PHP page displaying first else $errormessage without checking code - php

I have been trying to create a member log in page to link to my website. I have a number of nested If's within my PHP page however no matter what I try I receive the $errormsg from the first else statement.
The only way I have managed to change this is to add an additional empty else at the bottom of the code (before the table), when i click the reigisterbtn I either receive the first else result or a blank page displaying nothing.
Am I missing something really obvious?
<?php
error_reporting (E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Register Page</title>
</head>
<body>
<?php
if ( $_POST ['registerbtn']) {
$getuser =$_post ['user'];
$getemail =$_post ['email'];
$getpass =$_post ['pass'];
$getretypepass =$_post ['retypepass'];
if($getuser){
if ($getemail){
if ($getpass){
if ($getretypepass){
if ($getpass === $getretypepass){
if ((strlen ($getemail) >=7 ) && (strstr ($getemail, "#")) && (strstr ($getemail, "."))) {
require ("./connect.php");
$query = mysql_query ("SELECT * FROM users WHERE username ='$getuser'");
$numrows = mysql_num_rows ($query);
if ($numrows == 0){
$query = mysql_query ("SELECT * FROM users WHERE email ='$getemail'");
$numrows = mysql_num_rows ($query);
if ($numrows == 0){
$password =md5 (md5 ("kjfiufj".$password."Fj56fj"));
$date("F d, Y");
$code = md5(rand ());
mysql_query ("INSERT INTO users VALUES (
'', '$getuser','$password','$getemail', '0', '$code', '$date')");
$query = mysql_query ("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows ($query);
if ($numrows == 1){
$site = "http://www.andyhoole.co.uk";
$webmaster = "AndyHoole <admin#andyhoole.co.uk>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = " Thank you for registering :) . Clink the link below to activate your account.\n ";
$message .="$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account to log in.";
if ( mail($getemail,$subject, $message, $headers) ){
$errormsg = "You have been registered, you must activate your account form the activation link sent to <b> $getemail </b>";
$getuser = "";
$getemail = "";
}else
$errormsg = "An error has occured. Your activation email was not sent.";
}else
$errormsg = " An error has occured and your account has not been created. ";
}else
$errormsg = " This email address already exsists.";
}else
$errormsg = " This username already exsists.";
mysql_close();
}else
$errormsg = "You must enter a valid email address to register.";
}else
$errormsg = "Your passwords did not match.";
}else
$errormsg = "You must retype your password to register.";
}else
$errormsg = "You must enter your password to register.";
}else
$errormsg = "You must enter your email address to register.";
}else
$errormsg = "You must enter your User name to register.";
}
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
</body>
</html>
Thank you for looking :)

you also should use $_POST instead of $_post since php is case sensitive!

Related

PHP Page Is Blank And Source Code Is Empty

The PHP file is blank when I open it up in the browser. Also, when I open the source code, it is empty as well.
This is the tutorial I am following
And here is the code:
<?php
error_reporting(E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member System - Register</title>
</head>
<body>
<?php
if ($_POST['registerbtn']) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getconfirmpass = $_POST['confirmpass'];
if ($getuser) {
if ($getemail) {
if ($getpass) {
if ($getconfirmpass) {
if ($getpass === $getconfirmpass) {
if (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, ".")) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$password = md5 (md5("kjfiufj".$getpass."Fjf56fj"));
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$password', '$getemail', '0', '$code', '$date'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site = "http://localhost/PHP Projects/Member System";
$webmaster = "Askman <donotreply#askmanproducts.com>";
$headers = "From: $webmaster";
$subject = "Activate Your New Account!";
$message = "Thanks for regisntering. Click the link below to activate your account!\n";
$message .= "$site/activate?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";
if (mail($getemail, $subject, $message, $headers)){
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent.";
}
else
$errormsg = "An error has occured. Your account was not created.";
}
else
$errormsg = "There is already a user with that email.";
}
else
$errormsg = "There is already a user with that username.";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "Your passwords did not match.";
}
else
$errormsg = "You must confirm your password to register.";
}
else
$errormsg = "You must enter your password to register.";
}
else
$errormsg = "You must enter your email to register.";
}
else
$errormsg = "You must enter your username to register.";
}
$form = "<form action='./register' method='post'>
<table>
<tr>
<td</td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='confirmpass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
</body>
</html>
you have error on this line
if (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, ".")) {
it must be if ((strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
alse the source code in the browser will show you the html code not the php php is server side so it's code is inside the server and browser can not see the
php code
full code
<?php
error_reporting(E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member System - Register</title>
</head>
<body>
<?php
if ($_POST['registerbtn']) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getconfirmpass = $_POST['confirmpass'];
if ($getuser) {
if ($getemail) {
if ($getpass) {
if ($getconfirmpass) {
if ($getpass === $getconfirmpass) {
if ((strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$password = md5 (md5("kjfiufj".$getpass."Fjf56fj"));
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$password', '$getemail', '0', '$code', '$date'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site = "http://localhost/PHP Projects/Member System";
$webmaster = "Askman <donotreply#askmanproducts.com>";
$headers = "From: $webmaster";
$subject = "Activate Your New Account!";
$message = "Thanks for regisntering. Click the link below to activate your account!\n";
$message .= "$site/activate?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";
if (mail($getemail, $subject, $message, $headers)){
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent.";
}
else
$errormsg = "An error has occured. Your account was not created.";
}
else
$errormsg = "There is already a user with that email.";
}
else
$errormsg = "There is already a user with that username.";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "Your passwords did not match.";
}
else
$errormsg = "You must confirm your password to register.";
}
else
$errormsg = "You must enter your password to register.";
}
else
$errormsg = "You must enter your email to register.";
}
else
$errormsg = "You must enter your username to register.";
}
$form = "<form action='./register' method='post'>
<table>
<tr>
<td</td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='confirmpass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
</body>
</html>

PHP MySQL: Why is my form loading a plaintext page?

I have tried to implement a form that changes a password in a database, however, when I submit the details on the form, it just directs me to the target page...but shows up and the plaintext code on the browser....why is it doing this!
The form:
<h1 align="center">Change Password</h1>
<form method="POST" action="reset_pwd.php">
<table class='altrowstable' id='alternatecolor' >
<tr>
<td align="right">Username: </td>
<td><input type="TEXT" name="username" value=""/></td>
</tr>
<tr>
<td align="right">Current Password: </td>
<td><input type="password" name="password" value=""/></td>
</tr>
<tr>
<td align="right">New Password: </td>
<td><input type="password" name="npassword" value=""/></td>
</tr>
<tr>
<td align="right">Repeat New Password: </td>
<td><input type="password" name="rpassword" value=""/></td>
</tr>
<tr><td align="center">
Forgot password
</td>
<td>
<input type="submit" name="submit" value="Change Password"/>
</td>
</tr>
</table>
</form>
<br>
<?php echo $msg; ?>
and the target php page:
<?php
include('dbconfig.php');
$msg = "";
if (mysql_real_escape_string($_POST['submit'])):
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$npassword = mysql_real_escape_string(md5($_POST['npassword']));
$rpassword = mysql_real_escape_string(md5($_POST['rpassword']));
$sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);
while ($rows = mysql_fetch_array($query)):
$dbusername = $rows['username'];
$dbpassword = $rows['password'];
$dbfirstname = $rows ['firstname'];
$dblastname = $rows ['lastname'];
endwhile;
if (empty($username) || empty($password) || empty($npassword) ||
empty($rpassword)):
$msg = "All fields are required";
elseif ($numrows == 0):
$msg = "This username does not exist";
elseif ($password != $dbpassword):
$msg = "The CURRENT password you entered is incorrect.";
elseif ($npassword != $rpassword):
$msg = "Your new passwords do not match";
elseif ($npassword == $password):
$msg = "Your new password cannot match your old password";
else:
mysql_query("UPDATE user_info SET password = '$npassword' WHERE user_id =
'$username'");
$to = $email;
$subject = "YOUR PASSWORD HAS BEEN CHANGED";
$message = "<p>Hello $dbfirstname $dblastname. You've received this E-Mail
because you have requested a PASSWORD CHANGE. ";
$from = "myemail#.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
endif;
endif;
?>
PLease check... What is the type of "user_id" in "user_info" table... and what are you getting in user name field from your form.
am asking about this query...
$sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
First $msg in target php is only for target php,won't return value back to the form
Second,you may looking for
if (isset($_POST['submit'])): instead of
if (mysql_real_escape_string($_POST['submit'])):
There is no html response from the target page to be displayed in browser. For displaying content you need to form proper html so that it can be displayed in browser.
In target page add the below html code at the end so that the message (validation or success) can be displayed.
<html><body>put your message here</body></htm>
You might have forgotten an extra ?> at the end of your included file "dbconfig.php", thus treating your target php page as html.

PHP member reset password form not submitting (yes me again)

Hi again this is me nearly done with the gubbings of the site but im scratching my head to why this reset password page does not go through any of it procedures. Im sure it is again something minor but i cant see it, seems as though my reset button is not working at all but its the correct spelling when i call it and all the brackets as far as i can tell are correct. im sure the more i get used to these errors the more ill catch them myself. apologies for the dumb question.
Here's my code:
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
?>
<html>
<head>
<title> Member system : Forgot password</title>
</head>
<body>
<?php
if(!$username && !$userid) {
if($_POST['resetbtn']) {
//get form data
$user = $_POST['user'];
$email = $_POST['email'];
//make sure info provided
if($user) {
if($email) {
if((strlen($email) > 7) && (strstr($email, "#")) && (strstr($email, ".")) ) {
require("./connect.php");
$query = mysql_query("SELECT * FROM user WHERE username='$user'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
// info about account
$row = mysql_fetch_assoc($query);
$dbemail = $row['email'];
//make sure email is correct
if($email == $dbemail) {
// generate a password
$pass = rand();
$pass = md5($pass);
$pass = substr($pass, 0, 15);
$password = md5(md5("12345".$pass."54321"));
//update db with new pass
mysql_query("UPDATE user SET password='$password' WHERE username='$user'");
//make sure password was changed
$query = mysql_query("SELECT * FROM user WHERE username='$user' AND password='$password'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
//create our email variables
$webmaster = "mwilkins877#gmail.com";
$headers = "From: Mike<$webmaster>";
$subject = "Your new password";
$message = "Your password has been reset, your new password is below. \n";
$message .= "Password: $pass\n";
echo $pass."<br/>";
if(mail($email, $subject, $message, $headers)) {
echo "Your password has been reset an email has been sent with your new password";
}
else
echo "An error has occured and your email wasnt sent containing your new password";
}
else
echo "An error has occured and the password was not set";
}
else
echo "You have entered the wrong email address";
}
else
echo "The user name was not found";
mysql_close();
}
else "Please enter a valid email address";
}
else
echo "please enter your email";
}
else
echo "Please enter your user name";
}
else
echo"<from action='./forgotpass.php' method='post'>
<table>
<tr>
<td>User name</td>
<td><input type='text' name='user'/></td>
</tr>
<tr>
<td>email</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='resetbtn' value='Reset password'/> </td>
</tr>
</table>
</form>";
}
else
echo "Please log out to view this page";
?>
</body>
</html>
I would appreciate your help on this as its only just me learning for fun. Look forward to hearing back of some one hopefully. thanks in advance.
please correct the spelling of the form
echo"<from action='./forgotpass.php' method='post'>
to
echo"<form action='./forgotpass.php' method='post'>
Hope this will fix your issue
Just try this. Its working for me.
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
?>
<body>
<?php
if(!$username && !$userid) {
if($_POST['resetbtn']) {
//get form data
$user = $_POST['user'];
$email = $_POST['email'];
//make sure info provided
if($user) {
if($email) {
if((strlen($email) > 7) && (strstr($email, "#")) && (strstr($email, ".")) ) {
require("./connect.php");
$query = mysql_query("SELECT * FROM user WHERE username='$user'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
// info about account
$row = mysql_fetch_assoc($query);
$dbemail = $row['email'];
//make sure email is correct
if($email == $dbemail) {
// generate a password
$pass = rand();
$pass = md5($pass);
$pass = substr($pass, 0, 15);
$password = md5(md5("12345".$pass."54321"));
//update db with new pass
mysql_query("UPDATE user SET password='$password' WHERE username='$user'");
//make sure password was changed
$query = mysql_query("SELECT * FROM user WHERE username='$user' AND password='$password'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
//create our email variables
$webmaster = "mwilkins877#gmail.com";
$headers = "From: Mike<$webmaster>";
$subject = "Your new password";
$message = "Your password has been reset, your new password is below. \n";
$message .= "Password: $pass\n";
echo $pass."<br/>";
if(mail($email, $subject, $message, $headers)) {
echo "Your password has been reset an email has been sent with your new password";
}
else
echo "An error has occured and your email wasnt sent containing your new password";
}
else
echo "An error has occured and the password was not set";
}
else
echo "You have entered the wrong email address";
}
else
echo "The user name was not found";
mysql_close();
}
else "Please enter a valid email address";
}
else
echo "please enter your email";
}
else
echo "Please enter your user name";
}
else
echo"<form action='./forgotpass.php' method='post'>
<table>
<tr>
<td>User name</td>
<td><input type='text' name='user'/></td>
</tr>
<tr>
<td>email</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='resetbtn' value='Reset password'/> </td>
</tr>
</table>
</form>";

Why won't the data from my php upload to my sql server?

I've started writing a community-based website with a login (user / pass / avatar etc.). All of these variables are being stored on a sql server so I can access them for the login, etc.
I've looked all over google, and my code seems sound, and my email validation is sent. But none of the data uploads to my sql database, so no users can be created.
I've included the code for my website below, with the connect info taken out for security reasons. Why aren't I able to write data to my database? Any help would be appreciated.
register.php
<?php require('top.php'); ?>
<div id="full">
<?php
$form = " <form action='register.php' method='post'>
<table cellspacing='10px'>
<tr>
<td></td>
<td>Required Feilds <font color='red'>*</font></td>
</tr>
<tr>
<td>First Name:</td>
<td><input type='text' name='firstname' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type='text' name='lastname' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='repassword' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Avatar:</td>
<td><input type='file' name='avatar' > </td>
</tr>
<tr>
<td>Website Address:</td>
<td><input type='text' name='website' class='textbox'></td>
</tr>
<tr>
<td>YouTube Username:</td>
<td><input type='text' name='youtube' class='textbox'></td>
</tr>
<tr>
<td>Bio:</td>
<td><textarea name='bio' cols='35' rows='5' class='textbox'></textarea> </td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submitbtn' value='Register' class='button'></td>
</tr>
</table>
</form>";
if($_POST['submitbtn']) {
$firstname = strip_tags($_POST['firstname']);
$lastname = strip_tags($_POST['lastname']);
$username = strip_tags($_POST['username']);
$email = strip_tags($_POST['email']);
$password = strip_tags($_POST['password']);
$repassword = strip_tags($_POST['repassword']);
$website = strip_tags($_POST['website']);
$youtube = strip_tags($_POST['youtube']);
$bio = strip_tags($_POST['bio']);
$name = $_FILES['avatar']['name'];
$type = $_FILES['avatar']['type'];
$size = $_FILES['avatar']['size'];
$tmpname = $_FILES['avatar']['tmp_name'];
$ext = substr($name, strrpos($name, '.'));
if ($firstname && $lastname && $username && $email && $password && $repassword) {
if ($password == $repassword){
if ( strstr($email, "#") && strstr($email, ".") && strlen($email) >= 6) {
require('connect.php');
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email='$email'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$pass = md5(md5($password));
$date =date("F d, Y");
if ($name) {
move_uploaded_file($tmpname, "avatars/$username.$ext");
$avatar = "$username.$ext";
}
else
$avatar = "avatars/defavatar.png";
$code = substr(md5(rand (1111111111, 99999999999999999)), 2, 25);
mysql_query("INSERT INTO users VALUES ('','$firstname','$lastname,'$username','$email','$pass','$avatatar','$bio','$website','$youtube','','0','$code','0','$date')");
$webmaster = "email#email.com";
$subject = "Activate Your Account";
$headers = "From: a person <$webmaster>";
$message = "Hello $firstname. Welcome to awebsite.com Below is a link for you to activate your account.\n\n Click Here to Activate Your Account: http://awebsite.netii.net/activate.php?code=$code";
mail ($email, $subject, $message, $headers);
echo "Thank You for registering. To access your account please activate your account by folowing the link sent to <b>$email</b>. If you do not see the email in your inbox, check your junk mail as it may have been filtered. If you are expeiriencing any problems please contact the site administrator at <a href='mailto:email#email.com'>email#email.com</a>";
}
else
echo "That email is already taken. $form";
}
else
echo "That username is already taken. $form";
}
else
echo "You did not enter a valid email. $form";
}
else
echo "Your Passwords did not match. $form";
}
else
echo "You did not fill in all the required feilds. $form";
}
else
echo "$form";
?>
</div>
<?php require('bottom.php');?>
</div>
</body>
</html>
Activate.php
<?php $title = "Activate Your Account"; ?>
<?php require('top.php');?>
<div id="full">
<?php
$getcode =$_GET['code'];
$form = "<form action='activate.php' method='post'>
<table>
<tr>
<td>Activate Code:</td>
<td><input type='text' name='code' value='$getcode' size='30' </td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username' </td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' </td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submitbtn' value='Activate'</td>
</tr>
</table>
</form>";
if ($_POST['submitbtn']) {
$code = strip_tags($_POST['code']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
if ($code && $username && $password) {
if (strlen($code) == 25) {
$pass = md5(md5($password));
require('connect.php');
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$pass'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbcode = $row['code'];
if ($code == $dbcode) {
mysql_query("UPDATE users SET active='1' WHERE username='$username'");
echo "Your account has been activated. You may now login. Click<a href='login.php'>here</a> to login.";
}
else
echo"Your activation code was incorrect. $form";
}
else
echo "Your username or password are invalid. $form";
}
else
echo "You have not supplied a valid code. $form";
}
else
echo "You did not fill out the entire form. $form";
}
else
echo "$form";
?>
</div>
<?php require('bottom.php');?>
connect.php
<?php
$server = "";
$dbuser = "";
$dbpass = "";
$database = "";
mysql_connect($server, $dbuser, $dbpass) or die("Unable to connect to $server");
mysql_select_db($database) or die( "Unable to select $database" );
?>
There is typo mistake in your code.
First we have to check if submit request is set or not, so => if($_POST['submitbtn']) should be,
if( isset($_POST['submitbtn']) ) {
...
}
Make change in code and check.
EDIT
You can reformat your code. Check for all variables not empty, use mysql escape instead of strip tags and don't use any escapes on password, only hash(md5).
if (isset($_POST['submitbtn'])) {
$code = mysql_real_escape_string($_POST['code']);
$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$errors = array();
if (empty($code) || empty($username) || empty($password)) {
$errors[] = "You did not fill out the entire form." . $form;
} elseif(strlen($code) !== 25) {
$errors[] = "You have not supplied a valid code." . $form;
} else {
// further code...
}
} else {
echo $form;
}
In register.php, change:
<form action='register.php' method='post'>
To:
<form action='register.php' method='post' enctype="multipart/form-data">
This is required to upload files using <input type="file" ...>.
You should not use $pass = md5(md5($password)); - It is just way to easy to crack. Instead look into crypt() - http://php.net/crypt
As this is new code, please consider changing from mysql_* functions to mysqli_* or PDO as PHP is depreciating mysql_* and this will save you time later.

php form disappears

i have a members registration form that displays perfectly until i add the php. Once the php code is added the form completely disappears. I have tried everything but i think a fresh set of eyes is needed at this stage.
Any help would be greatly appreciated. Cheers.
<?php
if ( $_POST['registerbtn'] ) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser) {
if ($getemail) {
if($getpass) {
if ($getretypepass) {
if ($getpass === $getretypepass) {
if ( (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$password = md5($password);
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$getpassword', '$getemail', '0', '$getcode', '$getdate'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getusername'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site ="http://localhost/member.php";
$webmaster = "Bror Phren <bmdoublec#hotmail.com>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = "Thanks for registering. Click the link below to activate your account";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account t login.";
if (mail($getemail, $subject, $message, $headers) ) {
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b> ";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent";
}
else
$errormsg = "An error has occured. Your account was not created.\n";
}
else
$errormsg = "There is already a user with that email";
}
else
$errormsg = "There is already a user with that username";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter password to register.";
}
else
$errormsg = "You must enter email to register.";
}
else
$errormsg = "You must enter username to register.";
}
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
}
?>
Your echo statement is inside your if ( $_POST['registerbtn'] ) {} block, meaning the form isn't displayed if it isn't submitted.
I think you need to use else
<?php
if (isset($_POST['registerbtn'])) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser) {
if ($getemail) {
if($getpass) {
if ($getretypepass) {
if ($getpass === $getretypepass) {
if ( (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$password = md5($password);
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$getpassword', '$getemail', '0', '$getcode', '$getdate'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getusername'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site ="http://localhost/member.php";
$webmaster = "Bror Phren <bmdoublec#hotmail.com>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = "Thanks for registering. Click the link below to activate your account";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account t login.";
if (mail($getemail, $subject, $message, $headers) ) {
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b> ";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent";
}
else
$errormsg = "An error has occured. Your account was not created.\n";
}
else
$errormsg = "There is already a user with that email";
}
else
$errormsg = "There is already a user with that username";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter password to register.";
}
else
$errormsg = "You must enter email to register.";
}
else
$errormsg = "You must enter username to register.";
}
}
here
else{
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
}
?>
You have errors in PHP code which are preventing anything from running.
I would suggest running your code through something like PHPLint to see the errors.
Also, you may want to consider structuring your code in a way that is easier to read and maintain.
For example, you could avoid all those nested if statements and write it as:
if (!$getuser) {
$errormsg = "You must enter username to register.";
}
else if (!$getemail) {
$errormsg = "You must enter email to register.";
}
...
EDIT: As mentioned by Armon Toubman, the form will only display if relevant data has been posted to the page. You need to move the form outside of the if statement. See code below:
<?php
if ( $_POST['registerbtn'] ) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser) {
if ($getemail) {
if($getpass) {
if ($getretypepass) {
if ($getpass === $getretypepass) {
if ( (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$password = md5($password);
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$getpassword', '$getemail', '0', '$getcode', '$getdate'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getusername'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site ="http://localhost/member.php";
$webmaster = "Bror Phren <bmdoublec#hotmail.com>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = "Thanks for registering. Click the link below to activate your account";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account t login.";
if (mail($getemail, $subject, $message, $headers) ) {
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b> ";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent";
}
else
$errormsg = "An error has occured. Your account was not created.\n";
}
else
$errormsg = "There is already a user with that email";
}
else
$errormsg = "There is already a user with that username";
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter password to register.";
}
else
$errormsg = "You must enter email to register.";
}
else
$errormsg = "You must enter username to register.";
}
mysql_close();
}
?>
<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'><?php if(isset($errormsg){ echo $errormsg; } ?></font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='<?php if(isset($getuser){ echo $getuser; } ?>' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='<?php if(isset($getemail){ echo $getemail; } ?>' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>

Categories