PHP - Issue With Php Login & Registration Form Without Using A Database

In my login form I'm getting the error
Code: [Select]
Notice: Use of undefined constant Errors - assumed 'Errors' in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 91

Warning: Cannot modify header information - headers already sent by (output started at /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php:91) in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 91

Warning: Cannot modify header information - headers already sent by (output started at /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php:91) in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 92



 //if the name exists it gives an error
 if ($check2 != 0) {  //Line 85
  $error="<span style=";
$error .="color:red";
$error .=">";
  $error .= "Sorry, the username is already in use.";
  $error .="</span>";
  setcookie(Errors, $error, time()+20);  //Line 91
header('Location: /YBK/');   //Line 92
exit;
  }

Can anyone explain how i can create a registration and login page using PHP that doesnt use databases, sessions, or cookies? 

Is there a tutorial someone can point me to or could anyone tell me the method.     Thanks first time php coder

Hi All,

I have currently been working on a login/registration system for a university project and I am now struggling with the login section. The problem is with one particular function and an if statement. The function checks to see if the username and password entered matches the username and password in the database but each time I get it echoing username/password incorrect.

the function is
Code: [Select]
function valid_credentials($user, $pass)
{
$user = mysql_real_escape_string($user);
$pass = sha1($pass);

$total = mysql_query("SELECT COUNT(`user_username`) FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'");

return (mysql_result($total, 0) == '1') ? true : false;
}
and the statement is
Code: [Select]
if (valid_credentials($_POST['username'], $_POST['password']) == false)
{
$errors = 'Username/Password incorrect.';
}
Any help would be greatly appreciated as this has been bugging me for the past 5 days :/

I'm trying to make a simple but secure login/user registration for this site I'm building. I'm new to php, so I followed some tutorials from www.newthinktank.com.

http://www.newthinktank.com/2011/01/php-security-pt-2/
http://www.newthinktank.com/2011/01/php-security-pt-4-set-up-captcha//
http://www.newthinktank.com/2011/01/web-design-and-programming-pt-21-secure-login-script/

But I'm having a couple of problems. On the registration.php file, whenever I type in wrong information, the validation error messages don't display and also whenever I click the submit button, the form doesn't do anything. It doesn't insert information into my database. It just shows the empty form. On my login.php file, again the validation errors don't display and I can't tell if I'm logged in or not. The form redirects to my index page, but the user box that shows the different menus depending on whether or not someone is logged in stays in guest mode. I don't get any php error messages on either file. Here's my code:

register.php file:
Code: [Select]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled</title>
<link href="_css/page_layout.css" rel="stylesheet" type="text/css" />
<link href="_css/page_text.css" rel="stylesheet" type="text/css" />
<link href="_css/sidebarLeft.css" rel="stylesheet" type="text/css" />
</head>

<body>
<div id="wrapper">
<?php include('_includes/template/header.php'); ?>
<?php include('_includes/template/nav.php'); ?>
<?php include('_includes/template/sidebar_left.php'); ?>
    <div id="mainContent">
    <div class="content">
<?php
require_once('_includes/connectvars.php');

if (isset($_POST['submitted'])) {
if (preg_match ('%^[A-Za-z\.\' \-]{2,20}$%', stripslashes(trim($_POST['first_name'])))) {
$firstname = escape_data($_POST['first_name']);
} else {
$firstname = FALSE;
echo '<p><font color="red" size="+1&#8243;>Please enter a valid first name!</font></p>';
}
if (preg_match ('%^[A-Za-z\.\' \-]{2,40}$%', stripslashes(trim($_POST['last_name'])))) {
$lastname = escape_data($_POST['last_name']);
} else {
$lastname = FALSE;
echo '<p><font color="red" size="+1&#8243;>Please enter a valid last name!</font></p>';
}
if (preg_match ('%^(0?[1-9]|[12][0-9]|3[01])[-/. ](0?[1-9]|1[0-2])[-/.](19|20)\d{2}$%', stripslashes(trim($_POST['birth_date'])))) {
$birthdate = escape_data($_POST['birth_date']);
} else {
$birthdate = FALSE;
echo '<p><font color="red" size="+1&#8243;>Please enter a valid date of birth!</font></p>';
}
$gender = escape_data($_POST['gender']);
if (preg_match ('%^[0-9]{5}$%', stripslashes(trim($_POST['zip_code'])))) {
$zipcode = escape_data($_POST['zip_code']);
} else {
$zipcode = FALSE;
echo '<p><font color="red" size="+1&#8243;>Please enter a valid 5 digit zip code!</font></p>';
}
if (preg_match ('%^[A-Za-z0-9._\%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$%', stripslashes(trim($_POST['email'])))) {
$email = escape_data($_POST['email']);
} else {
$email = FALSE;
echo '<p><font color="red" size="+1&#8243;>Please enter a valid email address!</font></p>';
}
if (preg_match ('%^[a-z\d_]{2,20}$%', stripslashes(trim($_POST['username'])))) {
$username = escape_data($_POST['username']);
} else {
$username = FALSE;
echo '<p><font color="red" size="+1&#8243;>Please enter a valid username!</font></p>';
}
if (preg_match ('%\A(?=[-_a-zA-Z0-9]*?[A-Z])(?=[-_a-zA-Z0-9]*?[a-z])(?=[-_a-zA-Z0-9]*?[0-9])\S{6,}\z%', stripslashes(trim($_POST['password1'])))) {
if (($_POST['password1'] == $_POST['password2']) && ($_POST['password1'] != $_POST['username'])) {
$password = escape_data($_POST['password1']);
} elseif ($_POST['password1'] == $_POST['username']) {
$password = FALSE;
echo '<p><font color="red" size="+1&#8243;>Your password cannot be the same as the username!</font></p>';
} else {
$password = FALSE;
echo '<p><font color="red" size="+1&#8243;>Your password did not match the confirmed password!</font></p>';
}
} else {
$password = FALSE;
echo '<p><font color="red" size="+1&#8243;>Please enter a valid password!</font></p>';
}
$captchchk = 1;
require_once('_includes/recaptchalib.php');
$privatekey = "My private key goes here...i know";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
echo '<p><font color="red" size="+1&#8243;>The CAPTCHA Code wasn\'t entered correctly!
</font></p>';
$captchchk = 0;
}
if ($firstname && $lastname && $birthdate && $gender && $zipcode && $email && $username && $password) {
$query = "SELECT user_id FROM users WHERE username='$username'";

$result = mysql_query($query) or trigger_error("Sorry, that username is taken");

if(mysql_num_rows($result) == 0) {
$a = md5(uniqid(rand(), true));
$query = "INSERT INTO users(zip_code, username, first_name, password, activation_code, join_date, last_name, gender, birth_date, email) VALUES ('$zipcode', '$username', '$firstname', SHA('$password'), '$a', NOW(), '$lastname', '$gender', '$birthdate', '$email')";

$result = mysql_query($query) or trigger_error("Sorry an error happened");

if(mysql_affected_rows() == 1) {
$body = "Thanks for registering. Activate account by clicking this link: <br />";

$body .= "http://localhost/activate.php?x=" . mysql_insert_id() . "&y=$activationcode";

mail($email, 'Registration Confirmation', '$body', 'From: admin@mysite.com');
echo '<br /><br /><h1>Thank you for registering! A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</h1>';
}
exit();
} else {
echo '<p><font color="red" size="+1&#8243;>You could not be registered due to a system error. We apologize for any inconvenience.</font></p>';
}
} else {
echo '<p><font color="red" size="+1&#8243;>That email address has already been registered. If you have forgotten your password, use the link to have your password sent to you.</font></p>';
}
mysql_close();
}
?>
    <h1>Register</h1>
    <br />
    <p>Please fill out the form below. All fields required.</p>
    <br />
<center><form action="register.php" method="POST" id="regform">
        <table width="550" border="0">
  <tr>
    <td width="200"><p>First Name:</p></td>
    <td width="200"><label for="first_name"></label>
      <input name="first_name" type="text" id="first_name" maxlength="20" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>"/></td>
    <td width="200">&nbsp;</td>
  </tr>
  <tr>
    <td><p>Last Name:</p></td>
    <td><label for="last_name"></label>
      <input name="last_name" type="text" id="last_name" maxlength="45" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>"/></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td><p>Birthdate:</p></td>
    <td><label for="birth_date"></label>
      <input name="birth_date" type="text" id="birth_date" maxlength="10" value="<?php if (isset($_POST['birth_date'])) echo $_POST['birth_date']; ?>"/></td>
    <td><p>(Format: MM/DD/YYYY)</p></td>
  </tr>
  <tr>
    <td><p>Gender</p></td>
    <td><p>
      <label>
        <input type="radio" name="gender" value="F" id="gender_0" />
        F
      </label>
      <label>
        <input type="radio" name="gender" value="M" id="gender_1" />
        M
       </label>
       <input name="gender" type="hidden" value="" />
      <br />
    </p></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td><p>Zip Code</p></td>
    <td><label for="zip_code"></label>
      <input name="zip_code" type="text" id="zip_code" maxlength="5" value="<?php if (isset($_POST['zip_code'])) echo $_POST['zip_code']; ?>"/></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td><p>Email:</p></td>
    <td><label for="email"></label>
      <input name="email" type="text" id="email" maxlength="255" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td><p>Username:</p></td>
    <td><label for="username"></label>
      <input name="username" type="text" id="username" maxlength="60" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>"/></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td><p>Choose New Password:</p></td>
    <td><label for="password1"></label>
      <input name="password1" type="password" id="password1" maxlength="40" /></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td><p>Confirm New Password:</p></td>
    <td><label for="password2"></label>
      <input name="password2" type="password" id="password2" maxlength="40" /></td>
    <td>&nbsp;</td>
  </tr>
</table>
</br>
<?php
require_once('_includes/recaptchalib.php');
$publickey = "my public key goes here...i know"; // you got this from the signup page
echo recaptcha_get_html($publickey);
?>
<br />
         <input type="submit" name="submit_signup" id="submit_signup" value="Sign Up" />
         <input type="hidden" name="submitted" value="TRUE" />
  </form></center>
        <br />
        <br />
         </div>
    </div>
<?php include('_includes/template/sidebar_right.php'); ?>
<?php include('_includes/template/footer.php'); ?>
</div>
</body>
</html>

login.php file:
Code: [Select]
<?php
session_start();
require_once('_includes/connectvars.php');
?>
<?php
if (isset($_POST['submitLogin'])) {
if (preg_match ('%^[A-Za-z0-9]\S{6,20}$%', stripslashes(trim($_POST['username'])))) {
$username = escape_data($_POST['username']); 
} else {
$username = FALSE;
echo '<p><font color="red" size="+1&#8243;>Please enter a valid username!</font></p>';
}
if (preg_match ('%^[A-Za-z0-9]\S{6,20}$%', stripslashes(trim($_POST['password'])))) {
$password = escape_data($_POST['password']); 
} else {
$password = FALSE;
echo '<p><font color="red" size="+1&#8243;>Please enter a valid password!</font></p>';
}
if ($username && $password) {
$query = "SELECT user_id, level_access, username, password, join_date, first_name, last_name, birth_date, gender, zip_code, email, activation_code FROM users WHERE username='$username' AND password=SHA('$password')";
$result = mysql_query ($query) or trigger_error("Either the Username or Password are incorrect");
if (mysql_affected_rows() == 1) {
$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
$_SESSION['first_name'] = $row[5];
$_SESSION['username'] = $row[2];

$tokenId = rand(10000, 9999999);
$query2 = "update users set tokenid = $tokenId where username = '$_SESSION[username]'";
$result2 = mysql_query ($query2);
$_SESSION['token_id'] = $tokenId;

session_regenerate_id();

header("Location: http://localhost/mysite/index.php");
mysql_close();
exit();
}
} else {
echo '<br><br><p><font color="red" size="+1&#8243;>Either the Username or Password are incorrect</font></p>';
mysql_close();
exit();
}
echo '<br><br><p><font color="red" size="+1&#8243;>Either the Userid or Password are incorrect</font></p>';
mysql_close();
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled</title>
<link href="_css/page_layout.css" rel="stylesheet" type="text/css" />
<link href="_css/page_text.css" rel="stylesheet" type="text/css" />
<link href="_css/sidebarLeft.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<?php include('_includes/template/header.php'); ?>
<?php include('_includes/template/nav.php'); ?>
<?php include('_includes/template/sidebar_left.php'); ?>
    <div id="mainContent">
    <div class="content">
      <h1>Login</h1>
            <form action="login.php" method="post" name="login" id="login">
            <table width="200" border="0">
            <tr>
            <td><p>Username:</p></td>
            <td><label for="username"></label>
            <input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>"/></td>
            </tr>
            <tr>
            <td><p>Password:</p></td>
            <td><label for="password"></label>
            <input type="password" name="password" id="password" /></td>
            </tr>
            </table>
            <br />
            <p>
            <label>
            <input type="radio" name="remember_me" value="radio" id="remember_me_0" />
            Keep me logged in
      </label>
      <br />
    </p>
    <br />
    <input type="submit" name="submitLogin" value="Login" />
            <input type="hidden" name="submitted" value="TRUE" />
      </form>
    <br />
    <p>Not a member? <a href="register.php">Create an account!</a></p>
    <br />
    <p>Forgot password?</p>
        </div>
    </div>
<?php include('_includes/template/sidebar_right.php'); ?>
<?php include('_includes/template/footer.php'); ?>
</div>
</body>
</html>

Here's the code that shows the different menus depending on if someone is logged in or not.
Code: [Select]
    <div class="login">
<?php
echo '<p>';
echo 'Welcome ';
if (isset($_SESSION['first_name'])) {
echo " {$_SESSION['first_name']}!</br></br>";
} else { 
echo 'Guest!';
}
if (isset($_SESSION['username']) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) 
{
echo '<a href="add_event.php">Add an Event</a></br>
<a href="my_profile.php">My Profile</a></br>
<a href="logout.php"><p>Logout</a></br>';
} else {
echo '</br>  
<a href="register.php">Register</a></br> 
<a href="login.php">Login</a></br>';
}
echo'</p>';
?>
    </div>

Notice: Undefined index: user in /var/www/localhost/htdocs/index.php on line 43 echo $_POST['user'] Doesn't do the showing of variable. Code parts aren't linked. $_SESSION works but $_POST doesn't - and it's all in the same file. I need good, free operations with $_POST I'm novice, though very forgetful, I don't ask advice on how to separate files again, I just do it or do not. When "do not" I suffer, from misunderstanding of the $_POST mechanics. So when separate I don't understand login at all. $_SESSION['l'] I need to operate in game loc position. When all login is together i could be more free to look at code parts.

<!DOCTYPE html>
<html>
<h1>Register</h1>
<form method="POST">
  <input type="text" name="user"><br /><br />
  <input type="pass" name="pass"><br /><br />
  <input type="submit"><br />
</form>
<?php
session_start();
  if(isset($_POST['user'], $_POST['pass'])){
  require 'connect.php';
  $zr++;
  $query = d()->prepare("INSERT INTO u (user, pass, loc) VALUES (:user, :pass, :loc)");
  $query->bindParam(':user', $_POST['user']);
  $query->bindParam(':pass', $_POST['pass']);
  $query->bindParam(':loc', $zr);
  if($query->execute()){
  $_SESSION['user'] = $row['user'];
  $_SESSION['pass'] = $row['pass'];
  header("Location: ".$_SERVER['PHP_SELF']);
  } else{
  echo 'ERROR';
  }
  }
?>
<h1>Login</h1>
<form method="POST">
  <input type="text" name="user"><br /><br />
  <input type="pass" name="pass"><br /><br />
  <input type="submit"><br />
</form>
<?php
echo $_POST['user'];
  if(isset($_POST['user'], $_POST['pass'])){
  require 'connect.php';
  $query = d()->prepare("SELECT user, pass FROM u WHERE user=:user AND pass=:pass");
  $query->bindParam(':user', $_POST['user']);
  $query->bindParam(':pass', $_POST['pass']);
  $query->execute();
  if($row = $query->fetch()){
  $_SESSION['user'] = $row['user'];
  $_SESSION['pass'] = $row['pass'];
  header("Location: ".$_SERVER['PHP_SELF']);
  }
  }
$us=$_SESSION['user'];
echo 'user ',$us;
?>
<?php
if(isset($_SESSION['user'])){
$us=$_SESSION['user'];
echo '<br /> user ',$us, ' ', '<a href="logout.php">Logout</a>';
echo '<br />', '<a href="zrs.php">zero session</a>';
}
?>
</html>

Edited by xcislav, 27 November 2014 - 05:46 AM.

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=351535.0

I have a user registration page that requires the user to input a Username, Password, Confirm Password, Email. If the user passes all the validation requirements for the new account, I then need to have the username, password, email fields saved to a file called 'login.dat' Here is my code that I have so far, it runs perfectly.

<?php
include 'helpfulfunctions.inc';
include 'productsdata.inc';
$user_login_file = 'login.dat';
//var_dump($_POST);
// product data for photo, name, and price.


$alluserinfo = load_users_info($user_login_file);
//validate users info
$errors = array();
if (array_key_exists('register_submit', $_POST)) {

    //check to see if username is taken
    $username_entered = $_POST['username'];
    //check to see if username already exists
    if (array_key_exists($username_entered, $alluserinfo)) {
        $errors['username']['username_exists'] = "Username already exists.";
    }
    //validate username is 4-11 characters long using only a-z A-Z 0-9
    if(preg_match("/^[0-9a-zA-z]{4,11}$/",$_POST['username']) ===0){
        $errors['username']['invalid_username']= "Invalid username. Username must be 4-11 characters long and use only letters and numbers.";
    }
    //validate password "." means any character
    //.* allows numbers 0-9 to be inserted anywhere
    //?= positive lookahead: next text must be like this and follow these rules
    // must be at least 6 characters, contain 0-9, a-z, A-Z
    $pw_entered=$_POST['password'];
    if(preg_match("/^.*(?=.{6,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["password"]) === 0){
        $errors['password']['invalid_password']="Password must be at least 6 characters and must contain at least one lower case letter, one upper case letter and one digit.";
    }
    //validate that "confirm password" matches password above
    $pw_repeat=$_POST['confirmpassword'];
    if($pw_repeat != $pw_entered){
        $errors['confirmpassword']['pw_no_match']="Passwords do not match. Try again.";
    }
    //validate email format
    $email_entered=($_POST['email']);
    if(!filter_var($email_entered, FILTER_VALIDATE_EMAIL)){
        $errors['email']['invalid_email']="Not a valid email. Please try again.";
    }
//no validation errors=>print invoice
    if (empty($errors)) {
        include 'invoice.inc';
        exit;
    }
}
//reprint if invalid entry. if no errors print invoice
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
    <h3>Please register to continue.</h3>
    <table>
        <tr>
            <td>
    *Username: 
            </td>
            <td>
    <input type="text" name="username"/>                
    <?php
    if (isset($errors['username'])) {
        print implode('<br>', $errors['username']);
    }
    ?>
            </td>
        </tr>
        <tr>
            <td>
    *Password:
            </td>
            <td>
    <input type="password" name="password"/>
    <?php
    if (isset($errors['password'])) {
        print implode('<br>', $errors['password']);
    }
    ?>
            </td>
        </tr>
        <tr>
            <td>
    *Confirm Password: 
            </td>
            <td>
    <input type="password" name="confirmpassword"/>
    <?php
    if (isset($errors['confirmpassword'])) {
        print implode('<br>', $errors['confirmpassword']);
    }
    ?>
            </td>
        </tr>
        <tr>
            <td>
    *Email: 
            </td>
            <td>
    <input type="text" name="email"/>
    <?php
    if (isset($errors['email'])) {
        print implode('<br>', $errors['email']);
    }
    ?>
            </td>
        </tr>
        <tr>
            <td>
    * required info <br>
    <input type="submit" value="Register" name="register_submit">
    <?php
    //print out hiddens with quantities
    save_hidden_qty($_POST['quantity']);
    ?>   
           
    
</form>
 </td>
        </tr>
</table>

In case it's needed, this is the 'helpfulfunctions.inc' file and the included functions:

<?php

if (!function_exists('load_users_info')) {

 function load_users_info($users_data_file) {
        $fp = fopen($users_data_file, 'r');
//read all lines of login.dat file and create user info arrays
        while (!feof($fp)) {
            $users_info_line = fgets($fp);
            $user_info_parts = explode(',', $users_info_line);
            $user_info_array = array('username' => $user_info_parts[0], 'password' => $user_info_parts[1], 'email' => $user_info_parts[2]);
            $complete_user_info_array[$user_info_array['username']] = $user_info_array;
        }

        fclose($fp);
        return $complete_user_info_array;
    }

}

// function to display products
if (!function_exists('display_products')) {

    function display_products($products_to_display, $quantities = array()) {
        global $errors;
        ?>
        <table border="1">
            <tbody>
                <tr>
                    <td style="text-align: center;"><b><big>Product</big></b></td>
                    <td style="text-align: center;"><b><big>Brand</big></b></td>
                    <td style="text-align: center;"><b><big>Price(each)</big></b></td>
                    <td style="text-align: center;"><b><big>Quantity Desired</big></b></td>
                </tr>
                <?php

                // quantities are 0 unless already inputted, if quantities previously were inputted, return the values. 
                // input boxes
                for ($i = 0; $i < count($products_to_display); $i++) {
                    if (empty($quantities)) {
                        $qty = isset($_POST['quantity'][$i]) ? $_POST['quantity'][$i] : 0;
                        $qty_str = "<input type=text size=3 maxlength=3 name='quantity[$i]' value='$qty'>";
                        if (isset($errors['quantity'][$i])) {
                            $qty_str .= "<span style='font-style:italic;font-size:8px;color:red;'>{$errors['quantity'][$i]}</span>";
                        }
                    } else {
                        $qty_str = $quantities[$i];
                    }
                    // loop to print out table of photo of board, name of the brand, price, and quantity selected
                    printf('
                <tr>
                    <td><img alt="Small" id="lightboxImage"
                             style="width: 119px; height: 88px; bgcolor="#cccccc;"
                             src="http://imgur.com/%s"
                             height="300" width="300"></td>
                    <td style="text-align: center;">%s</td> 
                    <td style="text-align: center;">$%.2f</td>
                    <td style="text-align: center;">' . $qty_str . '</td>
                </tr>
                        ', $products_to_display[$i]['item'], $products_to_display[$i]['board'], $products_to_display[$i]['price']);
                }
                ?>
                <tr><td colspan="4" style="text-align: right; border: none">
                        <input type="submit" value="Purchase"></td></tr>

            </tbody>
        </table>
    <?php

    }

}

if (!function_exists('save_hidden_qty')) {
    function save_hidden_qty($the_quantities){
        foreach ($the_quantities as $key=>$value){
            print "<input type='hidden' name='quantity[$key]' value='$value'>\n";
        }
    }
}

?> 

Can anyone help me out?

I am trying to set up a item entry page form.png:

Upon submission it shows unsuccessful even though I have checked the fields on mysql table and seem to be good am I missing something?

Code: [Select]
<form action="" method="post" enctype="multipart/form-data" name="Product_Entry">
<TABLE>
<TR>
<TD>Product ID</TD><TD><input name="SKU_ProductID" value="<?php if (isset($_post['SKU_ProductID'])) echo $_POST['SKU_ProductID']; ?>" type="text" size="11" maxlength="11" /></TD>
</TR>
<TR>
<TD>Merchant SKU ID</TD><TD><input name="SKU_MerchSKUID" value="<?php if (isset($_post['SKU_MerchSKUID'])) echo $_POST['SKU_MerchSKUID']; ?>" type="text" size="18" maxlength="30" /></TD>
</TR>
<TR>
<TD>Game Title</TD><TD><input name="Game_Title" value="<?php if (isset($_post['Game_Title'])) echo $_POST['Game_Title']; ?>" type="text" size="40" maxlength="40" /></TD>
</TR>
<TR>
<TD>Platform</TD><TD><input name="Platform" value="<?php if (isset($_post['Platform'])) echo $_POST['Platform']; ?>" type="text" size="20" maxlength="20" /></TD>
</TR>
<TR>
<TD>Genre</TD><TD><input name="Genre" value="<?php if (isset($_post['Genre'])) echo $_POST['Genre']; ?>" type="text" size="11" maxlength="11" /></TD>
</TR>
<TR>
<TD>Weight</TD><TD><input name="Weight" value="<?php if (isset($_post['Weight'])) echo $_POST['Weight']; ?>" type="text" size="7" maxlength="7" /></TD>
</TR>
<TR>
<TD>Supplier</TD><TD><input name="Supplier" Value="<?php if (isset($_post['Supplier'])) echo $_POST['Supplier']; ?>" type="text" size="25" maxlength="25" /></TD>
</TR>
<TR>
<TD>Suppliers Price</TD><TD><input name="Supplier_Price" value="<?php if (isset($_post['Supplier_Price'])) echo $_POST['Supplier_Price']; ?>" type="text" size="10" maxlength="12" /></TD>
</TR>
<TR>
<TD>Cashback</TD><TD><input name="Cashback" value="<?php if (isset($_post['Cashback'])) echo $_POST['Cashback']; ?>" type="text" size="6" maxlength="8" /></TD>
</TR>
<TR>
<TD>Cashback Amount</TD><TD><input name="Cashback_Amount" value="<?php if (isset($_post['Cashback_Amount'])) echo $_POST['Cashback_Amount']; ?>" type="text" size="7" maxlength="11" /></TD>
</TR>
<TR>
<TD><input type="hidden" name="submitted" value="true"/></TD><TD><input name="Submit" type="submit" value="Add_Product" /></TD>
</TR></form></TABLE>

<?php # Product Entry

$page_title = 'Product Entry';

if (isset($_POST['Submit'])) {

$errors = array();

if (empty($_POST['SKU_ProductID'])) {
$errors[] = 'Please enter Product ID.';
} else {
$sid = trim($_POST['SKU_ProductID']);
}

if (empty($_POST['SKU_MerchSKUID'])) {
$errors[] = 'Please enter Merchant SKU.';
} else {
$mid = trim($_POST['SKU_MerchSKUID']);
}

if (empty($_POST['Game_Title'])) {
$errors[] = 'Please enter Game Title.';
} else {
$gt = trim($_POST['Game_Title']);
}

if (empty($_POST['Platform'])) {
$errors[] = 'Please enter Platform.';
} else {
$pl = trim($_POST['Platform']);
}

if (empty($_POST['Genre'])) {
$errors[] = 'Please enter Genre.';
} else {
$ge = trim($_POST['Genre']);
}

if (empty($_POST['Weight'])) {
$errors[] = 'Please enter Weight.';
} else {
$we = trim($_POST['Weight']);
}

if (empty($_POST['Supplier'])) {
$errors[] = 'Please enter Supplier.';
} else {
$sup = trim($_POST['Supplier']);
}

if (empty($_POST['Supplier_Price'])) {
$errors[] = 'Please enter Supplier Price.';
} else {
$sp = trim($_POST['Supplier_Price']);
}

if (empty($_POST['Cashback'])) {
$errors[] = 'Please enter Cashback %.';
} else {
$cb = trim($_POST['Cashback']);
}

if (empty($_POST['Cashback_Amount'])) {
$errors[] = 'Please enter Cashback Amount.';
} else {
$cba = trim($_POST['Cashback_Amount']);
}

if (empty($errors)) {

require_once ('connect.php');

[b]$q = "INSERT INTO `Products` (`SKU_ProductID`, `SKU_MerchSKUID`, `Game_Title`, `Platform`, `Genre`, `Weight`, `Supplier`, `Supplier_Price`, `Cashback`, `Cashback_Amount`) VALUES ('$sid', '$mid', '$gt', '$pl', '$ge', '$we', '$sup', '$sp', '$cb', '$cba')";
$r = @mysql_query ($dbc, $q);

if ($r) { // If it ran OK.

// Print a message:
echo '<h1>Thank you!</h1>
<p>Product Inserted!</p><p><br /></p>';

} else { // If it did not run OK.

// Public message:
echo '<h1>System Error</h1>
<p class="error">You could not be registered due to a system error. We apologize for any inconvenience.</p>'; 

// Debugging message:
echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>';

} // End of if ($r) IF.

mysqli_close($dbc); // Close the database connection.[/b]
// Include the footer and quit the script:
include ('includes/footer.html'); 
exit();

} else {

echo '<H1>Error!</H1>
<p class="error">The Following error(s) occurred:<br />';

foreach ($errors as $msg) {

echo " - $msg<br />\n";
}

echo '</p><p>Please try again.</p><p><br /></p>';

}

}

?>
If there is anything else needed let me know

Hello freaks,

I can't seem to figure out why code not working correctly.  Any advise greatly apprechiated.

<?php
include_once('connect/mysqlconnect.php');
$user = $_POST['uname'];
$email = $_POST['email'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$checkname = mysqli_query("SELECT * FROM users WHERE uname='$user'");
if(isset($_POST['submitted'])){

if(mysqli_num_rows($checkname) > 0) {
   $errors[] = 'User name not available, please choose different name';
      } else {
 $u = mysqli_real_escape_string($dbc, $user);
  }
if(!empty($email)) {
 $e = mysqli_real_escape_string($dbc, $email);
    } else {
      $errors[] = 'You did not enter email address!';
      }

if($pass1 == $_POST['pass2']) {
       $p = mysqli_real_escape_string($dbc, trim($pass1));
      
      } else{
       $errors[] = 'Your password did not match.  Please try again.';
      
         }
      if(empty($errors)) {
      
      $insert = "INSERT INTO users(uname, email, pass1, register_date) VALUES ('$u','$e',sha1('$p'), NOW(register_date))";
      
      // This execute above statement to INSERT into database
      $r = mysqli_query($dbc, $insert);
      }
      if($r) {
      
         //Print a message:
      echo '<h1>Thank you!</h1>
      <p>You are now registered.</p><p><br /></p>';
      
      } else {
       echo ',<h1>Server Error</h1>
      <p>You could not be registered do to a server error.
      We apologize for any inconvience.</p>';
     }
     }
     mysqli_close($dbc);
    
 
        ?>

Ok, first off, I tested my own coded reg system and when I make an error test, the error shows but the user info gets added to the database. How can I stop letting the code add the user to the database when an error occurs.
<?php include "lang.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PokePals - Registering</title>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js" />
<link rel="stylesheet" type="text/css" href="style.css" /></head>
<body>
<?php include "navbar.php"; ?>
<?php 
// Important stuff goes here
include "sql_local.php";
include "ban.php";
// Now for the registration page
  echo "<div class='panel'>";
if (isset($_POST["submit"])) {
// Define the variables here
$user = mysql_real_escape_string ($_POST["user"]);
$pass1 = mysql_real_escape_string ($_POST["pass"]);
$pass2 = mysql_real_escape_string ($_POST["passconf"]);
$email = mysql_real_escape_string ($_POST["email"]);
$email2 = mysql_real_escape_string ($_POST["email2"]);
$dpfc = mysql_real_escape_string ($_POST["dpfc"]);
$platinumfc = mysql_real_escape_string ($_POST["platinumfc"]);
$hgssfc = mysql_real_escape_string ($_POST["hgssfc"]);
$otherfc = mysql_real_escape_string ($_POST["otherfc"]);
$favoritepkmn = mysql_real_escape_string ($_POST["favoritepkmn"]);
$aboutme = mysql_real_escape_string ($_POST["aboutme"]);
$hobbies = mysql_real_escape_string ($_POST["hobbies"]);
$favorites = mysql_real_escape_string ($_POST["favorites"]);
$gender = mysql_real_escape_string ($_POST["gender"]);

// Now check for some errors
// Did he/she fill out the form completely? Lets find out
function errors() {
if (!$_POST["user"] | !$_POST["pass"] | !$_POST["email"] ) { 
  echo "<div class='error'>Please fill in the required fields</div>";
}
// Passwords match
 if ($_POST['pass'] != $_POST['passconf']) {
   echo "<div class='error'>Password does not match with the other one</div>";
}
// Email match
 if ($_POST['email'] != $_POST['email2']) {
 echo "<div class='error'>Email does not match with the other one</div>";
 }
}

// Is the user banned?
foreach($banned_ips as $ip_ban) {
     if($user_ip == $ip_ban) {
  die ("<div class='error'>Your IP address is banned from registering. Contact the site administrator for more info</div>");
}
}
// If there are no errors, start adding the information to the database
if (!errors()) {
// Secure the passwords
$securepass = md5($pass1);
// Submit to the database
$insertuser = "INSERT INTO users (user, password, email, dpfc, platinumfc, hgssfc, otherfc, favoritepkmn, aboutme, hobbies, favorites, gender, regip) values ('$user', '$securepass', '$email', '$dpfc', '$platinumfc', '$hgssfc', '$otherfc', '$favoritepkmn', '$aboutme', '$hobbies', '$favorites', '$gender', '$user_ip')";
$add = mysql_query($insertuser, $con) or die ('Error: ' . mysql_error() . ' Please contact an admin');
if ($add) {
echo ("<h3>Registration Success</h3><p>You may now login using your username and password. Start hatching some eggs now!</p>"); }
}
}
  ?> <div class='registerform'><form action='register.php' method='post'>
      <label>Username *</label>
      <input type='text' name='user' class='form1' value='<?php echo @$_POST['user']; ?>' />
      <fieldset><legend>Password</legend>
      <label>Enter your password *</label>
      <input type='password' name='pass' class='form1' value='<?php echo @$_POST['pass']; ?>' />
      <label>Password again *</label>
      <input type='password' name='passconf' class='form1' value='<?php echo @$_POST['passconf']; ?>' />
      </fieldset>
      <fieldset><legend>Email</legend>
      <label>Enter your email *</label>
      <input type="text" name="email" class="form1" value="<?php echo @$_POST['email']; ?>" />
      <label>Enter email again *</label>
      <input type="text" name="email2" class="form1" value="<?php echo @$_POST['email2']; ?>" />
      </fieldset>
      <input type="submit" name="submit" class="submitbutton" value="Register!" />
      </form>

Ok Here is my Problem the following works great except it does not add the $user var to the account_details. As well as outputs md5 wrong it outputs something but its different than the password should be.

Heres my PHP code:

Code: [Select]
<?php
session_start();
/**
 * @author Brian T. Flores
 * @copyright 2010 - 2014
 */
error_reporting(E_ALL);



$conn = mysql_connect($db_host, $db_user, $db_pass) or die ('Error connecting to mysql');


mysql_select_db($db_name);


    
    if($_GET['goahead']==1){ // If GoAhead Is set
      
    if(isset($_GET['user'])){ // If isset GoAhead
        $user = mysql_real_escape_string($_GET['user']); // Clean User for Transfer.
        
        
        
        $user_check = mysql_query("SELECT * FROM `account_details` WHERE `username01` = '$user'"); // Check to see if username is taken.
        $ucount = mysql_num_rows($user_check); // Get Username Check Count
                      
                        if($ucount!=""){ // If Username is Taken.
                        
                        die(3); // Die Error Number 3
                        
                    } // End If Username is Taken.
                    
        if(isset($_GET['pass'])){ // If password is set.
            $pass = mysql_real_escape_string($_GET['pass']);  // Clean Password for Transfer.
            $encPass = md5($pass); // Encrypt Password
            
            if(isset($_GET['race'])){// If Race is Set.
                
                $race = mysql_real_escape_string($_GET['race']); // Clean Race for Transfer.
                
                if(isset($_GET['email'])){ // If Email is set.
                    
                    $email = mysql_real_escape_string($_GET['email']); // Clean Email for Transfer.
                    $email_check = mysql_query("SELECT * FROM `account_details` WHERE `email` = '$email'");// Check to see if Email is Taken.
                    $ecount = mysql_num_rows($email_check); //  Get Email Check Count.
                    if($ecount!=""){ // If Email is Taken. 
                        
                        die(2); // Die Error Number 2
                        
                    } // End If Email is Taken.
                    
                    if(isset($_GET['email2'])){ // If email confirmation is set.
                        $email2 = mysql_escape_string($_GET['email2']); // Clean Email Confirmation for Transfer.
                        
                        if($email == $email2){ // If emails match.
                            
                            if(isset($_GET['planet'])){ // If Planet Name is Set.
                            $pname = mysql_real_escape_string($_GET['planet']); // Clean Planet Name for Transfer. 
                           if(isset($_GET['security_code'])){ // If Security Code Input is set.
                            
                            $security_code = mysql_real_escape_string($_GET['security_code']); // Clean Security Code.
                            $security_enc = md5($security_code); // Encrypt Security Code.
                            
                            $security_code2 = $_SESSION['image_random_value']; // Get Security Code Session
                            if($security_enc == $security_code2){ // If Codes Match.
                                $randActive = rand(11111111111111111111,99999999999999999999); // Get Activation Link pre-encrypt.
                                $activation_link = md5($randActive); // Get Encrypted Activation Link.
                                

$q = "INSERT INTO `account_details` (`username01`, `password01`, `loggedIn`, `currentlyLogged`, `active`, `activelink`, `race`, `email`) VALUES ('$user', '$encPass', 0, 0, 0, '$activation_link', '$race', '$email');";
// ^ Add Account Query.

$res = mysql_query($q) or die("Error Detected! <br />".mysql_error());
// ^ Add Account to SQL.
                                
$q = mysql_query("SELECT * FROM `account_details` WHERE `username01` = '$user'")or die(mysql_error());
// ^ Get Information from New Account.

$newuserinfo = mysql_fetch_array($q);// Get New User Information

$id = $newuserinfo['id']; // Set New Account Id.

$q="INSERT INTO `planets` (`owner`, `name`, `recource1`, `recource2`, `recource3`, `recource4`, `recource5`, `turns_01`, `untrained_units_01`, `attackers_01`, `defenders_01`, `miners_01`, `covert_01`, `anticovert_01`, `ship_01`, `ship_02`, `ship_03`, `ship_04`, `ship_05`, `ship_06`, `ship_07`, `building01`, `building02`, `building03`, `building04`, `building05`, `building06`, `building07`, `building08`, `building09`) VALUES ('$id', '$pname', 35000, 15000, 12000, 135000, 125000, 220, 150, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0);";
// ^ Add Planet Query.
$res2 = mysql_query($q) or die("Error Detected! <br />".mysql_error()); // Add Planet to SQL.


 $body = "
 Hello ".$user.",
  
  Congradulations! Your account on Ultimate Conquest has been Registed Today!
  
  Click the following Link to Activate Account:
  http://testing.ultimateconquest.net/activate.php?code=".$activation_link."
  
  If you have not registered an account and have found this message in error please click the following link to report this error:
  
  http://testing.ultimateconquest.net/errorreg.php?account=".$user."

Thank you for registering for Ultimate Conquest - ULC,
Head Admin Brian Flores AKA Photonic....
 "; // Activation Email Information.
 
 if (mail($email, "Activate your ULC Ultimate Conquest Account! No-Reply!", $body)) { // If Email Is Sent.
    
die("1"); // Die Error Number 1

} // End Send Email   

}else{ // If Security Codes do Not Match.
        die("12"); // Die Error Number 12
    }
    }else{ // If Security Code is Not Set
        die("11"); // Die Error Number 13
    }
    }else{ // If Planet Name is Not Set.
        die("10"); // Die Error Number 10.
    }
    }else{ // If Emails do not match.
        die("9"); // Die Error Number 9.
    } 
    }else{ // If email confirmation is not set.
        die("8"); // Die Error Number 8.
    }
    }else{ // If email is not set.
        die("7"); // Die Error Number 7.
    }
    }else{ // If race is not set.
        die("6"); // Die Error Number 6.
    }
    }else{ // If Password is not set.
        die("5"); // Die Error Number 5.
    }
    }else{ // If Username is not set.
        die("4"); // Die Error Number 4.
    }
    }else{ // If GoAhead is Not Set.
    die("Go Ahead Not Established By Game System!");
}


?>

Here is the Register Function in Javascript:

Code: [Select]
  function regMast(){
    var user = document.getElementById('username_client').value;
    var pass = document.getElementById('password_client').value;
    var race1 = document.getElementById('races1').value;
    if(race1 !=""){var race = document.getElementById('races1').value;}
    var race2 = document.getElementById('races2').value;
    if(race2 !=""){var race = document.getElementById('races2').value;}
    var race3 = document.getElementById('races3').value;
    if(race3 !=""){var race = document.getElementById('races3').value;}
    var race4 = document.getElementById('races4').value;
    if(race4 !=""){var race = document.getElementById('races4').value;}
    var planet_name = document.getElementById('pname').value;
    var email = document.getElementById('email').value;
    var email2 = document.getElementById('email2').value;
    var security_code = document.getElementById('security_code').value;
   
    var ajaxRequest;  // The variable that makes Ajax possible!

try{
// Opera 8.0+, Firefox, Safari
ajaxRequest = new XMLHttpRequest();
} catch (e){
// Internet Explorer Browsers
try{
ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try{
ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e){
// Something went wrong
alert("Your browser broke!");
return false;
}
}
}
    // Create a function that will receive data sent from the server
ajaxRequest.onreadystatechange = function(){
if(ajaxRequest.readyState == 4){
var returni = ajaxRequest.responseText;
           
            if(returni == "1"){
                document.getElementById('reg_error').innerHTML = 'Registration Completed! Check Activation Email for more information.';
            }
            if(returni == "2"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Email Address Already Taken!';
            }
            if(returni == "3"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Username Already Taken!';
            }
            if(returni == "4"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Username Field Empty!';
            }   
            if(returni == "5"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Password Field Empty!';
            }
            if(returni == "6"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! You must select a race!';
            }
            if(returni == "7"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Email Field Empty!';
            }     
            if(returni == "8"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Email Confirmation Field Empty!';
            }   
            if(returni == "9"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Emails did not Match!';
            }   
            if(returni == "10"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Planet Name Field Empty!';
            }
            if(returni == "11"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! You did not Input the Security Code!';
            }
            if(returni == "12"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! The Security Code you Inputed did not Match the Image!';
            }else{
              document.getElementById('reg_error').innerHTML = returni; 
            }                                                 
}
}
var queryString = "?goahead=1&user=" + user + "&pass=" + pass + "&race=" + race + "&email=" + email + "&email2=" + email2 + "&security_code=" + security_code + "&planet=" + planet_name;
ajaxRequest.open("GET", "register.php" + queryString, true);
ajaxRequest.send(null);
   
}

I need help trying to figure out why my form won't write the database it is supposed to - i checked the connection to the database and it works and the user seems to have permission to edit database - the error I get is "Error: User not added to database." from "register.php". Can someone please look over my code and see if the problem is coming from somewhere within?   I created a connection file (connect.php)

<?
session_start();
// Replace the variable values below
// with your specific database information.
$host = "localhost";
$user = "master";
$pass = "hidden";
$db   = "user";
// This part sets up the connection to the 
// database (so you don't need to reopen the connection
// again on the same page).
$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
{
echo "Error connecting to database.\n";
}
// Then you need to make sure the database you want
// is selected.
mysql_select_db($db);
?>

Then there is the php script (register.php):

<?php
session_start();
// connect.php is a file that contains your
// database connection information. This
// tutorial assumes a connection is made from
// this existing file.
	require('connect.php');
    // If the values are posted, insert them into the database.
    if (isset($_POST['email']) && isset($_POST['password'])){
        $firstname = $_POST['firstname'];
        $lastname = $_POST['lastname'];
		$email = $_POST['email'];
        $password = $_POST['password'];
 
        $query = "INSERT INTO `member` (firstname, lastname, email, password) VALUES ('$firstname', '$lastname', '$email' '$password')";
        $result = mysql_query($query);
        if ( !mysql_insert_id() )
  {
  die("Error: User not added to database.");
  }
 else
  {
  // Redirect to thank you page.
  Header("Location: surveylanding_no-sidebar.html");
  }
    }
    ?>

Here is the HTML form:

<form name="htmlform" method="post" class="form" action="register.php"> 
   
    <p class="firstname"> 
        <input type="text" name="firstname" id="firstname" /> 
        <label for="firstname">First Name</label> 
    </p> 
     
    <p class="lastname"> 
        <input type="text" name="lastname" id="lastname" /> 
        <label for="lastname">Last Name</label> 
    </p> 
     
    <p class="email"> 
        <input type="email" name="email" id="email" /> 
        <label for="email">Email</label>
    </p> 
     <p class="Password"> 
        <input type="password" name="password" id="password" /> 
        <label for="password">Password</label> 
    </p> 
       
    <p class="submit"> 
        <input type="submit" value="Register"/> 
    </p> 
   
</form>

Is jquery/Ajax better than real/raw PHP for form validation ?!

What if JavaScript is turned off on the browser?!

why after someone refreshing a page on the browser, the variables used to echo error after invalid data is being submitted will return the undefined variables error?!

And how to handle form validation including an empty form field, maximum amount of value entered and so on

Hi Guys,

This is really stumping me here lol i have set my registration page code to email me when a user signs up (once its entered in the database)

code:

Code: [Select]
<?php
if (isset($_POST['submitSignUp']))
{
   // Errors array()
   $errors = array();

   // POST vars
   $fName = mysql_real_escape_string($_POST['fname']);
   $lName = mysql_real_escape_string($_POST['lname']); 
   $email = mysql_real_escape_string($_POST['email']); 
   $pass1 = mysql_real_escape_string($_POST['pass1']); 
   $pass2 = mysql_real_escape_string($_POST['pass2']); 
   $cntry = mysql_real_escape_string($_POST['cntry']); 
   
   // Does passwords match
   if ($pass1 != $pass2)
   {
      $errors[] = "Your passwords don't match."; 
   }
   
   // Potential errors 
   // Empty fields
   if (empty($fName) || empty($lName) || empty($email) || empty($pass1) || empty($pass2)) { 
        $errors[] = "You never filled in all the fields."; 
   } else {
    
       // Does user exist? 
       $result = mysql_query("SELECT * FROM `dig_customers` WHERE `email`='$email' LIMIT 1"); 
       if (mysql_num_rows($result) > 0) {    
          $errors[] = "The e-mail address <b>$email</b> has already been registered.";  
       } else {

       // Empty for now...

       }
   }  
   
   // display errors if any exist
   if (count($errors) > 0) 
   { 
       print "<div id=\"errorMsg\"><h3>Ooops! There was error(s)</h3><ol>"; 
       foreach($errors as $error) 
       { 
          print "<li>$error</li>"; 
       }
       print "</ol></div>";
   } else {
       print "<div id=\"okMsg\"><p>All done :) you can now sign in.</p></div>";
       
         // Encrypt the password before insertion
         $encPass = md5($pass1);

         // Insert into the database
         $q = mysql_query("INSERT INTO `dig_customers` 
         
         (`id`,
          `password`,
          `password_unencrypted`,
          `gender`,
          `title`,
          `first_name`,
          `last_name`,
          `address`,
          `city`,
          `state_county`,
          `post_zip_code`,
          `country`,
          `email`,
          `home_number`,
          `mobile_number`,
          `news_letter`,
          `special_offers`,
          `admin_level`,
          `registered`) 
         
           VALUES 
          
          ('',
          '$encPass',
          '$pass1',
          'NULL',
          'NULL',
          '$fName',
          '$lName',
          'NULL',
          'NULL',
          'NULL',
          'NULL',
          '$cntry',
          '$email',
          'NULL',
          'NULL',
          'NULL',
          'NULL',
          'N',
           NOW())");

          if ($q)
          {

            // Alert on signup
            send_graham_email("User Has Signed Up!");
          
          }
       
   }

}
?>

When i do a test signup on: http://www.digicures.com/sign-up.php everything works great i get an email and the entry is saved in the database, over the paste week or so i have had about 8 emails saying people have signed up but when i check the database there nothing there!

i can't understand it, only when the insert query is true should it send me the mail eh?

can anyone see any problems with the code at all?

cheers guys

Graham