Jump to content

problem with adding new user


Ameslee

Recommended Posts

Ok i have a problem with some code.  It creates new users so they can login to the maintenance pages for a site.  I add a new user and it automatically makes the username administrator.  thats the problem it shouldnt be doing that... here is the code that adds the user

 

add_user1.php

<?php
session_start();
include ("checklow.inc");
?>
<html>
<head>
<title>Add User</title>
</head>

<body bgcolor="#CCCCFE">
<FORM METHOD=POST ACTION="add_user2.php">
<h2>Add User</h3>
<table>
All fields must be filled in.
<tr>
<td>Username
<td><input type="text" Name="username">

<tr>
<td>Password
<td><input type="text" Name="password">

<tr>
<td>Level 
<td><input type="text" Name="level">
Enter <b>high</b> or <b>low</b>, depending on the amount of access permitted for the user
</table>
<p>
<input type="submit" value="Add">
</form>
</body>
</html>

add_user2.php

 

<?php
session_start();
include ("checklow.inc");
include("database.inc");
?>


<?php
$query = "insert login(username,password,level)VALUES('$username','$password','$level')";
//echo $query;
mysql_query ($query) or print mysql_error();

?>

<html>
<head>
<title>Add User</title>
<body bgcolor="#CCCCFE">
User Added
<p><a href="index.php">Main Menu</a>
</body>
</html>

hope someone can help me

 

thanks

Link to comment
Share on other sites

$query = "insert login(username,password,level)VALUES('$username','$password','$level')";

 

You're using the variable $username without ever defining it. This indicates you have register_globals on, which is a security no-no.

 

This also means if you have $_SESSION['username'], that will overwrite the $_POST['username']. Are you administrator? That's where it's getting that from.

 

Instead of using variables without declaring them, you need to do $username = $_POST['username'];

 

You also need to read up on PHP security, things like SQL injection, and how to code without R_G.

Link to comment
Share on other sites

$query = "insert login(username,password,level)VALUES('$username','$password','$level')";

 

You're using the variable $username without ever defining it. This indicates you have register_globals on, which is a security no-no.

 

This also means if you have $_SESSION['username'], that will overwrite the $_POST['username']. Are you administrator? That's where it's getting that from.

 

Instead of using variables without declaring them, you need to do $username = $_POST['username'];

 

You also need to read up on PHP security, things like SQL injection, and how to code without R_G.

 

ok ur saying that because i have signed in as the administrator its kept that in memory and now that im making a new user its just doing it automatically.  So i went to my login script - processlogin_script.php.  I already have this $username = $_POST['username']; in there the only difference being $username = trim($_POST['username']);

 

yes i am the administrator. so i really dont know what to do.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.