dekon Posted March 5, 2013 Share Posted March 5, 2013 hi i keep getting help with my register page where i want users to register their details on my site could someone please help me about where i am going wrong with my code thanks <?php include 'mysql.php'; include 'header.php'; echo '<h3>Sign Up</h3>'; { if($_SERVER['REQUEST_METHOD'] != 'POST') echo '<form method="post" action=""> Username: <input type="text" name="username" /></p> Password: <input type="password" name="password"></p> Password again: <input type="password" name="pass_check"></p> Univeristy E-mail: <input type="email" name="email"></p> University: <input type="text" name="university"></p> <input type="submit" value="Add category" /></p> </form>'; } else { $errors = array(); if(isset($_POST['username'])) { //the user name exists if(!ctype_alnum($_POST['username'])) { $errors[] = 'The username can only contain letters and digits.'; } if(strlen($_POST['username']) > 30) { $errors[] = 'The username cannot be longer than 30 characters.'; } } else { $errors[] = array(); if(isset($_POST['university'])) { if(!ctype_alpha($_POST['username'])) { $errors[] = 'university name can only contain letters and digits.'; } if(strlen($_POST['username']) > 30) { $errors[] = 'The username cannot be longer than 30 characters.'; } } else { $errors[] = 'The username field must not be empty.'; } if(isset($_POST['password'])) { if($_POST['password'] != $_POST['pass_check']) { $errors[] = 'The two passwords did not match.'; } } else { $errors[] = 'The password field cannot be empty.'; } if(!empty($errors)) { echo 'Uh-oh.. a couple of fields are not filled in correctly..'; echo '<ul>'; foreach($errors as $key => $value) { echo '<li>' . $value . '</li>'; } echo '</ul>'; } else { // sha1 hashes the passowrd to give the form some security //and with the use of the escape query helps secure the site from being easily hacked $sql = "INSERT INTO users(username, password, email ,user_date, user_level, university) VALUES('" . mysql_real_escape_string($_POST['username']) . "', '" . sha1($_POST['password']) . "', '" . mysql_real_escape_string($_POST['email']) . "', '" .($_POST['university']) . "', NOW(), 0)"; $result = mysql_query($sql); if(!$result) { echo 'error please try again later.'; } else { echo 'Successfully registered. You can now <a href="signin.php">sign in</a>'; } } } include 'footer.php'; ?> Link to comment https://forums.phpfreaks.com/topic/275282-need-help-with-my-register-page/ Share on other sites More sharing options...
Psycho Posted March 5, 2013 Share Posted March 5, 2013 What problems are you having? Link to comment https://forums.phpfreaks.com/topic/275282-need-help-with-my-register-page/#findComment-1416776 Share on other sites More sharing options...
Psycho Posted March 5, 2013 Share Posted March 5, 2013 Looking through that code there are a ton of problems. Most/all of them are from not paying attention to what you are doing. For example, look at your query: $sql = "INSERT INTO users(username, password, email ,user_date, user_level, university) VALUES('" . mysql_real_escape_string($_POST['username']) . "', '" . sha1($_POST['password']) . "', '" . mysql_real_escape_string($_POST['email']) . "', '" .($_POST['university']) . "', NOW(), 0)"; Look at the order of the fields that you list, then look at the order of the values. They do not match up. But, I doubt you are even getting that far because of issues in the validation logic. Here is a complete rewrite of your page. I don't guarantee it will work as I did not test it, but it will get you going in the right direction <?php include 'mysql.php'; //Preprocess input data (if posted) also used for form repopulation $username = isset($_POST['username']) ? trim($_POST['username']) : ''; $email = isset($_POST['email']) ? trim($_POST['email']) : ''; $university = isset($_POST['university']) ? trim($_POST['university']) : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $pass_check = isset($_POST['pass_check']) ? $_POST['pass_check'] : ''; //Create variable to hold error message $errorMsg = ''; //Check if form was posted if($_SERVER['REQUEST_METHOD'] == 'POST') { //Create array to hold errors $errors = array(); //Username validation if(empty($username)) { $errors[] = 'The username field must not be empty.'; } if(!ctype_alnum($username)) { $errors[] = 'The username can only contain letters and digits.'; } if(strlen($_POST['username']) > 30) { $errors[] = 'The username cannot be longer than 30 characters.'; } //University validation if(!ctype_alpha($university)) { $errors[] = 'The university name can only contain letters and digits.'; } if(strlen($university) > 30) { $errors[] = 'The university name cannot be longer than 30 characters.'; } //Password validation if(empty($password)) { $errors[] = 'The password field cannot be empty.'; } elseif($password != $pass_check) { $errors[] = 'The two passwords did not match.'; } //Check if there were errors if(!empty($errors)) { $errorMsg .= "Uh-oh.. a couple of fields are not filled in correctly...<br>\n"; $errorMsg .= "<ul>\n"; foreach($errors as $err) { $errorMsg .= "<li>{$err}</li>\n"; } $errorMsg .= "</ul>\n"; } else { //No errors attempt to create record //sha1 alone is NOT a good method of securing the password $sql = sprintf("INSERT INTO users (username, password, email ,user_date, user_level, university) VALUES('%s', '%s', '%s', '%s', NOW(), 0)", mysql_real_escape_string($username), sha1($password), mysql_real_escape_string($email) mysql_real_escape_string($university); $result = mysql_query($sql); //Check result of query if(!$result) { //Error running query to insert record echo 'Error creating record. Please try again later.'; //Uncomment the following line for debuggin purposes //echo 'Query: $sql <br> Error: ' . mysql_error(); exit(); } else { //Record created successfully echo 'Successfully registered. You can now <a href="signin.php">sign in</a>'; exit(); } } } ?> <?php include 'header.php'; ?> <?php echo $errorMsg; ?> <h3>Sign Up</h3> <form method="post" action=""> Username: <input type="text" name="username" value="<?php echo $username; ?>" /></p> Password: <input type="password" name="password" /></p> Password again: <input type="password" name="pass_check" /></p> Univeristy E-mail: <input type="email" name="email" value="<?php echo $email; ?>" ></p> University: <input type="text" name="university" value="<?php echo $university; ?>" ></p> <input type="submit" value="Add category" /></p> </form> <?php include 'footer.php'; ?> Link to comment https://forums.phpfreaks.com/topic/275282-need-help-with-my-register-page/#findComment-1416789 Share on other sites More sharing options...
dekon Posted March 5, 2013 Author Share Posted March 5, 2013 when using your code i got the following syntax error, unexpected '$result' Link to comment https://forums.phpfreaks.com/topic/275282-need-help-with-my-register-page/#findComment-1416793 Share on other sites More sharing options...
Psycho Posted March 7, 2013 Share Posted March 7, 2013 Here is a complete rewrite of your page. I don't guarantee it will work as I did not test it, but it will get you going in the right direction Link to comment https://forums.phpfreaks.com/topic/275282-need-help-with-my-register-page/#findComment-1417126 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.