Hi again this is me nearly done with the gubbings of the site but im scratching my head to why this reset password page does not go through any of it procedures. Im sure it is again something minor but i cant see it, seems as though my reset button is not working at all but its the correct spelling when i call it and all the brackets as far as i can tell are correct. im sure the more i get used to these errors the more ill catch them myself. apologies for the dumb question.
Here's my code:
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
?>
<html>
<head>
<title> Member system : Forgot password</title>
</head>
<body>
<?php
if(!$username && !$userid) {
if($_POST['resetbtn']) {
//get form data
$user = $_POST['user'];
$email = $_POST['email'];
//make sure info provided
if($user) {
if($email) {
if((strlen($email) > 7) && (strstr($email, "#")) && (strstr($email, ".")) ) {
require("./connect.php");
$query = mysql_query("SELECT * FROM user WHERE username='$user'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
// info about account
$row = mysql_fetch_assoc($query);
$dbemail = $row['email'];
//make sure email is correct
if($email == $dbemail) {
// generate a password
$pass = rand();
$pass = md5($pass);
$pass = substr($pass, 0, 15);
$password = md5(md5("12345".$pass."54321"));
//update db with new pass
mysql_query("UPDATE user SET password='$password' WHERE username='$user'");
//make sure password was changed
$query = mysql_query("SELECT * FROM user WHERE username='$user' AND password='$password'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
//create our email variables
$webmaster = "mwilkins877#gmail.com";
$headers = "From: Mike<$webmaster>";
$subject = "Your new password";
$message = "Your password has been reset, your new password is below. \n";
$message .= "Password: $pass\n";
echo $pass."<br/>";
if(mail($email, $subject, $message, $headers)) {
echo "Your password has been reset an email has been sent with your new password";
}
else
echo "An error has occured and your email wasnt sent containing your new password";
}
else
echo "An error has occured and the password was not set";
}
else
echo "You have entered the wrong email address";
}
else
echo "The user name was not found";
mysql_close();
}
else "Please enter a valid email address";
}
else
echo "please enter your email";
}
else
echo "Please enter your user name";
}
else
echo"<from action='./forgotpass.php' method='post'>
<table>
<tr>
<td>User name</td>
<td><input type='text' name='user'/></td>
</tr>
<tr>
<td>email</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='resetbtn' value='Reset password'/> </td>
</tr>
</table>
</form>";
}
else
echo "Please log out to view this page";
?>
</body>
</html>
I would appreciate your help on this as its only just me learning for fun. Look forward to hearing back of some one hopefully. thanks in advance.
please correct the spelling of the form
echo"<from action='./forgotpass.php' method='post'>
to
echo"<form action='./forgotpass.php' method='post'>
Hope this will fix your issue
Just try this. Its working for me.
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
?>
<body>
<?php
if(!$username && !$userid) {
if($_POST['resetbtn']) {
//get form data
$user = $_POST['user'];
$email = $_POST['email'];
//make sure info provided
if($user) {
if($email) {
if((strlen($email) > 7) && (strstr($email, "#")) && (strstr($email, ".")) ) {
require("./connect.php");
$query = mysql_query("SELECT * FROM user WHERE username='$user'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
// info about account
$row = mysql_fetch_assoc($query);
$dbemail = $row['email'];
//make sure email is correct
if($email == $dbemail) {
// generate a password
$pass = rand();
$pass = md5($pass);
$pass = substr($pass, 0, 15);
$password = md5(md5("12345".$pass."54321"));
//update db with new pass
mysql_query("UPDATE user SET password='$password' WHERE username='$user'");
//make sure password was changed
$query = mysql_query("SELECT * FROM user WHERE username='$user' AND password='$password'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
//create our email variables
$webmaster = "mwilkins877#gmail.com";
$headers = "From: Mike<$webmaster>";
$subject = "Your new password";
$message = "Your password has been reset, your new password is below. \n";
$message .= "Password: $pass\n";
echo $pass."<br/>";
if(mail($email, $subject, $message, $headers)) {
echo "Your password has been reset an email has been sent with your new password";
}
else
echo "An error has occured and your email wasnt sent containing your new password";
}
else
echo "An error has occured and the password was not set";
}
else
echo "You have entered the wrong email address";
}
else
echo "The user name was not found";
mysql_close();
}
else "Please enter a valid email address";
}
else
echo "please enter your email";
}
else
echo "Please enter your user name";
}
else
echo"<form action='./forgotpass.php' method='post'>
<table>
<tr>
<td>User name</td>
<td><input type='text' name='user'/></td>
</tr>
<tr>
<td>email</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='resetbtn' value='Reset password'/> </td>
</tr>
</table>
</form>";
Related
The PHP file is blank when I open it up in the browser. Also, when I open the source code, it is empty as well.
This is the tutorial I am following
And here is the code:
<?php
error_reporting(E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member System - Register</title>
</head>
<body>
<?php
if ($_POST['registerbtn']) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getconfirmpass = $_POST['confirmpass'];
if ($getuser) {
if ($getemail) {
if ($getpass) {
if ($getconfirmpass) {
if ($getpass === $getconfirmpass) {
if (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, ".")) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$password = md5 (md5("kjfiufj".$getpass."Fjf56fj"));
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$password', '$getemail', '0', '$code', '$date'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site = "http://localhost/PHP Projects/Member System";
$webmaster = "Askman <donotreply#askmanproducts.com>";
$headers = "From: $webmaster";
$subject = "Activate Your New Account!";
$message = "Thanks for regisntering. Click the link below to activate your account!\n";
$message .= "$site/activate?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";
if (mail($getemail, $subject, $message, $headers)){
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent.";
}
else
$errormsg = "An error has occured. Your account was not created.";
}
else
$errormsg = "There is already a user with that email.";
}
else
$errormsg = "There is already a user with that username.";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "Your passwords did not match.";
}
else
$errormsg = "You must confirm your password to register.";
}
else
$errormsg = "You must enter your password to register.";
}
else
$errormsg = "You must enter your email to register.";
}
else
$errormsg = "You must enter your username to register.";
}
$form = "<form action='./register' method='post'>
<table>
<tr>
<td</td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='confirmpass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
</body>
</html>
you have error on this line
if (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, ".")) {
it must be if ((strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
alse the source code in the browser will show you the html code not the php php is server side so it's code is inside the server and browser can not see the
php code
full code
<?php
error_reporting(E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member System - Register</title>
</head>
<body>
<?php
if ($_POST['registerbtn']) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getconfirmpass = $_POST['confirmpass'];
if ($getuser) {
if ($getemail) {
if ($getpass) {
if ($getconfirmpass) {
if ($getpass === $getconfirmpass) {
if ((strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$password = md5 (md5("kjfiufj".$getpass."Fjf56fj"));
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$password', '$getemail', '0', '$code', '$date'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site = "http://localhost/PHP Projects/Member System";
$webmaster = "Askman <donotreply#askmanproducts.com>";
$headers = "From: $webmaster";
$subject = "Activate Your New Account!";
$message = "Thanks for regisntering. Click the link below to activate your account!\n";
$message .= "$site/activate?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";
if (mail($getemail, $subject, $message, $headers)){
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent.";
}
else
$errormsg = "An error has occured. Your account was not created.";
}
else
$errormsg = "There is already a user with that email.";
}
else
$errormsg = "There is already a user with that username.";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "Your passwords did not match.";
}
else
$errormsg = "You must confirm your password to register.";
}
else
$errormsg = "You must enter your password to register.";
}
else
$errormsg = "You must enter your email to register.";
}
else
$errormsg = "You must enter your username to register.";
}
$form = "<form action='./register' method='post'>
<table>
<tr>
<td</td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='confirmpass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
</body>
</html>
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
?>
<html>
<head>
<title>Log in</title>
</head>
<body>
<?php
$form = "<form action='./log.php' method='POST'>
<table>
<tr>
<td>Username</td>
<td><input type='text' name='name'></td>
</tr>
<tr>
<td>Password</td>
<td><input type='text' name='password'></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='loginbtn' value='Login'></td>
</tr>
</table>
</form>";
if ($_POST['loginbtn']) {
$user = $_POST['name'];
$password = $_POST['password'];
if($user) {
if($password) {
require('connect.php');
$password = md5($password)
//make user login info correct
$query = mysql_query("SELECT * FROM users where name= '$user'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbid = $row['id'];
$dbuser = $row['name'];
$dbpass = $row['password'];
$dbactive = $row['active'];
if($password == $dbpass) {
if($dbactive == 1) {
//set session info
$_SESSION['id'] = $dbid;
$_SESSION['name'] = $dbuser;
echo "You have logged in as <b>$dbname</b> <a href='en/index.html'>Click Here</a> to go on next page";
}
else {
echo "You must activate your account to login. $form";
}
}
else {
echo "You did not enter the correct password";
}
}
else {
echo "The username you entered was not found. $form";
}
mysql_close();
}
else {
echo "Tou must eneter your password. $form";
}
}
else {
echo "Tou must eneter a username. $form";
}
}
else {
echo $form;
}
?>
</body>
</html>
*My registration system instert password on db in md5 format.
but this login form can't find my password and print me problem "You did not enter the correct passsword".
How to sloving this problem?*
Persistently trying to solve the problem but have not been able
It may possible while inserting password into database some white space or other values are inserted alongwith password field. So once again check your inserting code. Use trim befor making password md5 like $password = md5(trim($password)) at both side(for Insert and Select). also note that it is case sensitive. As said in the comment section dont use md5 as it is not that much secure.
i got a problem on my validation script using php; when the user only fills out username form and emptied the password it still logs the user in it should show the user that the password field is blank error. i'm kinda new to php and i'm hoping you can help me. thanks!
here's my code for checking login
<?php
$usernameErr = $passwordErr = "";
$username = $password = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST['username']))
{$usernameErr = "Username is required.";}
else
{$username =($_POST['username']);}
if (empty($_POST['password']))
{$passwordErr = "Password is required.";}
else
{$password =($_POST['password']);}
}
?>
<body>
<div id="header" align="center">
<h1>PT. Sumber Urip Alfindo</h1>
</div>
<br/>
<div id="content" align="center">
<form id="login" name="login" method="post" action="checklogin.php">
<table>
<tr>
<td>Username</td>
<td></td>
<td><input name="username" type="text" id="username"><span class="error"><?php echo $usernameErr;?></span></td>
</tr>
<tr>
<td>Password</td>
<td></td>
<td><input name="password" type="password" id="password"><span class="error"><?php echo $passwordErr;?></span></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>
<?php
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1 && $username="admin")
{
header("location:mainadmin.php");
}
else if($count==1)
{
header("location:main.php");
}
else
{
echo "Wrong username or password";
}
?>
Before anyone moans, I'm not replacing mysql with mysqli/PDO to answer the question. Yes it's wrong that it's used but it's not related to the question.
Correct model: if (there is not an error) { log the person in } else { do something else}.
Your model: check for errors. log the user in anyway.
This is what you're doing now
// checking stuff
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST['username']))
{$usernameErr = "Username is required.";}
// blah blah check check check
}
// don't bother considering the error, just log them in anyway
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
// etc
But what you need to do is this:
// check for errors and store them
$errors=array(); // create an empty array to store errors
if (empty($_POST['username'])){
$errors['usernameErr'] = "Username is required."; // add an error
}else{
$username =($_POST['username']);
}
if (empty($_POST['password'])){
$errors['passwordErr'] = "Password is required."; // add an error
}else{
$password =($_POST['password']);
}
// etc etc
// check if there were any errors anywhere along the way
// and if not, proceed with login
if (!count($errors)) { // check there are no errors
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
// etc etc
}else{
// if there were errors do something else
echo implode("<br />", $errors); // output the errors however you like
}
Try this for a start
<?php
/* validate form first */
if (!empty($_POST['username']))
{ $username = $_POST['username'];
}
else{ echo "Username is required."; }
if (!empty($_POST['password']))
{ $password = $_POST['password'];
}
else{ echo "password is required."; }
/* Do the queries second i.e */
SELECT * FROM Persons WHERE username='' AND password ='';
?>
hi,You should describe your question clearly,I have read your code and checked it ,when i not fills out password,it was really display Password is required.
general validation method is as follows:
if(empty($_POST['username'])){
$usererror = '...';
return false;
}else{
$username = $_POST['username'];
}
if(empty($_POST['password'])){
$passerror = '...';
return false;
}else{
$password = $_POST['password'];
}
The best way to handle error validation is to use same variable, especially if you have many input form data
$username = $_POST['username'];
$password = $_POST['password'];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($username == '') {
$error_msg[]= 'Username is required';
} else if ($password == '') {
$error_msg[]= 'Password is required';
}
}
if (!empty($error_msg)) {
$ERROR_MSG = implode($error_msg);
exit;
}
I have been trying to create a member log in page to link to my website. I have a number of nested If's within my PHP page however no matter what I try I receive the $errormsg from the first else statement.
The only way I have managed to change this is to add an additional empty else at the bottom of the code (before the table), when i click the reigisterbtn I either receive the first else result or a blank page displaying nothing.
Am I missing something really obvious?
<?php
error_reporting (E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Register Page</title>
</head>
<body>
<?php
if ( $_POST ['registerbtn']) {
$getuser =$_post ['user'];
$getemail =$_post ['email'];
$getpass =$_post ['pass'];
$getretypepass =$_post ['retypepass'];
if($getuser){
if ($getemail){
if ($getpass){
if ($getretypepass){
if ($getpass === $getretypepass){
if ((strlen ($getemail) >=7 ) && (strstr ($getemail, "#")) && (strstr ($getemail, "."))) {
require ("./connect.php");
$query = mysql_query ("SELECT * FROM users WHERE username ='$getuser'");
$numrows = mysql_num_rows ($query);
if ($numrows == 0){
$query = mysql_query ("SELECT * FROM users WHERE email ='$getemail'");
$numrows = mysql_num_rows ($query);
if ($numrows == 0){
$password =md5 (md5 ("kjfiufj".$password."Fj56fj"));
$date("F d, Y");
$code = md5(rand ());
mysql_query ("INSERT INTO users VALUES (
'', '$getuser','$password','$getemail', '0', '$code', '$date')");
$query = mysql_query ("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows ($query);
if ($numrows == 1){
$site = "http://www.andyhoole.co.uk";
$webmaster = "AndyHoole <admin#andyhoole.co.uk>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = " Thank you for registering :) . Clink the link below to activate your account.\n ";
$message .="$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account to log in.";
if ( mail($getemail,$subject, $message, $headers) ){
$errormsg = "You have been registered, you must activate your account form the activation link sent to <b> $getemail </b>";
$getuser = "";
$getemail = "";
}else
$errormsg = "An error has occured. Your activation email was not sent.";
}else
$errormsg = " An error has occured and your account has not been created. ";
}else
$errormsg = " This email address already exsists.";
}else
$errormsg = " This username already exsists.";
mysql_close();
}else
$errormsg = "You must enter a valid email address to register.";
}else
$errormsg = "Your passwords did not match.";
}else
$errormsg = "You must retype your password to register.";
}else
$errormsg = "You must enter your password to register.";
}else
$errormsg = "You must enter your email address to register.";
}else
$errormsg = "You must enter your User name to register.";
}
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
</body>
</html>
Thank you for looking :)
you also should use $_POST instead of $_post since php is case sensitive!
i have a members registration form that displays perfectly until i add the php. Once the php code is added the form completely disappears. I have tried everything but i think a fresh set of eyes is needed at this stage.
Any help would be greatly appreciated. Cheers.
<?php
if ( $_POST['registerbtn'] ) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser) {
if ($getemail) {
if($getpass) {
if ($getretypepass) {
if ($getpass === $getretypepass) {
if ( (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$password = md5($password);
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$getpassword', '$getemail', '0', '$getcode', '$getdate'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getusername'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site ="http://localhost/member.php";
$webmaster = "Bror Phren <bmdoublec#hotmail.com>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = "Thanks for registering. Click the link below to activate your account";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account t login.";
if (mail($getemail, $subject, $message, $headers) ) {
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b> ";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent";
}
else
$errormsg = "An error has occured. Your account was not created.\n";
}
else
$errormsg = "There is already a user with that email";
}
else
$errormsg = "There is already a user with that username";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter password to register.";
}
else
$errormsg = "You must enter email to register.";
}
else
$errormsg = "You must enter username to register.";
}
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
}
?>
Your echo statement is inside your if ( $_POST['registerbtn'] ) {} block, meaning the form isn't displayed if it isn't submitted.
I think you need to use else
<?php
if (isset($_POST['registerbtn'])) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser) {
if ($getemail) {
if($getpass) {
if ($getretypepass) {
if ($getpass === $getretypepass) {
if ( (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$password = md5($password);
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$getpassword', '$getemail', '0', '$getcode', '$getdate'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getusername'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site ="http://localhost/member.php";
$webmaster = "Bror Phren <bmdoublec#hotmail.com>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = "Thanks for registering. Click the link below to activate your account";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account t login.";
if (mail($getemail, $subject, $message, $headers) ) {
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b> ";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent";
}
else
$errormsg = "An error has occured. Your account was not created.\n";
}
else
$errormsg = "There is already a user with that email";
}
else
$errormsg = "There is already a user with that username";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter password to register.";
}
else
$errormsg = "You must enter email to register.";
}
else
$errormsg = "You must enter username to register.";
}
}
here
else{
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
}
?>
You have errors in PHP code which are preventing anything from running.
I would suggest running your code through something like PHPLint to see the errors.
Also, you may want to consider structuring your code in a way that is easier to read and maintain.
For example, you could avoid all those nested if statements and write it as:
if (!$getuser) {
$errormsg = "You must enter username to register.";
}
else if (!$getemail) {
$errormsg = "You must enter email to register.";
}
...
EDIT: As mentioned by Armon Toubman, the form will only display if relevant data has been posted to the page. You need to move the form outside of the if statement. See code below:
<?php
if ( $_POST['registerbtn'] ) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser) {
if ($getemail) {
if($getpass) {
if ($getretypepass) {
if ($getpass === $getretypepass) {
if ( (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$password = md5($password);
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$getpassword', '$getemail', '0', '$getcode', '$getdate'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getusername'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site ="http://localhost/member.php";
$webmaster = "Bror Phren <bmdoublec#hotmail.com>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = "Thanks for registering. Click the link below to activate your account";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account t login.";
if (mail($getemail, $subject, $message, $headers) ) {
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b> ";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent";
}
else
$errormsg = "An error has occured. Your account was not created.\n";
}
else
$errormsg = "There is already a user with that email";
}
else
$errormsg = "There is already a user with that username";
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter password to register.";
}
else
$errormsg = "You must enter email to register.";
}
else
$errormsg = "You must enter username to register.";
}
mysql_close();
}
?>
<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'><?php if(isset($errormsg){ echo $errormsg; } ?></font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='<?php if(isset($getuser){ echo $getuser; } ?>' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='<?php if(isset($getemail){ echo $getemail; } ?>' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>