter your email to register."; } else $errormsg = "You must enter your username to register."; } $form = "<form action='./register.php' method='post'> <table> <tr> <td></td> <td><font color='red'>$errormsg</font></td> </tr> <tr> <td>Username:</td> <td><input type='text' name='user' value='$getuser' /></td> </tr> <tr> <td>Email:</td> <td><input type='text' name='email' value='$getemail' /></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='pass' value='' /></td> </tr> <tr> <td>Confirm Password:</td> <td><input type='password' name='retypepass' value='' /></td> </tr> <tr> <td></td> <td><input type='submit' name='registerbtn' value='Register' /></td> </tr> </table> </form>"; echo $form; ?> <!-- end .content --></div> <div class="footer"> <p>Footer</p> <!-- end .footer --></div> <!-- end .container --></div> </body> </html> Edited October 12, 2012 by Nightasy Quote Link to comment Share on other sites More sharing options...
Jessica Posted October 12, 2012 Share Posted October 12, 2012 (edited) I'm gonna guess that user now exists MORE than one time. Check your DB. The else you're getting the error from lines up with: $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); $numrows = mysql_num_rows($query); if ($numrows == 1){ If $numrows happens to == 2, you're going to get the same error. Edited October 12, 2012 by Jessica Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 12, 2012 Share Posted October 12, 2012 The logic of that whole script isn't very user friendly. You should do all your validation at the same time, so you can present the user with all errors simultaneously, with the form fields pre-populated so all they have to do is correct any errors. Expecting someone to keep submitting a form and getting a new error every time is only going to make people leave without finishing the process. Quote Link to comment Share on other sites More sharing options...
Nightasy Posted October 12, 2012 Author Share Posted October 12, 2012 There is currently only one user in the database. The user is a default user that I made to test the database connection file. I tested this register page yesterday after having reported a different error where I had added an s on the end of a function by accident. When I tested it yesterday it worked. Now I can't get it to create a new user and I get that error. Quote Link to comment Share on other sites More sharing options...
Nightasy Posted October 12, 2012 Author Share Posted October 12, 2012 The logic of that whole script isn't very user friendly. You should do all your validation at the same time, so you can present the user with all errors simultaneously, with the form fields pre-populated so all they have to do is correct any errors. Expecting someone to keep submitting a form and getting a new error every time is only going to make people leave without finishing the process. I get that, but the form only has 4 fields. It's a really simple form. Quote Link to comment Share on other sites More sharing options...
Nightasy Posted October 12, 2012 Author Share Posted October 12, 2012 Actually I think I might have found the error. When I created the default user to test the login page, I set the id to 1 instead of 0. Now I just deleted all users and got past the error. Testing it now. Quote Link to comment Share on other sites More sharing options...
Nightasy Posted October 12, 2012 Author Share Posted October 12, 2012 (edited) Yep, turns out that was the problem. Everything's working just fine now. Thanks for taking a look anyhow. In essence the code was failing because there was already a user with id of 1 in the data base. So when I tested it yesterday it worked fine because there was no user id 0. Then when I tested it today it was trying to create a user id 1 and there was already a user id 1 so the code was failing. So since it couldnt follow the increment, well, you get the point. Edited October 12, 2012 by Nightasy Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 12, 2012 Share Posted October 12, 2012 Inserting a record manually shouldn't have caused what you described. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 13, 2012 Share Posted October 13, 2012 The only reason why the check would fail with the error message you gave, is if you already had a user with that name in the database. The ID is completely irrelevant as far as the code is concerned. That said, you really should have written your script differently. Not only by utilizing the "exit early" concept, but also divided some of your code into functions. I've done that rewrite for you, more or less, to show you how I'd write something like this: <?php error_reporting (E_ALL ^ E_NOTICE); /** * Validates the posted data, and saves to database. Returns a form with an error message if fails. * * If saving is successful, it'll redirect to the success page. * * @return string */ function Process_Post () { // TODO: Need to finish the val_username () function. if (!isset ($_POST['user']) || !$getuser = val_username ($_POST['user'])) { $errormsg[] = "You must enter your username to register."; } else { // Used to repopulate the form as validation failed. $getuser = $_POST['user']; } if (!$getemail = filter_input (INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)) { $errormsg[] = "You must enter a valid email address to register."; } else { // Used to repopulate the form as validation failed. $getemail = $_POST['email']; } if (!isset ($_POST['pass']) || empty ($_POST['pass'])) { $errormsg[] = "You must enter your password to register."; } if (!isset ($_POST['retypepass']) || empty ($_POST['retypepass'])) { $errormsg[] = "You must retype your password to register."; } if (!empty ($_POST['pass']) && $_POST['pass'] === $_POST['retypepass']) { $errormsg[] = "Your passwords did not match."; } require ("./connect/connect.php"); // Create query and prevent SQL injections. $query = sptrintf ("SELECT * FROM users WHERE username='%s'", mysql_real_escape_string ($getuser)); $query = mysql_query ($query); $numrows = mysql_num_rows ($query); if ($numrows == 0) { $errormsg[] = "That username is already taken."; } // Create query and prevent SQL injections. $query = sprintf ("SELECT * FROM users WHERE email='%s'", mysql_real_escape_string ($getemail)); $query = mysql_query ($query); $numrows = mysql_num_rows ($query); if ($numrows == 0) { $errormsg[] = "That email is already in use."; } // Show error message and form anew if any validation failed. if (!empty ($errormsg)) { return Create_Form ($errormsg, $getuser, $getemail); } // TODO: This needs to be rewritten. This is BAD code! Read linked article. $password = md5 (md5 ("82dWa89dw7a" . $getpass . "F904Hh88w8hjOoiIilLiI")); $date = date ("F d, Y"); $code = md5 (rand ()); // Create query and escape output, to prevent SQL injections. $query = "INSERT INTO users(`username`, `password`, `email`, `status', `code', `date`)\n". "VALUES ('%1\$s', '%2\$s', '%3\$s', 0, '%4\$s', '%5\$s')"; $query = sprintf ($query, mysql_real_escape_string ($getuser), mysql_real_escape_string ($password), mysql_real_escape_string ($getemail), mysql_real_escape_string ($code), mysql_real_escape_string ($date)); if (!mysql_query ($query)) { $errormsg[] = "An error has occured. Your account was not created."; } $site = "http://www.editedoutforprivacy.com"; $webmaster = "Nightasy <admin@editedoutforprivacy.com>"; $headers = "From: $webmaster"; $subject = "Activate your account."; $message = "Thank you for registering at editedoutforprivacy.com. Please click the link below to activate your account.\n"; $message .= "$site/activate.php?user=$getuser&code=$code\n"; $message .= "You must activate your account to login."; // Send mail, and show error message if it fails. if (mail ($getemail, $subject, $message, $headers)) { $errormsg[] = "An error has occured. Your activation email was not sent."; return Create_Form ($errormsg, $getuser, $getemail); } // Send user to confirmation page. header ("Location: ?send=ok"); die (); } /** * Returns the form for user registration, complete with values and messages (if provided). * * $message can be both an array or a string, with the former being error messages and the * latter being a success message. * * @param mixed[optional] $message = NULL * @param string[optional] $user = '' * @param string[optional] $email = '' */ function Create_Form ($message = NULL, $user = '', $email = '') { // Escape output to prevent XSS injections $user = htmlspecialchars ($user); $email = htmlspecialchars ($email); // If message is to be added to form output. if (!empty ($message)) { // Determine whether it's an array or a string. if (is_array ($message)) { // Array, first escape all output. $message = array_map ('htmlspecialchars', $message); // Then create an unordered list with all error messages. $message = "\n\t<li>".implode ("</li>\n\t<li>", $message)."</li>\n"; $message = '<ul class="error">'.$message."</ul>\n"; } else { // String, assume it's a success message. $message = '<p class="success">'.htmlspecialchars ($message)."</p>\n"; } } // Create and return form to calling function. return <<<OutForm $message <form action="" method="post"> <fieldset> <label for="inp_username">Username:</label> <input id="inp_username" type="text" name="user" value="$user" /> <label for="inp_email">Email:</label> <input id="inp_email" type="text" name="email" value="$email" /> <label for="inp_password">Password:</label> <input id="inp_password" type="password" name="pass" value="" /> <label for="inp_confirm">Confirm Password:</label> <input id="inp_confirm" type="password" name="retypepass" value="" /> </fieldset> <fieldset class="buttons"> <input type="submit" name="registerbtn" value="Register" /> </fieldset> </form> OutForm; } /** * Controlling code to determine the current page view's functionality. */ if ($_POST['registerbtn']) { // Content has been posted, check it and save form if validation fails. $form = Process_Post (); } elseif (isset ($_GET['send']) && $_GET['send'] == 'ok') { // User has successfully registered, show message. $message = "You have been registered. In order to complete the registration you must activate your account from the email sent to your e-mail account."; $form = Create_Form ($message); } else { // No action taken yet, show empty form. $form = Create_Form (); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"]http://www.w3.org/TR...ransitional.dtd[/url]"> <html xmlns="[url="http://www.w3.org/1999/xhtml"]http://www.w3.org/1999/xhtml[/url]"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <link href="CSS/oneColFixCtrHdr.css" rel="stylesheet" type="text/css" /> <style type="text/css"> body { background-attachment: fixed; background-image: url(Images/MainBackground.jpg); background-repeat: no-repeat; background-position: center center; } </style> </head> <body> <div class="container"> <div class="header"> <img src="Images/SiteHeaderComplete.jpg" width="960" height="256" /> </div> <div class="content"> <?php echo $form; ?> </div> <div class="footer"> <p>Footer</p> </div> </div> </body> </html> Not quite complete, and untested, but should get you on your way. Also, as noted in one of the comments, I strongly recommend that you read this article about secure login systems. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.