Basically i want to keep the values that weren't wrong and were not password or repeat password. For that i followed this question:
PHP Keep entered values after validation error.
Though, only last name is kept the way I tried. The way i am trying to do that for all fields in my form is currently: "<?php echo isset($_GET["email"]) ? $_GET["email"] : ''; ?>". I also have errors message that reads from the URL using $_GET and sends an error message accordingly, which works fine. This is my actual code.
<form method="post" action="includes/signup.inc.php" id="create_customer" accept-charset="UTF-8"><input type="hidden" name="form_type" value="create_customer" /><input type="hidden" name="utf8" value="✓" />
<div id="first_name" class="clearfix large_form"> <label for="fname" class="login">Nome</label>
<input type="text" value="<?php if(isset($_GET["fname"])){echo($_GET["fname"]);}?>" name="fname" id="fname" class="large" size="30" />
</div>
<div id="last_name" class="clearfix large_form"> <label for="lname" class="login">Sobrenome</label>
<input type="text" value="<?php if(isset($_GET["fname"])){echo($_GET["fname"]);}?>" name="lname" id="lname" class="large" size="30" /></div>
<div id="email" class="clearfix large_form"> <label for="email" class="login">E-mail</label> <input type="email" value="<?php echo isset($_POST["email"]) ? $POST["email"] : ''; ?>" name="email" id="email" class="large" size="30" /></div>
<div id="password" class="clearfix large_form"> <label for="password" class="login">Senha</label> <input type="password" value="" name="pwd" id="password" class="large password" size="30" />
<div id="password" class="clearfix large_form"> <label for="password" class="login">Repetir Senha</label> <input type="password" value="" name="pwd-repeat" id="password" class="large password" size="30" />
</div>
<div class="acceptsMarketing"> <input type="checkbox" id="customer[accepts_marketing]" name="customer[accepts_marketing]"> <label for="customer[accepts_marketing]">Assine a nossa
newsletter?</label></div>
<div class="action_bottom"> <input class="btn action_button" name="signup-submit" type="submit" value="Inscrever-se" />
<p class="right" style="padding-top: 8px;">
<input class="btn action_button" type="submit" value="Recuperar Senha" />
<p class="right" style="padding-top: 8px;">
Já é cliente? Entrar →</p>
</div>
</form>
</div><!-- /#create-customer -->
</div>
</div>
</div>
</div>
</div>
Originally not known to me, here goes to validation codes for errors display:
if (isset($_POST['signup-submit'])) {
require 'dbh.inc.php';
$email = $_POST['email'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$pwd = $_POST['pwd'];
$pwdrepeat = $_POST['pwd-repeat'];
if (empty($fname) || empty($lname) || empty($email) || empty($pwd) || empty($pwdrepeat)) {
header("Location: ../register.php?error=emptyfields&fname=" . $fname . "&lname" . $lname . "&email" . $email);
exit();
} else if (!filter_var($fname, FILTER_VALIDATE_REGEXP) && !preg_match("/^[a-zA-Z -]+$/", $fname)) {
header("Location: ../register.php?error=nomeinvalido&fname=" . $fname);
exit();
} else if (!filter_var($lname, FILTER_VALIDATE_REGEXP) && !preg_match("/^[a-zA-Z -]+$/", $lname)) {
header("Location: ../register.php?error=sobrenomeinvalido&lname=" . $lname. "&lname");
exit();
} else if (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match('/^[a-zA-Z0-9]*$/', $email)) {
header("Location: ../register.php?error=invalidmail&email=" . $email);
exit();
} else if ($pwd !== $pwdrepeat) {
header("Location: ../register.php?error=passwordcheck&fname=");
exit();
To retain the value of the various form elements you could us e a very simple little function and simply supply the form element name as a parameter, like so:
<?php
function getvalue( $name=false ){
echo isset( $_POST[ $name ] ) ? $_POST[ $name ] : '';
}
?>
<!DOCTYPE html>
<html lang='en'>
<head>
<meta charset='utf-8' />
<title>Form value retention</title>
</head>
<body>
<!--
for demonstration, the action has been
removed so it POSTs to the same page.
-->
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' ){
printf('<pre>%s</pre>',print_r( $_POST, true ) );
}
?>
<form method='post' accept-charset='UTF-8'>
<input type='hidden' name='form_type' value='create_customer' />
<input type='hidden' name='utf8' value='✓' />
<div id='first_name' class='clearfix large_form'>
<label for='fname' class='login'>Nome</label>
<input type='text' value='<?php getvalue('fname'); ?>' name='fname' class='large' size='30' />
</div>
<div id='last_name' class='clearfix large_form'>
<label for='lname' class='login'>Sobrenome</label>
<input type='text' value='<?php getvalue('lname'); ?>' name='lname' class='large' size='30' />
</div>
<div id='email' class='clearfix large_form'>
<label for='email' class='login'>E-mail</label>
<input type='email' value='<?php getvalue('email'); ?>' name='email' class='large' size='30' />
</div>
<div class='clearfix large_form'>
<label for='password' class='login'>Senha</label>
<input type='password' value='<?php getvalue('pwd');?>' name='pwd' class='large password' size='30' />
<div id='password' class='clearfix large_form'>
<label for='password' class='login'>Repetir Senha</label>
<input type='password' value='<?php getvalue('pwd-repeat');?>' name='pwd-repeat' class='large password' size='30' />
</div>
</div>
<div class='acceptsMarketing'>
<input type='checkbox' name='customer[accepts_marketing]'>
<label for='customer[accepts_marketing]'>Assine a nossa newsletter?</label>
</div>
<div class='action_bottom'>
<input class='btn action_button' name='signup-submit' type='submit' value='Inscrever-se' />
<p class='right' style='padding-top: 8px;'>
<input class='btn action_button' type='submit' value='Recuperar Senha' />
</p>
<p class='right' style='padding-top: 8px;'>
Já é cliente? <a href='login.php' id='customer_login_link'>Entrar →</a>
</p>
</div>
</form>
</body>
</html>
The HTML in the form has been corrected in, what I believe is, the most logical way though I removed the ID attributes as many were duplicated. That said the form values are maintained upon form submission - because it is the same page. To accomplish this after submitting to a-n-other script you would use a session variable to keep track of the POST array.
When using another script for the form action ( to perform validation etc ) the form values would not be retained when that other script redirects back if it finds an error. To solve that a session variable would work well.
So, in the above - at the beginning of the form action page:
session_start();
$svar='formdata';
/* the session variable is populated when the form is submitted */
if( !isset( $_SESSION[ $svar ] ) && $_SERVER['REQUEST_METHOD']=='POST' ){
$_SESSION[ $svar ]=$_POST;
}
/* other processing... if(error)->redirect etc */
And the alternative function to getvalue in the above page:
session_start();
$svar='formdata';
function getsessionvalue( $name=false ){
global $svar;
echo isset( $_SESSION[ $svar ][ $name ] ) ? $_SESSION[ $svar ][ $name ] : '';
}
You send data via POST method (form method="post") but try to set it from $_GET array. Use $_POST instead. Also do not forget escape inputted data to avoid XSS vulnerability
Try to use $_REQUEST, this gets the results from all $_GET and $_POST data.
See http://www.shodor.org/~kevink/phpTutorial/nileshc_getreqpost.php for more info
Related
I made a page for user info containing a button for updating their info. When I change the fields and push the button, the info changed in the database and the web page shows everything is ok and changed, but when I refresh the page (after pushing the button), there the fields aren't changed and contain still the same info (but changed in data base). So how can I solve this?
Here is html codes:
<div class="custom-container">
<div class="row">
<div class="col-10">
<div class="user_content custom-container">
<div class="row">
<div class="col-11 fields">
<form method="post" action="user_updates.php">
<fieldset id="right">
<label>نام کاربری</label>
<br>
<input type="text" name="username" value="<?php echo $_SESSION["member_username"] ?>" disabled style="direction: ltr;">
<br><br>
<label>رمز عبور</label>
<br>
<input type="text" name="password" value="<?php echo $_SESSION["member_password"] ?>" style="direction: ltr;">
<br><br>
<label>نام</label>
<br>
<input type="text" name="first-name" value="<?php echo $_SESSION["member_name"] ?>">
<br><br>
<label>نام خانوادگی</label>
<br>
<input type="text" name="last-name" value="<?php echo $_SESSION["member_last_name"] ?>">
</fieldset>
<fieldset id="left">
<label>نام پدر</label>
<br>
<input type="text" name="father-name" value="<?php echo $_SESSION["member_father_name"] ?>">
<br><br>
<label>کد ملی</label>
<br>
<input type="text" name="melli-code" value="<?php echo $_SESSION["member_melli_code"] ?>" style="direction: ltr; font-family: Iran_Sans_M;">
<br><br>
<label>شماره موبایل</label>
<br>
<input type="text" name="mobile-number" value="<?php echo $_SESSION["member_mobile_number"] ?>" style="direction: ltr; font-family: Iran_Sans_M;">
<br><br>
<label>ایمیل</label>
<br>
<input type="email" name="email" value="<?php echo $_SESSION["member_email"] ?>" style="direction: ltr;">
</fieldset>
<input type="hidden" name="user-id" value="<?php echo $_SESSION["member_id"] ?>">
<input type="submit" name="change" value="ثبت تغییرات">
</form>
<?php
if (isset($_GET["empty"]))
{
echo '<div class="php_texts"> <p>لطفاً تمامی قسمت ها رو پر نمایید.</p> </div>';
}
if (isset($_GET["changes"]))
{
echo '<div class="php_texts"> <p>اطلاعات با موفقیت ویرایش شد.</p> </div>';
}
if (isset($_GET["error"]))
{
echo '<div class="php_texts"> <p>عدم ارتباط با سرور.</p> </div>';
}
?>
</div>
</div>
</div> <!-- User Content-->
</div> <!-- User Content-->
and here is php codes:
<!-- General Codes-->
include("connect_to_sql.php");
session_start();
if(isset($_POST["change"]))
{
$password = $_POST["password"];
$first_name = $_POST["first-name"];
$last_name = $_POST["last-name"];
$father_name = $_POST["father-name"];
$melli_code = $_POST["melli-code"];
$mobile_number = $_POST["mobile-number"];
$email = $_POST["email"];
$id = $_POST["user-id"];
if (empty($username) && empty($password) && empty($first_name) && empty($last_name) && empty($father_name) && empty($melli_code) && empty($mobile_number) && empty($email))
{
header("location:user_changes.php?empty=fill+all+fields");
exit;
}
if (isset($_SESSION["member_username"]))
{
$member_update= "UPDATE `member_info` SET `password` = '".$password."', `first_name` = '".$first_name."', `last_name` = '".$last_name."', `father_name` = '".$father_name."', `melli_code` = '".$melli_code."', `mobile_number` = '".$mobile_number."', `email` = '".$email."' WHERE `member_info`.`id` = '".$id."';";
$member_query = mysqli_query($connect_to_mysql,$member_update);
#$member_fetch = mysqli_fetch_assoc($member_query);
if($member_query)
{
header("location:user_changes.php?changes=ok");
exit;
}
else
{
header("location:user_changes.php?error=data+base");
exit;
}
}
}
The main problem is that you read the information for the user from the session, but never write the updated data into the session.
So either rewrite the values to the session in the if($member_query) block or fetch and map the actual values from the database on each page load to the session.
Another huge issue of your code is that it's vulnerable for SQL Injection attacks.
In my custom Wordpress theme, I have custom login form:
<form method="post" action="<?php bloginfo('url') ?>/wp-login.php" name="login">
<div class="login-form-container resp-hidden">
<div class="login-form-container-inner">
<h3 class="form-title"><?php echo __('Login', 'louise'); ?></h3>
<label for="user_login">
<?php echo __('User name or e-mail', 'louise'); ?>: </label>
<input class="para-content" type="text" name="log" placeholder="" value="<?php echo esc_attr(stripslashes($user_login, $user_email)); ?>" size="20" id="user_login" tabindex="11" required>
<label for="user_pass">
<?php echo __('Password', 'louise'); ?>: </label>
<input class="para-content" type="password" name="pwd" value="" size="20" id="user_pass" tabindex="12" required/>
<label for="rememberme"> </label>
<div class="buttons">
<?php do_action('login_form'); ?>
<input type="submit" name="user-submit" value="<?php echo __('Log in', 'louise'); ?>" tabindex="14" class="signupbtn" />
<input type="hidden" name="redirect_to" value="<?php echo icl_get_home_url() ; ?>" />
<input type="hidden" name="user-cookie" value="1" />
</div>
</div>
</div>
</form>
It gets the job done, but problem appears when I am trying to log in from different than default language. Login redirects to the front-page leaving with inactive URL: http://test.com/?lang=en/wp-login.php I am using WPML plugin for two languages, default one is lt_LT and en_US as additional.
I was digging threw all the weekend, but found no valid solution. To make it clear, I don't get if I have to translate core WP wp-login.php page, o is there a shortcut to bypass wp-login.php and redirect user straight to home page?
Many thanks for all possible help and suggestions.
Looking forward,
First change the form action to
<?php echo $_SERVER['REQUEST_URI']; ?>
and use this PHP after the form
if (isset($_POST['user-submit'])) {
login_auth($_POST['log'], $_POST['pwd']);
}
and add this function to functions.php
function login_auth( $username, $password ) {
global $user;
$current_cookie = esc_attr( $_COOKIE['_icl_current_language'] );
$url = '/'.$current_cookie;
$login_page = site_url($url);
$creds = array();
$creds['user_login'] = $username;
$creds['user_password'] = $password;
$creds['remember'] = true;
$user = wp_signon( $creds, false );
if ( is_wp_error($user) ) {
echo $user->get_error_message();
}
if ( !is_wp_error($user) ) {
wp_redirect($login_page);
}
}
After all, here is my solution that worked in my case. Seems, that the problem was language parameter set by WPML plugin. It is possible to check if current link has ?lang=en/ and change it with default wp-login url.
<?php
if($login = strstr($_SERVER['REQUEST_URI'], "?lang=en")) {
$login = wp_login_url();
} else {
$login = wp_login_url();
}?>
<form method="post" action="<?php echo $login?>"
<div class="login-form-container resp-hidden">
<div class="login-form-container-inner">
<h3 class="form-title"><?php echo __('Login', 'louise'); ?></h3>
<label for="user_login">
<?php echo __('User name or e-mail', 'louise'); ?>: </label>
<input class="para-content" type="text" name="log" placeholder="" value="<?php echo esc_attr(stripslashes($user_login || $user_email)); ?>" size="20" id="user_login" tabindex="11" required>
<label for="user_pass">
<?php echo __('Password', 'louise'); ?>: </label>
<input class="para-content" type="password" name="pwd" value="" size="20" id="user_pass" tabindex="12" required/>
<label for="rememberme"> </label>
<div class="buttons">
<?php do_action('login_form'); ?>
<input type="submit" name="user-submit" value="<?php echo __('Log in', 'louise'); ?>" tabindex="14" class="signupbtn" />
<input type="hidden" name="redirect_to" value="<?php echo $_SERVER['REQUEST_URI']; ?>" />
<input type="hidden" name="user-cookie" value="1" />
</div>
</div>
</div>
</form>
Well, as the title already says, I'm not getting it. Probebly doing something very stupid.
This is the form that I'm using. Its not that special. For testing purpose it now has a <button action=submit...> and a <input type=submit...> line.
<div id="cd-login">
<form method="POST" action="index.php" class="cd-form">
<p class="fieldset">
<label class="image-replace cd-email" for="signin-email">E-mail</label>
<input name="login" class="full-width has-padding has-border" type="text" placeholder="Username or E-Mail">
<span class="cd-error-message">Error message here!</span>
</p>
<p class="fieldset">
<label class="image-replace cd-password" for="signin-password">Password</label>
<input name="password" class="full-width has-padding has-border" type="password" placeholder="Password">
<span class="cd-error-message">Error message here!</span>
</p>
<p class="fieldset">
<input type="checkbox" name="remember_me" id="remember-me"/>
<label for="remember_me" onclick="document.getElementById('remember_me').click();">Remember Me</label>
</p>
<p class="fieldset">
<input class="full-width" type="submit" name="submit" value="Login" />
<br />
<button name="submit">Log In</button>
</p>
</form>
It then goes to the PHP code which is alligned above the HTML code:
<?php
require "config.php";
if(isset($_POST['submit'])){
$identification = $_POST['login'];
$password = $_POST['password'];
if($identification == "" || $password == ""){
$msg = array("Error", "Username / Password Wrong !");
}else{
$login = \Fr\LS::login($identification, $password, isset($_POST['remember_me']));
if($login === false){
$msg = array("Error", "Username / Password Wrong !");
}else if(is_array($login) && $login['status'] == "blocked"){
$msg = array("Error", "Too many login attempts. You can attempt login after ". $login['minutes'] ." minutes (". $login['seconds'] ." seconds)");
}
}
}
?>
When I smack my finger on the button it works, but I want to get it to work with an input line.
EDIT: Doesn't work in IE, Mozilla or Chrome. The <input type=submit ...> is clickeble. But smashing the enter-key doesn't work either.
replace
<button name="submit">Log In</button>
by :
<input name="submit" type="submit" value="Log In"/>
and eliminate the other input over :)
When I gave each button/input a unique name, and then checked for that name in POST in your index.php page, I was able to detect which button was pressed.
In principle, it's the name of the item on the form that helps us find it in the POST variables. When troubleshooting forms like this, you can always var dump the POST array and see what the computer is receiving on the processing page.
As an example, a slightly modified copy of your code is presented below. I ran your form in the following html.
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<div id="cd-login">
<form method="POST" action="index.php" class="cd-form">
<p class="fieldset">
<label class="image-replace cd-email" for="signin-email">E-mail</label>
<input name="login" class="full-width has-padding has-border" type="text" placeholder="Username or E-Mail">
<span class="cd-error-message">Error message here!</span>
</p>
<p class="fieldset">
<label class="image-replace cd-password" for="signin-password">Password</label>
<input name="password" class="full-width has-padding has-border" type="password" placeholder="Password">
<span class="cd-error-message">Error message here!</span>
</p>
<p class="fieldset">
<input type="checkbox" name="remember_me" id="remember-me"/>
<label for="remember_me" onclick="document.getElementById('remember_me').click();">Remember Me</label>
</p>
<p class="fieldset">
<input class="full-width" type="submit" name="submit1" value="Login" />
<br />
<button name="submit2">Log In</button>
</p>
</form>
</body>
</html>
Then, I modified the processing page to catch that name in POST with the isset and provide some printing that will show the change is working. I commented out that config.php because I did not have it.
<?php
//require "config.php";
if(isset($_POST['submit1'])){
print ("<p>Hello from Submit1</p>");
var_dump($_POST);
$identification = $_POST['login'];
$password = $_POST['password'];
if($identification == "" || $password == ""){
$msg = array("Error", "Username / Password Wrong !");
}else{
$login = \Fr\LS::login($identification, $password, isset($_POST['remember_me']));
if($login === false){
$msg = array("Error", "Username / Password Wrong !");
}else if(is_array($login) && $login['status'] == "blocked"){
$msg = array("Error", "Too many login attempts. You can attempt login after ". $login['minutes'] ." minutes (". $login['seconds'] ." seconds)");
}
}
} else {
print ("<p>Submit1 was not recognized.</p>");
var_dump($_POST);
}
?>
When I ran that code, I could show the difference in the two buttons.
Can someone please help me. i am having difficulties getting a form to display and behave correctly in firefox only. every other browser works fine.
But i wanted to try and set a rule in php to say if chrome, ie etc do do this and if firefox do that.
i have made an attempt of this below, when using ie and chrome etc the login form comes up as expected but when using firefox there is no login form displayed. no error message.
<div id="login">
<?
if (preg_match('/Chrome|Opera|Safari|MSIE 8.0/', $_SERVER['HTTP_USER_AGENT'])) { ?>
<?php
if (!logged_in()) {
?>
<form id="myform" action="login.php" method="post" class="loginform">
Email
<input type="text" name="email" maxlength="30" />
Password
<input type="password" name="password" maxlength="30" />
<input type="image" src="../PTB1/assets/img/icons/loginarrow1.png" name="submit" class="loginbutton" />
</form>
<?php
}
if (logged_in()) {
?>
Logged in as, <?php echo $_SESSION['email'] ?>. Dashboard, Logout | <div class="login_settings" id="login_settings"></div>
<?php
}
else if (preg_match('/Firefox/', $_SERVER['HTTP_USER_AGENT'])) {
if (!logged_in()) {
?>
<form action="login.php" rel="shadowbox;height=300;width=500" method="post" >
<div class="row email">
<input type="email" id="email" name="email" placeholder="Email" value="<?php echo htmlentities($email); ?>" />
</div>
<div class="row password">
<input type="password" id="password" name="password" placeholder="Password" value="<?php echo htmlentities($email); ?>" />
</div>
<input type="submit" name="submit" value="Login >" />
</form>
<?php
}
if (logged_in()) {
?>
Logged in as, <?php echo $_SESSION['email'] ?>. Dashboard, Logout | <div class="login_settings" id="login_settings"></div>
<?
} } }
?>
</div>
My understanding from your code is that you are trying to detect if the browser is Firefox just so you can use the placeholder attribute and other HTML5 form features.
Not only is this is horrible idea (IE10 and Chrome both support placeholder, and I'm sure Opera does too), but it's an inappropriate use of the placeholder attribute anyway.
Instead, just use this form:
<form action="login.php" method="post">
<div class="row email">
Email:
<input type="email" id="email" name="email" placeholder="john.smith#example.com" />
</div>
<div class="row password">
Password:
<input type="password" id="password" name="password" placeholder="Password" />
</div>
<input type="submit" name="submit" value="Login >" />
</form>
After all, there is no harm in putting an attribute that may not be supported, it just gets ignored.
I have a working registration and login system. I am trying to create a form where a user can add product registration info (via mysql update). I can't seem to get the db to actually update the fields. What am I missing here?!?
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('tzLogin');
// Starting the session
session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:
$_SESSION = array();
session_destroy();
// Destroy the session
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
// Escaping all input data
$row = mysql_fetch_assoc(mysql_query("SELECT * FROM electrix_users WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));
if($row['usr'])
{
// If everything is OK login
$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['email'] = $row['email'];
$_SESSION['first'] = $row['first'];
$_SESSION['last'] = $row['last'];
$_SESSION['address1'] = $row['address1'];
$_SESSION['address2'] = $row['address2'];
$_SESSION['city'] = $row['city'];
$_SESSION['state'] = $row['state'];
$_SESSION['zip'] = $row['zip'];
$_SESSION['country'] = $row['country'];
$_SESSION['product1'] = $row['product1'];
$_SESSION['serial1'] = $row['serial1'];
$_SESSION['product2'] = $row['product2'];
$_SESSION['serial2'] = $row['serial2'];
$_SESSION['product3'] = $row['product3'];
$_SESSION['serial3'] = $row['serial3'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
// Store some data in the session
setcookie('tzRemember',$_POST['rememberMe']);
}
else $err[]='Wrong username and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: index_login3.php");
exit;
}
else if($_POST['submit']=='Register')
{
// If the Register form has been submitted
$err = array();
if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
{
$err[]='Your username must be between 3 and 32 characters!';
}
if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
{
$err[]='Your username contains invalid characters!';
}
if(!checkEmail($_POST['email']))
{
$err[]='Your email is not valid!';
}
if(!count($err))
{
// If there are no errors
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
// Generate a random password
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['first'] = mysql_real_escape_string($_POST['first']);
$_POST['last'] = mysql_real_escape_string($_POST['last']);
$_POST['address1'] = mysql_real_escape_string($_POST['address1']);
$_POST['address2'] = mysql_real_escape_string($_POST['address2']);
$_POST['city'] = mysql_real_escape_string($_POST['city']);
$_POST['state'] = mysql_real_escape_string($_POST['state']);
$_POST['zip'] = mysql_real_escape_string($_POST['zip']);
$_POST['country'] = mysql_real_escape_string($_POST['country']);
// Escape the input data
mysql_query(" INSERT INTO electrix_users(usr,pass,email,first,last,address1,address2,city,state,zip,country,regIP,dt)
VALUES(
'".$_POST['username']."',
'".md5($pass)."',
'".$_POST['email']."',
'".$_POST['first']."',
'".$_POST['last']."',
'".$_POST['address1']."',
'".$_POST['address2']."',
'".$_POST['city']."',
'".$_POST['state']."',
'".$_POST['zip']."',
'".$_POST['country']."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()
)");
if(mysql_affected_rows($link)==1)
{
send_mail( 'noreply#electrixpro.com',
$_POST['email'],
'Your New Electrix User Password',
'Thank you for registering at www.electrixpro.com. Your password is: '.$pass);
$_SESSION['msg']['reg-success']='We sent you an email with your new password!';
}
else $err[]='This username is already taken!';
}
if(count($err))
{
$_SESSION['msg']['reg-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Update')
{
{
mysql_query(" UPDATE electrix_users(product1,serial1,product2,serial2,product3,serial3) WHERE usr='{$_POST['username']}'
VALUES(
'".$_POST['product1']."',
'".$_POST['serial1']."',
'".$_POST['product2']."',
'".$_POST['serial2']."',
'".$_POST['product3']."',
'".$_POST['serial3']."',
)");
if(mysql_affected_rows($link)==1)
{
$_SESSION['msg']['upd-success']='Thank you for registering your Electrix product';
}
else $err[]='So Sad!';
}
if(count($err))
{
$_SESSION['msg']['upd-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_SESSION['msg'])
{
// The script below shows the sliding panel on page load
$script = '
<script type="text/javascript">
$(function(){
$("div#panel").show();
$("#toggle a").toggle();
});
</script>';
}
?>
Here are the forms:
<!-- Panel -->
<div id="toppanel">
<div id="panel">
<div class="content clearfix">
<div class="left">
<h1>My Electrix Account </h1>
<p class="grey">View and edit your contact information and product registrations</p>
</div>
<?php
if(!$_SESSION['id']):
?>
<div class="left">
<!-- Login Form -->
<form class="clearfix" action="" method="post">
<h1>Member Login</h1>
<?php
if($_SESSION['msg']['login-err'])
{
echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
unset($_SESSION['msg']['login-err']);
}
?>
<label class="grey" for="username">Username:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="password">Password:</label>
<input class="field" type="password" name="password" id="password" size="23" />
<label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label>
<div class="clear"></div>
<input type="submit" name="submit" value="Login" class="bt_login" />
</form>
</div>
<div class="left right">
<!-- Register Form -->
<form action="" method="post">
<h1>Not a member yet? Sign Up!</h1>
<?php
if($_SESSION['msg']['reg-err'])
{
echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>';
unset($_SESSION['msg']['reg-err']);
}
if($_SESSION['msg']['reg-success'])
{
echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>';
unset($_SESSION['msg']['reg-success']);
}
?>
<label class="grey" for="username">Username*:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="email">Email*:</label>
<input class="field" type="text" name="email" id="email" size="23" />
<label class="grey" for="first">First Name:</label>
<input class="field" type="text" name="first" id="first" size="23" />
<label class="grey" for="last">Last Name:</label>
<input class="field" type="text" name="last" id="last" size="23" />
<label class="grey" for="address1">Address line 1:</label>
<input class="field" type="text" name="address1" id="address1" size="23" />
<label class="grey" for="address2">Address line 2:</label>
<input class="field" type="text" name="address2" id="address2" size="23" />
<label class="grey" for="city">City:</label>
<input class="field" type="text" name="city" id="city" size="23" />
<label class="grey" for="state">State/Province:</label>
<input class="field" type="text" name="state" id="state" size="23" />
<label class="grey" for="zip">Zip/Postal Code:</label>
<input class="field" type="text" name="zip" id="zip" size="23" />
<label class="grey" for="country">Country:</label>
<input class="field" type="text" name="country" id="country" size="23" />
<p>
<label>A password will be e-mailed to you.</label>
<input type="submit" name="submit" value="Register" class="bt_register" />
</p>
</form>
</div>
<?php
else:
?>
<div class="left">
<h1>User Information</h1>
<p>
<?php echo $_SESSION['first']; ?>
<?php echo $_SESSION['last']; ?><br />
<?php echo $_SESSION['address1']; ?>
<?php echo $_SESSION['address2']; ?><br />
<?php echo $_SESSION['city']; ?>,
<?php echo $_SESSION['state']; ?>
<?php echo $_SESSION['zip']; ?><br />
<?php echo $_SESSION['country']; ?>
</p>
<p>Email: <?php echo $_SESSION['email']; ?></p>
<p>Downloads</p>
Log off
</div>
<div class="left right">
<!-- Product Registration Form -->
<form class="clearfix" action="" method="post">
<h1>Product Registration</h1>
<?php
if($_SESSION['msg']['upd-err'])
{
echo '<div class="err">'.$_SESSION['msg']['upd-err'].'</div>';
unset($_SESSION['msg']['upd-err']);
}
if($_SESSION['msg']['upd-success'])
{
echo '<div class="success">'.$_SESSION['msg']['upd-success'].'</div>';
unset($_SESSION['msg']['upd-success']);
}
?>
<label class="grey" for="product1">Product 1:</label>
<input class="field" type="text" name="product1" id="product1" value="<?php echo $_SESSION['product1']; ?>" size="23" />
<label class="grey" for="serial1">Serial 1:</label>
<input class="field" type="text" name="serial1" id="serial1" value="<?php echo $_SESSION['serial1']; ?>" size="23" />
<label class="grey" for="product2">Product 2:</label>
<input class="field" type="text" name="product2" id="product2" value="<?php echo $_SESSION['product2']; ?>" size="23" />
<label class="grey" for="serial2">Serial 2:</label>
<input class="field" type="text" name="serial2" id="serial2" value="<?php echo $_SESSION['serial2']; ?>" size="23" />
<label class="grey" for="product3">Product 3:</label>
<input class="field" type="text" name="product3" id="product3" value="<?php echo $_SESSION['product3']; ?>" size="23" />
<label class="grey" for="serial3">Serial 3:</label>
<input class="field" type="text" name="serial3" id="serial3" value="<?php echo $_SESSION['serial3']; ?>" size="23" />
<div class="clear"></div>
<input type="submit" name="submit" value="Update" class="bt_login" />
</form>
</div>
<?php
endif;
?>
</div>
</div> <!-- /login -->
<!-- The tab on top -->
<div class="tab">
<ul class="login">
<li class="left"> </li>
<li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li>
<li class="sep">|</li>
<li id="toggle">
<a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a>
<a id="close" style="display: none;" class="close" href="#">Close Panel</a>
</li>
<li class="right"> </li>
</ul>
</div> <!-- / top -->
</div> <!--panel -->
Your update query is way off. You need to do it in the form of
UPDATE `tablename`
SET col1=`value`,col2=`val2`
WHERE wherecol=`whereval`
change your query and see if that helps.
your query should be
UPDATE electrix_users
SET
product1= $_POST['product1'],
serial1 = $_POST['serial1'],
product2 = $_POST['product2'],
serial2 = $_POST['serial2'],
product3 = $_POST['product3'],
serial3 = $_POST['serial3']
WHERE usr=$_POST['username']
However you should always clean for sql injection on any user entered data. I did not do this in the example as this is something you should do in your own way. This example is given to you as an example and does not prevent any kind of sql injection as it stands now.
ALWAYS DO WHAT YOU CAN TO PREVENT SQL INJECTION!