Jump to content

need help with my register page

dekon

By dekon
in PHP Coding Help

 Share

Recommended Posts

dekon Newbie

dekon

Posted
Posted

hi i keep getting help with my register page where i want users to register their details on my site could someone please help me about where i am going wrong with my code thanks 

 

<?php
include 'mysql.php';
include 'header.php';
echo '<h3>Sign Up</h3>';
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
 echo '<form method="post" action="">
        Username: <input type="text" name="username" /></p> 
        Password: <input type="password" name="password"></p> 
        Password again: <input type="password" name="pass_check"></p>   
        Univeristy E-mail: <input type="email" name="email"></p>   
		University: <input type="text" name="university"></p>  
        <input type="submit" value="Add category" /></p>  
     </form>'; 
	} 
else 
{ 
    $errors = array(); 
    if(isset($_POST['username']))  
    {  
        //the user name exists  
        if(!ctype_alnum($_POST['username']))  
        {  
            $errors[] = 'The username can only contain letters and digits.';  
        }  
        if(strlen($_POST['username']) > 30)  
        {  
            $errors[] = 'The username cannot be longer than 30 characters.';  
        }  
    }  
	else 
	{
		$errors[] = array();
		if(isset($_POST['university']))
		{
			if(!ctype_alpha($_POST['username'])) 
			{
				$errors[] = 'university name can only contain letters and digits.';  
        }  
        if(strlen($_POST['username']) > 30)  
        {  
            $errors[] = 'The username cannot be longer than 30 characters.';  
        }  
    }  


    else  
    {  
        $errors[] = 'The username field must not be empty.';  
    }  
    if(isset($_POST['password']))  
    {  
        if($_POST['password'] != $_POST['pass_check'])  
        {  
            $errors[] = 'The two passwords did not match.';  
        }  
    }  
    else  
    {  
        $errors[] = 'The password field cannot be empty.';  
    }  
    if(!empty($errors)) 
    {  
        echo 'Uh-oh.. a couple of fields are not filled in correctly..'; 
        echo '<ul>'; 
        foreach($errors as $key => $value) 
        { 
            echo '<li>' . $value . '</li>';
        } 
        echo '</ul>'; 
    } 
    else 
    { 
 // sha1 hashes the passowrd to give the form some security 
	  //and with the use of the escape query helps secure the site from being easily hacked
 $sql = "INSERT INTO 
                    users(username, password, email ,user_date, user_level, university) 
                VALUES('" . mysql_real_escape_string($_POST['username']) . "', 
                       '" . sha1($_POST['password']) . "',				
                       '" . mysql_real_escape_string($_POST['email']) . "', 
					   '" .($_POST['university']) . "',   
                        NOW(), 
                        0)";
					 $result = mysql_query($sql);  
        if(!$result)  
        {  
            echo 'error please try again later.'; 
            
        } 
        else 
        { 
            echo 'Successfully registered. You can now <a href="signin.php">sign in</a>'; 
        } 
    } 
} 
include 'footer.php';  
?>

 

 

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

Looking through that code there are a ton of problems. Most/all of them are from not paying attention to what you are doing. For example, look at your query:

 

$sql = "INSERT INTO
users(username, password, email ,user_date, user_level, university)
VALUES('" . mysql_real_escape_string($_POST['username']) . "',
'" . sha1($_POST['password']) . "',                
'" . mysql_real_escape_string($_POST['email']) . "',
                     '" .($_POST['university']) . "',
NOW(),
0)";

 

Look at the order of the fields that you list, then look at the order of the values. They do not match up. But, I doubt you are even getting that far because of issues in the validation logic.

 

Here is a complete rewrite of your page. I don't guarantee it will work as I did not test it, but it will get you going in the right direction

 

<?php
include 'mysql.php';

//Preprocess input data (if posted) also used for form repopulation
$username = isset($_POST['username']) ? trim($_POST['username']) : '';
$email = isset($_POST['email']) ? trim($_POST['email']) : '';
$university = isset($_POST['university']) ? trim($_POST['university']) : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$pass_check = isset($_POST['pass_check']) ? $_POST['pass_check'] : '';

//Create variable to hold error message
$errorMsg = '';

//Check if form was posted
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    //Create array to hold errors
    $errors = array();

    //Username validation
    if(empty($username))  
    {
        $errors[] = 'The username field must not be empty.';  
    }
    if(!ctype_alnum($username))
    {
        $errors[] = 'The username can only contain letters and digits.';
    }
    if(strlen($_POST['username']) > 30)  
    {  
        $errors[] = 'The username cannot be longer than 30 characters.';  
    }

    //University validation
    if(!ctype_alpha($university))
    {
        $errors[] = 'The university name can only contain letters and digits.';  
    }  
    if(strlen($university) > 30)  
    {  
        $errors[] = 'The university name cannot be longer than 30 characters.';  
    }  
 
    //Password validation
    if(empty($password))
    {  
        $errors[] = 'The password field cannot be empty.';  
    }
    elseif($password != $pass_check)  
    {  
        $errors[] = 'The two passwords did not match.';  
    }

    //Check if there were errors
    if(!empty($errors))
    {
        $errorMsg .= "Uh-oh.. a couple of fields are not filled in correctly...<br>\n";
        $errorMsg .= "<ul>\n";
        foreach($errors as $err)
        {
            $errorMsg .= "<li>{$err}</li>\n";
        }
        $errorMsg .= "</ul>\n";
    }
    else
    {
        //No errors attempt to create record

        //sha1 alone is NOT a good method of securing the password
        $sql = sprintf("INSERT INTO users
                        (username, password, email ,user_date, user_level, university)
                        VALUES('%s', '%s', '%s', '%s', NOW(), 0)",
                        mysql_real_escape_string($username),
                        sha1($password),
                        mysql_real_escape_string($email)
                        mysql_real_escape_string($university);
        $result = mysql_query($sql);

        //Check result of query
        if(!$result)  
        {
            //Error running query to insert record
            echo 'Error creating record. Please try again later.';
            //Uncomment the following line for debuggin purposes
            //echo 'Query: $sql <br> Error: ' . mysql_error();
            exit();
            
        }
        else
        {
            //Record created successfully
            echo 'Successfully registered. You can now <a href="signin.php">sign in</a>';
            exit();
        }
    }
}
 
?>
<?php include 'header.php'; ?>
<?php echo $errorMsg; ?>
<h3>Sign Up</h3>
<form method="post" action="">
    Username: <input type="text" name="username" value="<?php echo $username; ?>" /></p>
    Password: <input type="password" name="password" /></p>
    Password again: <input type="password" name="pass_check" /></p>
    Univeristy E-mail: <input type="email" name="email" value="<?php echo $email; ?>" ></p>
    University: <input type="text" name="university" value="<?php echo $university; ?>" ></p>
    <input type="submit" value="Add category" /></p>
</form>
<?php include 'footer.php';  ?>
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.