Jump to content

need help with my register page

dekon

By dekon
in PHP Coding Help

Recommended Posts

dekon Newbie

dekon

Posted
Posted

hi i keep getting help with my register page where i want users to register their details on my site could someone please help me about where i am going wrong with my code thanks 

 

<?php
include 'mysql.php';
include 'header.php';
echo '<h3>Sign Up</h3>';
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
 echo '<form method="post" action="">
        Username: <input type="text" name="username" /></p> 
        Password: <input type="password" name="password"></p> 
        Password again: <input type="password" name="pass_check"></p>   
        Univeristy E-mail: <input type="email" name="email"></p>   
		University: <input type="text" name="university"></p>  
        <input type="submit" value="Add category" /></p>  
     </form>'; 
	} 
else 
{ 
    $errors = array(); 
    if(isset($_POST['username']))  
    {  
        //the user name exists  
        if(!ctype_alnum($_POST['username']))  
        {  
            $errors[] = 'The username can only contain letters and digits.';  
        }  
        if(strlen($_POST['username']) > 30)  
        {  
            $errors[] = 'The username cannot be longer than 30 characters.';  
        }  
    }  
	else 
	{
		$errors[] = array();
		if(isset($_POST['university']))
		{
			if(!ctype_alpha($_POST['username'])) 
			{
				$errors[] = 'university name can only contain letters and digits.';  
        }  
        if(strlen($_POST['username']) > 30)  
        {  
            $errors[] = 'The username cannot be longer than 30 characters.';  
        }  
    }  


    else  
    {  
        $errors[] = 'The username field must not be empty.';  
    }  
    if(isset($_POST['password']))  
    {  
        if($_POST['password'] != $_POST['pass_check'])  
        {  
            $errors[] = 'The two passwords did not match.';  
        }  
    }  
    else  
    {  
        $errors[] = 'The password field cannot be empty.';  
    }  
    if(!empty($errors)) 
    {  
        echo 'Uh-oh.. a couple of fields are not filled in correctly..'; 
        echo '<ul>'; 
        foreach($errors as $key => $value) 
        { 
            echo '<li>' . $value . '</li>';
        } 
        echo '</ul>'; 
    } 
    else 
    { 
 // sha1 hashes the passowrd to give the form some security 
	  //and with the use of the escape query helps secure the site from being easily hacked
 $sql = "INSERT INTO 
                    users(username, password, email ,user_date, user_level, university) 
                VALUES('" . mysql_real_escape_string($_POST['username']) . "', 
                       '" . sha1($_POST['password']) . "',				
                       '" . mysql_real_escape_string($_POST['email']) . "', 
					   '" .($_POST['university']) . "',   
                        NOW(), 
                        0)";
					 $result = mysql_query($sql);  
        if(!$result)  
        {  
            echo 'error please try again later.'; 
            
        } 
        else 
        { 
            echo 'Successfully registered. You can now <a href="signin.php">sign in</a>'; 
        } 
    } 
} 
include 'footer.php';  
?>

 

 

Link to comment
https://forums.phpfreaks.com/topic/275282-need-help-with-my-register-page/
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

Looking through that code there are a ton of problems. Most/all of them are from not paying attention to what you are doing. For example, look at your query:

 

$sql = "INSERT INTO
users(username, password, email ,user_date, user_level, university)
VALUES('" . mysql_real_escape_string($_POST['username']) . "',
'" . sha1($_POST['password']) . "',                
'" . mysql_real_escape_string($_POST['email']) . "',
                     '" .($_POST['university']) . "',
NOW(),
0)";

 

Look at the order of the fields that you list, then look at the order of the values. They do not match up. But, I doubt you are even getting that far because of issues in the validation logic.

 

Here is a complete rewrite of your page. I don't guarantee it will work as I did not test it, but it will get you going in the right direction

 

<?php
include 'mysql.php';

//Preprocess input data (if posted) also used for form repopulation
$username = isset($_POST['username']) ? trim($_POST['username']) : '';
$email = isset($_POST['email']) ? trim($_POST['email']) : '';
$university = isset($_POST['university']) ? trim($_POST['university']) : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$pass_check = isset($_POST['pass_check']) ? $_POST['pass_check'] : '';

//Create variable to hold error message
$errorMsg = '';

//Check if form was posted
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    //Create array to hold errors
    $errors = array();

    //Username validation
    if(empty($username))  
    {
        $errors[] = 'The username field must not be empty.';  
    }
    if(!ctype_alnum($username))
    {
        $errors[] = 'The username can only contain letters and digits.';
    }
    if(strlen($_POST['username']) > 30)  
    {  
        $errors[] = 'The username cannot be longer than 30 characters.';  
    }

    //University validation
    if(!ctype_alpha($university))
    {
        $errors[] = 'The university name can only contain letters and digits.';  
    }  
    if(strlen($university) > 30)  
    {  
        $errors[] = 'The university name cannot be longer than 30 characters.';  
    }  
 
    //Password validation
    if(empty($password))
    {  
        $errors[] = 'The password field cannot be empty.';  
    }
    elseif($password != $pass_check)  
    {  
        $errors[] = 'The two passwords did not match.';  
    }

    //Check if there were errors
    if(!empty($errors))
    {
        $errorMsg .= "Uh-oh.. a couple of fields are not filled in correctly...<br>\n";
        $errorMsg .= "<ul>\n";
        foreach($errors as $err)
        {
            $errorMsg .= "<li>{$err}</li>\n";
        }
        $errorMsg .= "</ul>\n";
    }
    else
    {
        //No errors attempt to create record

        //sha1 alone is NOT a good method of securing the password
        $sql = sprintf("INSERT INTO users
                        (username, password, email ,user_date, user_level, university)
                        VALUES('%s', '%s', '%s', '%s', NOW(), 0)",
                        mysql_real_escape_string($username),
                        sha1($password),
                        mysql_real_escape_string($email)
                        mysql_real_escape_string($university);
        $result = mysql_query($sql);

        //Check result of query
        if(!$result)  
        {
            //Error running query to insert record
            echo 'Error creating record. Please try again later.';
            //Uncomment the following line for debuggin purposes
            //echo 'Query: $sql <br> Error: ' . mysql_error();
            exit();
            
        }
        else
        {
            //Record created successfully
            echo 'Successfully registered. You can now <a href="signin.php">sign in</a>';
            exit();
        }
    }
}
 
?>
<?php include 'header.php'; ?>
<?php echo $errorMsg; ?>
<h3>Sign Up</h3>
<form method="post" action="">
    Username: <input type="text" name="username" value="<?php echo $username; ?>" /></p>
    Password: <input type="password" name="password" /></p>
    Password again: <input type="password" name="pass_check" /></p>
    Univeristy E-mail: <input type="email" name="email" value="<?php echo $email; ?>" ></p>
    University: <input type="text" name="university" value="<?php echo $university; ?>" ></p>
    <input type="submit" value="Add category" /></p>
</form>
<?php include 'footer.php';  ?>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.