Jump to content

Recommended Posts

Greetings,

 

Weirdly enough, this page worked yesterday and now it will not work. I'm not sure what the issue is. The error I am recieving is.

 

An error has occured. Your account was not created.

 

 

Here is the entire page:

 

<?php
error_reporting (E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]">
<html xmlns="[url="http://www.w3.org/1999/xhtml"]http://www.w3.org/1999/xhtml[/url]">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="CSS/oneColFixCtrHdr.css" rel="stylesheet" type="text/css" />


<style type="text/css">
body {
background-attachment: fixed;
background-image: url(Images/MainBackground.jpg);
background-repeat: no-repeat;
background-position: center center;
}
</style>
</head>
<body>
<div class="container">
 <div class="header"><!-- end .header --><img src="Images/SiteHeaderComplete.jpg" width="960" height="256" /></div>
 <div class="content">

 <?php
 if ( $_POST['registerbtn']){
   $getuser = $_POST['user'];
   $getemail = $_POST['email'];
   $getpass = $_POST['pass'];
   $getretypepass = $_POST['retypepass'];

   if ($getuser){
 if ($getemail){
  if ($getpass){
   if ($getretypepass){
    if ( $getpass === $getretypepass ){
	 if ( (strlen($getemail) >= 7) && (strstr($getemail, "@")) && (strstr($getemail, ".")) ){
	    require("./connect/connect.php");

	 $query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
	 $numrows = mysql_num_rows($query);
	 if ($numrows == 0){
	   $query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
	 $numrows = mysql_num_rows($query);
	 if ($numrows == 0){

	   $password = md5(md5("82dWa89dw7a".$getpass."F904Hh88w8hjOoiIilLiI"));
	   $date = date("F d, Y");
	   $code = md5(rand());

	   mysql_query("INSERT INTO users VALUES (
		'', '$getuser', '$password', '$getemail', '0', '$code', '$date' 
	   )");

	   $query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
	   $numrows = mysql_num_rows($query);
	   if ($numrows == 1){
		 $site = "[url="http://www.editedoutforprivacy.com"]http://www.editedoutforprivacy.com[/url]";
		 $webmaster = "Nightasy <[email="admin@editedoutforprivacy.com"]admin@editedoutforprivacy.com[/email]>";
		 $headers = "From: $webmaster";
		 $subject = "Activate your account.";
		 $message = "Thank you for registering at editedoutforprivacy.com. Please click the link below to activate your account.\n";
		 $message .= "$site/activate.php?user=$getuser&code=$code\n";
		 $message .= "You must activate your account to login.";

		 if ( mail($getemail, $subject, $message, $headers)){
		   $errormsg = "You have been registered. In order to complete the registration you must activate your account from the email sent to <b>$getemail</b>";
		   $getuser = "";
		   $getemail = "";
		  }
		  else
		   $errormsg = "An error has occured. Your activation email was not sent.";

		}
		else
		 $errormsg = "An error has occured. Your account was not created.";
	  }
	  else
	   $errormsg = "That email is already in use.";
	  }
	  else
	   $errormsg = "That username is already taken.";
	 mysql_close();
	  }
	  else
	    $errormsg = "You must enter a valid email to register.";
	 }
	 else
	   $errormsg = "Your passwords did not match.";
    }
    else
      $errormsg = "You must retype your password to register.";	  
   }
   else
     $errormsg = "You must enter your password to register.";
  }
  else
    $errormsg = "You must enter your email to register.";
 }
    else
  $errormsg = "You must enter your username to register.";
}



 $form = "<form action='./register.php' method='post'>
 <table>
 <tr>
   <td></td>
 <td><font color='red'>$errormsg</font></td>
 </tr>
 <tr>
   <td>Username:</td>
 <td><input type='text' name='user' value='$getuser' /></td>
 </tr>
  <tr>
   <td>Email:</td>
 <td><input type='text' name='email' value='$getemail' /></td>
 </tr>
 <tr>
   <td>Password:</td>
 <td><input type='password' name='pass' value='' /></td>
 </tr>
 <tr>
   <td>Confirm Password:</td>
 <td><input type='password' name='retypepass' value='' /></td>
 </tr>
 <tr>
   <td></td>
 <td><input type='submit' name='registerbtn' value='Register' /></td>
 </tr>
 </table>
 </form>";

echo $form;

 ?>




   <!-- end .content --></div>
 <div class="footer">
   <p>Footer</p>
   <!-- end .footer --></div>
 <!-- end .container --></div>
</body>
</html>

 

Does anyone have any idea what I might have done wrong or what is wrong with this page? Thanks in advance.

Edited by Nightasy

Sorry, here you go.

 

<?php
error_reporting (E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"]http://www.w3.org/TR...ransitional.dtd[/url]">
<html xmlns="[url="http://www.w3.org/1999/xhtml"]http://www.w3.org/1999/xhtml[/url]">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="CSS/oneColFixCtrHdr.css" rel="stylesheet" type="text/css" />


<style type="text/css">
body {
background-attachment: fixed;
background-image: url(Images/MainBackground.jpg);
background-repeat: no-repeat;
background-position: center center;
}
</style>
</head>
<body>
<div class="container">
 <div class="header"><!-- end .header --><img src="Images/SiteHeaderComplete.jpg" width="960" height="256" /></div>
 <div class="content">

 <?php
 if ( $_POST['registerbtn']){
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];

if ($getuser){
 if ($getemail){
  if ($getpass){
   if ($getretypepass){
	if ( $getpass === $getretypepass ){
	 if ( (strlen($getemail) >= 7) && (strstr($getemail, "@")) && (strstr($getemail, ".")) ){
		require("./connect/connect.php");

	 $query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
	 $numrows = mysql_num_rows($query);
	 if ($numrows == 0){
	   $query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
	 $numrows = mysql_num_rows($query);
	 if ($numrows == 0){

	   $password = md5(md5("82dWa89dw7a".$getpass."F904Hh88w8hjOoiIilLiI"));
	   $date = date("F d, Y");
	   $code = md5(rand());

	   mysql_query("INSERT INTO users VALUES (
		'', '$getuser', '$password', '$getemail', '0', '$code', '$date'
	   )");

	   $query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
	   $numrows = mysql_num_rows($query);
	   if ($numrows == 1){
		 $site = "[url="http://www.editedoutforprivacy.com"]http://www.editedoutforprivacy.com[/url]";
		 $webmaster = "Nightasy <[email="admin@editedoutforprivacy.com"]admin@editedoutforprivacy.com[/email]>";
		 $headers = "From: $webmaster";
		 $subject = "Activate your account.";
		 $message = "Thank you for registering at editedoutforprivacy.com. Please click the link below to activate your account.\n";
		 $message .= "$site/activate.php?user=$getuser&code=$code\n";
		 $message .= "You must activate your account to login.";

		 if ( mail($getemail, $subject, $message, $headers)){
		   $errormsg = "You have been registered. In order to complete the registration you must activate your account from the email sent to <b>$getemail</b>";
		   $getuser = "";
		   $getemail = "";
		  }
		  else
		   $errormsg = "An error has occured. Your activation email was not sent.";

		}
		else
		 $errormsg = "An error has occured. Your account was not created.";
	  }
	  else
	   $errormsg = "That email is already in use.";
	  }
	  else
	   $errormsg = "That username is already taken.";
	 mysql_close();
	  }
	  else
		$errormsg = "You must enter a valid email to register.";
	 }
	 else
	   $errormsg = "Your passwords did not match.";
	}
	else
	  $errormsg = "You must retype your password to register.";	  
   }
   else
	 $errormsg = "You must enter your password to register.";
  }
  else
	$errormsg = "You must enter your email to register.";
 }
 else
  $errormsg = "You must enter your username to register.";
}



 $form = "<form action='./register.php' method='post'>
 <table>
 <tr>
<td></td>
 <td><font color='red'>$errormsg</font></td>
 </tr>
 <tr>
<td>Username:</td>
 <td><input type='text' name='user' value='$getuser' /></td>
 </tr>
  <tr>
<td>Email:</td>
 <td><input type='text' name='email' value='$getemail' /></td>
 </tr>
 <tr>
<td>Password:</td>
 <td><input type='password' name='pass' value='' /></td>
 </tr>
 <tr>
<td>Confirm Password:</td>
 <td><input type='password' name='retypepass' value='' /></td>
 </tr>
 <tr>
<td></td>
 <td><input type='submit' name='registerbtn' value='Register' /></td>
 </tr>
 </table>
 </form>";

echo $form;

 ?>




<!-- end .content --></div>
 <div class="footer">
<p>Footer</p>
<!-- end .footer --></div>
 <!-- end .container --></div>
</body>
</html>

Edited by Nightasy

I'm gonna guess that user now exists MORE than one time.

Check your DB.

 

The else you're getting the error from lines up with:

$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
                  $numrows = mysql_num_rows($query);
                  if ($numrows == 1){

 

If $numrows happens to == 2, you're going to get the same error.

Edited by Jessica

The logic of that whole script isn't very user friendly. You should do all your validation at the same time, so you can present the user with all errors simultaneously, with the form fields pre-populated so all they have to do is correct any errors. Expecting someone to keep submitting a form and getting a new error every time is only going to make people leave without finishing the process.

There is currently only one user in the database. The user is a default user that I made to test the database connection file. I tested this register page yesterday after having reported a different error where I had added an s on the end of a function by accident. When I tested it yesterday it worked. Now I can't get it to create a new user and I get that error.

The logic of that whole script isn't very user friendly. You should do all your validation at the same time, so you can present the user with all errors simultaneously, with the form fields pre-populated so all they have to do is correct any errors. Expecting someone to keep submitting a form and getting a new error every time is only going to make people leave without finishing the process.

 

I get that, but the form only has 4 fields. It's a really simple form.

Yep, turns out that was the problem. Everything's working just fine now. Thanks for taking a look anyhow.

 

In essence the code was failing because there was already a user with id of 1 in the data base. So when I tested it yesterday it worked fine because there was no user id 0. Then when I tested it today it was trying to create a user id 1 and there was already a user id 1 so the code was failing. So since it couldnt follow the increment, well, you get the point.

Edited by Nightasy

The only reason why the check would fail with the error message you gave, is if you already had a user with that name in the database. The ID is completely irrelevant as far as the code is concerned.

 

That said, you really should have written your script differently. Not only by utilizing the "exit early" concept, but also divided some of your code into functions. I've done that rewrite for you, more or less, to show you how I'd write something like this:

<?php
error_reporting (E_ALL ^ E_NOTICE);

/**
* Validates the posted data, and saves to database. Returns a form with an error message if fails.
* 
* If saving is successful, it'll redirect to the success page.
* 
* @return string
*/
function Process_Post () {
// TODO: Need to finish the val_username () function.
if (!isset ($_POST['user']) || !$getuser = val_username ($_POST['user'])) {
	$errormsg[] = "You must enter your username to register.";
} else {
	// Used to repopulate the form as validation failed.
	$getuser = $_POST['user'];
}

if (!$getemail = filter_input (INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)) {
	$errormsg[] = "You must enter a valid email address to register.";
} else {
	// Used to repopulate the form as validation failed.
	$getemail = $_POST['email'];
}

if (!isset ($_POST['pass']) || empty ($_POST['pass'])) {
	$errormsg[] = "You must enter your password to register.";
}

if (!isset ($_POST['retypepass']) || empty ($_POST['retypepass'])) {
	$errormsg[] = "You must retype your password to register.";
}

if (!empty ($_POST['pass']) && $_POST['pass'] === $_POST['retypepass']) {
	$errormsg[] = "Your passwords did not match.";
}

require ("./connect/connect.php");

// Create query and prevent SQL injections.
$query = sptrintf ("SELECT * FROM users WHERE username='%s'", mysql_real_escape_string ($getuser));
$query = mysql_query ($query);
$numrows = mysql_num_rows ($query);
if ($numrows == 0) {
	$errormsg[] = "That username is already taken.";
}

// Create query and prevent SQL injections.
$query = sprintf ("SELECT * FROM users WHERE email='%s'", mysql_real_escape_string ($getemail));
$query = mysql_query ($query);
$numrows = mysql_num_rows ($query);
if ($numrows == 0) {
	$errormsg[] = "That email is already in use.";
}

// Show error message and form anew if any validation failed.
if (!empty ($errormsg)) {
	return Create_Form ($errormsg, $getuser, $getemail);
}

// TODO: This needs to be rewritten. This is BAD code! Read linked article.
$password = md5 (md5 ("82dWa89dw7a" . $getpass . "F904Hh88w8hjOoiIilLiI"));

$date = date ("F d, Y");
$code = md5 (rand ());

// Create query and escape output, to prevent SQL injections.
$query = "INSERT INTO users(`username`, `password`, `email`, `status', `code', `date`)\n".
			"VALUES ('%1\$s', '%2\$s', '%3\$s', 0, '%4\$s', '%5\$s')";
$query = sprintf ($query, mysql_real_escape_string ($getuser), mysql_real_escape_string ($password),
						mysql_real_escape_string ($getemail), mysql_real_escape_string ($code), 
						mysql_real_escape_string ($date));
if (!mysql_query ($query)) {
	$errormsg[] = "An error has occured. Your account was not created.";
}

$site = "http://www.editedoutforprivacy.com";
$webmaster = "Nightasy <admin@editedoutforprivacy.com>";
$headers = "From: $webmaster";
$subject = "Activate your account.";
$message = "Thank you for registering at editedoutforprivacy.com. Please click the link below to activate your account.\n";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";

// Send mail, and show error message if it fails.
if (mail ($getemail, $subject, $message, $headers)) {
	$errormsg[] = "An error has occured. Your activation email was not sent.";
	return Create_Form ($errormsg, $getuser, $getemail);
}

// Send user to confirmation page.
header ("Location: ?send=ok");
die ();
}

/**
* Returns the form for user registration, complete with values and messages (if provided).
* 
* $message can be both an array or a string, with the former being error messages and the
* latter being a success message.
* 
* @param mixed[optional] $message = NULL
* @param string[optional] $user = ''
* @param string[optional] $email = ''
*/
function Create_Form ($message = NULL, $user = '', $email = '') {
// Escape output to prevent XSS injections
$user = htmlspecialchars ($user);
$email = htmlspecialchars ($email);

// If message is to be added to form output.
if (!empty ($message)) {
	// Determine whether it's an array or a string.
	if (is_array ($message)) {
		// Array, first escape all output.
		$message = array_map ('htmlspecialchars', $message);

		// Then create an unordered list with all error messages.
		$message = "\n\t<li>".implode ("</li>\n\t<li>", $message)."</li>\n";
		$message = '<ul class="error">'.$message."</ul>\n";
	} else {
		// String, assume it's a success message.
		$message = '<p class="success">'.htmlspecialchars ($message)."</p>\n";
	}
}

// Create and return form to calling function.
return <<<OutForm
$message
<form action="" method="post">
<fieldset>
	<label for="inp_username">Username:</label>
	<input id="inp_username" type="text" name="user" value="$user" />

	<label for="inp_email">Email:</label>
	<input id="inp_email" type="text" name="email" value="$email" />

	<label for="inp_password">Password:</label>
	<input id="inp_password" type="password" name="pass" value="" />

	<label for="inp_confirm">Confirm Password:</label>
	<input id="inp_confirm" type="password" name="retypepass" value="" />
</fieldset>

<fieldset class="buttons">
	<input type="submit" name="registerbtn" value="Register" />
</fieldset>
</form>
OutForm;
}


/**
* Controlling code to determine the current page view's functionality.
*/
if ($_POST['registerbtn']) {
// Content has been posted, check it and save form if validation fails.
$form = Process_Post ();
} elseif (isset ($_GET['send']) && $_GET['send'] == 'ok') {
// User has successfully registered, show message.
$message = "You have been registered. In order to complete the registration you must activate your account from the email sent to your e-mail account.";	
$form = Create_Form ($message);	
} else {
// No action taken yet, show empty form.
$form = Create_Form ();
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"]http://www.w3.org/TR...ransitional.dtd[/url]">
<html xmlns="[url="http://www.w3.org/1999/xhtml"]http://www.w3.org/1999/xhtml[/url]">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>

<link href="CSS/oneColFixCtrHdr.css" rel="stylesheet" type="text/css" />

<style type="text/css">
body {
background-attachment: fixed;
background-image: url(Images/MainBackground.jpg);
background-repeat: no-repeat;
background-position: center center;
}
</style>

</head>
<body>

<div class="container">
<div class="header">
	<img src="Images/SiteHeaderComplete.jpg" width="960" height="256" />
</div>

<div class="content">
<?php echo $form; ?>
</div>

<div class="footer">
	<p>Footer</p>
</div>
</div>

</body>
</html>

 

Not quite complete, and untested, but should get you on your way.

Also, as noted in one of the comments, I strongly recommend that you read this article about secure login systems.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.