I created a sign up page for my website in php . In my code I put if the username , password confirm password and/or email is empty it would give then an error , which it does , but it still says that the user was created . I don't want that to happen . If any of the user fields are empty I want them to go back to the sign up page and fill out the missing fields . All it does is give the echo statement and then it says user was created .
sign up.php:
<html>
<head>
<link rel="stylesheet" type="text/css" href="css.css">
<title>Sign Up</title>
</head>
<body bgcolor="#E6E6FA">
<h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2>
<form name="registration" method="post" action="process2.php">
<p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p>
<br></br>
<p align="right"><input type="password" name="password" size="35" id="p w" placeholder="Password" /></p>
<br></br>
<p align="right"><input type="password" name="password2" size="35" id="pw2" placeholder="Confirm Password" /></p>
<br></br>
<p align="right"><input type="text" name="email" size="35" id="Email" placeholder="E-mail" /></p>
<p align="right"><input type="submit" name="submit" value="submit"></p>
</form>
<h3 style="font-size: 20px">Go Back To Home Screen </h3>
</body>
</html>
<?php
if(empty($username)){ echo"Please enter a username to sign up.<br />";} else {}
if(empty($pw)){echo"Please enter a password to sign up.<br />";} else {}
if(empty($pw2)){echo"Please confirm your password to sign up.<br />";} else {}
if(empty($email)){ echo"Please enter a email to sign up.<br />";} else {}
?>
Process2.php:
<?php
include("db.php");
if(empty($username)){ echo"Please enter a username to sign up.<br />";} else {}
if(empty($pw)){echo"Please enter a password to sign up. <br />";} else {}
if(empty($pw2)){echo"Please confirm your password to sign up.<br />";} else {}
if(empty($email)){ echo"Please enter a email to sign up.<br />";} else {}
if (isset($_POST['submit'])) {
if ($_POST['password'] == $_POST['password2']) {
$username = $_POST['username'];
$pw = $_POST['password'];
$pw2 = $_POST['password2'];
$email = $_POST['email'];
// validate and sanitize all of these inputs
// and see that they are not blank at the same time
// Do your MySql here to find the $username and
// bring out result of find in $username_result
if($username_result > 0){
echo "This username is in use.<a href= signup.php>Enter a different username</a> ";
// exit; // or send them back to registration page
} else {
// it is not in use so put it in
$pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10));
$pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8));
$sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')";
if(mysqli_query($conn, $sql)){
// if insert checked as successful echo username and password saved successfully
echo"Your user was created. <a href= signin.php>Click here to login </a><br />";
}else{
echo "Sorry there has been an error, please try again."; // and send them back to registration page
}
}
}else{
echo "The passwords do not match. <a href= signup.php>Try again</a><br />"; // and send them back to registration page
}
}
?>
So basically what I tried is putting the if the fields are empty statements before the code that sends the information to the database it doesn't work . I tried putting it after the code that sends the information to database it didn't work . I also tried putting it on the sign up page but it didn't work either .
What I want to happen is if any of the fields are empty nothing will be sent to the database . Can someone help me ?
update :
<?php
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password2']) || empty($_POST['email']) || empty($_POST['submit'])) {
$error = "";
if (!empty($_POST['submit'])){
if(empty($_POST['username']))
$error .= "Please enter a username. ";
if(empty($_POST['password']))
$error .= "Please enter a password. ";
if(empty($_POST['password2']))
$error .= "Please confirm your password. ";
if(empty($_POST['email']))
$error .= "Please enter your email. ";
}
include("db.php");
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css.css">
<title>Sign Up</title>
</head>
<body bgcolor="#E6E6FA">
<h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2>
<form name="registration" method="post">
<p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p>
<br></br>
<p align="right"><input type="password" name="password" size="35" id="p w" placeholder="Password" /></p>
<br></br>
<p align="right"><input type="password" name="password2" size="35" id="pw2" placeholder="Confirm Password" /></p>
<br></br>
<p align="right"><input type="text" name="email" size="35" id="Email" placeholder="E-mail" /></p>
<p align="right"><input type="submit" name="submit" value="submit"></p>
</form>
<?php
if ($error)
echo $error;
?>
<h3 style="font-size: 20px">Go Back To Home Screen </h3>
</body>
</html>
<?php
}
else if (($_POST['submit'])){
if (isset($_POST['submit'])) {
if ($_POST['password'] == $_POST['password2']) {
$username = $_POST['username'];
$pw = $_POST['password'];
$pw2 = $_POST['password2'];
$email = $_POST['email'];
// validate and sanitize all of these inputs
// and see that they are not blank at the same time
// Do your MySql here to find the $username and
// bring out result of find in $username_result
if($username_result > 0){
echo "This username is in use.<a href= signup.php>Enter a different username</a> ";
// exit; // or send them back to registration page
} else {
// it is not in use so put it in
$pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10));
$pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8));
$sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')";
if(mysqli_query($conn, $sql)){
// if insert checked as successful echo username and password saved successfully
echo"Your user was created. <a href= signin.php>Click here to login </a><br />";
}else{
echo "Sorry there has been an error, please try again."; // and send them back to registration page
}
}
}else{
echo "The passwords do not match. <a href= signup.php>Try again</a><br />"; // and send them back to registration page
}
}
?>
I would place some of the signup and process code in the same page like this in signup.php (notice I have also removed the "action" code from the form tag:
<?php
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password2']) || empty($_POST['email']) || empty($_POST['submit'])){
$error = "";
if (!empty($_POST['submit'])){
if(empty($_POST['username']))
$error .= "Please enter a username. ";
if(empty($_POST['password']))
$error .= "Please enter a password. ";
if(empty($_POST['password2']))
$error .= "Please confirm your password. ";
if(empty($_POST['email']))
$error .= "Please enter your email. ";
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css.css">
<title>Sign Up</title>
</head>
<body bgcolor="#E6E6FA">
<h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2>
<form name="registration" method="post">
<p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p>
<br></br>
<p align="right"><input type="password" name="password" size="35" id="p w" placeholder="Password" /></p>
<br></br>
<p align="right"><input type="password" name="password2" size="35" id="pw2" placeholder="Confirm Password" /></p>
<br></br>
<p align="right"><input type="text" name="email" size="35" id="Email" placeholder="E-mail" /></p>
<p align="right"><input type="submit" name="submit" value="submit"></p>
</form>
<?php
if ($error)
echo $error;
?>
<h3 style="font-size: 20px">Go Back To Home Screen </h3>
</body>
</html>
<?php
}
else if (!empty($_POST['submit'])){
//place most of the code from your process.php code here
echo "processing";
}
firstly check your connection to the database also check your users table if the field is nullable if it so then you might wanna put some try-catch block on your code to see the errors.
You need to redirect to signup.php when validation fails..For this you can check the input and if either of it empty then you can redirect in process2.php as:
if(empty($username) || empty($pw) || empty($pw2) || empty($email))
{
header( "refresh:5;url=signup.php" );
} else {
//You can do your things here..
}
Related
I have a problem connecting any php pages to MySQL, I'm new to php, I tried everything I could find online but none of them worked. I tried downloading a php form and made a database for this page but it still doesn't add anything to the database.
<html>
<link href="//db.onlinewebfonts.com/c/a4e256ed67403c6ad5d43937ed48a77b?family=Core+Sans+N+W01+35+Light" rel="stylesheet" type="text/css"/>
<link rel="stylesheet" href="form.css" type="text/css">
<div class="body-content">
<div class="module">
<h1>Create an account</h1>
<?php
session_start();
$_SESSION['message'] = '';
$mysqli = new mysqli("127.0.0.1", "root", "", "accounts_complete");
//the form has been submitted with post
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//two passwords are equal to each other
if ($_POST['password'] == $_POST['confirmpassword']) {
//set all the post variables
$username = $mysqli_real_escape_string($_POST['username']);
$email = $mysqli_real_escape_string($_POST['email']);
$password = md5($_POST['password']); //md5 has password for security
$avatar_path = $mysqli_real_escape_string('images/'.$_FILES['avatar']['name']);
//make sure the file type is image
if (preg_match("!image!",$_FILES['avatar']['type'])) {
//copy image to images/ folder
if (copy($_FILES['avatar']['tmp_name'], $avatar_path)){
//set session variables
$_SESSION['username'] = $username;
$_SESSION['avatar'] = $avatar_path;
//insert user data into database
$sql = "INSERT INTO users (username, email, password, avatar) "
. "VALUES ('$username', '$email', '$password', '$avatar_path')";
//if the query is successsful, redirect to welcome.php page, done!
if ($mysqli_query($sql) === true){
$_SESSION['message'] = "Registration succesful! Added $username to the database!";
header("location: welcome.php");
}
else {
$_SESSION['message'] = 'User could not be added to the database!';
}
$mysqli_close();
}
else {
$_SESSION['message'] = 'File upload failed!';
}
}
else {
$_SESSION['message'] = 'Please only upload GIF, JPG or PNG images!';
}
}
else {
$_SESSION['message'] = 'Two passwords do not match!';
}
}
?>
<form class="form" action="form.php" method="post" enctype="multipart/form-data" autocomplete="off">
<div class="alert alert-error"><?= $_SESSION['message'] ?></div>
<input type="text" placeholder="User Name" name="username" required />
<input type="email" placeholder="Email" name="email" required />
<input type="password" placeholder="Password" name="password" autocomplete="new-password" required />
<input type="password" placeholder="Confirm Password" name="confirmpassword" autocomplete="new-password" required />
<div class="avatar"><label>Select your avatar: </label><input type="file" name="avatar" accept="image/*" required /></div>
<input type="submit" value="Register" name="register" class="btn btn-block btn-primary" />
</form>
</div>
</div>
</html>
The password is empty because there isn't any password.
Can you help me? Thanks in advance.
Actually there are many mistakes, but base on question about database :
All mysqli_ syntax is a function, not a variable. So you just need remove any initial $ at mysqli_ syntax.
At mysqli, you need to pass connection variable to first parameter of mysqli_ function.
Example:
Before: $mysqli_query($sql);
After: mysqli_query($mysqli, $sql)
AND
Before: $mysqli_close();
After: mysqli_close($mysqli)
I developed a login page with video captcha.For now the login function work perfectly.
In this page user required to watch video,and then answer a question before they are allowed to login once the answer match with database.
The problem is how do I validate the input for answer with the answer in database. My database table for video consist of ID | Video | question | answer
require "config.php"; //Connection Script, include in every file!
//Check to see if the user is logged in.
if(isset($_SESSION['email'])){
header("location: members.php"); //isset check to see if a variables has been 'set'
}
if(isset($_POST['submit']))
{
//Variables from the table
$email = $_POST['email'];
$password = $_POST['password'];
//Prevent MySQL Injections
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysqli_real_escape_string($con, $email);
$password = mysqli_real_escape_string($con, $password);
//Check to see if the user left any space empty!
if($email == "" || $password == "")
{
echo "Please fill in all the information!";
}
//Check to see if the username AND password MATCHES the username AND password in the DB
else
{
$query = mysqli_query($con,"SELECT * FROM detail WHERE email = '$email' and password = '$password'") or die("Can not query DB.");
$count = mysqli_num_rows($query);
if($count == 1){
//YES WE FOUND A MATCH!
$_SESSION['email'] = $email; //Create a session for the user!
header ("location: members.php");
}
else{
echo "Username and Password DO NOT MATCH! TRY AGAIN!";
}
}
}
?>
</span>
<form action="login.php" method="post">
<label><b>Login</b>Not a member? Register now!</label><br /><br />
<label>Email :<span>*</span></label><br />
<input name="email" type="text" id="email" placeholder="username#domain" required>
<br />
<label>Password :<span>*</span></label><br />
<input name="password" type="password" id="password" placeholder="********"required>
<br />
</div>
<div style="float:right; width:50%; ">
<?php
mysql_connect("localhost","root","");
mysql_select_db("details");
$res=mysql_query("select * from video ORDER BY RAND() LIMIT 1");
while($row=mysql_fetch_array($res))
{
?>
<center><video width="360" height="270" controls><source src="**<?php echo $row["video"];?>**" type="video/mp4">
</video><center>**<?php echo $row['question']; ?>**</center> </center>
<input name="captcha" type="text" size"4" placeholder="" required><br>
</fieldset>
<br /><br />
<input type="reset" value="Reset" />
<input type="submit" name="submit" value="Login">
</form>
<?php
}
?>
I'm trying to check if user entered password correctly both times, but when I press submit button when passwords don't match in the password fields, it still registers me successfully.
<?php
if (!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['password2']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$email = mysql_real_escape_string($_POST['email']);
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '" . $username . "'");
if (mysql_num_rows($checkusername) == 1)
{
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again. </p>";
}
if ($_POST['password'] != $_POST['password2'])
{
echo "<h1>Error</h1>";
echo "<p>Sorry, that PASSWORD is taken. Please go back and try again.</p>";
} else
{
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('" . $username . "', '" . $password . "', '" . $email . "')");
if ($registerquery)
{
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please click here to login.</p>";
echo "<meta http-equiv='refresh' content='2;login.php' />";
} else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
}
else
{
?>
<h1>Member Registration</h1>
<p>Thanks for visiting! Please either Register below, or
click here to Sing In.
</p>
<br>
<br>
<div class="container" style="width:250px; height:100px;">
<form class="form-signin" method="post"
action="registrationsimple.php" name="registerform"
id="registerform">
<fieldset>
<label for="username">Username:</label>
<input type="text" name="username" id="username"
class="form-control" placeholder="Username"/><br/>
<label for="password">Password:</label>
<input type="password" name="password"
id="password" class="form-control"
placeholder="Password"/><br/>
<label for="password2">Password2:</label>
<input type="password" name="password2"
id="password2" class="form-control"
placeholder="Password"/><br/>
<label for="email">Email Address:</label>
<input type="text" name="email" id="email"
class="form-control" placeholder="Email Adress" ;/>
<br/>
<input type="submit" name="register" id="register"
value="Register" class="btn btn-lg btn-primary btn-block"
style="padding:10px;top-margin:20px;"/>
</fieldset>
</form>
<?php
}
?>
</div>
I found many confusing lines in your codes:
First, You declare for password A, but not password B. So, it should be:
$password = md5(mysql_real_escape_string($_POST['password']));
$password2 = md5(mysql_real_escape_string($_POST['password']));
Second, You declared the variables but not using it to validate, so it should be:
if ($password != $password2) {
Third, The IF and ELSE structure is not (confused what should I say), so pls check again THAT structure. that makes PHP & browser gets confused too.
Forth, You have email which you don't include it there in PHP scripts.
From the statements above, I suggest you to see this follows:
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$password2 = md5(mysql_real_escape_string($_POST['password']));
$email = mysql_real_escape_string($_POST['email']);
if(empty($_POST['username']) && empty($_POST['password']) && empty($_POST['password2'])){
echo "<h1>Error</h1>";
echo "<p>Sorry, you must fill all the fields. Please go back and try again.</p>";
}
elseif ($password!=$password2) {
echo "<h1>Error</h1>";
echo "<p>Sorry, that PASSWORD is taken. Please go back and try again.</p>";
}
elseif (//validate the email here){
//.....................
}
else{
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");
if(mysql_num_rows($checkusername) == 1) {
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again. </p>";
}
else{
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
if($registerquery) {
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please click here to login.</p>";
echo "<meta http-equiv='refresh' content='2;login.php' />";
}
else{
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
}
//REMOVE ELSE IN THIS FOLLOWS!
else{
//............ ?????????????????????
}
?>
And at Last, Please change into MySQLI ext or (best recom = PDO).
Malformatted:
<input
type="text" name="email"
id="email" class="form-control"
placeholder="Email Adress"
/>
<br />
<input
type="submit" name="register"
id="register" value="Register"
class="btn btn-lg btn-primary btn-block"
style="padding:10px;top-margin:20px;"
/>
Logic appears to work as you intended.
I am working on this registration system where I have a captcha control at the end. I have error reporting included, no error appears. Output page says capcha successfull. While I can see in DB no data being inserted..
Form:
<h2>Registration Form</h2>
Username:<input type="text" name="username" id="username" size="5" class="username" />
Password:<input type="password" name="password1" id="password" />
Repeat Password:<input type="password" name="password2" id="password" />
Full Name:<input type="text" name="name" id="username" class="username" / >
Mobile/Phone:<input type="text" name="phone" id="username" class="username" />
Email Address:<input type="text" name="email" id="username" class="username" />
<img src="captcha.php"><input type="text" name="vercode" />
<input type="submit" name="register" id="button" value="Sign Up" />
PHP:
include 'db_connect.php';
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
if ($username=='')
{
echo 'Please choose an username for yourself.';
exit();
}
if ($password1=='')
{
echo 'Oops, looks like you forgot to enter the password. Please enter the password.';
exit();
}
if ($password2=='')
{
echo 'Oops, looks like you forgot to re-enter the password. Please enter the password.>';
exit();
}
if ($name=='')
{
echo 'Please enter your first and the last name.';
exit();
}
if ($phone=='')
{
echo 'Please enter your house phone or mobile number.';
exit();
}
if ($email=='')
{
echo 'Please enter your email address.';
exit();
}
//duplicate Entry Validation
$check_email = "SELECT * FROM users WHERE email='$email'";
$run = mysql_query($check_email);
if(mysql_num_rows($run)>0) {
echo "Alert('Email $email already exist in our database!)";
exit();
}
//Data Insertion
$query = "insert into users (username,password,name,phone,email) value ('$username','$password1','$name','$phone','$email')";
if(mysql_query($query)) {
echo "Registration Successfull";
}
}
//Captcha Validation
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect Captcha Code Entered.</strong>';
} else {
echo '<strong>Captcha Verification successful.</strong>';
};
?>
MySQL is deprecated already, you should use MySQLi instead. Try this:
PHP:
<?php
/* ESTABLISH CONNECTION */
session_start();
$con=mysqli_connect("YouHost","YouUsername","YourPassword","YourDatabase");
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
if (isset($_POST['register'])) { /* THIS SHOULD BE register, BECAUSE YOU NAMED YOUR SUBMIT BUTTON register, NOT submit */
$username = mysqli_real_escape_string($con,$_POST['username']);
$password1 = mysqli_real_escape_string($con,$_POST['password1']);
$password2 = mysqli_real_escape_string($con,$_POST['password2']);
$name = mysqli_real_escape_string($con,$_POST['name']);
$phone = mysqli_real_escape_string($con,$_POST['phone']);
$email = mysqli_real_escape_string($con,$_POST['email']);
/* YOU SHOULD PRACTICE USING ESCAPE_STRING TO PREVENT SOME OF SQL INJECTIONS */
if (empty($username))
{
echo 'Please choose a username for yourself.';
exit();
}
if (empty($password1))
{
echo 'Oops, looks like you forgot to enter the password. Please enter the password.';
exit();
}
if (empty($password2))
{
echo 'Oops, looks like you forgot to re-enter the password. Please enter the password.>';
exit();
}
if (empty($name))
{
echo 'Please enter your first and the last name.';
exit();
}
if (empty($phone))
{
echo 'Please enter your house phone or mobile number.';
exit();
}
if (empty($email))
{
echo 'Please enter your email address.';
exit();
}
/* duplicate Entry Validation */
$check_email = "SELECT * FROM users WHERE email='$email'";
$run = mysqli_query($con,$check_email);
if(mysqli_num_rows($run)>0) {
echo "Alert('Email $email already exist in our database!)";
exit();
}
/* Data Insertion. YOU SHOULD ALSO CONSIDER IF THE PASSWORD 1 AND 2 ARE THE SAME */
if($password1==$password2 && !empty($username) && !empty($name) && !empty($phone) && !empty($email)){ /* IF PASSWORD1 IS THE SAME WITH PASSWORD2 */
/* INSERT QUERY */
$query = mysqli_query($con,"INSERT INTO users (username,password,name,phone,email) VALUES ('$username','$password1','$name','$phone','$email')");
echo "Registration Successfull";
} /* END OF IF PASSWORD1 IS EQUALS TO PASSWORD2 */
else {
echo "Alert('Password is not the same.')";
exit();
}
/* Captcha Validation */
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect Captcha Code Entered.</strong>';
} else {
echo '<strong>Captcha Verification successful.</strong>';
};
} /* END OF ISSET SUBMIT */
?>
Your HTML file:
<html>
<body>
<h2>Registration Form</h2>
<form action='YourPHPFile' method='POST'>
Username:<input type="text" name="username" id="username" size="5" class="username" />
Password:<input type="password" name="password1" id="password" />
Repeat Password:<input type="password" name="password2" id="password" />
Full Name:<input type="text" name="name" id="username" class="username" / >
Mobile/Phone:<input type="text" name="phone" id="username" class="username" />
Email Address:<input type="text" name="email" id="username" class="username" />
<img src="captcha.php"><input type="text" name="vercode" />
<input type="submit" name="register" id="button" value="Sign Up" />
</form>
</body>
</html>
I am currently coding pages for a social network (it's only going to run locally) for my senior project and I am running in to these redirect errors that I have no clue on how to solve. There are around three pages that have the 'header('location:...') code in it. I didn't know what it would do at the different levels of coding so I put all of the coding with an equal amount of indention.
index.php
<? include("inc/incfiles/header.inc.php"); ?>
<?
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sign up Date
$u_check = ""; //Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
//check all of the fields have been filled in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the length of the password is between 5 and 30 characters long
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','d','0')");
die("<h2>Welcome to Rebel Connect</h2>Login to your account to get started.");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all fields";
}
}
else
{
echo "Username already taken.";
}
}
else {
echo "Your e-mails don't match!";
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["user_password"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysql_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_Session["password_login"] = $password_login;
header("location: index.php");
exit();
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
<table class="homepageTable">
<tr>
<td width="60%" valign="top">
<h2>Already a member? Login below.</h2>
<form>
<input type="text" size="25" name="user_login" id="user_login" placeholder="username" />
<input type="password" size="25" name="user_password" id="user_password" placeholder="password" /><br />
<input type="submit" name="button" id="button" value="Login to your account!">
</form>
</td>
<td width="40%" valign="top">
<h2>Sign up below...</h2>
<form action="#" method="post">
<input type="text" size="25" name="fname" placeholder="First Name" value="<? echo $fn; ?>">
<input type="text" size="25" name="lname" placeholder="Last Name" value="<? echo $ln; ?>">
<input type="text" size="25" name="username" placeholder="Username" value="<? echo $un; ?>">
<input type="text" size="25" name="email" placeholder="Email" value="<? echo $em; ?>">
<input type="text" size="25" name="email2" placeholder="Re-enter Email" value="<? echo $em2; ?>">
<input type="password" size="25" name="password" placeholder="Password" value="<? echo $pswd; ?>">
<input type="password" size="25" name="password2" placeholder="Re-enter Password" value="<? echo $pswd2; ?>"><br />
<input type="submit" name="reg" value="Sign Up!">
</form>
</td>
</tr>
</table>
</body>
</html>
header.inc.php
<?
include ("inc/scripts/mysql_connect.inc.php");
// starts the session
session_start();
// checks whether the user is logged in or not
$user = $_SESSION["user_login"];
if (!isset($_SESSION["user_login"])) {
header("location: index.php");
exit();
}
else
{
header("location: home.php");
exit();
}
?>
<html>
<head>
<link href="css/main.css" rel="stylesheet" type="text/css">
<title>Rebel Reach - PHS Student Social Network</title>
</head>
<body>
<div class="headerMenu">
<div id="wrapper">
<div class="logo">
<img src="img/find_friends_logo.png">
</div>
<div class="search_box">
<form method="get" action="search.php" id="search">
<input name="q" type="text" size="60" placeholder="Search..." />
</form>
</div>
<div id="menu">
Home
About
Sign Up
Login
</div>
</div>
</div>
<br />
<br />
<br />
<br />
home.php
<?
session_start();
$user = $_SESSION["user_login"];
//If the user is not logged in
if (!isset($_SESSION["user_login"])) {
header('location: index.php');
exit();
}
else
{
//If the user is logged in
echo "Hi, $user, You're logged in<br />Welcome to what is soon to be your NEWSFEED";
}
?>
You've got a catch-22 in your code:
index.php includes your function library
the function library checks for the existence of that session variable.
if the variable doesn't exist, redirect to index.php
e.g. you've written a very complicated version of the classic BASIC 10 GOTO 10.