|
PHP - Mysqli_stmt_bind_param(): Error When Trying To Register
Hello, I have a registration page requesting simple information (first name, last name, email and password). When I click my 'register' button I receive the following errors:
Below is most of the code where I experience issues. The lines called out a
mysqli_stmt_bind_param($q, 'ssss', $first_name, $last_name, $email, $hashed_passcode);
// execute query
mysqli_stmt_execute($q);
if (mysqli_stmt_affected_rows($q) == 1) { // One record inserted
if (empty($errors)) { // If everything's OK.
// Register the user in the database...
// Hash password current 60 characters but can increase
$hashed_passcode = password_hash($password1, PASSWORD_DEFAULT);
require ('msqli_connect.php'); // Connect to the db.
// Make the query:
$query = "INSERT INTO users (userid, first_name, last_name, ";
$query .= "email, password, registration_date) ";
$query .="VALUES(' ', ?, ?, ?, ?, NOW() )";
$q = mysqli_stmt_init($dbcon);
mysqli_stmt_prepare($q, $query);
// use prepared statement to ensure that only text is inserted
// bind fields to SQL Statement
mysqli_stmt_bind_param($q, 'ssss', $first_name, $last_name, $email, $hashed_passcode);
// execute query
mysqli_stmt_execute($q);
if (mysqli_stmt_affected_rows($q) == 1) { // One record inserted
header ("location: register-thanks.php");
exit();
} else { // If it did not run OK.
// Public message:
$errorstring =
"<p class='text-center col-sm-8' style='color:red'>";
$errorstring .=
"System Error<br />You could not be registered due ";
$errorstring .=
"to a system error. We apologize for any inconvenience.</p>";
echo "<p class=' text-center col-sm-2'
style='color:red'>$errorstring</p>";
// Debugging message below do not use in production
//echo '<p>' . mysqli_error($dbcon) . '<br><br>Query: ' .
$query . '</p>';
mysqli_close($dbcon); // Close the database connection.
// include footer then close program to stop execution
echo '<footer class="jumbotron text-center col-sm-12"
style="padding-bottom:1px; padding-top:8px;">
include("footer.php");
</footer>';
exit();
}
} else { // Report the errors.
$errorstring =
"Error! <br /> The following error(s) occurred:<br>";
foreach ($errors as $msg) { // Print each error.
$errorstring .= " - $msg<br>\n";
}
$errorstring .= "Please try again.<br>";
echo "<p class=' text-center col-sm-2'
style='color:red'>$errorstring</p>";
}// End of if (empty($errors)) IF.
}
catch(Exception $e) // We finally handle any problems here
{
// print "An Exception occurred. Message: " . $e->getMessage();
print "The system is busy please try later";
}
catch(Error $e)
{
//print "An Error occurred. Message: " . $e->getMessage();
print "The system is busy please try again later.";
}
?>
I have done some searching around to try and figure out the issue; but I can't seem to put my finger on it. This is a new database, and I haven't been able to get test registered as of yet. Any help would be appreciated. Thank you Similar TutorialsHi, I have taken the step of writing my site in MySQLi instead of MYSQL as advised. However, I had a script that I got off the internet, the original file works great and registers the user to the database. However the edited version of the script, where I have added more information such as the users address etc, no longer works. I have compared the two files and can't seem to find the problem. When the script is run, it skips all the registration part and jumps to the last error in the script saying 'You Could Not Be Registered Because Of Missing Data.'. All the variables match the column names in the database.
Here is the original working script
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
// some error checking
/*
if($_POST['reg']){
echo "form submitted";
}else{ echo "form not submitted"; }
*/
if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['email'] ) ){
// echo $_POST['user']." - ".$_POST['pass']." - ".$_POST['email'];
if( strlen( $_POST['user'] ) < 5 )
{
include('header.inc');
echo "Username Must Be 5 or More Characters.";
include('footer.inc');
}
elseif( strlen( $_POST['pass'] ) < 5 )
{
include('header.inc');
echo "Password Must Be 5 or More Characters.";
include('footer.inc');
}
elseif( $_POST['pass'] == $_POST['user'] )
{
include('header.inc');
echo "Username And Password Can Not Be The Same.";
include('footer.inc');
}
elseif( $_POST['email'] == "" )
{
//More secure to use a regular expression to check that the user is entering a valid email
// versus just checking to see if the field is empty
include('header.inc');
echo "Email must be valid.";
include('footer.inc');
}
else
{
require( 'database.php' );
$username = mysqli_real_escape_string($con, $_POST['user']);
//Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
$password = mysqli_real_escape_string($con, md5( $_POST['pass']));
$email = mysqli_real_escape_string($con, $_POST['email'] );
$sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
//echo "$sqlCheckForDuplicate<br/>";
$result = mysqli_query($con, $sqlCheckForDuplicate);
if(mysqli_num_rows($result) == 0){
//echo "No Duplicates<br/>";
$sqlRegUser = "INSERT INTO user( username, password, email ) VALUES (
'". $username ."',
'". $password ."',
'". $email."'
)";
//echo "$sqlRegUser<br/>";
if( !mysqli_query($con, $sqlRegUser ) )
{
include('header.inc');
echo "You Could Not Register Because Of An Unexpected Error.";
include('footer.inc');
}
else
{
/* Note: When using the header function, you cannot send output to the browser
* before the header function is called. IF you want to echo a message to the
* user before going back to your login page then you should use the HTML
* Meta Refresh tag. */
//echo "You Are Registered And Can Now Login";
//echo " $username"; //this is for error checking
header ('location: login.php');
// if using echo then use meta refresh
/*
*?>
*<meta http-equiv="refresh" content="2;url= login.php/">
*<?
*/
}
mysqli_free_result($result);
}
else
{
include('header.inc');
echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
//echo " $username;" //this is for error checking
include('footer.inc');
}
/* close connection */
mysqli_close($con);
}
}
else
{
include('header.inc');
echo "You Could Not Be Registered Because Of Missing Data.";
include('footer.inc');
}
?>
and here is my version
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['pass_again'] ) && isset( $_POST['firstname'] ) && isset( $_POST['lastname'] ) && isset( $_POST['email'] ) && isset( $_POST['email_again'] ) && isset( $_POST['address1'] ) && isset( $_POST['address2'] ) && isset( $_POST['town'] ) && isset( $_POST['county'] ) && isset( $_POST['postcode'] ) && isset( $_POST['business'] ) && isset( $_POST['vat_registered'] ) && isset( $_POST['vat_number'] )) {
if( strlen( $_POST['user'] ) < 5 )
{
include('includes/overall/header.php');
echo "Username Must Be 5 or More Characters.";
include('includes/overall/footer.php');
}
elseif( strlen( $_POST['pass'] ) < 5 )
{
include('includes/overall/header.php');
echo "Password Must Be 5 or More Characters.";
include('includes/overall/footer.php');
}
elseif( $_POST['pass'] == $_POST['user'] )
{
include('includes/overall/header.php');
echo "Username And Password Can Not Be The Same.";
include('includes/overall/footer.php');
}
elseif( $_POST['pass_again'] == "" )
{
include('includes/overall/header.php');
echo "Passwords must match";
include('includes/overall/footer.php');
}
// CREATE BETTER EMAIL CHECK
elseif( $_POST['email'] == "" )
{
include('includes/overall/header.php');
echo "Email must be valid.";
include('includes/overall/footer.php');
}
elseif( $_POST['email_again'] == "" )
{
include('includes/overall/header.php');
echo "Emails must match.";
include('includes/overall/footer.php');
}
elseif( $_POST['address_1'] == "" )
{
include('includes/overall/header.php');
echo "Address cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['address_2'] == "" )
{
include('includes/overall/header.php');
echo "Address cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['town'] == "" )
{
include('includes/overall/header.php');
echo "Town cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['county'] == "" )
{
include('includes/overall/header.php');
echo "County cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['postcode'] == "" )
{
include('includes/overall/header.php');
echo "Postcode cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['business'] == "" )
{
include('includes/overall/header.php');
echo "Business cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['vat_registered'] == "" )
{
include('includes/overall/header.php');
echo "VAT Registered cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['vat_number'] == "" )
{
include('includes/overall/header.php');
echo "VAT number cannot be empty, please enter N/A if not VAT registered.";
include('includes/overall/footer.php');
}
else
{
require( 'database.php' );
$username = mysqli_real_escape_string($con, $_POST['user']);
//Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
$password = mysqli_real_escape_string($con, md5( $_POST['pass']));
$password_again = mysqli_real_escape_string($con, md5( $_POST['pass_again']));
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$email = mysqli_real_escape_string($con, $_POST['email'] );
$email_again = mysqli_real_escape_string($con, $_POST['email_again']);
$address_1 = mysqli_real_escape_string($con, $_POST['address_1']);
$address_2 = mysqli_real_escape_string($con, $_POST['address_2']);
$town = mysqli_real_escape_string($con, $_POST['town']);
$county = mysqli_real_escape_string($con, $_POST['county']);
$postcode = mysqli_real_escape_string($con, $_POST['postcode']);
$business = mysqli_real_escape_string($con, $_POST['business']);
$vat_registered = mysqli_real_escape_string($con, $_POST['vat_registered']);
$vat_number = mysqli_real_escape_string($con, $_POST['vat_number']);
$sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
//echo "$sqlCheckForDuplicate<br/>";
$result = mysqli_query($con, $sqlCheckForDuplicate);
if(mysqli_num_rows($result) == 0){
//echo "No Duplicates<br/>";
$sqlRegUser = "INSERT INTO user( username, password, password_again, firstname, lastname, email, email_again, address_1, address_2, town, county, postcode, business, vat_registered, vat_number ) VALUES (
'". $username ."',
'". $password ."',
'". $password_again ."',
'". $firstname ."',
'". $lastname ."',
'". $email ."',
'". $email_again ."',
'". $address_1 ."',
'". $address_2 ."',
'". $town ."',
'". $county ."',
'". $postcode ."',
'". $business ."',
'". $vat_registered ."',
'". $vat_number."'
)";
//echo "$sqlRegUser<br/>";
if( !mysqli_query($con, $sqlRegUser ) )
{
include('includes/overall/header.php');
echo "You Could Not Register Because Of An Unexpected Error.";
include('includes/overall/footer.php');
}
else
{
header ('location: login.php');
}
mysqli_free_result($result);
}
else
{
include('includes/overall/header.php');
echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
//echo " $username;" //this is for error checking
include('includes/overall/footer.php');
}
/* close connection */
mysqli_close($con);
}
}
else
{
include('includes/overall/header.php');
echo "You Could Not Be Registered Because Of Missing Data.";
include('includes/overall/footer.php');
}
?>
Error reporting is switched on, I just cant see the problem. Any help is much appreciated :)
The error is on line 101. Help please. Code: [Select] <?php //begin register script $submit = $_POST['submit']; //form data $username= strip_tags ($_POST['username']); $email= strip_tags($_POST['email']); $pwd= strip_tags($_POST['pwd']); $confirmpwd= strip_tags($_POST['confirmpwd']); $date = date("Y-m-d"); if ($submit) { //check for required form data if($username&&$pwd&&$confirmpwd&&$email) { //encrypt password $pwd = md5($pwd); $confirmpwd =md5($pwd); //check if passwords match if ($pwd==$confirmpwd) { //check length of username if (strlen($username)>25||strlen($username)>25) { echo "length of username is too long"; } else { //check password length if(strlen($pwd)>25||strlen($pwd)<6) { echo"password must be between 6 and 25 characters"; } else { //register the user } else echo "your passwords do not match"; } else echo "please fill in all fields"; } ?> Hi guys I am working on adding a third party php members register and login into a clients web site but every time I try the regidter page is shows me this error message. Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'username'@'localhost' (using password: YES) in /home/cpassoc2/public_html/register-exec.php on line 15 Failed to connect to server: Access denied for user 'username'@'localhost' (using password: YES) This is what i have in the config.php page. <?php define('DB_HOST', 'localhost'); define('DB_USER', 'cpassoc2-memark'); define('DB_PASSWORD', '?????????'); password replaced define('DB_DATABASE', 'cpassoc2-me'); ?> I have set up the my SQL within the control panel of the site, So do i need to do any thing else???, what am i missing???. Mark..... Deprecated: Function session_register() is deprecated in /home/james/public_html/funshizzle.com/install/session.php on line 0 That is my error, I have no idea, What is it? I am trying to use the new way of validating the entered email in a register form. Code: [Select] /* REGISTER FORM */ // check if submit button has been clicked if (isset($_POST['submit_signup'])) { // process and assign variables after post submit button has been clicked $user_email = strip_tags(trim($_POST['email'])); $user_email = filter_var($user_email, FILTER_VALIDATE_EMAIL); $nickname = strip_tags(trim($_POST['nickname'])); $password = $_POST['password']; $repassword = $_POST['repassword']; $month = $_REQUEST['month']; $day = $_REQUEST['day']; $year = $_REQUEST['year']; $dob = $year . "-" . $month . "-" . $day; $find_us_question = strip_tags(trim($_POST['find_us_question'])); // connect to database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $check_query = "SELECT * FROM user WHERE nickname = '$nickname'"; $check_connect = mysqli_query($dbc, $check_query) or die(mysqli_error($dbc)); $check_count = mysqli_num_rows($check_connect); // Check if the email exists twice $query_get = "SELECT email FROM user WHERE email = '$user_email'"; $query_run = mysqli_query($dbc, $query_get); $num_rows = mysqli_num_rows($query_run); // check if username is already taken if ($check_count != 0) { echo "Username already exists!"; } elseif ($num_rows != 0) { echo "This email address is already registered in the database, you can not register it twice."; // check if fields are empty } elseif (empty($user_email) || empty($nickname) || empty($password) || empty($day) || empty($month) || empty($year)) { echo "Please fill out all the fields!"; // check char length of input data } elseif (strlen($nickname) > 30 || strlen($user_email) > 50) { echo "Maximum allowed character length for nickname/firstname/lastname are 30 characters!"; // check password char length } elseif (strlen($password) > 25 || strlen($password) < 6) { echo "Your password must be between 6 and 25 characters!"; // check if passwords match with each other } elseif ($password != $repassword) { echo "Please make sure your passwords are matching!"; } else { // encrypt password $password = sha1($password); I would like to implement now an error message stating something along the lines that the entered email address is not valid, how would I have to do the if statement to check the condition? My brain isn't working... I am trying to get this Prepared Statement to pull Events from my database and display them, but get this error... Quote Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given in /Users/user1/Documents/DEV/++htdocs/01_MyProject/events_9.php on line 30 Here is my code... Code: [Select] <?php // Initialize a session. session_start(); // Access Constants. require_once('config/config.inc.php'); // Initialize variables. $eventExists = FALSE; // Connect to the database. require_once(ROOT . 'private/mysqli_connect.php'); // ******************** // Build Event Query * // ******************** $id=1; // Build query. $q = 'SELECT id, name, location, date FROM show WHERE id=?'; // Prepare statement. $stmt = mysqli_prepare($dbc, $q); // Bind variable. mysqli_stmt_bind_param($stmt, 'i', $id); (The last line above is Line 30.) Debbie I have some code where I am inserting a record into a database. Code: [Select] <?php error_reporting(E_ALL ^ E_NOTICE); ini_set("display_errors", 1); require_once ('./includes/config.inc.php'); require_once (MYSQL); $add_cat_errors = array(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Check for a name: if (empty($_POST['product'])) { $add_cat_errors['product'] = 'Please enter the name!'; } // Check for a description: if (empty($_POST['prod_descr'])) { $add_cat_errors['prod_descr'] = 'Please enter the description!'; } // Check for a category: if (!isset($_POST['cat']) || !filter_var($_POST['cat'], FILTER_VALIDATE_INT, array('min_range' => 1))) { $add_product_errors['cat'] = 'Please select a category!'; } // Check for a price: if (empty($_POST['price']) || !filter_var($_POST['price'], FILTER_VALIDATE_FLOAT) || ($_POST['price'] <= 0)) { $add_cat_errors['price'] = 'Please enter a valid price!'; } // Check for an image: if (is_uploaded_file ($_FILES['image']['tmp_name']) && ($_FILES['image']['error'] == UPLOAD_ERR_OK)) { $file = $_FILES['image']; $size = ROUND($file['size']/1024); // Validate the file size: if ($size > 512) { $add_cat_errors['image'] = 'The uploaded file was too large.'; } // Validate the file type: $allowed_mime = array ('image/gif', 'image/pjpeg', 'image/jpeg', 'image/JPG', 'image/X-PNG', 'image/PNG', 'image/png', 'image/x-png'); $allowed_extensions = array ('.jpg', '.gif', '.png', 'jpeg'); $image_info = getimagesize($file['tmp_name']); $ext = substr($file['name'], -4); if ( (!in_array($file['type'], $allowed_mime)) || (!in_array($image_info['mime'], $allowed_mime) ) || (!in_array($ext, $allowed_extensions) ) ) { $add_cat_errors['image'] = 'The uploaded file was not of the proper type.'; } // Move the file over, if no problems: if (!array_key_exists('image', $add_cat_errors)) { // Create a new name for the file: $new_name = (string) sha1($file['name'] . uniqid('',true)); // Add the extension: $new_name .= ((substr($ext, 0, 1) != '.') ? ".{$ext}" : $ext); // Move the file to its proper folder but add _tmp, just in case: $dest = "../db/images/$new_name"; if (move_uploaded_file($file['tmp_name'], $dest)) { // Store the data in the session for later use: $_SESSION['image']['new_name'] = $new_name; $_SESSION['image']['file_name'] = $file['name']; // Print a message: echo '<h4>The file has been uploaded!</h4>'; } else { trigger_error('The file could not be moved.'); unlink ($file['tmp_name']); } } // End of array_key_exists() IF. } elseif (!isset($_SESSION['image'])) { // No current or previous uploaded file. switch ($_FILES['image']['error']) { case 1: case 2: $add_cat_errors['image'] = 'The uploaded file was too large.'; break; case 3: $add_cat_errors['image'] = 'The file was only partially uploaded.'; break; case 6: case 7: case 8: $add_cat_errors['image'] = 'The file could not be uploaded due to a system error.'; break; case 4: default: $add_cat_errors['image'] = 'No file was uploaded.'; break; } // End of SWITCH. } // End of $_FILES IF-ELSEIF-ELSE. // Check for a stock: if (empty($_POST['stock']) || !filter_var($_POST['stock'], FILTER_VALIDATE_INT, array('min_range' => 1))) { $add_cat_errors['stock'] = 'Please enter the quantity in stock!'; } if (empty($add_cat_errors)) { $query = 'INSERT INTO product (product, product_descr, catID, price, image, stock) VALUES (?, ?, ?, ?, ?, ?)'; // Prepare the statement: $stmt = mysqli_prepare($dbc, $query); // For debugging purposes: // if (!$stmt) echo mysqli_stmt_error($stmt); // Bind the variables: mysqli_stmt_bind_param($stmt, 'isssdi', $name, $desc, $_POST['cat'], $_POST['price'], $_SESSION['image']['new_name'], $_POST['stock']); // Make the extra variable associations: $name = strip_tags($_POST['product']); $desc = strip_tags($_POST['prod_descr']); // Execute the query: mysqli_stmt_execute($stmt); if (mysqli_stmt_affected_rows($stmt) == 1) { // If it ran OK. // Print a message: echo '<h4>The product has been added!</h4>'; // Clear $_POST: $_POST = array(); // Clear $_FILES: $_FILES = array(); // Clear $file and $_SESSION['image']: unset($file, $_SESSION['image']); } else { // If it did not run OK. trigger_error('The product could not be added due to a system error. We apologize for any inconvenience.'); unlink ($dest); } } // End of $errors IF. } else { // Clear out the session on a GET request: unset($_SESSION['image']); } // End of the submission IF. require_once ('./includes/form_functions.inc.php'); ?> <form enctype="multipart/form-data" action="add_product.php" method="post" accept-charset="utf-8"> <input type="hidden" name="MAX_FILE_SIZE" value="524288" /> Product<br /><?php create_form_input('product', 'text', $add_cat_errors); ?> Description<br /><?php create_form_input('prod_descr', 'textarea', $add_cat_errors); ?> Category<br /><select name="cat"<?php if (array_key_exists('cat', $add_cat_errors)); ?>> <option>Select One</option> <?php // Retrieve all the categories and add to the pull-down menu: $q = 'SELECT catID, cat FROM category ORDER BY cat ASC'; $r = mysqli_query ($dbc, $q); while ($row = mysqli_fetch_array ($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Check for stickyness: if (isset($_POST['cat']) && ($_POST['cat'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } ?> </select><?php if (array_key_exists('cat', $add_cat_errors)) echo $add_product_errors['cat']; ?> Price<br /><?php create_form_input('price', 'text', $add_cat_errors); ?> Image<br /><?php // Check for an error: if (array_key_exists('image', $add_cat_errors)) { echo $add_cat_errors['image'] . '<br /><input type="file" name="image"/>'; } else { // No error. echo '<input type="file" name="image" />'; // If the file exists (from a previous form submission but there were other errors), // store the file info in a session and note its existence: if (isset($_SESSION['image'])) { echo "<br />Currently '{$_SESSION['image']['file_name']}'"; } } // end of errors IF-ELSE. ?> Stock<br /><?php create_form_input('stock', 'text', $add_cat_errors); ?> <input type="submit" value="Add This Product" class="button" /> </fieldset> </form> However, I have a problem - i get this error message; An error occurred in script 'C:\Users\David Morgan\Desktop\WEBSITES\hairz_&_graces\site\admin\add_product.php' on line 124: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given How do I solve this as I think I have everything in place (variable associations, etc)? Hi, I created a previous thread but the problems were too confusing so I've started this thread again. I have a register form and it's supposed to validate if fields are empty. If fields are not empty, it should enter data on submit, into the table. The problem: The form is able to submit without validation and the data does not enter the table. The code: Code: [Select] <?php require_once('./includes/connectvars.php'); // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (isset($_POST['submit'])) { // Grab the profile data from the POST $username = mysqli_real_escape_string($dbc, trim($_POST['username'])); $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1'])); $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2'])); $firstname = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); $lastname = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); if (!empty($username) && !empty($password1) && !empty($password2) && ($password1 == $password2) && !empty($firstname) && !empty($lastname)) { // Make sure someone isn't already registered using this username $query = "SELECT * FROM cuser WHERE username = '$username'"; $data = mysqli_query($dbc, $query); if (mysqli_num_rows($data) == 0) { // The username is unique, so insert the data into the database $query = "INSERT INTO cuser (username, password, join_date, first_name, last_name) VALUES ('$username', SHA('$password1'), NOW(), '$firstname', '$lastname')"; mysqli_query($dbc, $query); // Confirm success with the user echo '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>'; mysqli_close($dbc); exit(); } else { // An account already exists for this username, so display an error message echo '<p class="error">An account already exists for this username. Please use a different address.</p>'; $username = ""; } } else { echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>'; } } mysqli_close($dbc); ?> <p>Please enter your username and desired password to sign up to Mismatch.</p> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <legend>Registration Info</legend> <label for="username">Username:</label> <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br /> <label for="password1">Password:</label> <input type="password" id="password1" name="password1" /><br /> <label for="password2">Password (retype):</label> <input type="password" id="password2" name="password2" /><br /> <label for="first_name">first name:</label> <input type="text" id="first_name" name="first_name" /><br /> <label for="last_name">last name:</label> <input type="text" id="last_name" name="last_name" /><br /> <input type="submit" value="Sign Up" name="submit" /> </form> </body> </html> Any ideas on what the problem is? I've sent my sessions in another file. Hi there, There's something wrong with this register form, it's submitting without validation. Code: [Select] <?php require_once('./includes/connectvars.php'); // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (isset($_POST['submit'])) { // Grab the profile data from the POST $username = mysqli_real_escape_string($dbc, trim($_POST['username'])); $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1'])); $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2'])); $firstname = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); $lastname = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); if (!empty($username) && !empty($password1) && !empty($password2) && ($password1 == $password2) && !empty($firstname) && !empty($lastname)) { // Make sure someone isn't already registered using this username $query = "SELECT * FROM users WHERE username = '$username'"; $data = mysqli_query($dbc, $query); if (mysqli_num_rows($data) == 0) { // The username is unique, so insert the data into the database $query = "INSERT INTO users (username, password, join_date, first_name, last_name) VALUES ('$username', SHA('$password1'), NOW(), '$firstname', '$lastname')"; mysqli_query($dbc, $query); // Confirm success with the user echo '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>'; mysqli_close($dbc); exit(); } else { // An account already exists for this username, so display an error message echo '<p class="error">An account already exists for this username. Please use a different address.</p>'; $username = ""; } } else { echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>'; } } mysqli_close($dbc); ?> <p>Please enter your username and desired password to sign up to Mismatch.</p> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <legend>Registration Info</legend> <label for="username">Username:</label> <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br /> <label for="password1">Password:</label> <input type="password" id="password1" name="password1" /><br /> <label for="password2">Password (retype):</label> <input type="password" id="password2" name="password2" /><br /> <label for="first_name">first name:</label> <input type="text" id="first_name" name="first_name" /><br /> <label for="last_name">last name:</label> <input type="text" id="last_name" name="last_name" /><br /> <input type="submit" value="Sign Up" name="submit" /> </form> </body> </html> I've had this problem for a while now and can't figure it out, any suggestions are appreciated. Thank you. I have a simple register script and some weird things are happening. If i leave blank password or repeat_password then code is still executed. Why? I can't seem to find any mistakes in the code. (only when username is empty then i get "You need to fill everything"). Code: [Select] <?php $submit = $_POST['submit']; $username = strip_tags($_POST['username']); $password = md5(strip_tags($_POST['password'])); $repeat_password = md5(strip_tags($_POST['repeat_password'])); require("connect.php"); if ($submit) { if (!empty($username) && !empty($password) && !empty($repeat_password)) { mysql_query("INSERT INTO users2 VALUES ('', '$username', '$password', '1000', '0', '0','', '', '')"); echo "You are registered <br />Your username is "."<b>$username</b>"."<br /> You may now <a href='index.php'> login </a>"; } else { echo "You have not filled everything."; } } ?> Hello everyone, I want to make a re-register script that enables a user to re-register once killed.... BUT keep the same email, same profile pic, same profile quote, same friends and a few other things.... BUT register new username etc. Any help would be great. Okay, I downloaded a PHP Script called RadiPanel which is a User System type thing and uploaded and installed it to my website. Now The problem with RadiPanel is, I have to add users/members to it as there is no registration process. So within the Admin page on RadiPanel I have taken the script out, now when I try view it as a "non logged in" user it just shows a white blank page, I was wondering if anyone here could determine just from the code below what I have to take out/delete in order for the public to view the page fully? Thanks guys Code: [Select] <?php if( !preg_match( "/index.php/i", $_SERVER['PHP_SELF'] ) ) { die(); } if( $_GET['id'] ) { $id = $core->clean( $_GET['id'] ); $query = $db->query( "SELECT * FROM users WHERE id = '{$id}'" ); $data = $db->assoc( $query ); $data['ugroups'] = explode( ",", $data['usergroups'] ); $editid = $data['id']; } ?> <form action="" method="post" id="addUser"> </div> <?php if( $_POST['submit'] ) { try { $username = $core->clean( $_POST['username'] ); $password = $core->clean( $_POST['password'] ); $email = $core->clean( $_POST['email'] ); $habbo = $core->clean( $_POST['habbo'] ); $dgroup = $core->clean( $_POST['dgroup'] ); $query = $db->query( "SELECT * FROM usergroups" ); while( $array = $db->assoc( $query ) ) { if( $_POST['ugroup-' . $array['id']] ) { $ugroups .= $array['id'] . ","; } } $password_enc = $core->encrypt( $password ); if( !$username or ( !$password and !$editid ) or !$dgroup or !$ugroups ) { throw new Exception( "All fields are required." ); } else { if( $editid ) { if( $password ) { $password = ", password = '{$password_enc}'"; } else { unset( $password ); } $db->query( "UPDATE users SET username = '{$username}'{$password}, email = '{$email}', habbo = '{$habbo}', displaygroup = '{$dgroup}', usergroups = '{$ugroups}' WHERE id = '{$editid}'" ); } else { $db->query( "INSERT INTO users VALUES (NULL, '{$username}', '{$password_enc}', '{$email}', '{$habbo}', '{$dgroup}', '{$ugroups}');" ); } echo "<div class=\"square good\">"; echo "<strong>Success</strong>"; echo "<br />"; echo "User added!"; echo "</div>"; } } catch( Exception $e ) { echo "<div class=\"square bad\">"; echo "<strong>Error</strong>"; echo "<br />"; echo $e->getMessage(); echo "</div>"; } } ?> <table width="100%" cellpadding="3" cellspacing="0"> <?php $query = $db->query( "SELECT * FROM usergroups" ); while( $array = $db->assoc( $query ) ) { if( in_array( $array['id'], $data['ugroups'] ) ) { $groups[$array['id'] . '_active'] = $array['name']; } else { $groups[$array['id']] = $array['name']; } if( $array['id'] == $data['displaygroup'] ) { $dgroups[$array['id'] . '_active'] = $array['name']; } else { $dgroups[$array['id']] = $array['name']; } } echo $core->buildField( "text", "required", "username", "Username", "The new username.", $data['username'] ); echo $core->buildField( "password", "<?php if( !$editid ) { ?>required<?php } ?>", "password", "Password", "The new password." ); echo $core->buildField( "text", "", "email", "Email", "The new email (optional).", $data['email'] ); echo $core->buildField( "text", "", "habbo", "Habbo name", "The new Habbo name (optional).", $data['habbo'] ); echo $core->buildField( "select", "required", "dgroup", "Display group", "The user's display group.", $dgroups ); echo $core->buildField( "checkbox", "required", "ugroup", "Active usergroups", "The user's active groups.", $groups ); ?> </table> </div> <div class="box" align="right"> <input class="button" type="submit" name="submit" value="Submit" /> </div> </form> <?php echo $core->buildFormJS('addUser'); ?> Hi, I'm looking to change my 'Dead' page on my Mafia game to enable users to register a new account as soon as they log in to their dead one. I would like them to be able to just enter a new Username and then the email, password etc stay the same. Is this possible? Just ask for any parts of the register code you guys need. Thanks in advance,. My issue is that I cannot get my user information to (1) upload to the database, and (2) if I manually put information in the data base I cannot retrive it when trying to log in.. I assume its a connection issue, but I cannot seem to find it. Thanks in advance for the help! This is my "init.inc.php" script... Code: [Select] <?php session_start(); $exceptions = array('register','login'); $page = substr(end(explode('/',$_SERVER['SCRIPT_NAME'])),0,-4); if(in_array($page, $exceptions) === false){ if(isset($SESSION['username']) === false){ header('Location: login.php'); die(); } } mysql_connect('localhost','root',''); mysql_select_db('newlogin'); $path = dirname(__FILE__); include("{$path}/inc/user.inc.php"); ?> This is my "user.inc.php" script... Code: [Select] <?php // check is the given username exisits in the table function user_exists($user){ $user = mysql_real_escape_string($user); $total = mysql_query("SELECT COUNT('user_id') FROM 'user_tbl' WHERE 'user_name' = '{$user}'"); return (mysql_result($total, 0) == '1') ? true : false; } // checks is the username and password are valid function valid_credentials($user, $pass){ $user = mysql_real_escape_string($user); $pass = sha1($pass); $total = mysql_query("SELECT COUNT('user_id') FROM 'user_tbl' WHERE 'user_name' = '{$user}' AND 'user_password' = '{$pass}'"); return (mysql_result($total, 0) == '1') ? true : false; } //adds user to the database function add_user($user, $pass){ $user = mysql_real_escape_string(htmlentities($user)); $pass = sha1($pass); mysql_query("INSERT INTO 'user_tbl' ('user_name', 'user_password') VALUES ('{$user}', '{$pass}')"); } ?> Finally this is my "register.php" Page... Code: [Select] <?php error_reporting(0); include('core/init.inc.php'); $errors = array(); if(isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){ if(empty($_POST['username'])){ $errors[] = "The username field cannot be empty!"; } if(empty($_POST['password']) || empty($_POST['repeat_password'])){ $errors[] = "The password fields cannot be empty!"; } if($_POST['password'] !== $_POST['repeat_password']){ $errors[] = "Password verification failed !"; } if(user_exists($_POST['username'])){ $errors[] = "That username has already been taken!"; } if(empty($errors)){ add_user($_POST['username'], $_POST['password']); $_SESSION['username'] = htmlentities($_POST['username']); header('Location: protected.php'); die(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <div> <?php if( empty($errors) === false){ ?> <ul> <?php foreach($errors as $error){ echo "<li>{$error}</li>"; } ?> </ul> <?php } ?> </div> <form action="" method="post"> <p> <label for="username"> Username:</label> <input type="text" name="username" id="username" value="<?php if(isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" /> </p> <p> <label for="password"> Password:</label> <input type="password" name="password" id="password" /> </p> <p> <label for="repeat_password"> Repeat Password:</label> <input type="password" name="repeat_password" id="repeat_password" /> </p> <p> <input type="submit" value="Register" /> </p> </form> </body> </html> I'm trying to make my register script check the database's IP column and compare it with the user's IP. If the User's IP equals that in the DB column, it should say "Sorry, there is already an account registered with your IP Address. Please log in.", and if there's no IP match, it should allow them to continue with registering. I've been tinkering around with this for a while and I can't seem to figure it out. Any help would be appreciated if ($_SERVER['REMOTE_ADDR'] == mysql_query("SELECT ip FROM users")) { die('Sorry, there is already an account registered with your IP Address. Please <a href="/login.php>log in.</a>'); }else{ echo ''; } I think the problem is with the mySQL query... I'am trying to make the page show the errors in the same page under the register button, but it always disable all the forms and show the error by it self. my code: Quote <?php ob_start(); session_start(); include_once "functions.php"; connect(); if(!$_POST['submit']){ echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n"; echo "<form method=\"post\" action=\"register.php\">\n"; echo "<tr><td colspan=\"2\" align=\"center\">Registration Form</td></tr>\n"; echo "<tr><td>Username</td><td><input type=\"text\" name=\"name\" maxLength=14></td></tr>\n"; echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\" maxLength=14></td></tr>\n"; echo "<tr><td>Confirm</td><td><input type=\"password\" name=\"passconf\" maxLength=14></td></tr>\n"; echo "<tr><td>E-Mail</td><td><input type=\"text\" name=\"email\" maxLength=24></td></tr>\n"; echo "<tr><td>Question</td><td><input type=\"text\" name=\"idnumber\" maxLength=14></td></tr>\n"; echo "<tr><td>Answer</td><td><input type=\"text\" name=\"phone\" maxLength=14></td></tr>\n"; echo "<form method=\"post\" action=\"captcha.php\">\n"; echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n"; echo "<tr><td>Type The Letters You See Below Into the Box</td></tr>\n"; echo "<tr><td align=\"center\"><img src=\"image.php\"></td></tr>\n"; echo "<tr><td align=\"center\"><input type=\"text\" name=\"image\"></td></tr>\n"; echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"Register\"></td></tr>\n"; echo "</form></table>\n"; }else { $errors = array(); $name = protect($_POST['name']); $password = protect($_POST['password']); $confirm = protect($_POST['passconf']); $email = protect($_POST['email']); $phone = protect($_POST['idnumber']); $ownerReply = protect($_POST['phone']); $image = $_POST['image']; if($image == $_SESSION['string']){}else{ $errors[] = "Wrong Captcha!"; }ob_end_flush(); if(!$name){ $errors[] = "Username is not defined!"; } if(!$password){ $errors[] = "Password is not defined!"; } if($password){ if(!$confirm){ $errors[] = "Confirmation password is not defined!"; } } if(!$email){ $errors[] = "E-mail is not defined!"; } if(!$idnumber){ $errors[] = "Security Question is not defined!"; } if(!$phone){ $errors[] = "Security Answer is not defined!"; } if($name){ if(!ctype_alnum($name)){ $errors[] = "Username can only contain numbers and letters!"; } $range = range(8,14); if(!in_array(strlen($name),$range)){ $errors[] = "Username must be between 8 and 14 characters!"; } } if($password && $confirm){ if($password != $confirm){ $errors[] = "Passwords do not match!"; } $range = range(10,14); if(!in_array(strlen($password),$range)){ $errors[] = "Password must be between 10 and 14 characters!"; } } if($email){ $checkemail = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i"; if(!preg_match($checkemail, $email)){ $errors[] = "E-mail is not valid, must be name@server.tld!"; } } if($idnumber){ if(!ctype_alnum($phone)){ $errors[] = "Securty Question can only contain numbers and letters!"; } $range = range(8,14); if(!in_array(strlen($idnumber),$range)){ $errors[] = "Securty Question must be between 8 and 14 characters!"; } } if($phone){ if(!ctype_alnum($phone)){ $errors[] = "Securty Answer can only contain numbers and letters!"; } $range = range(8,14); if(!in_array(strlen($phone),$range)){ $errors[] = "Securty Answer must be between 8 and 14 characters!"; } } if($email){ $sql2 = "SELECT * FROM `account` WHERE `email`='".$email."'"; $res2 = mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($res2) > 0){ $errors[] = "The e-mail address you supplied is already in use of another user!"; } } if(count($errors) > 0){ foreach($errors AS $error){ echo $error . "<br>\n"; } }else { $sql4 = "INSERT INTO `account` (`name`,`password`,`email`,`idnumber`,`phone`) VALUES ('".$name."','".md5($password)."','".$email."','".$idnumber."','".$phone."')"; $res4 = mysql_query($sql4) or die(mysql_error()); echo "You have successfully registered with the username <b>".$name."</b> and the password of <b>".$password."</b>!"; } } ?> Direct link to the register page in case you didn't understand what i mean. http://hebrithco.com/server/bew/ hi guys i need help i started a code of a page Register.php and i need to now what to do now and if this function is 100% ok with the php rules <?php // ---- session_start(); error_reporting(E_ALL); include_once("...\\config.php") //---------------------------------------------------- function getRegisteredBy($Reg); { switch($Reg){ case 0: return "AccountName"; case 1: return "AccountPassword"; case 2: return "AccountEmail"; } } $Reg = mssql_query("INSERT INTO MEMB_INFO (memb___id,memb__pwd,memb_mail,) VALUES ($AccountName,$AccountPassword,$AccountEmail)"); ?> thanks for the help and have a good day Sorry for many posts, trying to make my website
When I press the register button on my website it will just act as if the page is refreshing and not send any information to mysql
I believe I have connected everything up correctly, can anyone tell my what I have done wrong please?
If you want to check out the website to see what is going on check out www.jokestary.comli.com
<?php
//This function will display the registration form
function register_form(){
$date = date('D, M, Y');
echo "<form action='?act=register' method='post'>"
."Username: <input type='text' name='username' size='30'><br>"
."Password: <input type='password' name='password' size='30'><br>"
."Confirm your password: <input type='password' name='password_conf' size='30'><br>"
."Email: <input type='text' name='email' size='30'><br>"
."<input type='hidden' name='date' value='$date'>"
."<input type='submit' value='Register'>"
."</form>";
}
//This function will register users data
function register(){
//Connecting to database
include('connect.php');
if(!$connect){
die(mysql_error());
}
//Selecting database
$select_db = mysql_select_db("database", $connect);
if(!$select_db){
die(mysql_error());
}
//Collecting info
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$pass_conf = $_REQUEST['password_conf'];
$email = $_REQUEST['email'];
$date = $_REQUEST['date'];
//Here we will check do we have all inputs filled
if(empty($username)){
die("Please enter your username!<br>");
}
if(empty($password)){
die("Please enter your password!<br>");
}
if(empty($pass_conf)){
die("Please confirm your password!<br>");
}
if(empty($email)){
die("Please enter your email!");
}
//Let's check if this username is already in use
$user_check = mysql_query("SELECT username FROM users WHERE username='$username'");
$do_user_check = mysql_num_rows($user_check);
//Now if email is already in use
$email_check = mysql_query("SELECT email FROM users WHERE email='$email'");
$do_email_check = mysql_num_rows($email_check);
//Now display errors
if($do_user_check > 0){
die("Username is already in use!<br>");
}
if($do_email_check > 0){
die("Email is already in use!");
}
//Now let's check does passwords match
if($password != $pass_conf){
die("Passwords don't match!");
}
//If everything is okay let's register this user
$insert = mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')");
if(!$insert){
die("There's little problem: ".mysql_error());
}
echo $username.", you are now registered. Thank you!<br><a href=login.php>Login</a> | <a href=index.php>Index</a>";
}
switch($act){
default;
register_form();
break;
case "register";
register();
break;
}
?>
Here is the connect.php code
<?php
$hostname="mysql6.000webhost.com"; //local server name default localhost
$username="a5347792_users"; //mysql username default is root.
$password=""; //blank if no password is set for mysql.
$database="a5347792_users"; //database name which you created
$con=mysql_connect($hostname,$username,$password);
if(! $con)
{
die('Connection Failed'.mysql_error());
}
mysql_select_db($database,$con);
?>
Hi guys I'm trying to fix my user registration page, I've gotten myself into a real mess here so any help would be appreciated I am getting "Notice: Undefined index" message for my variables (firstname,lastname,password,repeatpasswords) and it is not loading the page only the "die" message which is happening because the script is failing. Code: [Select] <?php session_start(); $con = mysql_connect('localhost','root','abc'); if (!$con) { die ("Could not connect to database" . mysql_error()); } //get data from the form if (isset($_POST['firstname'])) { $firstname = $_POST['firstname']; } if (isset($_POST['lastname'])) { $lastname = $_POST['lastname']; } if (isset($_POST['username'])) { $username = $_POST['username']; } if (isset($_POST['password'])) { $password = $_POST['password']; } if (isset($_POST['repeatpassword'])) { $repeatpassword = $_POST['repeatpassword']; } if (isset($_POST['submit'])) { //check for existance if ($firstname&&$lastname&&$username&&$password&&$repeatpassword) { //check passwords match if ($password==$repeatpassword) { //check char length of username and names if (strlen($username)>25||strlen($firstname)>25) { echo "The first name, last name or username fields are too long!"; } else { //check password length if (strlen($password)>25||strlen($password)<6) { echo "Password must be between 6 and 25characters"; } else { //encrypt password $password = md5 ($password); $repeatpassword = md5 ($repeatpassword); } } } else echo "Your passwords do not match!"; } else echo "Please fill in all fields!"; } //select database table mysql_select_db('theimageworks'); //add data to database $sql="INSERT INTO user (firstname, lastname, username, password) VALUES ('$_POST[firstname]', '$_POST[lastname]', '$_POST[username]', '$_POST[password]')"; if (!mysql_query($sql,$con)) { die ('Error: ' . mysql_error()); } die ("You have been registered! Return to <a href='loginpage.php'>login page</a>"); mysql_close($con); ?> |
|||||||