|
PHP - Login/registration Code Issue
I have this working code except I can't redirect to a thank you page when a new user registers. When they login it works without issue. I just don't know where or what to put for the registration part.
Here is my Code. Any help would be much appreciated.
<?php
Similar TutorialsCould anyone help me making a login function that checks the txt document if user and pw exists/are correct? -and if they are, sends you to a logged in page. This is for a assignment which is why I have to store the information in a text document, I know it's unsafe. Also i know i should use $_Sessions but I'm not sure how to use it and where to put it.
So far I have created the form which has 2 buttons one for registering and one for logging in. I have also created the registration function which checks the text file if the username already exists if not it will register it.
<html lang="eng">
<head>
<link rel="stylesheet" href="style.css">
<title>name</title>
</head>
<body>
<div class="formdiv">
<h2>Log in or register</h2>
<form action="" method="post">
<p>Username<p style="color:black">*</p> <input type="text" name="user" placeholder="Type in your username" required>
<p>Password<p style="color:black">*</p> <input type="password" name="pw" placeholder="Type in your password" required>
<?php
if (isset($_POST['saveBtn'])){
$username = $_POST['user'];
$password = $_POST['pw'];
$error = register($username);
if ($error == '') {
echo "User: $username has been registered!<br/>";
}
else echo $error;
}
?>
<input type="submit" name="saveBtn" value="Save new user">
<input type="submit" name="loginBtn" value="Login">
</form>
</div>
<?php // Registration
function register($user){
$textError = '';
// Check and see if user exists
$UserPassTxt = fopen("userpwd.txt","a+"); // Opens text doc
rewind($UserPassTxt);
while (!feof($UserPassTxt)) {
$line = fgets($UserPassTxt);
$tmp = explode(':', $line);
if ($tmp[0] == $user) {
$textError = "Username already exists!";
break;
}
}
if ($textError == ''){
$hash = password_hash('', PASSWORD_DEFAULT);
fwrite($UserPassTxt, "\n$user: $hash");
}
fclose($UserPassTxt); // Closes txt doc
return $textError;
}
?>
<?php //Login
function login($user, $pass){
}
?>
</body>
///here's my best attempt at the function
<?php //Login
$error = '0';
if (isset($_POST['loginBtn'])){
$username = $_POST['user'];
$password = $_POST['pw'];
$error = login($username,$password);
}
function login($user, $pass){
$errorText = '';
$validUser = false;
$UserPassTxt = fopen("userpwd.txt","r");
rewind($UserPassTxt);
while (!feof($UserPassTxt)) {
$line = fgets($UserPassTxt);
$tmp = explode(':', $line);
if ($tmp[0] == $user) {
if (trim($tmp[1]) == trim(password_hash('', PASSWORD_DEFAULT))){
$validUser= true;
$_SESSION['user'] = $user;
}
break;
}
}
fclose($UserPassTxt);
if ($validUser != true) $errorText = "Not correct username or password";
if ($validUser == true) $_SESSION['validUser'] = true;
else $_SESSION['validUser'] = false;
return $errorText;
}
function logoutUser(){
unset($_SESSION['validUser']);
unset($_SESSION['user']);
}
function checkUser(){
if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){
header('Location: index.php');
}
}
?>
I have a pretty basic PHP log in code connected to a database of register users. However, it's not allowing any users to enter? Could someone please review the code and let me know if you find any errors? //Create query $qry="SELECT * FROM customers WHERE username='$login' AND password='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['fname']; $_SESSION['SESS_LAST_NAME'] = $member['lname']; session_write_close(); header("location: key_catalog.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Can anyone explain how i can create a registration and login page using PHP that doesnt use databases, sessions, or cookies? Is there a tutorial someone can point me to or could anyone tell me the method. Thanks first time php coder Hi All, I have currently been working on a login/registration system for a university project and I am now struggling with the login section. The problem is with one particular function and an if statement. The function checks to see if the username and password entered matches the username and password in the database but each time I get it echoing username/password incorrect. the function is Code: [Select] function valid_credentials($user, $pass) { $user = mysql_real_escape_string($user); $pass = sha1($pass); $total = mysql_query("SELECT COUNT(`user_username`) FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'"); return (mysql_result($total, 0) == '1') ? true : false; } and the statement is Code: [Select] if (valid_credentials($_POST['username'], $_POST['password']) == false) { $errors = 'Username/Password incorrect.'; } Any help would be greatly appreciated as this has been bugging me for the past 5 days :/ Ok im only new to PHP and Im trying to setup my own porfolio website using PHP,CSS,HTML5 and other bits. Iv downloaded WAMP and im tryin to get my website workin offline first. Well im just trying to get a section in my site in the top right corner for a login and register area similar to this website (membership section) iv bein following some online video tuts and completed them right but Im not sure how to integrate it into my existing home page,/ index.html page. I want to have it so that it says login or registered and it works through php. all the tuts I followed seem to have this done on one index.php page and im getting confused as to how I can have a small section on my home page just for registering if yano what I mean..... Maybe its a silly question....im still learning....Any help be gratefull I'm trying to make a simple but secure login/user registration for this site I'm building. I'm new to php, so I followed some tutorials from www.newthinktank.com. http://www.newthinktank.com/2011/01/php-security-pt-2/ http://www.newthinktank.com/2011/01/php-security-pt-4-set-up-captcha// http://www.newthinktank.com/2011/01/web-design-and-programming-pt-21-secure-login-script/ But I'm having a couple of problems. On the registration.php file, whenever I type in wrong information, the validation error messages don't display and also whenever I click the submit button, the form doesn't do anything. It doesn't insert information into my database. It just shows the empty form. On my login.php file, again the validation errors don't display and I can't tell if I'm logged in or not. The form redirects to my index page, but the user box that shows the different menus depending on whether or not someone is logged in stays in guest mode. I don't get any php error messages on either file. Here's my code: register.php file: Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled</title> <link href="_css/page_layout.css" rel="stylesheet" type="text/css" /> <link href="_css/page_text.css" rel="stylesheet" type="text/css" /> <link href="_css/sidebarLeft.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> <?php include('_includes/template/header.php'); ?> <?php include('_includes/template/nav.php'); ?> <?php include('_includes/template/sidebar_left.php'); ?> <div id="mainContent"> <div class="content"> <?php require_once('_includes/connectvars.php'); if (isset($_POST['submitted'])) { if (preg_match ('%^[A-Za-z\.\' \-]{2,20}$%', stripslashes(trim($_POST['first_name'])))) { $firstname = escape_data($_POST['first_name']); } else { $firstname = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid first name!</font></p>'; } if (preg_match ('%^[A-Za-z\.\' \-]{2,40}$%', stripslashes(trim($_POST['last_name'])))) { $lastname = escape_data($_POST['last_name']); } else { $lastname = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid last name!</font></p>'; } if (preg_match ('%^(0?[1-9]|[12][0-9]|3[01])[-/. ](0?[1-9]|1[0-2])[-/.](19|20)\d{2}$%', stripslashes(trim($_POST['birth_date'])))) { $birthdate = escape_data($_POST['birth_date']); } else { $birthdate = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid date of birth!</font></p>'; } $gender = escape_data($_POST['gender']); if (preg_match ('%^[0-9]{5}$%', stripslashes(trim($_POST['zip_code'])))) { $zipcode = escape_data($_POST['zip_code']); } else { $zipcode = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid 5 digit zip code!</font></p>'; } if (preg_match ('%^[A-Za-z0-9._\%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$%', stripslashes(trim($_POST['email'])))) { $email = escape_data($_POST['email']); } else { $email = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid email address!</font></p>'; } if (preg_match ('%^[a-z\d_]{2,20}$%', stripslashes(trim($_POST['username'])))) { $username = escape_data($_POST['username']); } else { $username = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid username!</font></p>'; } if (preg_match ('%\A(?=[-_a-zA-Z0-9]*?[A-Z])(?=[-_a-zA-Z0-9]*?[a-z])(?=[-_a-zA-Z0-9]*?[0-9])\S{6,}\z%', stripslashes(trim($_POST['password1'])))) { if (($_POST['password1'] == $_POST['password2']) && ($_POST['password1'] != $_POST['username'])) { $password = escape_data($_POST['password1']); } elseif ($_POST['password1'] == $_POST['username']) { $password = FALSE; echo '<p><font color="red" size="+1″>Your password cannot be the same as the username!</font></p>'; } else { $password = FALSE; echo '<p><font color="red" size="+1″>Your password did not match the confirmed password!</font></p>'; } } else { $password = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid password!</font></p>'; } $captchchk = 1; require_once('_includes/recaptchalib.php'); $privatekey = "My private key goes here...i know"; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { echo '<p><font color="red" size="+1″>The CAPTCHA Code wasn\'t entered correctly! </font></p>'; $captchchk = 0; } if ($firstname && $lastname && $birthdate && $gender && $zipcode && $email && $username && $password) { $query = "SELECT user_id FROM users WHERE username='$username'"; $result = mysql_query($query) or trigger_error("Sorry, that username is taken"); if(mysql_num_rows($result) == 0) { $a = md5(uniqid(rand(), true)); $query = "INSERT INTO users(zip_code, username, first_name, password, activation_code, join_date, last_name, gender, birth_date, email) VALUES ('$zipcode', '$username', '$firstname', SHA('$password'), '$a', NOW(), '$lastname', '$gender', '$birthdate', '$email')"; $result = mysql_query($query) or trigger_error("Sorry an error happened"); if(mysql_affected_rows() == 1) { $body = "Thanks for registering. Activate account by clicking this link: <br />"; $body .= "http://localhost/activate.php?x=" . mysql_insert_id() . "&y=$activationcode"; mail($email, 'Registration Confirmation', '$body', 'From: admin@mysite.com'); echo '<br /><br /><h1>Thank you for registering! A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</h1>'; } exit(); } else { echo '<p><font color="red" size="+1″>You could not be registered due to a system error. We apologize for any inconvenience.</font></p>'; } } else { echo '<p><font color="red" size="+1″>That email address has already been registered. If you have forgotten your password, use the link to have your password sent to you.</font></p>'; } mysql_close(); } ?> <h1>Register</h1> <br /> <p>Please fill out the form below. All fields required.</p> <br /> <center><form action="register.php" method="POST" id="regform"> <table width="550" border="0"> <tr> <td width="200"><p>First Name:</p></td> <td width="200"><label for="first_name"></label> <input name="first_name" type="text" id="first_name" maxlength="20" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>"/></td> <td width="200"> </td> </tr> <tr> <td><p>Last Name:</p></td> <td><label for="last_name"></label> <input name="last_name" type="text" id="last_name" maxlength="45" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Birthdate:</p></td> <td><label for="birth_date"></label> <input name="birth_date" type="text" id="birth_date" maxlength="10" value="<?php if (isset($_POST['birth_date'])) echo $_POST['birth_date']; ?>"/></td> <td><p>(Format: MM/DD/YYYY)</p></td> </tr> <tr> <td><p>Gender</p></td> <td><p> <label> <input type="radio" name="gender" value="F" id="gender_0" /> F </label> <label> <input type="radio" name="gender" value="M" id="gender_1" /> M </label> <input name="gender" type="hidden" value="" /> <br /> </p></td> <td> </td> </tr> <tr> <td><p>Zip Code</p></td> <td><label for="zip_code"></label> <input name="zip_code" type="text" id="zip_code" maxlength="5" value="<?php if (isset($_POST['zip_code'])) echo $_POST['zip_code']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Email:</p></td> <td><label for="email"></label> <input name="email" type="text" id="email" maxlength="255" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Username:</p></td> <td><label for="username"></label> <input name="username" type="text" id="username" maxlength="60" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Choose New Password:</p></td> <td><label for="password1"></label> <input name="password1" type="password" id="password1" maxlength="40" /></td> <td> </td> </tr> <tr> <td><p>Confirm New Password:</p></td> <td><label for="password2"></label> <input name="password2" type="password" id="password2" maxlength="40" /></td> <td> </td> </tr> </table> </br> <?php require_once('_includes/recaptchalib.php'); $publickey = "my public key goes here...i know"; // you got this from the signup page echo recaptcha_get_html($publickey); ?> <br /> <input type="submit" name="submit_signup" id="submit_signup" value="Sign Up" /> <input type="hidden" name="submitted" value="TRUE" /> </form></center> <br /> <br /> </div> </div> <?php include('_includes/template/sidebar_right.php'); ?> <?php include('_includes/template/footer.php'); ?> </div> </body> </html> login.php file: Code: [Select] <?php session_start(); require_once('_includes/connectvars.php'); ?> <?php if (isset($_POST['submitLogin'])) { if (preg_match ('%^[A-Za-z0-9]\S{6,20}$%', stripslashes(trim($_POST['username'])))) { $username = escape_data($_POST['username']); } else { $username = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid username!</font></p>'; } if (preg_match ('%^[A-Za-z0-9]\S{6,20}$%', stripslashes(trim($_POST['password'])))) { $password = escape_data($_POST['password']); } else { $password = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid password!</font></p>'; } if ($username && $password) { $query = "SELECT user_id, level_access, username, password, join_date, first_name, last_name, birth_date, gender, zip_code, email, activation_code FROM users WHERE username='$username' AND password=SHA('$password')"; $result = mysql_query ($query) or trigger_error("Either the Username or Password are incorrect"); if (mysql_affected_rows() == 1) { $row = mysql_fetch_array ($result, MYSQL_NUM); mysql_free_result($result); $_SESSION['first_name'] = $row[5]; $_SESSION['username'] = $row[2]; $tokenId = rand(10000, 9999999); $query2 = "update users set tokenid = $tokenId where username = '$_SESSION[username]'"; $result2 = mysql_query ($query2); $_SESSION['token_id'] = $tokenId; session_regenerate_id(); header("Location: http://localhost/mysite/index.php"); mysql_close(); exit(); } } else { echo '<br><br><p><font color="red" size="+1″>Either the Username or Password are incorrect</font></p>'; mysql_close(); exit(); } echo '<br><br><p><font color="red" size="+1″>Either the Userid or Password are incorrect</font></p>'; mysql_close(); exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled</title> <link href="_css/page_layout.css" rel="stylesheet" type="text/css" /> <link href="_css/page_text.css" rel="stylesheet" type="text/css" /> <link href="_css/sidebarLeft.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> <?php include('_includes/template/header.php'); ?> <?php include('_includes/template/nav.php'); ?> <?php include('_includes/template/sidebar_left.php'); ?> <div id="mainContent"> <div class="content"> <h1>Login</h1> <form action="login.php" method="post" name="login" id="login"> <table width="200" border="0"> <tr> <td><p>Username:</p></td> <td><label for="username"></label> <input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>"/></td> </tr> <tr> <td><p>Password:</p></td> <td><label for="password"></label> <input type="password" name="password" id="password" /></td> </tr> </table> <br /> <p> <label> <input type="radio" name="remember_me" value="radio" id="remember_me_0" /> Keep me logged in </label> <br /> </p> <br /> <input type="submit" name="submitLogin" value="Login" /> <input type="hidden" name="submitted" value="TRUE" /> </form> <br /> <p>Not a member? <a href="register.php">Create an account!</a></p> <br /> <p>Forgot password?</p> </div> </div> <?php include('_includes/template/sidebar_right.php'); ?> <?php include('_includes/template/footer.php'); ?> </div> </body> </html> Here's the code that shows the different menus depending on if someone is logged in or not. Code: [Select] <div class="login"> <?php echo '<p>'; echo 'Welcome '; if (isset($_SESSION['first_name'])) { echo " {$_SESSION['first_name']}!</br></br>"; } else { echo 'Guest!'; } if (isset($_SESSION['username']) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) { echo '<a href="add_event.php">Add an Event</a></br> <a href="my_profile.php">My Profile</a></br> <a href="logout.php"><p>Logout</a></br>'; } else { echo '</br> <a href="register.php">Register</a></br> <a href="login.php">Login</a></br>'; } echo'</p>'; ?> </div> This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=351535.0 Notice: Undefined index: user in /var/www/localhost/htdocs/index.php on line 43
echo $_POST['user'] Doesn't do the showing of variable. Code parts aren't linked. $_SESSION works but $_POST doesn't - and it's all in the same file. I need good, free operations with $_POST
I'm novice, though very forgetful, I don't ask advice on how to separate files again, I just do it or do not. When "do not" I suffer, from misunderstanding of the $_POST mechanics. So when separate I don't understand login at all. $_SESSION['l'] I need to operate in game loc position. When all login is together i could be more free to look at code parts.
<!DOCTYPE html>
<html>
<h1>Register</h1>
<form method="POST">
<input type="text" name="user"><br /><br />
<input type="pass" name="pass"><br /><br />
<input type="submit"><br />
</form>
<?php
session_start();
if(isset($_POST['user'], $_POST['pass'])){
require 'connect.php';
$zr++;
$query = d()->prepare("INSERT INTO u (user, pass, loc) VALUES (:user, :pass, :loc)");
$query->bindParam(':user', $_POST['user']);
$query->bindParam(':pass', $_POST['pass']);
$query->bindParam(':loc', $zr);
if($query->execute()){
$_SESSION['user'] = $row['user'];
$_SESSION['pass'] = $row['pass'];
header("Location: ".$_SERVER['PHP_SELF']);
} else{
echo 'ERROR';
}
}
?>
<h1>Login</h1>
<form method="POST">
<input type="text" name="user"><br /><br />
<input type="pass" name="pass"><br /><br />
<input type="submit"><br />
</form>
<?php
echo $_POST['user'];
if(isset($_POST['user'], $_POST['pass'])){
require 'connect.php';
$query = d()->prepare("SELECT user, pass FROM u WHERE user=:user AND pass=:pass");
$query->bindParam(':user', $_POST['user']);
$query->bindParam(':pass', $_POST['pass']);
$query->execute();
if($row = $query->fetch()){
$_SESSION['user'] = $row['user'];
$_SESSION['pass'] = $row['pass'];
header("Location: ".$_SERVER['PHP_SELF']);
}
}
$us=$_SESSION['user'];
echo 'user ',$us;
?>
<?php
if(isset($_SESSION['user'])){
$us=$_SESSION['user'];
echo '<br /> user ',$us, ' ', '<a href="logout.php">Logout</a>';
echo '<br />', '<a href="zrs.php">zero session</a>';
}
?>
</html>
Edited by xcislav, 27 November 2014 - 05:46 AM. I have a user registration page that requires the user to input a Username, Password, Confirm Password, Email. If the user passes all the validation requirements for the new account, I then need to have the username, password, email fields saved to a file called 'login.dat'
Here is my code that I have so far, it runs perfectly.
<?php
include 'helpfulfunctions.inc';
include 'productsdata.inc';
$user_login_file = 'login.dat';
//var_dump($_POST);
// product data for photo, name, and price.
$alluserinfo = load_users_info($user_login_file);
//validate users info
$errors = array();
if (array_key_exists('register_submit', $_POST)) {
//check to see if username is taken
$username_entered = $_POST['username'];
//check to see if username already exists
if (array_key_exists($username_entered, $alluserinfo)) {
$errors['username']['username_exists'] = "Username already exists.";
}
//validate username is 4-11 characters long using only a-z A-Z 0-9
if(preg_match("/^[0-9a-zA-z]{4,11}$/",$_POST['username']) ===0){
$errors['username']['invalid_username']= "Invalid username. Username must be 4-11 characters long and use only letters and numbers.";
}
//validate password "." means any character
//.* allows numbers 0-9 to be inserted anywhere
//?= positive lookahead: next text must be like this and follow these rules
// must be at least 6 characters, contain 0-9, a-z, A-Z
$pw_entered=$_POST['password'];
if(preg_match("/^.*(?=.{6,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["password"]) === 0){
$errors['password']['invalid_password']="Password must be at least 6 characters and must contain at least one lower case letter, one upper case letter and one digit.";
}
//validate that "confirm password" matches password above
$pw_repeat=$_POST['confirmpassword'];
if($pw_repeat != $pw_entered){
$errors['confirmpassword']['pw_no_match']="Passwords do not match. Try again.";
}
//validate email format
$email_entered=($_POST['email']);
if(!filter_var($email_entered, FILTER_VALIDATE_EMAIL)){
$errors['email']['invalid_email']="Not a valid email. Please try again.";
}
//no validation errors=>print invoice
if (empty($errors)) {
include 'invoice.inc';
exit;
}
}
//reprint if invalid entry. if no errors print invoice
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<h3>Please register to continue.</h3>
<table>
<tr>
<td>
*Username:
</td>
<td>
<input type="text" name="username"/>
<?php
if (isset($errors['username'])) {
print implode('<br>', $errors['username']);
}
?>
</td>
</tr>
<tr>
<td>
*Password:
</td>
<td>
<input type="password" name="password"/>
<?php
if (isset($errors['password'])) {
print implode('<br>', $errors['password']);
}
?>
</td>
</tr>
<tr>
<td>
*Confirm Password:
</td>
<td>
<input type="password" name="confirmpassword"/>
<?php
if (isset($errors['confirmpassword'])) {
print implode('<br>', $errors['confirmpassword']);
}
?>
</td>
</tr>
<tr>
<td>
*Email:
</td>
<td>
<input type="text" name="email"/>
<?php
if (isset($errors['email'])) {
print implode('<br>', $errors['email']);
}
?>
</td>
</tr>
<tr>
<td>
* required info <br>
<input type="submit" value="Register" name="register_submit">
<?php
//print out hiddens with quantities
save_hidden_qty($_POST['quantity']);
?>
</form>
</td>
</tr>
</table>
In case it's needed, this is the 'helpfulfunctions.inc' file and the included functions:
<?php
if (!function_exists('load_users_info')) {
function load_users_info($users_data_file) {
$fp = fopen($users_data_file, 'r');
//read all lines of login.dat file and create user info arrays
while (!feof($fp)) {
$users_info_line = fgets($fp);
$user_info_parts = explode(',', $users_info_line);
$user_info_array = array('username' => $user_info_parts[0], 'password' => $user_info_parts[1], 'email' => $user_info_parts[2]);
$complete_user_info_array[$user_info_array['username']] = $user_info_array;
}
fclose($fp);
return $complete_user_info_array;
}
}
// function to display products
if (!function_exists('display_products')) {
function display_products($products_to_display, $quantities = array()) {
global $errors;
?>
<table border="1">
<tbody>
<tr>
<td style="text-align: center;"><b><big>Product</big></b></td>
<td style="text-align: center;"><b><big>Brand</big></b></td>
<td style="text-align: center;"><b><big>Price(each)</big></b></td>
<td style="text-align: center;"><b><big>Quantity Desired</big></b></td>
</tr>
<?php
// quantities are 0 unless already inputted, if quantities previously were inputted, return the values.
// input boxes
for ($i = 0; $i < count($products_to_display); $i++) {
if (empty($quantities)) {
$qty = isset($_POST['quantity'][$i]) ? $_POST['quantity'][$i] : 0;
$qty_str = "<input type=text size=3 maxlength=3 name='quantity[$i]' value='$qty'>";
if (isset($errors['quantity'][$i])) {
$qty_str .= "<span style='font-style:italic;font-size:8px;color:red;'>{$errors['quantity'][$i]}</span>";
}
} else {
$qty_str = $quantities[$i];
}
// loop to print out table of photo of board, name of the brand, price, and quantity selected
printf('
<tr>
<td><img alt="Small" id="lightboxImage"
style="width: 119px; height: 88px; bgcolor="#cccccc;"
src="http://imgur.com/%s"
height="300" width="300"></td>
<td style="text-align: center;">%s</td>
<td style="text-align: center;">$%.2f</td>
<td style="text-align: center;">' . $qty_str . '</td>
</tr>
', $products_to_display[$i]['item'], $products_to_display[$i]['board'], $products_to_display[$i]['price']);
}
?>
<tr><td colspan="4" style="text-align: right; border: none">
<input type="submit" value="Purchase"></td></tr>
</tbody>
</table>
<?php
}
}
if (!function_exists('save_hidden_qty')) {
function save_hidden_qty($the_quantities){
foreach ($the_quantities as $key=>$value){
print "<input type='hidden' name='quantity[$key]' value='$value'>\n";
}
}
}
?>
Can anyone help me out?
Hello freaks, I can't seem to figure out why code not working correctly. Any advise greatly apprechiated. <?php include_once('connect/mysqlconnect.php'); $user = $_POST['uname']; $email = $_POST['email']; $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; $checkname = mysqli_query("SELECT * FROM users WHERE uname='$user'"); if(isset($_POST['submitted'])){ if(mysqli_num_rows($checkname) > 0) { $errors[] = 'User name not available, please choose different name'; } else { $u = mysqli_real_escape_string($dbc, $user); } if(!empty($email)) { $e = mysqli_real_escape_string($dbc, $email); } else { $errors[] = 'You did not enter email address!'; } if($pass1 == $_POST['pass2']) { $p = mysqli_real_escape_string($dbc, trim($pass1)); } else{ $errors[] = 'Your password did not match. Please try again.'; } if(empty($errors)) { $insert = "INSERT INTO users(uname, email, pass1, register_date) VALUES ('$u','$e',sha1('$p'), NOW(register_date))"; // This execute above statement to INSERT into database $r = mysqli_query($dbc, $insert); } if($r) { //Print a message: echo '<h1>Thank you!</h1> <p>You are now registered.</p><p><br /></p>'; } else { echo ',<h1>Server Error</h1> <p>You could not be registered do to a server error. We apologize for any inconvience.</p>'; } } mysqli_close($dbc); ?> Hey All! Well, here I am at PHP Freaks mercy again lol. I love this website and everyone here is always so helpful so let's get to my most recent issue. I am developing a pretty simple event registration form, which would be pretty easy in most respects. It will have the following pretty standard fields. Number of people attending: (drop down with 1-10) Name Address City State Zip Email Phone Alternate Phone There will be a few other fields but they aren't relevant. Basically the first field "Number of people attending (drop down 1-10)" will have to create a section with the following fields above for each person's information. If there are 3 people attending then it will need to have 3 sections of all those fields for each person. Making the page dynamically generate those sections on-the-fly when the user selects "3" for example is the first issue I am having. The other issue I am having is how would I handle the information dynamically within the PHP. If there was just one person it would be easy because I could just reference those fields. One solution I have for the second problem that I have some experience with is naming the fields name[] for example. But I still don't have a complete grasp on how to make that fix my problem. I've tried googling for hours but have had no luck, which may be because I'm not sure how to phrase the problem maybe. Any help! This Works But for Some reason when you Register an Account and try to login it says "Incorrect Username/Password" It is also Allowing Multiple Accounts to be Created Under the Same Username and Password: DB.php <?php session_start(); mysql_connect("localhost", "USERNAME", "PASSWORD"); mysql_select_db("DATABASE_USER"); function user_login ($username, $password) { //take the username and prevent SQL injections $username = mysql_real_escape_string($username); //begin the query $sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1"); //check to see how many rows were returned $rows = mysql_num_rows($sql); if ($rows<=0 ) { echo "Incorrect username/password"; } else { //have them logged in $_SESSION['sername'] = $username; } } ?> Register.php <?php include("db.php"); if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) { //Prevent SQL injections $username = mysql_real_escape_string($_POST['username']); $email = mysql_real_escape_string($_POST['email']); //Get MD5 hash of password $password = md5($_POST['password']); //Check to see if username exists $sql = mysql_query("SELECT username FROM usersystem WHERE username = 'username'"); if(mysql_num_rows($sql) > 0) { die ("Username taken."); } mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created."; } ?> <form action="register.php" method="post"> Username: <input name="username" type="text" /><br> Password: <input type="password" name="password" /><br> Email: <input name="email" type="text" /><br> <input type="submit" value="Submit" /> </form> Login.php <?php include("db.php"); if (isset($_POST['username']) && isset($_POST['password'])) { user_login($_POST['username'], $_POST['password']); } ?> <form action="login.php" method="post"> Username: <input name="username" type="text" /><br> Password: <input type="password" name="password" /><br> <button type="submit">Submit</button><br> </form> Could Anyone Help Please? Hi everyone, I wanted to let you know first that i am real new into this. I am trying to build a user management system and i can't seem to add a registration field. I got the free script uM Script and here's the code, please help me on this one: REGISTER.PHP Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB"> <head> <title>Member Registration</title> <meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" /> <meta name="description" content="" /> <meta name="keywords" content="" /> <meta name="robots" content="index, follow" /> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" type="text/css" href="css/style.css" media="screen" /> <script type="text/javascript" src="js/jquery-1.6.2.js"></script> <script type="text/javascript" src="js/script.js"></script> <script type="text/javascript"> $(document).ready(function(){ $('#regForm').submit(function(e) { register(); e.preventDefault(); }); }); </script> </head> <body> <table align="center" width="100%" cellspacing="1" cellpadding="1" border="0"> <tr> <td align="left"><a href="index.php">Home</a> | <a href="login.php">Log in</a> | <a href="register.php">Register</a> | <a href="pass_reset.php">Reset Password</a> | <a href="contact_us.php">Contact Us</a></td><td align="right"><a href="admin/login.php">Admin Login</a></td> </tr> </table> <hr/> <p>Register</p> <p>Use the form below to register.</p> <hr/> <div class="done"><p>Registration successful! <a href="login.php">Click here</a> to login.</p></div><!--close done--> <div class="form"> <form id="regForm" action="reg_submit.php" method="post"> <table align="center" width="50%" cellspacing="1" cellpadding="1" border="0"> <tr> <td colspan="2" ></td> </tr> <tr> <td> <label for="username">Username:</label> </td> <td> <input onclick="this.value='';" name="username" type="text" size="25" maxlength="8" value="<?php if(isset($_POST['username'])){echo $_POST['username'];}?>"/> </td> </tr> <tr> <td> <label for="password">Password:</label> </td> <td> <input name="password" type="password" size="25" maxlength="15" /> </td> </tr> <tr> <td> <label for="email">Email:</label> </td> <td> <input onclick="this.value='';" name="email" type="text" size="25" maxlength="50" value="<?php if(isset($_POST['email'])){echo $_POST['email'];}?>"/> </td> </tr> <tr> <td><label for="phone"><label>Phone:</label></td><td><input type="text" name="phone" value="<?php if(isset($_POST['phone'])){echo $_POST['phone'];}?>"/></td> </tr> <td> </td> <td> <input type="submit" name="register" value="Register" /><img id="loading" src="images/loading.gif" alt="working.." /> </td> </tr> <tr> <td colspan="2"><div id="error"> </div></td> </tr> </table> </form> </div><!--close form--> </body> </html> REG.SUBMIT.PHP Code: [Select] <?php require_once('lib/connections/db.php'); include('lib/functions/functions.php'); $sitesettings = getSiteSettings(); $site_url = $sitesettings[0]['site_url']; //For registration // we check if everything is filled in and perform checks if(!$_POST['username']) { die(msg(0,"<p>Please enter a username.</p>")); } if(strlen($_POST['username'])<3 || strlen($_POST['username'])>15) { die(msg(0,"<p>Username must be between 3 and 15 characters.</p>")); } elseif(uniqueUser($_POST['username'])) { die(msg(0,"Username already taken.")); } elseif(!$_POST['password']) { die(msg(0,"<p>Please enter a password.</p>")); } elseif(strlen($_POST['password'])<5) { die(msg(0,"<p>Usernames must be atleast 5 characters.</p>")); } elseif(!$_POST['email']) { die(msg(0,"<p>Please enter an email address.</p>")); } /*elseif(validateEmail($_POST['email'])) { die(msg(0,"<p>Invalid email address.</p>")); }*/ elseif(uniqueEmail($_POST['email'])) { die(msg(0,"<p>Email taken. Please select another email address.</p>")); } elseif(!$_POST['phone']) { die(msg(0,"Phone numbers must be of numeric type only.")); } else { $res = addUser($_POST['username'],$_POST['password'],$_POST['email'], $_POST['phone'],$site_url); if ($res == 1){ die(msg(0,"Failed to send activation email. Please contact the site admin.")); } if ($res == 2){ die(msg(0,"There was an error registering your details. Please contact the site admin.")); } if ($res == 99){ die(msg(1,"<p>Registration successful! <a href='login.php'>Click here</a> to login.</p>")); } } function msg($status,$txt) { return '{"status":'.$status.',"txt":"'.$txt.'"}'; } ?> And the code of the function: Code: [Select] //----------Function for adding user's profile---------- function addUser($user,$pass,$email,$site_url) { $user = secureInput($user); $pass = secureInput($pass); $email = secureInput($email); $site_url = secureInput($site_url); //Encrypt password for database $salt = 's+(_a*'; $pass = md5($pass.$salt); $reg_date = date("l, M j, Y, g:i a"); $sql = "INSERT INTO users (username,password,email,active,level_access,reg_date) VALUES ('".$user."','".$pass."','".$email."',0,2,'".$reg_date."')"; $res = mysql_query($sql); if($res){ //build email to be sent $to = $email; $subject = $site_url; $subject .= ": Activate Your Account"; $message = " <html> <head> <title>Account Activation</title> </head> <body> <h3>Account Activation</h3> <p>Dear ".$user.", thank you for registering at ".$site_url.".</p> <p>Please click on the link below to activate your account:</p> <a href='".$site_url."/confirm_user_reg.php?prsn=".$user."'>http://www.".$site_url."</a>. <p>If the above link does not work, copy and paste the below URL to your browser's address bar:</p> <p><i>http://www.".$site_url."/confirm_user_reg.php?prsn=".$user."</i></p><br/> <p>If you did not initiate this request, simply disregard this email, and we're sorry for bothering you.</p> <br/><br/> <p>Sincerely,</p> <p>The ".$site_url." Team.</p> </body> </html> "; // To send HTML mail, the Content-type header must be set $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; if($mail_send = mail($email, $subject, $message, $headers)) { } return 99; return 1; } else return 2; } I know i'm wrong somewhere because when i register a user the phone number won't post on the "phone" field on database. below is the code for a registration form. It "works",I mean that the insert query is being performed, some error messages appear. the problem is, i don't understand how "root" is being automatically sent to the database as a username. when logging into phpmyadmin, the username root appears because it is on autofill. but, i don't get why it's filling the registration form with root. i don't see "root" entered on the form, but, after registering, it says "Congratulations root!". If i leave the form blank, i don't get the error message for blank username either. i've just started learning php,so i guess something might be wrong with the code. any help, please? Code: [Select] <html> <head> <link rel="stylesheet" type="text/css" href="reset.css" media="screen" /> <link rel="stylesheet" type="text/css" href="style.css" media="screen" /> <title>Register</title> </head> <body> <div id="layout_wrapper"> <div id="layout_container"> <div id="layout_content"> <div id="site_title"> <h1><a href="home.html">WEBSITE</a></h1> <h2>WEBSITE DESCRI</h2> </div> <div id="header_image"></div> <div class="clearer"> </div> </div> <div id="main"> <div class="post"> <div class="post_top"> <div class="post_title"><h2>REGISTER</h2></div> </div> <div class="post_body"> <?php $error_stat=0; $errorMsg=''; if (isset ($_POST['submit'])){ $username = $_POST['username']; $gender = preg_replace('#[^a-z]#i', '', $_POST['gender']); $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); $b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); $email1 = $_POST['email1']; $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; $email1 = stripslashes($email1); $pass1 = stripslashes($pass1); $email2 = stripslashes($email2); $pass2 = stripslashes($pass2); $email1 = strip_tags($email1); $pass1 = strip_tags($pass1); $email2 = strip_tags($email2); $pass2 = strip_tags($pass2); include_once "../scripts/connect_to_mysql.php"; $emailCHecker = mysql_real_escape_string($email1); $emailCHecker = str_replace("`", "", $emailCHecker); $sql_uname_check = mysql_query("SELECT user_name FROM tbl_user WHERE user_name='$username'"); $uname_check = mysql_num_rows($sql_uname_check); $sql_email_check = mysql_query("SELECT email FROM tbl_user WHERE email='$emailCHecker'"); $email_check = mysql_num_rows($sql_email_check); if ((!$username) || (!$gender) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$pass1) || (!$pass2)) { $error_stat=1; $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />'; if(!$username){ $errorMsg .= ' * User Name<br />'; } if(!$gender){ $errorMsg .= ' * Sex <br />'; } if(!$b_m){ $errorMsg .= ' * Birth Month<br />'; } if(!$b_d){ $errorMsg .= ' * Birth Day<br />'; } if(!$b_y){ $errorMsg .= ' * Birth year<br />'; } if(!$email1){ $errorMsg .= ' * Email Address<br />'; } if(!$pass1){ $errorMsg .= ' * Login Password<br />'; } if(!$pass2){ $errorMsg .= ' * Confirm Login Password<br />'; } } else if ($pass1 != $pass2) { $errorMsg = 'ERROR: Your Password fields below do not match<br />'; } else if (strlen($username) < 4) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />"; } else if (strlen($username) > 20) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />"; } else if ($uname_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />"; } else if ($email_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />"; } else { $email1 = mysql_real_escape_string($email1); $pass1 = mysql_real_escape_string($pass1); $full_birthday = "$b_y-$b_m-$b_d"; $sql = mysql_query("INSERT INTO tbl_user (user_name, sex, dob, date_joined,email, password) VALUES('$username','$gender','$full_birthday', now(),'$email1', '$pass1')") or die (mysql_error()); $id = mysql_insert_id(); echo "<h2>Registration Successful!</h2>"; echo "<p>Congratulations <b>$username</b>, your registration was successful. Your account has now been created with the following details:</p>"; echo "<p><b>Username:</b> $username</p>"; echo "<p><b>Password:</b> $pass1</p>"; echo "<p><b>Sex:</b> $gender</p>"; echo "<p><b>Email:</b> $email1</p>"; echo "<p><b>DOB:</b> $full_birthday</p>"; echo "<p>You may now login.</p>"; } // Close else after duplication checks } if (!isset($_POST['submit']) || $error_stat==1) { ?> <?php echo $errorMsg;?> <form method="POST" action=""> <table> <tr> <td width="114" bgcolor="#FFFFFF">User Name: *</span></td> <td width="452" bgcolor="#FFFFFF"><input name="username" type="text" id="username " size="32" maxlength="20" /> <span id="nameresponse">Alphanumeric Characters Only</span></td> </tr> <tr> <td bgcolor="#EFEFEF">Sex:*</span></td> <td bgcolor="#EFEFEF"><label> <input name="gender" type="radio" id="gender" value="m" checked="checked" />Male <input type="radio" name="gender" id="gender" value="f" />Female </label></td> </tr> <tr> <td bgcolor="#FFFFFF">Date of Birth:*</span></td> <td bgcolor="#FFFFFF"> <select name="birth_month" id="birth_month"> <option value="01">January</option> <option value="02">February</option> <option value="03">March</option> <option value="04">April</option> <option value="05">May</option> <option value="06">June</option> <option value="07">July</option> <option value="08">August</option> <option value="09">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> <select name="birth_day" id="birth_day"> <option value="01">1</option> <option value="02">2</option> <option value="03">3</option> <option value="04">4</option> <option value="05">5</option> <option value="06">6</option> <option value="07">7</option> <option value="08">8</option> <option value="09">9</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> <option value="13">13</option> <option value="14">14</option> <option value="15">15</option> <option value="16">16</option> <option value="17">17</option> <option value="18">18</option> <option value="19">19</option> <option value="20">20</option> <option value="21">21</option> <option value="22">22</option> <option value="23">23</option> <option value="24">24</option> <option value="25">25</option> <option value="26">26</option> <option value="27">27</option> <option value="28">28</option> <option value="29">29</option> <option value="30">30</option> <option value="31">31</option> </select> <select name="birth_year" id="birth_year"> <option value="2010">2010</option> <option value="2009">2009</option> <option value="2008">2008</option> <option value="2007">2007</option> <option value="2006">2006</option> <option value="2005">2005</option> <option value="2004">2004</option> <option value="2003">2003</option> <option value="2002">2002</option> <option value="2001">2001</option> <option value="2000">2000</option> <option value="1999">1999</option> <option value="1998">1998</option> <option value="1997">1997</option> <option value="1996">1996</option> <option value="1995">1995</option> <option value="1994">1994</option> <option value="1993">1993</option> <option value="1992">1992</option> <option value="1991">1991</option> <option value="1990">1990</option> <option value="1989">1989</option> <option value="1988">1988</option> <option value="1987">1987</option> <option value="1986">1986</option> <option value="1985">1985</option> <option value="1984">1984</option> <option value="1983">1983</option> <option value="1982">1982</option> <option value="1981">1981</option> <option value="1980">1980</option> <option value="1979">1979</option> <option value="1978">1978</option> <option value="1977">1977</option> <option value="1976">1976</option> <option value="1975">1975</option> <option value="1974">1974</option> <option value="1973">1973</option> <option value="1972">1972</option> <option value="1971">1971</option> <option value="1970">1970</option> <option value="1969">1969</option> <option value="1968">1968</option> <option value="1967">1967</option> <option value="1966">1966</option> <option value="1965">1965</option> <option value="1964">1964</option> <option value="1963">1963</option> <option value="1962">1962</option> <option value="1961">1961</option> <option value="1960">1960</option> <option value="1959">1959</option> <option value="1958">1958</option> <option value="1957">1957</option> <option value="1956">1956</option> <option value="1955">1955</option> <option value="1954">1954</option> <option value="1953">1953</option> <option value="1952">1952</option> <option value="1951">1951</option> <option value="1950">1950</option> <option value="1949">1949</option> <option value="1948">1948</option> <option value="1947">1947</option> <option value="1946">1946</option> <option value="1945">1945</option> <option value="1944">1944</option> <option value="1943">1943</option> <option value="1942">1942</option> <option value="1941">1941</option> <option value="1940">1940</option> <option value="1939">1939</option> <option value="1938">1938</option> <option value="1937">1937</option> <option value="1936">1936</option> <option value="1935">1935</option> <option value="1934">1934</option> <option value="1933">1933</option> <option value="1932">1932</option> <option value="1931">1931</option> <option value="1930">1930</option> <option value="1929">1929</option> <option value="1928">1928</option> <option value="1927">1927</option> <option value="1926">1926</option> <option value="1925">1925</option> <option value="1924">1924</option> <option value="1923">1923</option> <option value="1922">1922</option> <option value="1921">1921</option> <option value="1920">1920</option> <option value="1919">1919</option> <option value="1918">1918</option> <option value="1917">1917</option> <option value="1916">1916</option> <option value="1915">1915</option> <option value="1914">1914</option> <option value="1913">1913</option> <option value="1912">1912</option> <option value="1911">1911</option> <option value="1910">1910</option> <option value="1909">1909</option> <option value="1908">1908</option> <option value="1907">1907</option> <option value="1906">1906</option> <option value="1905">1905</option> <option value="1904">1904</option> <option value="1903">1903</option> <option value="1902">1902</option> <option value="1901">1901</option> <option value="1900">1900</option> </select> </td> </tr> <tr> <td bgcolor="#EFEFEF">Email Address:*</span></td> <td bgcolor="#EFEFEF"><input name="email1" type="text" id="email1" size="32" maxlength="48" /></td> </tr> <tr> <td bgcolor="#FFFFFF">Create Password:*</span></td> <td bgcolor="#FFFFFF"><input name="pass1" type="password" id="pass1" size="32" maxlength="16" /> <span>Alphanumeric Characters Only</span></td> </tr> <tr> <td bgcolor="#EFEFEF">Confirm Password: *</span></td> <td bgcolor="#EFEFEF"><input name="pass2" type="password" id="pass2" size="32" maxlength="16" /> <span>Alphanumeric Characters Only</span></td> </tr> <tr> <td><input type="submit" name="submit" value="Sign Up!" /></td> </tr> </table> </form> <?php } ?> </div> <div id="footer"> <div class="left">© 2011</div> <div class="right"><a href="#">....</a><a href="#">....</a></div> <div class="clearer"> </div> </div> </div> </div> </div> </body> </html> Hello, I am currently coding a site from scratch. I know i can use templates and everything else but i want the experience. The HTML I've had down for years but it seems PHP is getting a little elusive for me. I'm trying to create a registration form and when i test my site i keep getting parse errors and syntax errors... mainly regarding the use of {} and if/else. Any help would be appreciated. Most of the code is still incomplete, I have to go back and fill in some areas I've left blank for now, but i have commented using // Where the browser is kicking back my errors.
- “Any sufficiently advanced technology is indistinguishable from magic” (Arthur C. Clark, 1962)
<?php
$con = Mysqli_connect("'', '', ''");
if (Mysqli_connect_errno()) {
echo "Failed to connect to DB. Please check your connection info." . Mysqli_connect_errno;
// Only if there is an error.
}
//Declaring Variable for Registration form
$fname = "";
$lname = "";
$em = "";
$emc = "";
$pass = "";
$passc = "";
$date = "";
$error_array = "";
if (insert($_POST['register_button'])) {
// To handle the registration form
// First Name Values
$fname = strip_tags($_POST['reg_fname']);
$fname = str_replace(' ', '', $fname);
$fname = ucfirst(strtolower($fname));
// Last Name Values
$lname = strip_tags($_POST['reg_lname']);
$lname = str_replace(' ', '', $lname);
$lname = ucfirst(strtolower($lname));
// Registration Email Values
$em = strip_tags($_POST['reg_email']);
$em = str_replace(' ', '', $em);
// Confirm Registration Email Values
$emc = strip_tags($_POST['reg_emailc']);
$emc = str_replace(' ', '', $emc);
// Registrsation Password Values
$pass = strip_tags($_POST['reg_pass']);
// Registration Password Confirmation Values
$passc = strip_tags($_POST['reg_passc']);
// Registration Date Values
$date = date("m-d-Y");
// Here is where the browser keeps kicking back parse errors
if ($em == $emc) {
}
else {
echo "Email and Confirmation Email must match";
}
if (filter_var($em, FILTER_VALIDATE_EMAIL)) {
$em = filter_var($em, FILTER_VALIDATE_EMAIL)
}
else {
echo "Invlaid Format";
}
?>
Hello,
I hope it's ok to ask this question here. I have a registration script, but I'm not sure how to handle it efficiently and I have some questions about it. This is used in the page 'signup.php'. The class is called 'User'. I haven't noticed any errors or bugs. It would be very useful for me to be aware of my mistakes.
public function regUser($uname,$upass,$upassverify)
{
$new_password = password_hash($upass, PASSWORD_DEFAULT);
if(!password_verify($upassverify, $new_password)) {
// passwords are not the same (I thought it would be better to do this after hashing, but maybe it doesn't matter or it's worse. I'm not sure about it)
$info = 'pass_err';
}
$stmt1 = $this->db->prepare("SELECT * FROM users WHERE username=:uname");
$stmt1->execute(array(':uname'=>$uname));
if($stmt1->rowCount() > 0) {
// this username has already been used
$info = 'user_err';
}
if (!$info) {
$stmt2 = $this->db->prepare("INSERT INTO users(username,password)
VALUES(:uname, :upass)");
$stmt2->bindparam(":uname", $uname);
$stmt2->bindparam(":upass", $new_password);
$stmt2->execute();
// succesfully made an account
$info = "success";
}
header("Location:/signup.php?status=".$info);
exit();
}
Am I using the prepared statements as how I should be using them?
Is this a safe way of handling my data or do you see vulnerabilities?
I'm using PRG to prevent resubmission but I want to show a 'everything is fine' or 'oh no, something went wrong' to the one who is signinup. If I now go to signup.php?status=success, i see 'eveything is fine', without actually signing up, is there a better way to do this or can I somehow prevent everyone being able to see this?
As you might have noticed in my last post, my English is not very good, sorry about that. Thanks, Fabian Edited September 17, 2019 by FabelHi experts,I have the following problem.I have a file login.php which is used to allow users to log in.When the form is submitted it is redirected to checkuserlogin.php.If the credentials are right he is redirected to main.php.But in main.php if the user clicks back browser button,he is redirected to login.php and in login.php if he presses forward button,he is redirected to main.php.Can any one tell he how to make sure the application is not redirected to main.php when user presses forward button and how to make sure the application is not redirected to login.php when user presses back button.
In my login form I'm getting the error Code: [Select] Notice: Use of undefined constant Errors - assumed 'Errors' in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 91 Warning: Cannot modify header information - headers already sent by (output started at /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php:91) in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 91 Warning: Cannot modify header information - headers already sent by (output started at /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php:91) in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 92 //if the name exists it gives an error if ($check2 != 0) { //Line 85 $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Sorry, the username is already in use."; $error .="</span>"; setcookie(Errors, $error, time()+20); //Line 91 header('Location: /YBK/'); //Line 92 exit; } i just discovered a hole in my scripts relating to access . 1. have a simple login form 2. based on the type of user , he is directed to a page for his options . 3. I now realise that altho each page therefter checks for sessions of the user , he can easily change the url to that of another user and there is no way to prevent it. 4. How can i make sure that each time a page is accessed it is only by the user whom it is meant for. Relevant code snippets below . Thanks ! Swati login.php --------- <?php //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); //Process this if statement only if form was submitted if($_POST['submit']){ session_start(); $username=$_POST['username']; $password=$_POST['password']; include ("link.php"); // contains db info //Test for login success $sql = "SELECT * FROM Users WHERE Username='$username' AND Password = '$password'"; $result = mysql_query($sql); if ($myrow = mysql_fetch_assoc($result)){ // echo $sql; $login_success = 'Yes'; $userid = $myrow["Userid"]; $usertype = $myrow["UTID"]; $status = "On"; $url = $PHP_SELF."?".$_SERVER['QUERY_STRING'];; $logout = 'logout.php'; $_SESSION['id']=session_id(); $_SESSION['userid']=$userid; $_SESSION['usertype']=$usertype; $sql2= "insert into Log (Sessionid,Userid,IP,Date,File, Status) values('$_SESSION[id]','$userid','$ip','$tm', '$url', '$status')"; $result2 = mysql_query($sql2) or die ('no access to database: ' . mysql_error()); // echo mysql_error(); } } } ?> Each subsequent page has this header ============================== <? header("Cache-Control: public"); include ("log.php"); //db info for DB along with session start if(!isset($_SESSION['userid'])){ echo "<center><font face='Calibri' size='2' color=red>Sorry, Please login and use this page </font></center>"; exit;} ?> The url of each page : Code: [Select] www.abc.com/example/type1.php?Userid=USER1ID and such a user can easily change the url to Code: [Select] www.abc.com/example/type2.php?Userid=USER1ID and access all the options of type2.php |
|||||||