Jump to content

Php

G3NERALCHRIS

By G3NERALCHRIS
in PHP Coding Help

 Share

Recommended Posts

G3NERALCHRIS Newbie

G3NERALCHRIS

Posted
Posted

I have created a add-login.php and add-reg.php. I'm trying to figure out why it doesn't say to my table in mysql.

Add login below.

<!DOCTYPE html>
<html>
<head>
<title>Home Page</title>

<style type="text/css">
@import url("templatemo_style.css");
</style>
</head>
<body>
	<div id="page">
		<div id="logo">
		</div>
<html>
<body>
<p align="center"><a href="add-reg.php">Register</a>, or enter your user name and password:</p>

<form action="index.html" method="post">
		
		<p align="center"> Username: <input type = "text" name="User"><br>
		<p align="center"> Password: <input type = "password" name="Pass"><br>
		<br>
		</br>
		<input type="submit" value="Login"/>
		<input type="reset">

</form>
</body>
</html>
</body>
</html>

add-reg.php

<!DOCTYPE html>
<html>
<head>
<title>Home Page</title>

<style type="text/css">
@import url("templatemo_style.css");
</style>
</head>
<body>
<div id="page">
<div id="logo"></div>
<?php 
$host= "localhost";
$user = "root";
$passwd = "";
$database = "test";
$tbl_name = "PASS";

 mysql_connect($host, $user, $passwd) or die(mysql_error()); 
 mysql_select_db("test") or die(mysql_error()); 
 
 
 //This code runs if the form has been submitted
 if (isset($_POST['submit'])) { 
 
 //This makes sure they did not leave any fields blank
 if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
  die('You did not complete all of the required fields, please go back, and complete the missing fields!');
  }
  
 // checks if the username is in use
  if (!get_magic_quotes_gpc()) {
  $_POST['username'] = addslashes($_POST['username']);
  }
 $usercheck = $_POST['username'];
 $check = mysql_query("SELECT username FROM PASS WHERE username = '$usercheck'") 
or die(mysql_error());
 $check2 = mysql_num_rows($check);
 
 //if the name exists it gives an error
 if ($check2 != 0) {
  die('Sorry, the username '.$_POST['username'].' is already in use.');
  }
 
 // this makes sure both passwords entered match
  if ($_POST['pass'] != $_POST['pass2']) {
  die('Your passwords did not match. ');
  }
  
  // here we encrypt the password and add slashes if needed
  $_POST['pass'] = md5($_POST['pass']);
  if (!get_magic_quotes_gpc()) {
  $_POST['pass'] = addslashes($_POST['pass']);
  $_POST['username'] = addslashes($_POST['username']);
  }
  
 // now we insert it into the database
  $insert = "INSERT INTO PASS (username, password)
  VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
  $add_member = mysql_query($insert);
  ?>

 <h1>Registered</h1>

 <p>Thank you very much, you have registered - you may now <a href="add-login.php">login</a>.</p>

 <?php 
 } 
 else 
 { 
 ?>

 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

 <table border="0">
 
 <tr><td colspan=2><h1>Register to access the website.</h1></td></tr> 

 <tr><td>Username:</td><td><br>

 <input type="text" name="username" maxlength="60">

 </td></tr>

 <tr><td>Password:</td><td><br>

 <input type="password" name="pass" maxlength="10">

 </td></tr>

 <tr><td>Confirm Password:</td><td><br>

 <input type="password" name="pass2" maxlength="10">

 </td></tr>

 <tr><th colspan=0><input type="submit" name="submit" 
value="Register"></th></tr> </table>

 </form>


 <?php
 }
 ?>
Link to comment
Share on other sites
cyberRobot Prolific Member

cyberRobot

Posted
Posted

I'm not sure I follow your question, but I noticed the username form field is named "User":

<input type = "text" name="User">

And the script that processes the form uses "username":

$_POST['username'] = addslashes($_POST['username']);
 
Those names need to match.
 
 
Also note that addslashes() is meant for protecting your database from SQL injections. You should use mysql_real_escape_string() instead. More information can be found here:
 
Of course, it should be said that the mysql_* functions have been deprecated. If you haven't done so already, you need to look into PDO or MySQLi. More information can be found here:
 
Lastly, you'll want to avoid using the raw value from PHP_SELF for a form's action attribute. It makes your page susceptible to XSS attacks. More information about the attacks and how to change the attribute can be found here:
Link to comment
Share on other sites
Strider64 Advanced Member

Strider64

Posted
Posted 
/* Get the path and filename that you are currently on. */
$phpSelf = filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL);
$path_parts = pathinfo($phpSelf);
$basename = $path_parts['basename'];

This is one way of making PHP_SELF safe and to utilize it all you would do something like this:

<form class="formStyle" action="<?php echo $basename; ?>" method="post">

However, if you really just want to be safe then just do this:

<form class="formStyle" action="register.php" method="post">
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.