I have tried to implement a form that changes a password in a database, however, when I submit the details on the form, it just directs me to the target page...but shows up and the plaintext code on the browser....why is it doing this!
The form:
<h1 align="center">Change Password</h1>
<form method="POST" action="reset_pwd.php">
<table class='altrowstable' id='alternatecolor' >
<tr>
<td align="right">Username: </td>
<td><input type="TEXT" name="username" value=""/></td>
</tr>
<tr>
<td align="right">Current Password: </td>
<td><input type="password" name="password" value=""/></td>
</tr>
<tr>
<td align="right">New Password: </td>
<td><input type="password" name="npassword" value=""/></td>
</tr>
<tr>
<td align="right">Repeat New Password: </td>
<td><input type="password" name="rpassword" value=""/></td>
</tr>
<tr><td align="center">
Forgot password
</td>
<td>
<input type="submit" name="submit" value="Change Password"/>
</td>
</tr>
</table>
</form>
<br>
<?php echo $msg; ?>
and the target php page:
<?php
include('dbconfig.php');
$msg = "";
if (mysql_real_escape_string($_POST['submit'])):
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$npassword = mysql_real_escape_string(md5($_POST['npassword']));
$rpassword = mysql_real_escape_string(md5($_POST['rpassword']));
$sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);
while ($rows = mysql_fetch_array($query)):
$dbusername = $rows['username'];
$dbpassword = $rows['password'];
$dbfirstname = $rows ['firstname'];
$dblastname = $rows ['lastname'];
endwhile;
if (empty($username) || empty($password) || empty($npassword) ||
empty($rpassword)):
$msg = "All fields are required";
elseif ($numrows == 0):
$msg = "This username does not exist";
elseif ($password != $dbpassword):
$msg = "The CURRENT password you entered is incorrect.";
elseif ($npassword != $rpassword):
$msg = "Your new passwords do not match";
elseif ($npassword == $password):
$msg = "Your new password cannot match your old password";
else:
mysql_query("UPDATE user_info SET password = '$npassword' WHERE user_id =
'$username'");
$to = $email;
$subject = "YOUR PASSWORD HAS BEEN CHANGED";
$message = "<p>Hello $dbfirstname $dblastname. You've received this E-Mail
because you have requested a PASSWORD CHANGE. ";
$from = "myemail#.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
endif;
endif;
?>
PLease check... What is the type of "user_id" in "user_info" table... and what are you getting in user name field from your form.
am asking about this query...
$sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
First $msg in target php is only for target php,won't return value back to the form
Second,you may looking for
if (isset($_POST['submit'])): instead of
if (mysql_real_escape_string($_POST['submit'])):
There is no html response from the target page to be displayed in browser. For displaying content you need to form proper html so that it can be displayed in browser.
In target page add the below html code at the end so that the message (validation or success) can be displayed.
<html><body>put your message here</body></htm>
You might have forgotten an extra ?> at the end of your included file "dbconfig.php", thus treating your target php page as html.
Related
I'm trying to make a website with a member section. To signup on the member section, you must already be in the database. You're given your username and password, then when you signup you can enter your email, address, and password.
So my problem is that I'm getting an error saying that the username or reg_id were incorrect, when I know that I am entering the correct info.
else {
mysql_close($con);
header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");
}
Here is my Login Form:
<form action="function.php?signup" method="post">
<table cellspacing="20" class="span12">
<tr>
<td>
<input type="text" name="name" placeholder="Full Name">
</td>
</tr>
<tr>
<td>
<input type="email" name="email" placeholder="Email">
</td>
</tr>
<tr>
<td>
<input type="text" name="address" placeholder="Address">
</td>
</tr>
<tr>
<td>
<input type="text" name="reg_id" placeholder="Your Registration ID">
</td>
</tr>
<tr>
<td>
<input type="password" name="password" placeholder="Password">
</td>
</tr>
<tr>
<td>
<input type="submit" placeholder="Confirm Signup" value="Confirm Signup">
</td>
</tr>
</table>
</form>
On the function.php I have a bunch of different functions etc. but the one for the signup form is:
elseif (isset($_GET['signup'])) {
$username = $_POST['username'];
$reg_id = $_POST['reg_id'];
$qry = mysql_query("
SELECT *
FROM users
WHERE username = '$username'
AND registration_id = '$reg_id' ", $con);
if (!$qry) {
mysql_close($con);
die("Query Failed: " . mysql_error());
} else {
$row = mysql_fetch_array($qry);
}
if ($_POST['username'] == $row["username"] && $_POST['reg_id'] == $row["registration_id"]) {
$password = $_POST['password'];
$email = $_POST['email'];
$address = $_POST['address'];
$qry = mysql_query("
INSERT INTO users
(password, profile_email, profile_address)
VALUES ('$password', '$email', '$address')", $con);
if (!$qry) {
die("Query Failed: " . mysql_error());
} else {
header('location: index.php?success-msg=You have successfully signed up');
}
}
else {
mysql_close($con);
header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");
}
}
I'm not sure what I messed up on, or if I even did that right, as I am still learning. I would like to thank anyone who helps me in advance, all help is much appreciated.
-James
$_POST['username'] should be $_POST['name'] accoding to HTML form.
Use update instead of INSERT.
Following is the corrected PATCH:
$qry = mysql_query("UPDATE users SET password='$password',profile_email='$email',profile_address='$address'
WHERE registration_id='$reg_id'");
you could use something like this :
if (isset($_GET['signup'])){//if
$username = $_POST['name'];
$reg_id = $_POST['reg_id'];
$qry = mysql_query("SELECT * FROM users WHERE username='$username' AND registration_id='$reg_id'", $con) or die(mysql_error());
$row=mysql_num_rows($qry);
if($row == '1'){ ///if regcode exists
////insert into database
$password = $_POST['password'];
$email = $_POST['email'];
$address = $_POST['address'];
$qry2 = mysql_query("INSERT INTO
users(password,profile_email,profile_address)
VALUES ('$password','$email','$address')", $con) or die(mysql_error());
header('location: index.php?success-msg=You have successfully signed up');
}///if regcode exists
else{
///didn't find the reg id
header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");
}
}//if
I have been trying to create a member log in page to link to my website. I have a number of nested If's within my PHP page however no matter what I try I receive the $errormsg from the first else statement.
The only way I have managed to change this is to add an additional empty else at the bottom of the code (before the table), when i click the reigisterbtn I either receive the first else result or a blank page displaying nothing.
Am I missing something really obvious?
<?php
error_reporting (E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Register Page</title>
</head>
<body>
<?php
if ( $_POST ['registerbtn']) {
$getuser =$_post ['user'];
$getemail =$_post ['email'];
$getpass =$_post ['pass'];
$getretypepass =$_post ['retypepass'];
if($getuser){
if ($getemail){
if ($getpass){
if ($getretypepass){
if ($getpass === $getretypepass){
if ((strlen ($getemail) >=7 ) && (strstr ($getemail, "#")) && (strstr ($getemail, "."))) {
require ("./connect.php");
$query = mysql_query ("SELECT * FROM users WHERE username ='$getuser'");
$numrows = mysql_num_rows ($query);
if ($numrows == 0){
$query = mysql_query ("SELECT * FROM users WHERE email ='$getemail'");
$numrows = mysql_num_rows ($query);
if ($numrows == 0){
$password =md5 (md5 ("kjfiufj".$password."Fj56fj"));
$date("F d, Y");
$code = md5(rand ());
mysql_query ("INSERT INTO users VALUES (
'', '$getuser','$password','$getemail', '0', '$code', '$date')");
$query = mysql_query ("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows ($query);
if ($numrows == 1){
$site = "http://www.andyhoole.co.uk";
$webmaster = "AndyHoole <admin#andyhoole.co.uk>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = " Thank you for registering :) . Clink the link below to activate your account.\n ";
$message .="$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account to log in.";
if ( mail($getemail,$subject, $message, $headers) ){
$errormsg = "You have been registered, you must activate your account form the activation link sent to <b> $getemail </b>";
$getuser = "";
$getemail = "";
}else
$errormsg = "An error has occured. Your activation email was not sent.";
}else
$errormsg = " An error has occured and your account has not been created. ";
}else
$errormsg = " This email address already exsists.";
}else
$errormsg = " This username already exsists.";
mysql_close();
}else
$errormsg = "You must enter a valid email address to register.";
}else
$errormsg = "Your passwords did not match.";
}else
$errormsg = "You must retype your password to register.";
}else
$errormsg = "You must enter your password to register.";
}else
$errormsg = "You must enter your email address to register.";
}else
$errormsg = "You must enter your User name to register.";
}
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
</body>
</html>
Thank you for looking :)
you also should use $_POST instead of $_post since php is case sensitive!
I've started writing a community-based website with a login (user / pass / avatar etc.). All of these variables are being stored on a sql server so I can access them for the login, etc.
I've looked all over google, and my code seems sound, and my email validation is sent. But none of the data uploads to my sql database, so no users can be created.
I've included the code for my website below, with the connect info taken out for security reasons. Why aren't I able to write data to my database? Any help would be appreciated.
register.php
<?php require('top.php'); ?>
<div id="full">
<?php
$form = " <form action='register.php' method='post'>
<table cellspacing='10px'>
<tr>
<td></td>
<td>Required Feilds <font color='red'>*</font></td>
</tr>
<tr>
<td>First Name:</td>
<td><input type='text' name='firstname' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type='text' name='lastname' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='repassword' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Avatar:</td>
<td><input type='file' name='avatar' > </td>
</tr>
<tr>
<td>Website Address:</td>
<td><input type='text' name='website' class='textbox'></td>
</tr>
<tr>
<td>YouTube Username:</td>
<td><input type='text' name='youtube' class='textbox'></td>
</tr>
<tr>
<td>Bio:</td>
<td><textarea name='bio' cols='35' rows='5' class='textbox'></textarea> </td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submitbtn' value='Register' class='button'></td>
</tr>
</table>
</form>";
if($_POST['submitbtn']) {
$firstname = strip_tags($_POST['firstname']);
$lastname = strip_tags($_POST['lastname']);
$username = strip_tags($_POST['username']);
$email = strip_tags($_POST['email']);
$password = strip_tags($_POST['password']);
$repassword = strip_tags($_POST['repassword']);
$website = strip_tags($_POST['website']);
$youtube = strip_tags($_POST['youtube']);
$bio = strip_tags($_POST['bio']);
$name = $_FILES['avatar']['name'];
$type = $_FILES['avatar']['type'];
$size = $_FILES['avatar']['size'];
$tmpname = $_FILES['avatar']['tmp_name'];
$ext = substr($name, strrpos($name, '.'));
if ($firstname && $lastname && $username && $email && $password && $repassword) {
if ($password == $repassword){
if ( strstr($email, "#") && strstr($email, ".") && strlen($email) >= 6) {
require('connect.php');
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email='$email'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$pass = md5(md5($password));
$date =date("F d, Y");
if ($name) {
move_uploaded_file($tmpname, "avatars/$username.$ext");
$avatar = "$username.$ext";
}
else
$avatar = "avatars/defavatar.png";
$code = substr(md5(rand (1111111111, 99999999999999999)), 2, 25);
mysql_query("INSERT INTO users VALUES ('','$firstname','$lastname,'$username','$email','$pass','$avatatar','$bio','$website','$youtube','','0','$code','0','$date')");
$webmaster = "email#email.com";
$subject = "Activate Your Account";
$headers = "From: a person <$webmaster>";
$message = "Hello $firstname. Welcome to awebsite.com Below is a link for you to activate your account.\n\n Click Here to Activate Your Account: http://awebsite.netii.net/activate.php?code=$code";
mail ($email, $subject, $message, $headers);
echo "Thank You for registering. To access your account please activate your account by folowing the link sent to <b>$email</b>. If you do not see the email in your inbox, check your junk mail as it may have been filtered. If you are expeiriencing any problems please contact the site administrator at <a href='mailto:email#email.com'>email#email.com</a>";
}
else
echo "That email is already taken. $form";
}
else
echo "That username is already taken. $form";
}
else
echo "You did not enter a valid email. $form";
}
else
echo "Your Passwords did not match. $form";
}
else
echo "You did not fill in all the required feilds. $form";
}
else
echo "$form";
?>
</div>
<?php require('bottom.php');?>
</div>
</body>
</html>
Activate.php
<?php $title = "Activate Your Account"; ?>
<?php require('top.php');?>
<div id="full">
<?php
$getcode =$_GET['code'];
$form = "<form action='activate.php' method='post'>
<table>
<tr>
<td>Activate Code:</td>
<td><input type='text' name='code' value='$getcode' size='30' </td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username' </td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' </td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submitbtn' value='Activate'</td>
</tr>
</table>
</form>";
if ($_POST['submitbtn']) {
$code = strip_tags($_POST['code']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
if ($code && $username && $password) {
if (strlen($code) == 25) {
$pass = md5(md5($password));
require('connect.php');
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$pass'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbcode = $row['code'];
if ($code == $dbcode) {
mysql_query("UPDATE users SET active='1' WHERE username='$username'");
echo "Your account has been activated. You may now login. Click<a href='login.php'>here</a> to login.";
}
else
echo"Your activation code was incorrect. $form";
}
else
echo "Your username or password are invalid. $form";
}
else
echo "You have not supplied a valid code. $form";
}
else
echo "You did not fill out the entire form. $form";
}
else
echo "$form";
?>
</div>
<?php require('bottom.php');?>
connect.php
<?php
$server = "";
$dbuser = "";
$dbpass = "";
$database = "";
mysql_connect($server, $dbuser, $dbpass) or die("Unable to connect to $server");
mysql_select_db($database) or die( "Unable to select $database" );
?>
There is typo mistake in your code.
First we have to check if submit request is set or not, so => if($_POST['submitbtn']) should be,
if( isset($_POST['submitbtn']) ) {
...
}
Make change in code and check.
EDIT
You can reformat your code. Check for all variables not empty, use mysql escape instead of strip tags and don't use any escapes on password, only hash(md5).
if (isset($_POST['submitbtn'])) {
$code = mysql_real_escape_string($_POST['code']);
$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$errors = array();
if (empty($code) || empty($username) || empty($password)) {
$errors[] = "You did not fill out the entire form." . $form;
} elseif(strlen($code) !== 25) {
$errors[] = "You have not supplied a valid code." . $form;
} else {
// further code...
}
} else {
echo $form;
}
In register.php, change:
<form action='register.php' method='post'>
To:
<form action='register.php' method='post' enctype="multipart/form-data">
This is required to upload files using <input type="file" ...>.
You should not use $pass = md5(md5($password)); - It is just way to easy to crack. Instead look into crypt() - http://php.net/crypt
As this is new code, please consider changing from mysql_* functions to mysqli_* or PDO as PHP is depreciating mysql_* and this will save you time later.
I've made a register.php file to sign up for a website I'm currently building. I'm running XAMPP to host my website and test it before I upload it via a paid host. After making the php file with the help of a few video's and online forums I opened it in google chrome and filled out the registration form I had created. But upon pressing 'submit' was presented with the following errors instead of having the user info successfully written into the mysql database.
Deprecated: Function eregi_replace() is deprecated in C:\xampp\htdocs\register.php on line 53
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\register.php on line 56
Deprecated: Function eregi_replace() is deprecated in C:\xampp\htdocs\register.php on line 97
Deprecated: Function eregi_replace() is deprecated in C:\xampp\htdocs\register.php on line 98
Deprecated: Function eregi_replace() is deprecated in C:\xampp\htdocs\register.php on line 99
Deprecated: Function eregi_replace() is deprecated in C:\xampp\htdocs\register.php on line 100
I know that the reason for errors related to the eregi_replace() function is because it is no longer being supported/used by the php language. I also am aware there is an alternative of preg_replace() However the problem stands that as a newbie in the field of php I am not able to come up with a solution. I'm learning a little more everyday but I need this page done quickly to continue on with my website and with school I don't have time to try out so many multiple blocks of code to come up with a solution. I apologize; I'm going to need a little spoon feeding. :/ If you can take my code and tell me how to fix the errors listed above, or even better respond with a fixed copy of the code, It would be very greatly appreciated! Thank you for your time and once again I apologize for my lack of knowledge.
register.php:
<?php
//User check log
//include_once("Scripts/checkuserlog.php");
?>
<?php
// let's initialize vars to be printed to page in the HTML section so our script does not return errors
// they must be initialized in some server environments
$errorMsg = "";
$firstname = "";
$lastname = "";
$email1 = "";
$email2 = "";
$pass1 = "";
$pass2 = "";
// This code runs only if the form submit button is pressed
if (isset ($_POST['firstname'])){
/* Example of cleaning variables in a loop
$vars = "";
foreach ($_POST as $key => $value) {
$value = stripslashes($value);
$vars .= "$key = $value<br />";
}
print "$vars";
exit();
*/
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$firstname = stripslashes($firstname);
$lastname = stripslashes($lastname);
$email1 = stripslashes($email1);
$pass1 = stripslashes($pass1);
$email2 = stripslashes($email2);
$pass2 = stripslashes($pass2);
$firstname = strip_tags($firstname);
$lastname = strip_tags($lastname);
$email1 = strip_tags($email1);
$pass1 = strip_tags($pass1);
$email2 = strip_tags($email2);
$pass2 = strip_tags($pass2);
// Connect to database
include_once "/Scripts/connect_to_mysql.php";
$emailCHecker = mysql_real_escape_string($email1);
$emailCHecker = eregi_replace("`", "", $emailCHecker);
// Database duplicate e-mail check setup for use below in the error handling if else conditionals
$sql_email_check = mysql_query("SELECT email FROM members WHERE email='$emailCHecker'");
$email_check = mysql_num_rows($sql_email_check);
// Error handling for missing data
if ((!$firstname) || (!$lastname) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2)) {
$errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';
if(!$firstname){
$errorMsg .= ' * First Name<br />';
}
if(!$lastname){
$errorMsg .= ' * Last Name<br />';
}
if(!$email1){
$errorMsg .= ' * Email Address<br />';
}
if(!$email2){
$errorMsg .= ' * Confirm Email Address<br />';
}
if(!$pass1){
$errorMsg .= ' * Login Password<br />';
}
if(!$pass2){
$errorMsg .= ' * Confirm Login Password<br />';
}
} else if ($email1 != $email2) {
$errorMsg = 'ERROR: Your Email fields below do not match<br />';
} else if ($pass1 != $pass2) {
$errorMsg = 'ERROR: Your Password fields below do not match<br />';
} else if ($email_check > 0) {
$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside our database. Please use another.<br />";
} else { // Error handling is ended, process the data and add member to database
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
$firstname = mysql_real_escape_string($firstname);
$lastname = mysql_real_escape_string($lastname);
$email1 = mysql_real_escape_string($email1);
$pass1 = mysql_real_escape_string($pass1);
$firstname = eregi_replace("`", "", $firstname);
$lastname = eregi_replace("`", "", $lastname);
$email1 = eregi_replace("`", "", $email1);
$pass1 = eregi_replace("`", "", $pass1);
// Add MD5 Hash to the password variable
$db_password = md5($pass1);
// Add user info into the database table for the main site table(audiopeeps.com)
$sql = mysql_query("INSERT INTO members (firstname, lastname, email, password, sign_up_date)
VALUES('$firstname','$lastname','$email1','$db_password', now())")
or die (mysql_error());
$id = mysql_insert_id();
// Create directory(folder) to hold each user's files(pics, MP3s, etc.)
mkdir("members/$id", 0755);
//!!!!!!!!!!!!!!!!!!!!!!!!! Email User the activation link !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$to = "$email1";
$from = "admin#Connect.CloudNine.com";
$subject = "Complete your registration at Cloud Nine";
//Begin HTML Email Message
$message = "Hi $firstname,
Complete this step to activate your login identity at [ yourdomain ].
Click the line below to activate when ready.
localhost/activation.php?id=$id&sequence=$db_password
If the URL above is not an active link, please copy and paste it into your browser address bar
Login after successful activation using your:
E-mail Address: $email1
Password: $pass1
See you on the site!
";
//end of message
$headers = "From: $from\r\n";
$headers .= "Content-type: text\r\n";
mail($to, $subject, $message, $headers);
$msgToUser = "<h2>One Last Step - Activate through Email</h2><h4>OK $firstname, one last step to verify your email identity:</h4><br />
In a moment you will be sent an Activation link to your email address.<br /><br />
<br />
<strong><font color=\"#990000\">VERY IMPORTANT:</font></strong>
If you check your email with your host providers default email application, there may be issues with seeing the email contents. If this happens to you and you cannot read the message to activate, download the file and open using a text editor.<br /><br />
";
include_once 'msgToUser.php';
exit();
} // Close else after duplication checks
} else { // if the form is not posted with variables, place default empty variables
$errorMsg = "Fields marked with an [ * ] are required";
$firstname = "";
$lastname = "";
$email1 = "";
$email2 = "";
$pass1 = "";
$pass2 = "";
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome To Cloud Nine</title>
<link href="CSS/register.css" rel="stylesheet" type="text/css">
<link href="CSS/css_boxes_register.css" rel="stylesheet" type="text/css">
<link href="CSS/reg_table_register.css" rel="stylesheet" type="text/css">
</head>
<body>
<!--Floating Dock-->
<div id="floating_dock">
<img src="Images/cloudnine_logo.png" width="220px">
<img src="Images/button.png" width="75" height="50" id="button"></div>
<!--Floating Dock End-->
<!--Content Wrap-->
<div id="container_alt">
<form action="register.php" method="post" enctype="multipart/form-data" class="box">
<h3>Account Registration</h3>
<p> </p>
<p>
<table width="447" border="0" align="center" cellpadding="5" cellspacing="1">
<tr>
<td width="435" align="center" valign="middle"><?php print "$errorMsg"; ?></td>
</tr>
<tr>
<td align="center">First Name</td>
</tr>
<tr>
<td align="center"><input name="firstname" type="text" id="firstname" value="<?php print "$firstname";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center">Last Name</td>
</tr>
<tr>
<td align="center"><input name="lastname" type="text" id="lastname" value="<?php print "$lastname";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center">Password</td>
</tr>
<tr>
<td align="center"><input name="pass1" type="text" id="pass1" value="<?php print "$pass1";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center">Confirm Password</td>
</tr>
<tr>
<td align="center"><input name="pass2" type="text" id="pass2" value="<?php print "$pass2";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center">Email</td>
</tr>
<tr>
<td align="center"><input name="email1" type="text" id="email1" value="<?php print "$email1";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center">Confirm Email</td>
</tr>
<tr>
<td align="center"><input name="email2" type="text" id="email2" value="<?php print "$email2";?>" size="35" maxlength="35"></td>
</tr>
<tr>
<td align="center"><input type="submit" name="submit" value="Submit Form"></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td> </td>
</tr>
</table>
</p>
</form>
</div>
</body>
</html>
No need to do regexp if you don't need it. Change
eregi_replace("`", "", $emailCHecker);
to
str_replace("`", "", $emailCHecker);
Do not use the mysql_* functions since they are deprecated. Use mysqli or PDO or whatever flavor you like but do not use mysql_* anymore!
Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL
extension should be used. See also MySQL: choosing an API guide and
related FAQ for more information.
Hi im am trying to allow users to be members in a website. The code I have does not look to have any bugs or anything. When i try to register as a user it keeps show me an error that i haven't inserted the email address. The email field does exists in the database and i cannot find the problem.
PHP Script
$errorMsg = "";
// First we check to see if the form has been submitted
if (isset($_POST['username'])){
//Connect to the database through our include
include_once "connect_to_mysql.php";
// Filter the posted variables
$username = str_replace("[^A-Z a-z0-9]", "", $_POST['username']); // filter everything but numbers and letters
$country = str_replace("[^A-Z a-z0-9]", "", $_POST['country']); // filter everything but spaces, numbers, and letters
$county = str_replace("[^A-Z a-z0-9]", "", $_POST['county']); // filter everything but spaces, numbers, and letters
$city = str_replace("[^A-Z a-z0-9]", "", $_POST['city']); // filter everything but spaces, numbers, and letters
$accounttype = str_replace("[^a-z]", "", $_POST['accounttype']); // filter everything but lowercase letters
$email=str_replace( '/#/', '#', $email );
$email = stripslashes($_POST['email']);
$email = strip_tags($email);
$email = mysql_real_escape_string($email);
$password = str_replace("[^A-Z a-z0-9]", "", $_POST['password']); // filter everything but numbers and letters
// Check to see if the user filled all fields with
// the "Required"(*) symbol next to them in the join form
// and print out to them what they have forgotten to put in
if((!$username) || (!$country) || (!$county) || (!$city) || (!$accounttype) || (!$email) || (!$password)){
$errorMsg = "You did not submit the following required information!<br /><br />";
if(!$username){
$errorMsg .= "--- User Name";
} else if(!$country){
$errorMsg .= "--- Country";
} else if(!$county){
$errorMsg .= "--- State";
} else if(!$city){
$errorMsg .= "--- City";
} else if(!$accounttype){
$errorMsg .= "--- Account Type";
} else if(!$email){
$errorMsg .= "--- Email Address";
} else if(!$password){
$errorMsg .= "--- Password";
}
} else {
// Database duplicate Fields Check
$sql_username_check = mysql_query("SELECT id FROM members WHERE username='$username' LIMIT 1");
$sql_email_check = mysql_query("SELECT id FROM members WHERE email='$email' LIMIT 1");
$username_check = mysql_num_rows($sql_username_check);
$email_check = mysql_num_rows($sql_email_check);
if ($username_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside our system. Please try another.";
} else if ($email_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside our system. Please try another.";
} else {
// Add MD5 Hash to the password variable
$hashedPass = md5($password);
// Add user info into the database table, claim your fields then values
$sql = mysql_query("INSERT INTO members (username, country, county, city, accounttype, email, password, signupdate)
VALUES('$username','$country','$state','$city','$accounttype','$email','$hashedPass', now())") or die (mysql_error());
// Get the inserted ID here to use in the activation email
$id = mysql_insert_id();
// Create directory(folder) to hold each user files(pics, MP3s, etc.)
mkdir("memberFiles/$id", 0755);
// Start assembly of Email Member the activation link
$to = "$email";
// Change this to your site admin email
$from = "info#chrysikourtina.x10.mx";
$subject = "Complete your registration";
//Begin HTML Email Message where you need to change the activation URL inside
$message = '<html>
<body bgcolor="#FFFFFF">
Hi ' . $username . ',
<br /><br />
You must complete this step to activate your account with us.
<br /><br />
Please click here to activate now >>
<a href="http://http://chrysikourtina.x10.mx/activation.php?id=' . $id . '">
ACTIVATE NOW</a>
<br /><br />
Your Login Data is as follows:
<br /><br />
E-mail Address: ' . $email . ' <br />
Password: ' . $password . '
<br /><br />
Thanks!
</body>
</html>';
// end of message
$headers = "From: $from\r\n";
$headers .= "Content-type: text/html\r\n";
$to = "$to";
// Finally send the activation email to the member
mail($to, $subject, $message, $headers);
// Then print a message to the browser for the joiner
print "<br /><br /><br /><h4>OK $firstname, one last step to verify your email identity:</h4><br />
We just sent an Activation link to: $email<br /><br />
<strong><font color=\"#990000\">Please check your email inbox in a moment</font></strong> to click on the Activation <br />
Link inside the message. After email activation you can log in.";
exit(); // Exit so the form and page does not display, just this success message
} // Close else after database duplicate field value checks
} // Close else after missing vars check
} //Close if $_POST
?>
HTML Form
<table width="600" align="center" cellpadding="4">
<tr>
<td width="7%">REGISTER AS A MEMBER HERE </td>
</tr>
</table>
<table width="600" align="center" cellpadding="5">
<form action="join_form.php" method="post" enctype="multipart/form-data">
<tr>
<td colspan="2"><font color="#FF0000"><?php echo "$errorMsg"; ?></font></td>
</tr>
<tr>
<td width="163"><div align="right">User Name:</div></td>
<td width="409"><input name="username" type="text" value="<?php echo "$username"; ?>" /></td>
</tr>
<tr>
<td><div align="right">Country:</div></td>
<td><select name="country">
<option value="<?php echo "$country"; ?>"><?php echo "$country"; ?></option>
<option value="Cyprus">Cyprus</option>
<option value="United Kingdom">United Kingdom</option>
</select></td>
</tr>
<tr>
<td><div align="right">County: </div></td>
<td><input name="county" type="text" value="<?php echo "$county"; ?>" /></td>
</tr>
<tr>
<td><div align="right">City: </div></td>
<td>
<input name="city" type="text" value="<?php echo "$city"; ?>" />
</td>
</tr>
<tr>
<td><div align="right">Account Type: </div></td>
<td><select name="accounttype">
<option value="<?php echo "$accounttype"; ?>"><?php echo "$accounttype"; ?></option>
<option value="a">Normal User</option>
<option value="b">Expert User</option>
<option value="c">Super User</option>
</select></td>
</tr>
<tr>
<td><div align="right">Email: </div></td>
<td><input name="email" type="text" id="<?php echo "$email"; ?>" value="<?php echo "$email"; ?>" />
</td>
</tr>
<tr>
<td><div align="right"> Password: </div></td>
<td><input name="password" type="password" value="<?php echo "$password"; ?>" />
<font size="-2" color="#006600">(letters or numbers only, no spaces no symbols)</font></td>
</tr>
<tr>
<td><div align="right"> Captcha: </div></td>
<td>Add Captcha Here for security</td>
</tr>
<tr>
<td><div align="right"></div></td>
<td><input type="submit" name="Submit" value="Submit Form" /></td>
</tr>
</form>
</table>
Error : You did not submit the following required information!
--- Email Address
All the other fields seem to be working fine!! If anyone has any idea of what is causing the problem please tell me!! Thanks
EDIT: IF you still get the same result the problem is with mysql_real_escape_string
because it's the only function which return FALSE.
You forgot to define the value of the email variable.
add this:
$email = $_POST['email'];
above this:
$email=str_replace( '/#/', '#', $email );
and add this below:
$email = mysql_real_escape_string(strip_tags(stripslashes($email)));
I believe you need to first get post value, then play with it. So consider the order change as below:
$email = stripslashes($_POST['email']);
$email=str_replace( '/#/', '#', $email );
$email = strip_tags($email);
$email = mysql_real_escape_string($email);
Also a check in html file may work for further errors.
<?php $email = isset($_POST['email']) ? $_POST['email'] : ''; ?>
Hope this works.
Use echo to display your variable's values. See what $mail is when it is posted but before any filters are applied, and after each filter is applied. This can narrow down your search to where the error is actually occurring.