Jump to content

In Need Of Some Help Here (User Registration Scripts)

Ohmsford

By Ohmsford
in PHP Coding Help

 Share

Recommended Posts

Ohmsford Newbie

Ohmsford

Posted
Posted

So, I am in like serious need of some help. I have two scripts that are supposed to fully register a user into a database whilst still checking and validating the form. Here is what I've got so far:

 

register.php (The Registration Form)

 

<?php //starts the PHP file

$health = "100/100";
$money = "1000 Gold";
$account = "1";
?>

<html>
<head>
<title>Register Your Character</title>
</head>
<body>
<h1>Register</h1>
<br />
<font color="orangered"><b>*</b></font> Denotes Required Field
<br>
<br>
<table border=0>
<form action="insert_register.php" method="post">
<tr>
  <td width=100 bgcolor="DCDCDC">First Name:</td>
  <td width=100 bgcolor="DCDCDC"><input type="text" name="fname" maxlength="32">
  <td width=5><font color="orangered"><b>*</b></font>
</tr>
<tr>
  <td width=100 bgcolor="DCDCDC">Last Name:</td>
  <td width=100 bgcolor="DCDCDC"><input type="text" name="lname" maxlength="32">
  <td width=5><font color="orangered"><b>*</b></font>
</tr>
<tr>
  <td width=100 bgcolor="DCDCDC">Gender:</td>
  <td width=100 bgcolor="DCDCDC"><input type="text" name="gender" value="Male Or Female"></td>
</tr>
<tr>
  <td> </td>
</tr>
<tr>
  <td width=210>The first and last name are required for user authentication. You will also have an IP tracker from now on to start preventing hacking.</td>
</tr>
<tr>
  <td> </td>
  <td> </td>
</tr>
<tr>
  <td width=100> User Details </td>
</tr>
<tr>
  <td width=100 bgcolor="DCDCDC">User Name:
  <td width=100 bgcolor="DCDCDC"><input type="text" name="uname" maxlength="15">
  <td width=10><font color="orangered"><b>*</b></font></td>
</tr>
<tr>
  <td width=100 bgcolor="DCDCDC">Password:
  <td width=100 bgcolor="DCDCDC"><input type="password" name="pword1" maxlength="7">
  <td width=5><font color="orangered"><b>*</b></font></td>
</tr>
<tr>
  <td width=100 bgcolor="DCDCDC">Repeat Password:
  <td width=100 bgcolor="DCDCDC"><input type="password" name="pword2" maxlength="7">
  <td width=5><font color="orangered"><b>*</b></font></td>
</tr>
<tr>
  <td> </td>
</tr>
<tr>
  <td width=210>Please choose a race from the selection below after reading the small profiles on them, and write down your reason why you should be in that usergroup.</td>
</tr>
<tr> 
  <td> </td>
</tr>
<tr>
  <td width=210><font color="red"><b>The Orcs</b></font>:<br>The Orcs are a raving campaign of mongrels who plan on overthrowing the world.</td>
  <td width=210><font color="green"><b>The Elves</b></font>:<br>The Elves are a small group of archers and earth scientists who love the earth.</td>
  <td width=210><font color="blue"><b>The Humans</b></font>:<br>The Humans are the off-side neutral group of people. They are hated by all other races.</td>
  <td width=210><font color="gray"><b>The Undead</b></font>:<br>The Undead are a secretive group of evil, vicous, undead beings who plan on killing all races.</td>
</tr>
<tr>
  <td> </td>
</tr>
<tr>
  <td width=100 bgcolor="DCDCDC">Race:
  <td width=100 bgcolor="DCDCDC"><select name="race"><option>The Orcs</option><option>The Elves</option><option>The Humans</option><option>The Undead</option></select>
  <td width=10><font color="orangered"><b>*</b></font></td>
</tr>
<tr>
  <td width=210 bgcolor="DCDCDC">Your Reason: <br> <textarea name="reason" cols=30 rows=5></textarea></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
  <td><font color="green"><?php print $health; ?> Health</td>
</tr>
<tr>
  <td><font color="gold"><?php print $money; ?></td>
</tr>
<tr>
  <td><input type="submit" value="Register"><input type="reset" value="Reset"></td>
</tr>
</form>
</table>
</body>
</html>

 

insert_register.php

 

<?php //starts the PHP file
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$gender = $_POST["gender"];
$uname = $_POST["uname"];
$pword1 = $_POST["pword1"];
$pword2 = $_POST["pword2"];
$race = $_POST["race"];
$reason = $_POST["reason"];
$money = "1000 Gold";
$health = "100/100";
$account = "1";

if ($pword1 != $pword2) { 
print "Passwords Don't match";
}

$fname = stripslashes($fname);
$lname = stripslashes($lname);
$gender = stripslashes($gender);
$uname = stripslashes($uname);
$reason = stripslashes($reason);

mysql_connect("localhost","dreamwarp_userlogin","*********"); //(host, username, password)

mysql_select_db("dreamwarp_login") or die("Unable to select database"); //select which database we're using

$sql = mysql_query("SELECT * FROM login WHERE UserName='$uname'");
   $result = mysql_num_rows($sql);

   if($result !== 0){
echo "The username you have chosen has already been taken!";
     }


$query = 'INSERT INTO login VALUES ('$fname','$lname','$gender','$uname','$pword1','$race','$reason','$money','$health','$account',")';

mysql_query($query) or die(mysql_error());

?>

 

Could you go over that real quick and let me know what I did wrong? Because when I insert all my answers into the forms and click register, it goes to the page but doesn't show anything. Just a blank page. So I thought, "Hey! No error messages!" which I thought would come up. But when I went to see if any input was inserted into the database, I got nothing. So something must be wrong was possibly the query, although its my first time working on validating forms and doing the stripslashes thing so I may have screwed up there somehow also. If you could be so kind to work this out for me and help me through it, I would owe you like my firstborn or something. :P

per1os Member

per1os

Posted
Posted 

<?php
$query = "INSERT INTO login VALUES ('$fname','$lname','$gender','$uname','$pword1','$race','$reason','$money','$health','$account',")";
?>

 

Syntax errors do not help, I would suggest looking at the www.php.net/error_reporting and www.php.net/ini_set functions. Your error reporting is turned off completely.

per1os Member

per1os

Posted
Posted

That and on a side note, you are leaving yourself oopen to a ton of vunerabilities with that stripslashes code, instead use this.

 

<?php
function myEscape($string) {
       return  get_magic_quotes_gpc()?addcslashes(stripslashes ($string), "\x00\n\are\\'\"\x1a" ):addcslashes($string, "\x00\n\are\\'\"\x1a" );
}
?>

 

Either that or remove the stripslashes part. The slashes help prevent you from SQL injection, removing them and inserting data directly into the DB someone can do some bad stuff, such as delete all your records etc.

 

SQL Injection is something I would read up on.

Ohmsford Newbie

Ohmsford

Posted
  • Author
Posted

Okay, Okay. I'll look into that. (I know SQL Injection for a friend of mine completely destroyed a site once with it...>.>) Sorry for imposing on your time though, I feel like the biggest n00b in the world. :P

 

So with the myEscape($string) part. Is there anything I need to do to the $string variable? like change it to one of my needed variables?

 

 

But I would also like to thank you for helping me. :D

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.