Jump to content

Registration page conversion attempt

jesushax

By jesushax
in PHP Coding Help

 Share

Recommended Posts

jesushax Advanced Member

jesushax

Posted
Posted

Could someoen tell me if the below is all correct?

 

ive just tried to convert my asp page to php and this is wha ti ahve, it look ok?

 

<?
include("/includes/header.php");

if (@$_GET["mode"] == "add") {
$strUserName = str_replace( "'", "''",@$_POST["txtUserName"]);
$strFirstName = str_replace( "'", "''",@$_POST["txtFirstName"]);
$strlastName = str_replace( "'", "''",@$_POST["txtLastName"]);		
$strTel = str_replace( "'", "''",@$_POST["txtTel"]);
$strHomePage = str_replace( "'", "''",@$_POST["txtHomePage"]);		
$strCompanyName = str_replace( "'", "''",@$_POST["txtCompanyName"]);
$strUserPass = md5 str_replace( "'", "''",@$_POST["txtUserPass"])];
$strEmail = str_replace( "'", "''",@$_POST["txtEmail"]);
$strDate = date("d/m/y");

if ($strUserName == "") {
		echo '<p style="color:#FF0000;">Error: Username Was Left Blank</p>';
			ShowForm(); } 
elseif $strEmail == "") { 
	echo '<p style="color:#FF0000;">Error: Email Was Left Blank</p>';
			ShowForm(); }
} else {

mysql_query("INSERT INTO tblUsers (UserName, UserPassword, UserEmail, UserCompanyName, UserFirstName, UserLastName, UserTel, UserHomePage, UserDateAdded, UserSuspend) 
Values(  '".$strUserName."', '".$strUserPass."', '".$strEmail."', '".$strCompanyName."', '".$strFirstName."', '".$strLastName."', '".$strTel."', '".$strHomePage."', '".$strDate."', '1')");

	mysql_query("SELECT [userName] from tblUsers where UserName = '".$strUserName."'");
	mysql_query("SELECT [userEmail] from tblUsers where UserEmail = '".$strEmail."'");	

mysql_close($con);

		echo " Account has been created.";

	} else {
	echo '<p style="color:#FF0000;">Error: Email Address already Registered.</p>';
			ShowForm();
		}
	} else {
	echo '<p style="color:#FF0000;">Error: Username Taken</p>';
			ShowForm();
	}

}
} 
if (@$_GET["mode"] == "") {
ShowForm();
}

function ShowForm() {
?>

<b>Register for an account</b>
<form id="Profile" method="post" action="/register.php?mode=add">

  <table width="100%" border="0" style="padding:0px; margin:0px;">
    <tr>
      <td>Username: </td>
      <td><input type="text" name="txtUserName" size="50" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input type="password" name="txtUserPass" size="25" /></td>
    </tr>
    <tr>
      <td>Confirm Password:</td>
      <td><input type="password" name="txtUserPass2" size="25" /></td>
    </tr>
    <tr>
      <td>Email Address:</td>
      <td><input type="text" name="txtEmail" size="50" /></td>
    </tr>
    <tr>
      <td>Company Name</td>
      <td><input type="text" name="txtCompanyName"	size="50" /></td>
    </tr>
    <tr>
     <td>First Name:</td>
      <td><table width="100%" border="0" style="padding:0px; margin-left:-3px;">
        <tr>
          <td><input type="text" name="txtFirstName" size="20" /></td>
          <td> 
Last Name:</td>
          <td><input type="text" name="txtLastName" size="20" /></td>
        </tr>
      </table></td>
    </tr>
    <tr>
      <td>Website Address</td>
      <td><input type="text" name="txtHomePage" size="50" /></td>
    </tr>
    <tr>
      <td>Tel: </td>
      <td><input type="text" name="txtTel" size="15" /></td>
    </tr>
    <tr>
      <td colspan="2" style="text-align:center;"><input type="submit" name="Submit" value="Submit Registration" alt="Enter" />
 
<input type="Reset" name="Reset" value="Cancel" alt="Cancel" /></td>
    </tr>
  </table>
  </form>
* a valid working email is required as your login and activation information will be sent there, thankyou.

<?
}
include("/includes/footer.php");
?>

Link to comment
https://forums.phpfreaks.com/topic/92107-registration-page-conversion-attempt/
Share on other sites
revraz Member

revraz

Posted
Posted

My recommended changes

 

Change <? to <?php

Remove the leading "/" from your include paths

Remove the @ suppression tags so you can see errors if they appear

Check for missing () {} [] brackets, I noticed a few right off

 

rhodesa Newbie

rhodesa

Posted
Posted

Couple more suggestions....

 

$strUserName = str_replace( "'", "''",@$_POST["txtUserName"]);

To prep the data for mysql, use mysql_real_escape_string() instead:

	$strUserName = mysql_real_escape_string(@$_POST["txtUserName"]);

 

$strUserPass = md5 str_replace( "'", "''",@$_POST["txtUserPass"])];

You want to md5 the password, not the 'adjusted' version. But, md5 will return a value that is safe for mysql anyways, so just use:

	$strUserPass = md5(@$_POST["txtUserPass"]);

jesushax Advanced Member

jesushax

Posted
  • Author
Posted

Thanks alot for info, if i can get the grasp of this page i should be ok with others to cotinue my conversions.

 

how we cooking now?

 

<?php
include("/includes/header.php");

if ($_GET["mode"] == "add") {
$strUserName = mysql_real_escape_string($_POST["txtUserName"]);
$strFirstName = mysql_real_escape_string($_POST["txtFirstName"]);
$strlastName = mysql_real_escape_string($_POST["txtLastName"]);		
$strTel = mysql_real_escape_string($_POST["txtTel"]);
$strHomePage = mysql_real_escape_string($_POST["txtHomePage"]);		
$strCompanyName = mysql_real_escape_string($_POST["txtCompanyName"]);
$strUserPass = md5($_POST["txtUserPass"]);
$strEmail = mysql_real_escape_string($_POST["txtEmail"]);
$strDate = date("d/m/y");

if ($strUserName == "") {
		echo '<p style="color:#FF0000;">Error: Username Was Left Blank</p>';
			ShowForm(); } 
elseif ($strEmail == "") { 
	echo '<p style="color:#FF0000;">Error: Email Was Left Blank</p>';
			ShowForm(); }
else {

mysql_query("INSERT INTO tblUsers (UserName, UserPassword, UserEmail, UserCompanyName, UserFirstName, UserLastName, UserTel, UserHomePage, UserDateAdded, UserSuspend) 
Values(  '".$strUserName."', '".$strUserPass."', '".$strEmail."', '".$strCompanyName."', '".$strFirstName."', '".$strLastName."', '".$strTel."', '".$strHomePage."', '".$strDate."', '1')");

mysql_query("SELECT [userName] from tblUsers where UserName = '".$strUserName."'");
mysql_query("SELECT [userEmail] from tblUsers where UserEmail = '".$strEmail."'");	

mysql_close($con);
echo " Account has been created."; }

else {
echo '<p style="color:#FF0000;">Error: Email Address already Registered.</p>';
	ShowForm(); }
else {
echo '<p style="color:#FF0000;">Error: Username Taken</p>';
	ShowForm(); }

}
} 
if ($_GET["mode"] == "") {
ShowForm(); }

function ShowForm() {
?>

<b>Register for an account</b>
<form id="Profile" method="post" action="/register.php?mode=add">

  <table width="100%" border="0" style="padding:0px; margin:0px;">
    <tr>
      <td>Username: </td>
      <td><input type="text" name="txtUserName" size="50" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input type="password" name="txtUserPass" size="25" /></td>
    </tr>
    <tr>
      <td>Confirm Password:</td>
      <td><input type="password" name="txtUserPass2" size="25" /></td>
    </tr>
    <tr>
      <td>Email Address:</td>
      <td><input type="text" name="txtEmail" size="50" /></td>
    </tr>
    <tr>
      <td>Company Name</td>
      <td><input type="text" name="txtCompanyName"	size="50" /></td>
    </tr>
    <tr>
     <td>First Name:</td>
      <td><table width="100%" border="0" style="padding:0px; margin-left:-3px;">
        <tr>
          <td><input type="text" name="txtFirstName" size="20" /></td>
          <td> 
Last Name:</td>
          <td><input type="text" name="txtLastName" size="20" /></td>
        </tr>
      </table></td>
    </tr>
    <tr>
      <td>Website Address</td>
      <td><input type="text" name="txtHomePage" size="50" /></td>
    </tr>
    <tr>
      <td>Tel: </td>
      <td><input type="text" name="txtTel" size="15" /></td>
    </tr>
    <tr>
      <td colspan="2" style="text-align:center;"><input type="submit" name="Submit" value="Submit Registration" alt="Enter" />
 
<input type="Reset" name="Reset" value="Cancel" alt="Cancel" /></td>
    </tr>
  </table>
  </form>
* a valid working email is required as your login and activation information will be sent there, thankyou.

<?php
}
include("/includes/footer.php");
?>

rhodesa Newbie

rhodesa

Posted
Posted

I don't see the need to put the form in a function.

Also, once the account is created, you should use a header() call so the user can't repost with a page refresh.

Where do you make your database connection?

 

Here is my recommended version:

 

<?php
  switch($_GET['mode']){
    case 'done':
      include("includes/header.php");
      echo "Account has been created.";
      include("includes/footer.php");
      break;
    case 'add':
      $strUserName = mysql_real_escape_string($_POST["txtUserName"]);
      $strFirstName = mysql_real_escape_string($_POST["txtFirstName"]);
      $strlastName = mysql_real_escape_string($_POST["txtLastName"]);		
      $strTel = mysql_real_escape_string($_POST["txtTel"]);
      $strHomePage = mysql_real_escape_string($_POST["txtHomePage"]);		
      $strCompanyName = mysql_real_escape_string($_POST["txtCompanyName"]);
      $strUserPass = md5($_POST["txtUserPass"]);
      $strEmail = mysql_real_escape_string($_POST["txtEmail"]);
      $strDate = date("d/m/y");
      if(!strlen($strUserName)){
        $error = '<p style="color:#FF0000;">Error: Username Was Left Blank</p>';
      }elseif(!strlen($strEmail)){
        $error = '<p style="color:#FF0000;">Error: Email Was Left Blank</p>';
      }else{
        if(!mysql_query("INSERT INTO tblUsers (UserName, UserPassword, UserEmail, UserCompanyName, UserFirstName, UserLastName, UserTel, UserHomePage, UserDateAdded, UserSuspend) Values(  '".$strUserName."', '".$strUserPass."', '".$strEmail."', '".$strCompanyName."', '".$strFirstName."', '".$strLastName."', '".$strTel."', '".$strHomePage."', '".$strDate."', '1')"))
          $error = '<p style="color:#FF0000;">Error: Username Taken</p>';
        else{
          header('Location: ?mode=done');
          exit;
        }
      }
    default:
      include("includes/header.php");
      echo $error;
?>
<b>Register for an account</b>
<form id="Profile" method="post" action="?mode=add">
  <table width="100%" border="0" style="padding:0px; margin:0px;">
    <tr>
      <td>Username: </td>
      <td><input type="text" name="txtUserName" size="50" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input type="password" name="txtUserPass" size="25" /></td>
    </tr>
    <tr>
      <td>Confirm Password:</td>
      <td><input type="password" name="txtUserPass2" size="25" /></td>
    </tr>
    <tr>
      <td>Email Address:</td>
      <td><input type="text" name="txtEmail" size="50" /></td>
    </tr>
    <tr>
      <td>Company Name</td>
      <td><input type="text" name="txtCompanyName"	size="50" /></td>
    </tr>
    <tr>
     <td>First Name:</td>
      <td><table width="100%" border="0" style="padding:0px; margin-left:-3px;">
        <tr>
          <td><input type="text" name="txtFirstName" size="20" /></td>
          <td> 
Last Name:</td>
          <td><input type="text" name="txtLastName" size="20" /></td>
        </tr>
      </table></td>
    </tr>
    <tr>
      <td>Website Address</td>
      <td><input type="text" name="txtHomePage" size="50" /></td>
    </tr>
    <tr>
      <td>Tel: </td>
      <td><input type="text" name="txtTel" size="15" /></td>
    </tr>
    <tr>
      <td colspan="2" style="text-align:center;"><input type="submit" name="Submit" value="Submit Registration" alt="Enter" />
 
<input type="Reset" name="Reset" value="Cancel" alt="Cancel" /></td>
    </tr>
  </table>
  </form>
* a valid working email is required as your login and activation information will be sent there, thankyou.

<?php
include("includes/footer.php");
?>

jesushax Advanced Member

jesushax

Posted
  • Author
Posted

i had the form in a function so that when i gave out an error message, i could quickly show the form again

 

so error message

show form

 

that way user wouldnt have to keep pressing the back button.

 

for virtual includes in php its

 

virtual("includes/header.php"); yes?

 

i always use virtual includes as to aviod confusion between sub folders

jesushax Advanced Member

jesushax

Posted
  • Author
Posted

i searched and got that as a rseult so hopfeully will work, i cant test any of it yet, it can take up to 24 hours before i can check im doing stuff right :S

 

soooo heres my login.php only short this one

 

is this good?

 

Thanks Alot!!!

<?php 
virtual("/includes/connection.php");

session_start();

$strUserName = str_replace( "'", "''",$_POST["txtUserName"]); 
$OnlineUserIp = $_SERVER["REMOTE_ADDR"];

$result = mysql_query("SELECT UserPassword, UserID, UserName, UserAdmin, UserFirstName, UserSuspend, UserCompanyName FROM tblUsers 
WHERE UserName ='".$strUserName."'"); while ($row = mysql_fetch_array($result))

if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {
	if ($row["UserSuspend"] == 0) {
		$_SESSION["UserAccess"] = True;
		$_SESSION["UserID"] = $row["UserID"];
		$_SESSION["UserName"] = $row["UserName"];
		$_SESSION["FirstName"] = $row["UserFirstName"];
		$_SESSION["UserAdmin"] = $row["UserAdmin"];
		$_SESSION["CompanyName"] = $row["UserCompanyName"];
		header("Location: /members.asp");
	 else { 
		$_SESSION["UserAccess"] = False;
		header("Location: /default.asp?msg=suspended");		}
}

$_SESSION["UserAccess"] = False;
header("Location: /default.asp?msg=invalid");
mysql_close($con);
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.