Jump to content

problem with adding new user

Ameslee

By Ameslee
in PHP Coding Help

Recommended Posts

Ameslee Member

Ameslee

Posted
Posted

Ok i have a problem with some code.  It creates new users so they can login to the maintenance pages for a site.  I add a new user and it automatically makes the username administrator.  thats the problem it shouldnt be doing that... here is the code that adds the user

 

add_user1.php

<?php
session_start();
include ("checklow.inc");
?>
<html>
<head>
<title>Add User</title>
</head>

<body bgcolor="#CCCCFE">
<FORM METHOD=POST ACTION="add_user2.php">
<h2>Add User</h3>
<table>
All fields must be filled in.
<tr>
<td>Username
<td><input type="text" Name="username">

<tr>
<td>Password
<td><input type="text" Name="password">

<tr>
<td>Level 
<td><input type="text" Name="level">
Enter <b>high</b> or <b>low</b>, depending on the amount of access permitted for the user
</table>
<p>
<input type="submit" value="Add">
</form>
</body>
</html>

add_user2.php

 

<?php
session_start();
include ("checklow.inc");
include("database.inc");
?>


<?php
$query = "insert login(username,password,level)VALUES('$username','$password','$level')";
//echo $query;
mysql_query ($query) or print mysql_error();

?>

<html>
<head>
<title>Add User</title>
<body bgcolor="#CCCCFE">
User Added
<p><a href="index.php">Main Menu</a>
</body>
</html>

hope someone can help me

 

thanks

Link to comment
https://forums.phpfreaks.com/topic/37547-problem-with-adding-new-user/
Share on other sites
Jessica Advanced Member

Jessica

Posted
Posted

$query = "insert login(username,password,level)VALUES('$username','$password','$level')";

 

You're using the variable $username without ever defining it. This indicates you have register_globals on, which is a security no-no.

 

This also means if you have $_SESSION['username'], that will overwrite the $_POST['username']. Are you administrator? That's where it's getting that from.

 

Instead of using variables without declaring them, you need to do $username = $_POST['username'];

 

You also need to read up on PHP security, things like SQL injection, and how to code without R_G.

Ameslee Member

Ameslee

Posted
  • Author
Posted

$query = "insert login(username,password,level)VALUES('$username','$password','$level')";

 

You're using the variable $username without ever defining it. This indicates you have register_globals on, which is a security no-no.

 

This also means if you have $_SESSION['username'], that will overwrite the $_POST['username']. Are you administrator? That's where it's getting that from.

 

Instead of using variables without declaring them, you need to do $username = $_POST['username'];

 

You also need to read up on PHP security, things like SQL injection, and how to code without R_G.

 

ok ur saying that because i have signed in as the administrator its kept that in memory and now that im making a new user its just doing it automatically.  So i went to my login script - processlogin_script.php.  I already have this $username = $_POST['username']; in there the only difference being $username = trim($_POST['username']);

 

yes i am the administrator. so i really dont know what to do.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.