I'm working on a forum for a school project (high school) and I have a register form. Everything works but when I submit the form I get my set error that says "An error has occurred". I'm not getting any MYSQL errors and am wondering what's wrong with my code. Please note, everything should be working but for some reason it does not submit to the database. I know the html is good so I'm only submitting the php.
register.php
<?php
//get required files
include 'inc/config.php';
//get all variables to avoid errors
$firstname = ""; //first name of user
$lastname = ""; //last name of user
$username = ""; //username of user
$email = ""; //email of user
$city = ""; //current city
$password = ""; //password
$password2 = ""; //confirm password
$date = ""; //signup date
$error_array = array(); //holds all error messages
$ip = ""; //ip address of user
$allowed_cities = array("Toronto","Ottawa","Hamilton","London","Windsor","Kingston"); //holds all cities allowed
$profilepic = ""; //profile photo
$code = ""; //email token to verify account
//Profile Photo Settings
$allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation
$max_filesize = 9999999999; // Maximum filesize in BYTES - SET IN to a low number for small files
$upload_path = 'data/profilepictures/'; // The place the files will be uploaded to (currently a 'profile pictures' directory)
if(isset($_POST['submit'])){
//First Name
$firstname = strip_tags($_POST['firstname']); //Remove html tags
$firstname = str_replace(' ', '', $firstname); //remove spaces
$firstname = ucfirst(strtolower($firstname)); //Uppercase first letter
//Last Name
$lastname = strip_tags($_POST['lastname']); //Remove html tags
$lastname = str_replace(' ', '', $lastname); //remove spaces
$lastname = ucfirst(strtolower($lastname)); //Uppercase first letter
//Username
$username = strip_tags($_POST['username']); //Remove html tags
$username = str_replace(' ', '_', $username); //remove spaces and put a underscore
//Note: preg match for username done later
//Email
$email = strip_tags($_POST['email']); //Remove html tags
$email = str_replace(' ', '', $email); //remove spaces
//City
$city = strip_tags($_POST['city']); //Remove html tags
$city = str_replace(' ', '', $city); //remove spaces
$city = ucfirst(strtolower($city)); //Uppercase first letter
//Password and Confirm Password
$password = strip_tags($_POST['password']); //Remove html tags
$password2 = strip_tags($_POST['password2']); //Remove html tags
//Profile Picture
$profilepic = $_FILES['photo']['name']; // Get the name of the file (including file extension)
$ext = substr($profilepic, strpos($profilepic,'.'), strlen($profilepic)-1); // Get the extension from the profilepic
//Email Verification
$code=substr(md5(mt_rand()),0,15); //token to verify email
//Date and IP Address
$date = date("Y-m-d"); //Current date
$ip = $_SERVER['REMOTE_ADDR']; //IP Address
//Check submissions for errors
//Check Firstname
if(strlen($firstname) > 25 || strlen($firstname) < 2) {
array_push($error_array, "Your first name must be between 2 and 25 characters<br>");
}
//Check Lastname
if(strlen($lastname) > 25 || strlen($lastname) < 2){
array_push($error_array, "Your last name must be between 2 and 25 characters<br>");
}
//Check Username
$u_check = mysqli_query($con, "SELECT username FROM users WHERE username='$username'");
$num_rows = mysqli_num_rows($u_check);
if($num_rows > 0) {
array_push($error_array, "Username is taken<br>");
}
if(strlen($username) > 30 || strlen($username) < 3){
array($error_array, "Your username must be between 3 and 30 characters<br>");
}
if(preg_match('/^[a-z0-9]{6,10}$/', $username)) {
array_push($error_array, "Your username includes invalid characters<br>");
}
//Check Email
$e_check = mysqli_query($con, "SELECT email FROM users WHERE email='$email'");
$num_rows2 = mysqli_num_rows($e_check);
if($num_rows2 > 0){
array_push($error_array, "Email already in use<br>");
}
$allowed_emails = array('student.tdsb.on.ca', 'delasalle.ca', 'ucc.on.ca');
$explodedEmail = explode('#', $email);
$domain = array_pop($explodedEmail);
if ( ! in_array($domain, $allowed_emails))
{
array_push($error_array, "Your student email is not allowed<br>");
}
//Check City
if (!in_array($city, $allowed_cities)) {
array_push($error_array, "Our service is not available in your city<br>");
}
//Check Passwords
if($password != $password2) {
array_push($error_array, "Your passwords do not match<br>");
}
if(strlen($password > 30 || strlen($password) < 5)) {
array_push($error_array, "Your password must be betwen 5 and 30 characters<br>");
}
if(preg_match('/[^A-Za-z0-9]/', $password)) {
array_push($error_array, "Your password can only contain english characters or numbers<br>");
}
//Check Profile Picture
if(!in_array($ext,$allowed_filetypes)){
array_push($error_array, "The file you attempted to upload is not allowed<br>");
}
if(filesize($_FILES['photo']['tmp_name']) > $max_filesize){
array_push($error_array, "The file you attempted to upload is too large<br>");
}
if(!is_writable($upload_path)){
array_push($error_array, "You cannot upload to the specified directory, please CHMOD it to 777<br>");
}
if(move_uploaded_file($_FILES['photo']['tmp_name'],$upload_path . $profilepic)){
}
else{
array_push ($error_array, "There was an error during the file upload. Please try again later<br>");
}
//Process Data
if(empty($error_array)) {
$password = md5($password); //Encrypt password before sending to database
$query = mysqli_query($con, "INSERT INTO users (firstname,lastname,email,username,password,signup_date,city,profilephoto,email_verified ) VALUES ('$firstname','$lastname','$email','$username','$password','$date','$profilepic','0') ");
array_push($error_array, "Your acccount has been created. Please check your inbox to verify your account<br>");
}
else{
array_push($error_array, "An error has occured. Please try again later<br>");
}
}
?>
Related
I am building a website's login page for an assignment. When I hash the password in the file that checks the users details it doesn't match with the stored hashed password in the database. The code always goes to the last else statement and relinks me to the login page with the wrong password sv equal to 1. If I don't hash the password, then copy and paste the hashed password from the database into the login form the login works. If anyone can help this would be greatly appreciated
ini_set('display_errors', 1);
ini_set('log_errors',1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
session_start();
$email = $_POST["email"];
$pass1 = $_POST["pass"];
$pass = hash('sha256', $pass1);
if(isset($_SESSION['user_type']))
{
unset($_SESSION['user_type']);
}
include("group_detail.php");
$query = "SELECT * from employee WHERE email = '$email' AND password = '$pass'";
$result_employee = $db->query($query);
$employee_row = mysqli_fetch_assoc($result_employee);
if(!empty($employee_row)){
$_SESSION['id'] = $employee_row['employee_ID'];
$_SESSION['name'] = $employee_row['name'];
$_SESSION['user_type'] = $employee_row['title'];
header('Location: homepage.html');
}else{
$query = "SELECT * from customer WHERE email = '$email' AND password = '$pass'";
$result_customer = $db->query($query);
$customer_row = mysqli_fetch_assoc($result_customer);
if(!empty($customer_row)){
$_SESSION['id'] = $customer_row['customer_ID'];
$_SESSION['name'] = $customer_row['name'];
$_SESSION['user_type'] = 'Customer';
$_SESSION['email'] = $customer_row['email'];
header('Location: homepage.html');
}
else{
$_SESSION['wrong_password'] = 1;
header('Location: login.php');
}
}
The registration code
<<?php
// this code checks all reuired fields are filled in appropriately
ini_set('display_errors', 1);
ini_set('log_errors',1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
session_start();
$nameErr = $phoneErr = $emailErr = $passwordErr = "";
$name = $address = $eircode = $email = $password = $phone = "";
$employee_ID = 0;
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
echo $nameErr;
if (empty($_POST["name"])) {
$nameErr = "Your name is required for registration";
} else {
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and a space allowed";
}
}
if (empty($_POST["phone"])) {
$phoneErr = "Your phone number is required for registration";
} else {
$phone = test_input($_POST["phone"]);
}
if(empty($_POST['email']))
{
$emailErr = "Your Email is required for registration";
} else {
include ("group_detail.php");
$email_test = test_input($_POST["email"]);
$sql = "SELECT * from customer WHERE email = '$email_test'";
// Checks if another account uses this email
$result = $db->query($sql); // runs the query
$num_rows_3= mysqli_num_rows($result); // counts how many rows the query applies to
if($num_rows_3 == 0){
// Sets email value if no one else has used this email to sign up before
$email = test_input($_POST["email"]);
}
else{
// Lets the customer know this email is already in use
$emailErr = "Another account has previously been registered with this email. If this is you, you can login ";
}
}
if(empty($_POST['pass1']))
{
$passwordErr = "Password required";
} else {
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1 == $pass2){
$pass = hash('sha256',$pass1);
// $pass = $pass1;
} else{
$passwordErr = "The passwords you enter must match";
}
}
if(empty($_POST['address']))
{
$address = "";
}else{
$address = test_input($_POST['address']);
}
if(empty($_POST['eircode']))
{
$eircode = "";
}else{
$eircode = test_input($_POST['eircode']);
}
if ($phoneErr == "" && $nameErr == "" && $passwordErr == "" && $emailErr == "")
{
// This code enters the data from the form into the customer table
include ("group_detail.php");
$q = "INSERT INTO customer(";
$q .= "name, phone, password, email, address, eircode";
$q .= ") VALUES (";
$q .= "'$name', '$phone', '$pass', '$email', '$address', '$eircode')";
$result = $db->query($q);
$sql = "SELECT customer_ID FROM customer ORDER BY customer_ID DESC LIMIT 1";
$result1 = $db->query($sql);
$row = mysqli_fetch_assoc($result1);
$_SESSION['customer'] = $row['customer_ID'];
header('Location: homepage.html');
}
}
?>
Solution
Your field is of the incorrect length. When you use the SHA256 hash function you get an output similar to:
ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f // password123
If you're password field is only 15 characters then the saved value will be truncated:
ef92b778bafe771
However, during the comparison the full value from the logon script is used against the truncated version stored in the DB and therefore there is no match. Because, as you can see above, they aren't the same.
To fix you need to ALTER the table so that the field is at least varchar(64). Then new accounts will work as expected (note: old hashes still won't work - they need to be redone!)
Additional information
There are a few other issues with your code...
You shouldn't be putting variables directly into your code. Instead it is preferred to use a Prepared Statement with parametrised queries where you bind the variables later.
Which basically means in the query we use a place holder ? where we want a variable and then bind variables to the place holders later on
This is mainly to prevent SQL injection and protect you from incorrect input
It is best to use the PHP built in functions password_* to hash and verify passwords.
It's more secure than simply using hash
salts are auto-generated which protects you from things like rainbow tables
The default algorithm for password_hash requires a field length of 60+ characters
There's no need to store excess data in SESSION
The data is already stored in the DB so just fetch it as and when needed
It seems that you have one table for customers and another for employees
This isn't a good design there should be one table for users and then you can set flags for employee, customer, supplier etc.
Your test_input function carries out functions that are usually done on display not on save.
Below is a quick re-write that addresses some of the above (note: the below code is not complete it doesn't, for example, carry out all of the same validation - e.g. checking for illegal characters - it's just for illustrative purposes)
Register
<?php
ini_set('display_errors', true);
ini_set('log_errors', true);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
session_start();
$errors = [];
$name = $_POST["name"] ?? null;
$phone = $_POST["phone"] ?? null;
$email = $_POST['email'] ?? null;
$address = $_POST['address'] ?? null;
$eircode = $_POST['eircode'] ?? null;
$pass1 = $_POST['pass1'] ?? null;
$pass2 = $_POST['pass2'] ?? null;
// Check passwords are the same and assign hash to $pass
$pass = $pass1 === $pass2 ? password_hash($pass1, PASSWORD_DEFAULT) : null;
// Check the required fields are present and not empty
if (!$name || !$phone || !$email || !$pass) {
$errors[] = "Required fields are missing.";
}
// Check if the email address already exists in the DB
$checkEmailExistsSQL = "SELECT COUNT(*) as countEmails FROM user WHERE email = ?";
$checkEmailExistsQuery = $mysqli->prepare($checkEmailExistsSQL);
$checkEmailExistsQuery->bind_param("s", $email);
$checkEmailExistsQuery->execute();
$emailExists = $checkEmailExistsQuery->get_result()->fetch_assoc()["countEmails"];
if ($emailExists !== 0) {
$errors[] = "The email address already exists in the DB";
}
// Check if there were errors and output them; then exit the script
if (count($errors)) {
foreach($errors as $error) {
echo $error, PHP_EOL;
}
exit;
}
include("group_detail.php");
$insertSQL = "
INSERT INTO user
(name, phone, password, email, address, eircode)
VALUES
(?, ?, ?, ?, ?, ?)
";
$insertQuery = $mysqli->prepare($insertSQL);
$insertQuery->bind_param("ssssss", $name, $phone, $pass, $email, $address, $eircode);
$insertQuery->execute();
// Success the user is registered
Logon
<?php
ini_set('display_errors', true);
ini_set('log_errors', true);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
session_start();
$email = $_POST["email"] ?? null;
$pass = $_POST["pass"] ?? null;
// You can remove the old user id. But you don't need to
//
// There's no need to store excess data on the user in
// the SESSION super global; any data that you need
// access to can be retrieved from the DB at will.
// Copying data into SESSION only eats into memory.
unset($_SESSION["id"]);
// Check that something was submitted for email and password
if (!$email || !$pass) {
echo "Error: all fields need to be completed";
exit;
}
include("group_detail.php");
$sql = "SELECT id, password FROM user WHERE email = ?";
$query = $mysqli->prepare($sql);
$query->bind_param("s", $email);
$query->execute();
// Check to see if the email address is registered.
// Then check to see if the password is a match.
if (
!($user = $query->get_result()->fetch_assoc())
|| !password_verify($pass, $user["password"])
) {
echo "Error: the email address or password isn't correct";
exit;
}
// Success the user is logged on
//
$_SESSION["id"] = $user["id"];
For some apparent reason, a portion of my PHP code is being shown in the header section of my page.
I am completely stumped as to why this is occurring. I have rechecked all the variables and have tested how to page renders on IE and Firefox, but the same problem occurs.
reg.php:
<?
$registration = #$_POST[`submitReg`];
// Getting all other info from form and assigning it to variables
$firstname = strip_tags(#$_POST[`fname`]);
$lastname = strip_tags(#$_POST[`lname`]);
$username = strip_tags(#$_POST[`username`]);
$email = strip_tags(#$_POST[`email`]);
$email2 = strip_tags(#$_POST[`email2`]);
$password = strip_tags(#$_POST[`password`]);
$password2 = strip_tags(#$_POST[`password2`]);
$DOBDay = strip_tags(#$_POST[`DOBDay`]);
$DOBMonth = strip_tags(#$_POST[`DOBMonth`]);
$DOBYear = strip_tags(#$_POST[`DOBYear`]);
$gender = strip_tags(#$_POST[`gender`]);
$sign_up_date = date("d-m-Y"); // Sign up date is not getting any data from the form
if ($registration) {
if ($email==$email2) {
// If both emails match, then check if user already exists:
$u_check = mysqli_query("SELECT username FROM users WHERE username='$username'"); // Count the amount of rows where username = $username
$e_check = mysqli_query("SELECT email FROM users WHERE email='$email'"); //Check whether Email already exists in the database
// checking the amount of rows where username is equal to $username - avoid two users with same username - same idea for email
$check = mysqli_num_rows($u_check);
$email_check = mysqli_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
// If no matches found then: 1. check all fields are completed correctly:
if ($firstname && $lastname && $username && $email && $email2 && $password && $password2 && $DOBDay && $DOBMonth && $DOBYear && $gender) {
// 1.2. check that passwords match:
if ($password==$password2) {
-------------------- CODE WHICH IS APPEARING IN THE HEADER ---------------------
// 1.2.1. Check fields are of valid length
if (strlen($username) > 25 || strlen($firstname) > 25 || strlen($lastname) > 25 || strlen($password) > 25) {
echo "The maximum character limit is 25.";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 6 characters
if (strlen($password)>25||strlen($password)<6) {
echo "Your password must be between 6 and 25 characters long!";
}
else
{
// if everything correct, encrypt passwords using MD5 before sending it to server.
$password = md5($password);
$password2 = md5($password2);
$query = mysqli_query("INSERT INTO users VALUES (``, `$firstname`, `$lastname`, `$username`, `$email`, `$password`, `$sign_up_date`)");
die("<h2>Welcome to Aston Unified</h2> Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
_______________________________________________________________________
?>
Any ideas as to why this behavior is occurring?
Seems php short tags <? is off and you have used that. Try to use <?php and then check.
If you need to use that then set
short_open_tag=On
in php.ini and restart your Apache server.
you should enable short tag in php.ini (add short_open_tag=On in your php.ini) or use <?php in place of <?
I have made a code and when I try to sign up I get a problem saying the length is not between 5-30 for the password. I was using 7 letters for a password but was getting this problem when trying to sign up on my site. I have posted parts of the code below:
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sighn up date and time
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un' ");
// Count the amount of rows where username - $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
// Check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// Check that passwords match
if ($pswd==$pswd2) {
// Check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// Check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)>5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using bcrypt before sending to database
$pswd = bcrypt($pswd);
$pswd2 = bcrypt($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', $un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>Welcome to YouBook</h2>Login to your account to get started . . .");
Try this:
if (strlen($pswd)>30||strlen($pswd)<5) {
// ^ You want to check if it is less than or equal to 5
p.s. You really shouldn't put a maximum limit on the password.
I am trying to input a check-box for terms and conditions in a form, but when I registered the form without ticking the box the registration went through , (which was not suppose to be). Please help have a look.
<?php
echo "<h2>Register</h2>";
$submit = $_POST['register'];
//form data
$fullname = mysql_real_escape_string(htmlentities(strip_tags($_POST['fullname'])));
$username = strtolower(mysql_real_escape_string(htmlentities(strip_tags($_POST['username']))));
$password = mysql_real_escape_string(htmlentities(strip_tags($_POST['password'])));
$repeatpassword = mysql_real_escape_string(htmlentities(strip_tags($_POST['repeatpassword'])));
$email = mysql_real_escape_string(htmlentities(strip_tags($_POST['email'])));
$houseno = mysql_real_escape_string(htmlentities(strip_tags($_POST['houseno'])));
$addressa = mysql_real_escape_string(htmlentities(strip_tags($_POST['addressa'])));
$addressb = mysql_real_escape_string(htmlentities(strip_tags($_POST['addressb'])));
$addressc = mysql_real_escape_string(htmlentities(strip_tags($_POST['addressc'])));
$county = mysql_real_escape_string(htmlentities(strip_tags($_POST['county'])));
$state = mysql_real_escape_string(htmlentities(strip_tags($_POST['state'])));
$country = mysql_real_escape_string(htmlentities(strip_tags($_POST['country'])));
$accept = mysql_real_escape_string(htmlentities(strip_tags($_POST['accept'])));
if ($submit)
{
$namecheck = mysql_query("SELECT username FROM reusers WHERE username='$username'");
$count = mysql_num_rows($namecheck);
if($count!=0)
{
die("Username already taken!");
}
//check for registration form details
if ($fullname&&$username&&$password&&$repeatpassword&&$email&&$houseno&&$addressa&&$county&&$state&&$country)
{
if($accept!= 1)
{
if ($password==$repeatpassword)
{
//check char lenght of username and fullname
if (strlen($username)>25||strlen($fullname)>25)
{
echo "Lenght of username or fullname is too long";
}
else
{
//check password length
if(strlen($password)>25||strlen($password)<6)
{
echo"Password must be between 6 and 25 characters";
}
else
{
//check password length
$emailcheck = mysql_query("SELECT email FROM reusers WHERE email='$email'");
$ecount = mysql_num_rows($emailcheck);
if($ecount!=0)
{
echo"email already registered Please sign in into your account to continue";
}
else
{
//generate random code
$code = rand(11111111,99999999);
//send activation email
$to = $email;
$subject = "Activate your account";
$headers = "From: donotreply#reacheasy.co.uk";
$body = " Hello $fullname,\n\nUsername $username,\n\n Password $password ,\n\nYou registered `and need to activate your account. Click the link below or paste it into the URL bar of your browser\n\nhttp://reach.co.uk/activate.php?code=$code\n\nThanks!";
if (!mail($to,$subject,$body,$headers))
echo "We couldn't sign you up at this time. Please try again later.";
else
{
//register the user!
//encript password
$password = md5($password);
$repeatpassword = md5($repeatpassword);
$queryreg = mysql_query("
INSERT INTO reusers VALUES ('','$fullname','$username','$password','$email','$code','0','houseno','addressa','addressb','addressc','county','state','country')
");
die("You have been registered successfully! Please check your email ($email) to activate your account<a href='index.php'>Return to login page</a>");
}
}
}
}
}
else
echo"Your passwords do not match!";
}
else
echo"Please read and accept Terms and Conditions before registering!";
}
else
echo "Please fill in <b>all</> fields!";
}
?>
$accept = ($_POST['accept'] ? 1:0);
You must use
if($accept == 1)
because $_POST['accept'] = 1 when you check the checkbox.
Now return Please read and accept Terms and Conditions before registering! when checkbox is checked and register the user when checkbox is not checked.
i am currently in the process of creating a registration page for my website, i have managed to make it work and it adds the user to my main table user_info, however i also have other tables that i want the system to insert the user into when they join, such as a log for their ip address, the problem is i thought it would be a simple cas of selecting the user info and then inserting the fields into the ip_address table, but i keep getting the error
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'terminated')' at line 1"
Anyway here is my code for the whole php script, the new lines of code that cause the error are from lines 171 - 176 (The last 5 lines at the bottom of the big block of code).
Thanks
<?php
if (isset ($_POST['firstname'])){
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers
$email = $_POST['email'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
$paypal_email = $_POST['paypal_email'];
$country = $_POST['country'];
$kingdom_name = $_POST['kingdom_name'];
$kingdom_motto = $_POST['kingdom_motto'];
$referal = $_POST['referal'];
$email = stripslashes($email);
$password = stripslashes($password);
$cpassword = stripslashes($cpassword);
$email = strip_tags($email);
$password = strip_tags($password);
$cpassword = strip_tags($cpassword);
// Connect to database
include_once "connect_to_mysql.php";
$emailCHecker = mysql_real_escape_string($email);
$emailCHecker = str_replace("`", "", $emailCHecker);
// Database duplicate username check setup for use below in the error handling if else conditionals
$sql_uname_check = mysql_query("SELECT username FROM user_info WHERE username='$username'");
$uname_check = mysql_num_rows($sql_uname_check);
// Database duplicate e-mail check setup for use below in the error handling if else conditionals
$sql_email_check = mysql_query("SELECT email FROM user_info WHERE email='$emailCHecker'");
$email_check = mysql_num_rows($sql_email_check);
// Error handling for missing data
if ((!$firstname) || (!$lastname) || (!$username) || (!$email) || (!$password) || (!$cpassword) || (!$paypal_email) || (!$kingdom_name) || (!$kingdom_motto)) {
$errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';
if(!$firstname){
$errorMsg .= ' * Firstname<br />';
}
if(!$lastname){
$errorMsg .= ' * Lastname<br />';
}
if(!$username){
$errorMsg .= ' * Username<br />';
}
if(!$email){
$errorMsg .= ' * Email<br />';
}
if(!$password){
$errorMsg .= ' * Password<br />';
}
if(!$cpassword){
$errorMsg .= ' * Password Check<br />';
}
if(!$paypal_email){
$errorMsg .= ' * Paypal Email<br />';
}
if(!$kingdom_name){
$errorMsg .= ' * Kingdom Name<br />';
}
if(!$kingdom_motto){
$errorMsg .= ' * Kingdom Motto<br />';
}
} else if ($password != $cpassword) {
$errorMsg = 'ERROR: Your Password fields below do not match<br />';
} else if (strlen($username) < 4) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />";
} else if (strlen($username) > 20) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />";
} else if ($uname_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />";
} else if ($email_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />";
} else { // Error handling is ended, process the data and add member to database
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
// Add MD5 Hash to the password variable
$db_password = md5($password);
// GET USER IP ADDRESS
$ipaddress = getenv('REMOTE_ADDR');
// Add user info into the database table for the main site table
$sql = mysql_query("INSERT INTO user_info (firstname, lastname, username, email, password, country, sign_up_date)
VALUES('$firstname','$lastname','$username','$email','$password', '$country', now())")
or die (mysql_error());
$id = mysql_insert_id();
// Create directory(folder) to hold each user's files(pics, MP3s, etc.)
mkdir("members/$id", 0755);
////////////////////////////////////////////////////////////////////////
///////////////BUILDING THE USER PROFILES///////////////////////////////
$sql_id = ("SELECT * FROM user_info WHERE username = '$username'");
$result = mysql_query($sql_id);
$sql_result = mysql_fetch_array($result);
$sql = mysql_query("INSERT INTO ip_log (id, ip_log) VALUES ('$id', '$ipaddress'") or die (mysql_error());
include_once 'registration_success.php';
exit();
} // Close else after duplication checks
} else { // if the form is not posted with variables, place default empty variables so no warnings or errors show
$errorMsg = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$password= "";
$cpassword = "";
$paypal_email = "";
$kingdom_name = "";
$kingdom_motto = "";
$referal = "";
}
?>
Closing parentheses missing here:
"INSERT INTO ip_log (id, ip_log) VALUES ('$id', '$ipaddress'"