My register.php file is working but when submit button is clicked. This is error message I get
Notice: Use of undefined constant username - assumed 'username' in C:\xampp\htdocs\Hamza\register.php on line 18
You have been registered! Return to login page
However it does not add any users to the database though, what am I doing wrong? I believe something along INSERT INTO users VALUES is incorrect. I searched around and spent 2 hours solving it but can't figure out what's wrong. Any help would be useful, thanks.
register.php file
<?php
echo "<h1>Register</h1>";
$submit = #$_POST['submit'];
//form data
$fullname = strip_tags(#$_POST['fullname']);
$username = strip_tags(#$_POST['username']);
$password = strip_tags(#$_POST['password']);
$repeatpassword = strip_tags(#$_POST['repeatpassword']);
$date = date ("y-m-d");
if ($submit)
{
//check for existance
if ($fullname&&username&&$password&&$repeatpassword)
{
if ($password==$repeatpassword)
{
//check char length of username and fullname
if (strlen($username)>25||strlen($fullname)>25)
{
echo "Length of username or fullname is too long";
}
else
{
//check password length
if (strlen($password)>25||strlen($password)<6)
{
echo "Password must be between 6 and 25 characters";
}
else
{
//register the user!
// encrypt password
$password = md5($password);
$repeatpassword = md5($repeatpassword);
//open database
$connect = mysql_connect("localhost","root","");
mysql_select_db("phplogin"); //select database
$queryreg = mysql_query("
INSERT INTO users VALUES ('','".$fullname."','".$username."','".$password."','".$date."')
");
die ("You have been registered! <a href='index.php'>Return to login page</a>");
}
}
}
else
echo "Your passwords do not match!";
}
else
echo "Please fill in <b>all</b> fields!";
}
?>
<html>
<p>
<form action='register.php' method='POST'>
<table>
<tr>
<td>
Your full name:
</td>
<td>
<input type='text' name='fullname' value='<?php echo $fullname; ?>'
</td>
</tr>
<tr>
<td>
Choose a username:
</td>
<td>
<input type='text' name='username' value='<?php echo $username; ?>'
</td>
</tr>
<tr>
<td>
Choose a password:
</td>
<td>
<input type='password' name='password'>
</td>
</tr>
<tr>
<td>
Repeat your password:
</td>
<td>
<input type='password' name='repeatpassword'>
</td>
</tr>
</table>
<p>
<input type='submit' name='submit' value='Register'>
</form>
</html>
Check your 18th line:
if ($fullname&&username&&$password&&$repeatpassword)
You forgot to put $ sign for username.
Related
This question already has answers here:
PHP MySQL insert not working
(6 answers)
Closed 6 years ago.
I have created a webpage named Register.php which should insert data into my database. The problem with this is that the registration page works but then when I try to log in the information was not added into my database is there anything that I did wrong that I cannot find?
<?php
echo "<h1>Register</h1>";
$submit = $_POST['submit'];
//form data
$FullName = strip_tags($_POST['FullName']);
$UserName = strip_tags($_POST['UserName']);
$Password = strip_tags($_POST['Password']);
$RepeatPassword = strip_tags($_POST['RepeatPassword']);
if ($submit)
{
//open database
$connect = mysql_connect("localhost","root","");
mysql_select_db("cs266db_db1");
$namecheck = mysql_query("SELECT UserName FROM user_ID WHERE UserName='$UserName'");
$count = mysql_num_rows($namecheck);
if ($count!=0)
{
die("UserName already taken");
}
//check for existence
if($FullName&&$UserName&&$Password&&$RepeatPassword)
{
//check password and repeat password match
if($Password==$RepeatPassword)
{
//check length of username and fullname
if (strlen($UserName) > 25 || strlen($FullName)>25)
{
echo "Length of username or fullname is over 25 characters!";
}
else {
//check password
if(strlen($Password)>25 || strlen($Password) < 6) {
echo "Password must be between 6 and 25 characters";
} else {
//encrypt password
$Password = md5($Password);
$RepeatPassword = md5($RepeatPassword);
$queryreg = mysql_query("INSERT INTO user_id VALUES (FullName='".$FullName."',UserName='".$UserName."',Password='".$Password."'");
}
die("You have been registered <a href='index1.php'> Return to Login Page </a>");
}
}
else{
echo "Your passwords do not match";
}
} else {
echo "Please fill in all fields!";
}
}
?>
<html>
<form action="register.php" method="POST">
<table>
<tr>
<td>
Your full name:
</td>
<td>
<input type="text" name="FullName" value="<?php echo $FullName ?>">
</td>
</tr>
<tr>
<td>
Choose a username:
</td>
<td>
<input type="text" name="UserName" value="<?php echo $UserName ?>">
</td>
</tr>
<tr>
<td>
Choose a password:
</td>
<td>
<input type="password" name="Password">
</td>
</tr>
<tr>
<td>
Repeat your password:
</td>
<td>
<input type="password" name="RepeatPassword">
</td>
</tr>
</table>
<br>
<input type="submit" name="submit" value="Register">
</form>
</html>
Im getting an error of this as well(I am running on netbeans):
Notice: Undefined index: submit in
C:\Xampp\htdocs\Resume_DB\register.php on line 4 Notice: Undefined
index: FullName in C:\Xampp\htdocs\Resume_DB\register.php on line 7
Notice: Undefined index: UserName in
C:\Xampp\htdocs\Resume_DB\register.php on line 8 Notice: Undefined
index: Password in C:\Xampp\htdocs\Resume_DB\register.php on line 9
Notice: Undefined index: RepeatPassword in
C:\Xampp\htdocs\Resume_DB\register.php on line 10
Does this have to do with my problem of insertion? If so can you help! Please and thank you!
I don't think the the way you run the insert is even valid in MySql,
I just tried it on my MySql on wamp and the line does not return error but all the values that are been insert are NULL
I'm talking about this line
insert into tmp_table values (`field_1`='value_1', `field_2`='value_2', `field_3`='value_3' ...)
Do you get empty rows in your DB or no rows at all ?
I'm working on a php login form and every time i try to login it says "The username you entered was not found." witch i have in one of my if statement's in my code and i think its because I'm not linking something right to mySQL. I've been working on this for a couple of days now and cant fix it! can you guys help me please. thanks -John
<?
$form = "<form action='./login.php' method='post'>
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='user' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='loginbtn' value='Login' /></td>
</tr>
</table>
</form>";
if ($_POST['loginbtn']){
$user = $_POST['user'];
$password = $_POST['password'];
if ($user){
if ($password){
require("connect.php");
$password = md5(md5("ak3sfx".$password."58ghy7"));
//Make sure login info is good
$query = mysql_select_db("users");
if ($numrows == 1){
$row = mysql_fetch_assoc($query);
$dbuser = $row['users'];
$dbpassword = $row['password'];
if ($password == $dbpassword){
//Set session info
$_SESSION['username'] = $dbusers;
echo "You have been logged in as <b>$dbuser</b> <a href='./member.php'>Click here</a> to continue";
}
else
echo "You did not enter the right password. $form";
}
else
echo "The username you entered was not found. $form";
mysql_close();
}
else
echo"You must enter your password. $form";
}
else
echo"You must enter your username. $form";
}
else
echo $form;
?>
mysql_select_db("users") will change db to users. Are you trying to select data from users table? If so, you need to change this line.
Have a look of this link.
http://php.net/manual/en/function.mysql-fetch-assoc.php
These example will help you
I have tried to implement a form that changes a password in a database, however, when I submit the details on the form, it just directs me to the target page...but shows up and the plaintext code on the browser....why is it doing this!
The form:
<h1 align="center">Change Password</h1>
<form method="POST" action="reset_pwd.php">
<table class='altrowstable' id='alternatecolor' >
<tr>
<td align="right">Username: </td>
<td><input type="TEXT" name="username" value=""/></td>
</tr>
<tr>
<td align="right">Current Password: </td>
<td><input type="password" name="password" value=""/></td>
</tr>
<tr>
<td align="right">New Password: </td>
<td><input type="password" name="npassword" value=""/></td>
</tr>
<tr>
<td align="right">Repeat New Password: </td>
<td><input type="password" name="rpassword" value=""/></td>
</tr>
<tr><td align="center">
Forgot password
</td>
<td>
<input type="submit" name="submit" value="Change Password"/>
</td>
</tr>
</table>
</form>
<br>
<?php echo $msg; ?>
and the target php page:
<?php
include('dbconfig.php');
$msg = "";
if (mysql_real_escape_string($_POST['submit'])):
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$npassword = mysql_real_escape_string(md5($_POST['npassword']));
$rpassword = mysql_real_escape_string(md5($_POST['rpassword']));
$sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);
while ($rows = mysql_fetch_array($query)):
$dbusername = $rows['username'];
$dbpassword = $rows['password'];
$dbfirstname = $rows ['firstname'];
$dblastname = $rows ['lastname'];
endwhile;
if (empty($username) || empty($password) || empty($npassword) ||
empty($rpassword)):
$msg = "All fields are required";
elseif ($numrows == 0):
$msg = "This username does not exist";
elseif ($password != $dbpassword):
$msg = "The CURRENT password you entered is incorrect.";
elseif ($npassword != $rpassword):
$msg = "Your new passwords do not match";
elseif ($npassword == $password):
$msg = "Your new password cannot match your old password";
else:
mysql_query("UPDATE user_info SET password = '$npassword' WHERE user_id =
'$username'");
$to = $email;
$subject = "YOUR PASSWORD HAS BEEN CHANGED";
$message = "<p>Hello $dbfirstname $dblastname. You've received this E-Mail
because you have requested a PASSWORD CHANGE. ";
$from = "myemail#.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
endif;
endif;
?>
PLease check... What is the type of "user_id" in "user_info" table... and what are you getting in user name field from your form.
am asking about this query...
$sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
First $msg in target php is only for target php,won't return value back to the form
Second,you may looking for
if (isset($_POST['submit'])): instead of
if (mysql_real_escape_string($_POST['submit'])):
There is no html response from the target page to be displayed in browser. For displaying content you need to form proper html so that it can be displayed in browser.
In target page add the below html code at the end so that the message (validation or success) can be displayed.
<html><body>put your message here</body></htm>
You might have forgotten an extra ?> at the end of your included file "dbconfig.php", thus treating your target php page as html.
I've started writing a community-based website with a login (user / pass / avatar etc.). All of these variables are being stored on a sql server so I can access them for the login, etc.
I've looked all over google, and my code seems sound, and my email validation is sent. But none of the data uploads to my sql database, so no users can be created.
I've included the code for my website below, with the connect info taken out for security reasons. Why aren't I able to write data to my database? Any help would be appreciated.
register.php
<?php require('top.php'); ?>
<div id="full">
<?php
$form = " <form action='register.php' method='post'>
<table cellspacing='10px'>
<tr>
<td></td>
<td>Required Feilds <font color='red'>*</font></td>
</tr>
<tr>
<td>First Name:</td>
<td><input type='text' name='firstname' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type='text' name='lastname' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='repassword' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Avatar:</td>
<td><input type='file' name='avatar' > </td>
</tr>
<tr>
<td>Website Address:</td>
<td><input type='text' name='website' class='textbox'></td>
</tr>
<tr>
<td>YouTube Username:</td>
<td><input type='text' name='youtube' class='textbox'></td>
</tr>
<tr>
<td>Bio:</td>
<td><textarea name='bio' cols='35' rows='5' class='textbox'></textarea> </td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submitbtn' value='Register' class='button'></td>
</tr>
</table>
</form>";
if($_POST['submitbtn']) {
$firstname = strip_tags($_POST['firstname']);
$lastname = strip_tags($_POST['lastname']);
$username = strip_tags($_POST['username']);
$email = strip_tags($_POST['email']);
$password = strip_tags($_POST['password']);
$repassword = strip_tags($_POST['repassword']);
$website = strip_tags($_POST['website']);
$youtube = strip_tags($_POST['youtube']);
$bio = strip_tags($_POST['bio']);
$name = $_FILES['avatar']['name'];
$type = $_FILES['avatar']['type'];
$size = $_FILES['avatar']['size'];
$tmpname = $_FILES['avatar']['tmp_name'];
$ext = substr($name, strrpos($name, '.'));
if ($firstname && $lastname && $username && $email && $password && $repassword) {
if ($password == $repassword){
if ( strstr($email, "#") && strstr($email, ".") && strlen($email) >= 6) {
require('connect.php');
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email='$email'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$pass = md5(md5($password));
$date =date("F d, Y");
if ($name) {
move_uploaded_file($tmpname, "avatars/$username.$ext");
$avatar = "$username.$ext";
}
else
$avatar = "avatars/defavatar.png";
$code = substr(md5(rand (1111111111, 99999999999999999)), 2, 25);
mysql_query("INSERT INTO users VALUES ('','$firstname','$lastname,'$username','$email','$pass','$avatatar','$bio','$website','$youtube','','0','$code','0','$date')");
$webmaster = "email#email.com";
$subject = "Activate Your Account";
$headers = "From: a person <$webmaster>";
$message = "Hello $firstname. Welcome to awebsite.com Below is a link for you to activate your account.\n\n Click Here to Activate Your Account: http://awebsite.netii.net/activate.php?code=$code";
mail ($email, $subject, $message, $headers);
echo "Thank You for registering. To access your account please activate your account by folowing the link sent to <b>$email</b>. If you do not see the email in your inbox, check your junk mail as it may have been filtered. If you are expeiriencing any problems please contact the site administrator at <a href='mailto:email#email.com'>email#email.com</a>";
}
else
echo "That email is already taken. $form";
}
else
echo "That username is already taken. $form";
}
else
echo "You did not enter a valid email. $form";
}
else
echo "Your Passwords did not match. $form";
}
else
echo "You did not fill in all the required feilds. $form";
}
else
echo "$form";
?>
</div>
<?php require('bottom.php');?>
</div>
</body>
</html>
Activate.php
<?php $title = "Activate Your Account"; ?>
<?php require('top.php');?>
<div id="full">
<?php
$getcode =$_GET['code'];
$form = "<form action='activate.php' method='post'>
<table>
<tr>
<td>Activate Code:</td>
<td><input type='text' name='code' value='$getcode' size='30' </td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username' </td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' </td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submitbtn' value='Activate'</td>
</tr>
</table>
</form>";
if ($_POST['submitbtn']) {
$code = strip_tags($_POST['code']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
if ($code && $username && $password) {
if (strlen($code) == 25) {
$pass = md5(md5($password));
require('connect.php');
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$pass'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbcode = $row['code'];
if ($code == $dbcode) {
mysql_query("UPDATE users SET active='1' WHERE username='$username'");
echo "Your account has been activated. You may now login. Click<a href='login.php'>here</a> to login.";
}
else
echo"Your activation code was incorrect. $form";
}
else
echo "Your username or password are invalid. $form";
}
else
echo "You have not supplied a valid code. $form";
}
else
echo "You did not fill out the entire form. $form";
}
else
echo "$form";
?>
</div>
<?php require('bottom.php');?>
connect.php
<?php
$server = "";
$dbuser = "";
$dbpass = "";
$database = "";
mysql_connect($server, $dbuser, $dbpass) or die("Unable to connect to $server");
mysql_select_db($database) or die( "Unable to select $database" );
?>
There is typo mistake in your code.
First we have to check if submit request is set or not, so => if($_POST['submitbtn']) should be,
if( isset($_POST['submitbtn']) ) {
...
}
Make change in code and check.
EDIT
You can reformat your code. Check for all variables not empty, use mysql escape instead of strip tags and don't use any escapes on password, only hash(md5).
if (isset($_POST['submitbtn'])) {
$code = mysql_real_escape_string($_POST['code']);
$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$errors = array();
if (empty($code) || empty($username) || empty($password)) {
$errors[] = "You did not fill out the entire form." . $form;
} elseif(strlen($code) !== 25) {
$errors[] = "You have not supplied a valid code." . $form;
} else {
// further code...
}
} else {
echo $form;
}
In register.php, change:
<form action='register.php' method='post'>
To:
<form action='register.php' method='post' enctype="multipart/form-data">
This is required to upload files using <input type="file" ...>.
You should not use $pass = md5(md5($password)); - It is just way to easy to crack. Instead look into crypt() - http://php.net/crypt
As this is new code, please consider changing from mysql_* functions to mysqli_* or PDO as PHP is depreciating mysql_* and this will save you time later.
Im working on a form that needs a password that is between 6 and 25 characters. The username and fullname must be less than 25 characters. The username and fullname part works fine, but when I put in a password thats 10 characters long it echos out my error code as if it were less than 6. What Am I doing wrong with this?
Please take a look at the code and help me please:
The issue is within the area commented as //check password length. Thanks everone
The php code is:
<?php
echo "<h1>Register</h1>";
$submit = filter_input(INPUT_POST, 'submit');
//form data
$fullname = strip_tags (filter_input(INPUT_POST, 'fullname'));
$username = strip_tags (filter_input(INPUT_POST, 'username'));
$password = strip_tags(filter_input(INPUT_POST, 'password'));
$repeatpassword = strip_tags(filter_input(INPUT_POST, 'repeatpassword'));
$date = date("Y-m-d");
if ($submit)
{
//check for existence
if($fullname&&$username&&$password&&$repeatpassword)
{
$password = md5($password);
$repeatpassword = md5($repeatpassword);
if ($password==$repeatpassword)
{
//check char length of username and fullname
if (strlen($username)>25||strlen($fullname)>25)
{
echo "Length of username or full name is too long!";
}
else
{
//check password length
if (strlen ($password)>25 || strlen ($password)<6)
{
echo "Password must be between 6 and 25 characters";
}
else
{
//register user
}
}
}
else echo "Your passwords do not match";
}
else echo "Please fill in <b>all</b> fields!";
}
?>`
and the html is:
<html>
<form action='register.php' method='POST'>
<table>
<tr>
<td>
Your full name:
</td>
<td>
<input type='text' name='fullname'>
</td>
</tr>
<tr>
<td>
choose a username:
</td>
<td>
<input type='text' name='username'>
</td>
</tr>
<tr>
<td>
Choose a password:
</td>
<td>
<input type='password' name='password'>
</td>
</tr>
<tr>
<td>
Repeat your password:
</td>
<td>
<input type='password' name='repeatpassword'>
</td>
</tr>
<table>
<p>
<input type='submit' name='submit' value='Register'>
You overwrite the password with its MD5 sum here:
$password = md5($password);
I'd suggest using different variable names for these different values:
$password_md5 = md5($password);
Naming your variables appropraitely will remove confusion and reduce the risk of errors.
You run MD5 on your password and repeat password before you compare it. Do the comparison and length checking before you run MD5 on them.
Why won't you quit the MD5 and instead of that use Whirlpool?
$password_wp = hash('whirlpool', $password);
Still having your doubts?
If it is, your answer on Stackoverflow has already been answered :
Which one is more secured md5 or whirlpool (hashes) and Why?
{ more info }
http://md5-sha-whirlpool.reviews.r-tt.com