I'm wondering how to setup a checkbox that says...
I agree to the terms and conditions
But the users can only click the sign up button if the checkbox has been clicked.
Here is most of my whole registration page code.
<body class="login-body">
<div class="container">
<form class="form-signin" action="/register" method="POST">
<h2 class="form-signin-heading"><?php echo $website;?></h2>
<div class="login-wrap">
<?php
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['confirmpassword']) && isset($_POST['email'])) {
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, md5($_POST['password']));
$confirmpassword = mysqli_real_escape_string($con, md5($_POST['confirmpassword']));
$email = mysqli_real_escape_string($con, $_POST['email']);
if($password != $confirmpassword) {
echo "<div class=\"alert alert-danger\">The passwords you entered do not match.</div>";
$error = 'yes';
}
if(strlen($_POST['password']) < 8) {
echo "<div class=\"alert alert-danger\">Your password must be atleast 8 characters!</div>";
$error = 'yes';
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = 'yes';
echo "<div class=\"alert alert-danger\">The email you entered is invalid.</div>";
}
$result = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$username'") or die(mysqli_error($con));
if (mysqli_num_rows($result) > 0) {
$error = 'yes';
echo "<div class=\"alert alert-danger\">This username already exists.</div>";
}
$result = mysqli_query($con, "SELECT * FROM `users` WHERE `email` = '$email'") or die(mysqli_error($con));
if (mysqli_num_rows($result) > 0) {
$error = 'yes';
echo "<div class=\"alert alert-danger\">The email you entered can not be used.</div>";
}
$ip = mysqli_real_escape_string($con, $_SERVER['REMOTE_ADDR']);
$date = date('Y-m-d');
if ($error != 'yes') {
mysqli_query($con, "INSERT INTO `users` (`username`, `password`, `email`, `date`, `ip`) VALUES ('$username', '$password', '$email', '$date', '$ip')") or die(mysqli_error($con));
header("Location: /login?action=registered");
}
}
?>
<input type="text" id="username" name="username" class="form-control" placeholder="Username" value="<?php echo $_POST['username'] ?>" autofocus>
<input type="password" id="password" name="password" class="form-control" placeholder="Password">
<input type="password" id="confirmpassword" name="confirmpassword" class="form-control" placeholder="Confirm Password">
<input type="text" id="email" name="email" class="form-control" placeholder="Email" value="<?php echo $_POST['email'] ?>">
<button class="btn btn-lg btn-login btn-block" type="submit">Register</button>
</form>
<div class="registration">
Already have an account? 
<a class="" href="/login">
Sign In
</a>
</div>
</div>
</div><!-- end .container -->
Set the register button disabled on page load and change the disabled true or false based on checkbox change .
$('#submit_form').prop('disabled',true);
$('#terms').change(function()
{
$('#submit_form').prop('disabled',!$(this).is(':checked'));
});
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<input type="checkbox" name="terms" id="terms" />
<input type="submit" id="submit_form" value="register" />
You can use inline javascript, and use onchange event
<input type="checkbox" onchange="document.getElementById('submit_form').disabled = !this.checked;" />
<input type="submit" id="submit_form" value="register" />
Related
So I'm trying to link my html to my php database but whenever I open up my browser to 'localhost/cs/staff/sign_up.php'only the message 'Firstname should not be empty' comes up.
How do I fix this?
----My 'sign_up.html' code----
<body>
<form method="post" action="../sign_up.php" style="border:1px solid #ccc">
<div class="container">
<h1>Sign Up</h1>
<p>Please fill in this form to create an account.</p>
<hr>
<label for="Firstname"><b>Firstname</b></label>
<input type="text" placeholder="Enter Firstname" name="firstname" required>
<label for="Lastname"><b>Email</b></label>
<input type="text" placeholder="Enter Lastname" name="lastname" required>
<label for="email"><b>Email</b></label>
<input type="text" placeholder="Enter Email" name="email" required>
<label for="psw"><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="psw" required>
<label for="psw-repeat"><b>Repeat Password</b></label>
<input type="password" placeholder="Repeat Password" name="psw-repeat" required>
<label>
<input type="checkbox" checked="checked" name="remember" style="margin-bottom:15px"> Remember me
</label>
<p>By creating an account you agree to our Terms & Privacy.</p>
<div class="clearfix">
<button type="button" class="cancelbtn">Cancel</button>
<button type="submit" class="signupbtn">Sign Up</button>
</div>
</div>
</form>
</body>
---My 'sign_up.php' code---
<?php
$f_name = filter_input(INPUT_POST, 'firstname');
$l_name = filter_input(INPUT_POST, 'lastname');
$email = filter_input(INPUT_POST, 'email');
$password = filter_input(INPUT_POST, 'psw');
if (!empty($f_name)){
if (!empty($l_name)){
if (!empty($email)){
if (!empty($password)){
$DB_SERVER = "localhost";
$DB_USERNAME = "root";
$DB_PASSWORD = "";
$DB_NAME = "project";
// Create connection
$conn = new mysqli ($host, $dbusername, $dbpassword, $dbname);
if (mysqli_connect_error()){
die('Connect Error ('. mysqli_connect_errno() .') '
. mysqli_connect_error());
}
else{
$sql = "INSERT INTO account (firstname, lastname, email, password)
values ('$firstrname', '$lastname','$email', '$password')";
if ($conn->query($sql)){
echo "New record is inserted sucessfully";
}
else{
echo "Error: ". $sql ."
". $conn->error;
}
$conn->close();
}
}
else{
echo "Password should not be empty";
die();
}
}
else{
echo "Email should not be empty";
die();
}
}
else{
echo "Lastname should not be empty";
die();
}
}
else{
echo "Firstname should not be empty";
die();
}
?>
I'm still new at coding so sorry if the error is something really simple and noobish.
You are saving the $_POST values of the variable firstname on $f_name and lastname on $l_name
This is your code.
$f_name = filter_input(INPUT_POST, 'firstname');
$l_name = filter_input(INPUT_POST, 'lastname');
You have to update your sql, to match the variable names.
$sql = "INSERT INTO account (firstname, lastname, email, password)
values ('$f_name', '$l_name','$email', '$password')";
This is my admin_edit.php code. I already checked others php file and found no problem. This code has no errors but it can't update data in database.
<?php require_once('header.php'); ?>
<?php
if($_GET && !$_POST)
{
if(isset($_GET['id']) && is_numeric($_GET['id']))
{
$id = $_GET['id'];
}
else
{
$id = NULL;
}
if($id)
{
$sql = "SELECT * FROM tb_admin WHERE id_admin=$id";
$query = mysql_query($sql) or die(mysql_error());
$hasil = mysql_fetch_array($query) or die(mysql_error());
}
}
elseif($_POST)
{
$id = $_POST['id_admin'];
$nama = $_POST['nama'];
$username = $_POST['username'];
$password = md5($_POST['password']);
if($nama=='' || $username=='' || $password=='')
{
$error = 'Nama, Username dan Password diisi tidak boleh kosong';
}
else
{
$sql = "UPDATE tb_admin SET nama='$nama', username='$username', password='$password' WHERE id_admin='$id'";
mysql_query($sql) or die(mysql_error());
$_SESSION['PESAN'] = 'Berhasil merubah user !';
refresh('admin.php');
}
}
?>
<form method="post" action="" enctype="multipart/form-data">
<fieldset>
<legend> Ubah Admin </legend>
<?php if(isset($error)) echo '<div class="control-group"><div class="alert alert-error">'.$error.'</div></div>';
?>
<div>
<label for="nama">Nama</label>
<input id="nama" name="nama" class="span4" type="text" required="required" value="<?php echo $hasil['username']; ?>"/>
</div>
<div>
<label for="username">Username</label>
<input id="username" name="username" type="text" required="required" value="<?php echo $hasil['username']; ?>"/>
</div>
<div>
<label for="password">Password</label>
<input id="password" name="password" class="wide" type="password" required="required" value=""/>
</div>
<div class="form-actions">
<button type="submit" name="submit" class="btn btn-primary" value="Edit">Simpan</button>
<button type="button" class="btn" onclick="javascript: if(confirm('Anda yakin untuk batal ?')) window.location.href='admin.php'; else return false; ">Batal</button>
<input name="id" type="hidden" value="<?php if(isset($_POST['id'])) echo $_POST['id']; else echo $hasil['id_admin'];?>">
</div>
</fieldset>
</form>
<?php require_once('footer.php'); ?>
I researched this problem for almost half a day and found no solution. Sorry for my bad english.
You are using name="id" instead of name="id_admin" as well as $_POST['id']
instead of $_POST['id_admin']
Change
<input name="id" type="hidden" value="<?php if(isset($_POST['id'])) echo $_POST['id']; else echo $hasil['id_admin'];?>">
to
<input name="id_admin" type="hidden" value="<?php if(isset($_POST['id_admin'])) echo $_POST['id_admin']; else echo $hasil['id_admin'];?>">
Your WHERE clause depends on it.
WHERE id_admin='$id'
Your present code is open to SQL injection.
Use mysqli with prepared statements, or PDO with prepared statements.
I've defined a user settings page in my website, and there are several forms that appears on that page, I'v written a query for these fields to be updated upon clicking on "submit" button, but some how I end up having this error below;
User Could Not Be Updated Because:You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near
'SHA1(5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8)', ' WHERE id =' at
line 1
this is profile settings page codes for the form:
<?php
$uid = $_SESSION['user_id'];
$query = mysqli_query($dbc, "SELECT * FROM users WHERE id = $uid ")or die(mysql_error());
$arr = mysqli_fetch_assoc($query);
?>
<form action="?page=profileset&id=<?php echo $arr['id']; ?>" method="post" role="form">
<label for="first">First Name</label>
<input class="form-control" type="text" name="first" id="first" value="<?php echo $arr['first']; ?>" placeholder="First Name" autocomplete="off">
</div>
<div class="from-group">
<label for="last">Last Name</label>
<input class="form-control" type="text" name="last" id="last" value="<?php echo $arr['last']; ?>" placeholder="Last Name" autocomplete="off">
</div>
<br>
<div class="from-group">
<label for="email">Email Address</label>
<input class="form-control" type="text" name="email" id="email" value="<?php echo $arr['email']; ?>" placeholder="Email Address" autocomplete="off">
</div>
<div class="from-group">
<label for="password">Password</label>
<input class="form-control" type="password" name="password" id="password" value="<?php echo $arr['password']; ?>" placeholder="Password" autocomplete="off">
</div>
<button id="profile-btn-change" type="submit" class="btn">Submit Changes</button>
<input type="hidden" name="submitted" value="1">
</form>
and this is the query which updates this form;
if(isset($_POST['submitted']) == 1){
$first = mysqli_real_escape_string($dbc, $_POST['first']);
$last = mysqli_real_escape_string($dbc, $_POST['last']);
$password = SHA1($_POST['password']);
$action = 'Updated';
$q = "UPDATE users SET first = '".$first."', last = '".$last."', email = '".$_POST['email']."', password = '".$password."' WHERE id = '".$_POST['id']."'";
$r = mysqli_query($dbc, $q);
if($r){
$message = '<p class="alert alert-success">User Was '.$action.'!</p>';
} else {
$message = '<p class="alert alert-danger">User Could Not Be '.$action.' Because:'.mysqli_error($dbc);
}
}
any consideration is appreciated
You are repeating the password = part in the UPDATE query.
do
$password = sha1($_POST[password]);
instead of
$password = " password = 'SHA1($_POST[password])', ";
update
make sure you try the update query like
$q = "UPDATE users SET first = '".$first."', last = '".$last."', email = '".$_POST['email']."', password = '".$password."' WHERE id = '".$_POST['id']."'";
and try to sanitize the variables while you use them.
I Tried to test the Registration Form to See if it would work, but every time it never actually applies to the SQL Database, Is there anything that seems to be wrong in this code, i don't seem to detect any errors, i also added the registration form in html i was using below the PHP Code
<?
session_start();
include "mysqli_config.php";
$b = $_POST['username'];
$password = md5($_POST['password']);
$a = $_POST['email'];
$username = mysqli_real_escape_string($mysqli, $b);
$email = mysqli_real_escape_string($mysqli, $a);
$c = $_POST['method'];
$method = mysqli_real_escape_string($mysqli, $c);
if ($username == NULL or $email == NULL or $password == NULL) {
echo "Please Fill Out All Forms";
} else {
if (strlen($username) <= 8 || strlen($username) >= 16) {
echo " - Your username must be between 8 and 16 chars";
} else {
if ($method == NULL) {
echo "Please Select a Payment Method";
} else {
$check = "SELECT * FROM `users` WHERE `username` = '$username'";
$checksystem = $mysqli->query($check);
if (mysqli_num_rows($checksystem) != 0) {
echo "Username Already In Use!";
} else {
$create_member = "INSERT INTO `users` (`id`,`username`, `password`, `email`,`status`,`payment`)
VALUES('','$username','$password','$email','$status','$method')";
$create = $mysqli->query($create_member);
echo "Thank You For Registering, Please <a href=loginform.php>Login Here</a>";
}
}
}
}
?>
<form action="authenticate.php" id="contact" method="post" name="contact">
<div class="cleaner h10"></div><label for="author">Username</label>
<input class="required input_field" id="author" name="username" type=
"text"> <label for="email">Password</label> <input class=
"required input_field" id="email" name="password" type="password">
<label for="email">Email</label> <input class="required input_field"
id="email" name="email" type="text"> <label for="email">Payment
Email</label> <input class="required input_field" id="email" name=
"payment" type="text"> <label for="email">Use Amazon For
Payments</label> <input class="required input_field" id="email" name=
"method" type="checkbox"> <label for="email">Use Paypal For
Payments</label> <input class="required input_field" id="email" name=
"method" type="checkbox">
<div class="cleaner h10"></div><input class="submit_btn float_l" id=
"submit" name="submit" type="submit" value="Register">
</form>
If you trying to register a new user, first make sure the id is AUTO_INCREMENT and also
change the query
$create_member = "INSERT INTO `users` (`id`,`username`, `password`, `email`,`status`,`payment`)
VALUES('','$username','$password','$email','$status','$method')";
to
$create_member = "INSERT INTO `users` (`username`, `password`, `email`,`status`,`payment`)
VALUES('$username','$password','$email','$status','$method')";
This my register.php codes where a user register. As i click my 'Register' submit button ive got those sql errors and i cant proceed to where my header location is which is voting2.php... pls help.
<?php session_start(); ?>
<?php
require('connect/connect.php');
if(isset($_POST['submit'])){
$password1=$_POST['password1'];
$password2=$_POST['password2'];
if ($password1 == $password2) {
$studid = mysql_escape_string ($_POST['studid']);
$password1= mysql_escape_string ($password1);
$password2= mysql_escape_string ($password2);
$fname= mysql_escape_string($_POST['fname']);
$lname= mysql_escape_string ($_POST['lname']);
$mname= mysql_escape_string ($_POST['mname']);
$dob= mysql_escape_string ($_POST['dob']);
$address= mysql_escape_string ($_POST['address']);
$f_fname= mysql_escape_string($_POST['f_fname']);
$f_lname= mysql_escape_string($_POST['f_lname']);
$f_mname= mysql_escape_string($_POST['f_mname']);
$m_fname= mysql_escape_string($_POST['m_fname']);
$m_lname= mysql_escape_string($_POST['m_lname']);
$m_mname= mysql_escape_string ($_POST['m_mname']);
$sql1 = "SELECT * FROM `new_reg_student` WHERE `password` = '". $password1 ."' AND `studid` = '". $studid ."'";
//this is my line 27 error
if (mysql_num_rows ($sql1) == 1) {
echo "Password & Student ID already exists.";
exit();
}
$sql3 = "INSERT INTO `new_reg_student` (`id`, `studid`, `password`, `fname`, `lname`, `mname`, `dob`, `address`, `f_fname`, `f_mname`, `f_lname`, `m_fname`, `m_mname`, `m_lname`) VALUES (NULL, '$studid', '$password1', '$fname', '$lname', '$mname', '$dob', '$address', '$f_fname', '$f_mname', '$f_lname', '$m_fname', '$m_mname', '$m_lname')" ;
$result = mysql_query($sql3) or die (mysql_error()) ;
//this is my line 35 error
if(mysql_num_rows($result) > 0) {
header("Location: voting2.php");
exit();
} else {
echo " ";
exit();
}
}
else {
echo " Sorry password do not match";
exit();
}
}
?>
this the body content of my register.php
<h2>Please Register Using The Form Below</h2>
<fieldset><legend><h1>Student Info</h1></legend>
<table>
<tr>
<td height="500">
<form id="regform" method="post" action="register2.php">
<ul>
<li><label>Student ID:</label><br />
<div id="txtbox"><input type="text" id="" name="studid" readonly="readonly" value="<?php echo $_SESSION['username']; ?>" /></div>
</li>
<li><label>Password:</label><br />
<div id="txtbox"><input type="password" id="password1" name="password1" /></div>
</li>
<li><label>Confirm Password:</label><br />
<div id="txtbox"><input type="password" id="password2" name="password2" /></div>
</li>
<li><label>Name:</label><br />
<div id="txtbox"><input value="Fist Name" type="text" name="fname"/> - <input value="Middle Name" type="text" name="mname"/> - <input value="Last Name" type="text" name="lname"/></div>
</li>
<li><label>Date of Birth:</label><br />
<div id="txtbox"><input type="text" name="dob" value="Year-Month-Day" /> - ex. 2013-12-01</div>
</li>
</li><li><label>Address:</label><br />
<div id="txtbox">
<input type="text" name="address" />
</div>
</li>
<li><label>Your Father's Name:</label><br />
<div id="txtbox"><input value="Fist Name" type="text" name="f_fname"/> - <input value="Middle Name" type="text" name="f_mname"/> - <input value="Last Name" type="text" name="f_lname"/></div>
</li>
<li><label>Your Mother's Name:</label><br />
<div id="txtbox"><input value="Fist Name" type="text" name="m_fname"/> - <input value="Middle Name" type="text" name="m_mname"/> - <input value="Last Name" type="text" name="m_lname"/></div>
</li>
</ul>
<p id="wa"><input type="submit" id="submit" value="Register" name="submit"/></p>
</form>
</table>
<p id="helper"></p>
</td></fielset>
</div>
Change
$sql1 = "SELECT * FROM `new_reg_student`
WHERE `password` = '". $password1 ."'
AND `studid` = '". $studid ."'";
to
$sql1 = mysql_query("SELECT * FROM `new_reg_student`
WHERE `password` = '". $password1 ."'
AND `studid` = '". $studid ."'");
On a sidenote, please stop using mysql_* functions. More info here
Regarding the error on line 35, mysql_num_rows() is used for SELECT statements. For INSERT OR UPDATE OR DELETE statements, use mysql_affected_rows()