I have a page that gets updated dynamically using ajax, I have a form loaded dynamically and when the submit button is clicked it dynamically loads another page. How would I access my POST variables when doing this? I've tried the $_POST['variable'] with no luck.
ajaxloader.js
register-form.php
<?php
session_start();
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
<form id="loginForm" name="loginForm" method="post" action="javascript:ajaxpage('account/register-exec.php', 'content');">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th>First Name </th>
<td><input name="firstName" type="text" class="textfield" id="firstName" /></td>
</tr>
<tr>
<th>Last Name </th>
<td><input name="lastName" type="text" class="textfield" id="lastName" /></td>
</tr>
<tr>
<th>Username</th>
<td><input name="username" type="text" class="textfield" id="username" /></td>
</tr>
<tr>
<th>Password</th>
<td><input name="password" type="password" class="textfield" id="password" /></td>
</tr>
<tr>
<th>Confirm Password </th>
<td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Register" /></td>
</tr>
</table>
</form>
register-exec.php
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = #trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$firstName = clean($_POST['firstName']);
$lastName = clean($_POST['lastName']);
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$cpassword = clean($_POST['cpassword']);
//Input Validations
if($firstName == '') {
$errmsg_arr[] = 'First name missing';
$errflag = true;
}
if($lastName == '') {
$errmsg_arr[] = 'Last name missing';
$errflag = true;
}
if($username == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
//Check for duplicate username
if($username != '') {
$qry = "SELECT * FROM member WHERE username='$username'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Username already in use';
$errflag = true;
}
#mysql_free_result($result);
}
else {
die("Query failed");
}
}
//If there are input validations, redirect back to the registration form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: register-form.php");
exit();
}
//Create INSERT query
$qry = "INSERT INTO member(firstName, lastName, username, password) VALUES('$firstName','$lastName','$username','".md5($_POST['password'])."')";
$result = #mysql_query($qry);
//Check whether the query was successful or not
if($result) {
header("location: register-success.php");
exit();
}else {
die("Query failed");
}
?>
You can see my full form by clicking the "Join" button at tri-peoria.org and clicking on the 2nd link.
Your javascript is not sending any data and is using a GET request, not a POST. You will need to extract the data from your form into a variable to send. Replace the parameter names and elementIDs below with your form element IDs.
formData = buildData();
page_request.open('POST', url, true);
page_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
page_request.send(formData);
function buildData() {
//build a variable to store the form data, use encodeURI to encode any chars that require encoding
var postFormVars = "addressLine1=" + encodeURI( document.getElementById("addressLine1").value ) +
"&addressLine2=" + encodeURI( document.getElementById("addressLine2").value ) +
"&addressLine3=" + encodeURI( document.getElementById("addressLine3").value ) +
"&town=" + encodeURI( document.getElementById("town").value ) +
"&postcode=" + encodeURI( document.getElementById("postcode").value );
return postFormVars;
}
Your Javascript is sending a GET request and as per your statement you are checking $_POST
page_request.open('GET', url, true)
So update those to match then try again
Related
This is what I've got so far:
<?php
echo '<body style="background-color:red">';
$user = $_POST["username"];
$pass = $_POST["password"];
$validated = false;
//error handler
function customError($errno, $errstr)
{
echo "<b>Error:</b> [$errno] $errstr<br />";
echo "The error has been logged.";
error_log(date (DATE_RSS)." Error: [$errno]
$errstr".chr(13).chr(10),3, "invalidlogin.txt");
}
//set error handler
set_error_handler("customError",E_USER_WARNING);
session_start();
$_SESSION['Login'] = "";
if($user!="" && $pass!="")
{
$sql = "SELECT * FROM User WHERE LoginName = '$user' AND Password ='$pass'";
$conn = mysql_connect("localhost","UserName", "3PassWord") or die ("Sorry - unable to connect to MySQL database.");
$rs = mysql_select_db ("ALL14103673_BTEC",$conn) or die ("error");
$rs = mysql_query($sql,$conn);
$result = mysql_num_rows($rs);
if ($result > 0) $validated = true;
if($validated)
{
$_SESSION['Login'] = "OK";
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
header('Location: protected.php');
}
else
{
$_SESSION['Login'] = "";
trigger_error("Invalid username or password\n", E_USER_WARNING);
echo "Invalid username or password.";
}
}
else $_SESSION['Login'] = "";
if ($result > 0) $validated = true;
if($validated)
{
$_SESSION['login'] = "OK";
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
$ip = $_SERVER["REMOTE_ADDR"];
$date = date("d-m-Y H:i:s");
$file = 'Login.txt';
// Open the file to get existing content
$current = file_get_contents($file);
// Append a new person to the file
$current .= "$user logged in from IP Address of $ip on $date."."\r\n";
// Write the contents back to the file
file_put_contents($file, $current, $browser);
header('Location: protected.php');
}
?>
<html>
<body>
<h1 align="center">Login Page</h1>
<p align="center">Please enter your username and password:</p>
<form action="Login.php" method="post">
<table align="center">
<tr>
<td align="center">Username: </td>
<td align="center"><input size=\"20\"
type="text" size="20" maxlength="15"
name="username"></td>
</tr>
<tr>
<td
align="center">Password: </td>
<td align="center"><input size=\"20\"
type="password" size="20"
maxlength="15" name="password"></td>
</tr>
<tr>
<td colspan="2"
align="center"><input type="submit"
value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
so far, I can log basic information about failed login attempts. Such as the name and password used and when it was. How do I log the browser information and OS used to the same place?
Ok, first of all, I hope you never ever are going to use this code on a actual web page. It seems like you are storing your passwords in plain text in a database, which is never a good idea and your code is vulnerable to SQL injection, please read this: http://php.net/manual/en/security.database.sql-injection.php
Now to answer your question, have a look at this topic, there's a pretty useful function in it that does exactly what you're searching for: Get operating system info with PHP
I'm trying to write a code that takes two input values( username and password) and compare them with values in a table (named as user) in the database. Now, if the value inserted for the username is "admin" and also the password is "admin". I want to direct the admin to his page, and if the user has inserted his info, I want to direct him to his page also. My code below looks correct but I'm getting no response. How can this be fixed?
I wrote this code for html:
<form name="userLogin" action="LoginCode.php" method="POST" >
<h3>Login</h3>
<table width="450px">
<tr>
<td valign="top">
<label for="first_name">Your Name *</label>
</td>
<td valign="top">
<input type="text" name="user_username" maxlength="50" size="30" required>
</td>
</tr>
<tr>
<td valign="top">
<label for="last_name">Password *</label>
</td>
<td valign="top">
<input type="password" name="user_password" maxlength="50" size="30" required>
</td>
<tr>
<td></td>
<td><input type="submit" name="login" value="Login" required>
</td>
</tr>
</table>
</form>
And this is my LoginCode.php
<?php
include ("../Connections/map_connection.php");
if (isset($_POST["login"])) {
$user_username = $_POST["user_username"];
$user_password = $_POST["user_password"];
/* $user_email=$_POST["user_email"]; */
if ($username = 'admin' and $user_password = 'admin') {
$data = mysql_fetch_array($result);
session_start();
$_SESSION['name'] = $data['user_username'];
$_SESSION['start'] = time();
$_SESSION['expire'] = $_SESSION['start'] + 400;
header("location: ..Admin/AdminIndex.php");
} else {
$sql = ("select * from user where user_username='$user_username' and user_password= '$user_password' ");
$result = mysql_query($sql);
if (!$result) {
echo "Error" . mysql_error();
} else {
$row = mysql_num_rows($result);
if ($row == 0) {
echo 'Invalid username or password';
} else {
$data = mysql_fetch_array($result);
session_start();
$_SESSION['name'] = $data['user_username'];
$_SESSION['start'] = time();
$_SESSION['expire'] = $_SESSION['start'] + 400;
header("location: UserIndex.php");
}
}
}
}
?>
Check your if condition,
if ($username = 'admin' and $user_password = 'admin')
Here you are using single '=' i.e assignment operation instead of comparison i.e '=='.
Try this :
if ($username == 'admin' && $user_password == 'admin')
:::::::::::::::::::::::UPDATE:::::::::::::::::::::::::
What does this mean?
if ($username == 'admin' && $user_password == 'admin')
{
$data = mysql_fetch_array($result);
....
}
My point is without mysql_query() you are using mysql_fetch_assoc().
I fixed it !!
<?php
include ("../Connections/map_connection.php");
if (isset($_POST["login"])) {
$user_username= $_POST["user_username"];
$user_password= $_POST["user_password"];
if($user_username=='admin' && $user_password){
$sql= ("select * from admin where admin_username='$user_username' and admin_password= '$user_password' ");
$result = mysql_query($sql);
if(!$result){
echo "Error".mysql_error();
}
else
{
$row= mysql_num_rows($result);
if($row==0) {
echo 'Invalid username or password';
}
else
{
$data= mysql_fetch_array($result);
session_start();
$_SESSION['name'] = $data['admin_username'];
$_SESSION['start']=time();
$_SESSION['expire']= $_SESSION['start'] + 400;
header("location: ../Admin/AdminIndex.php");
}
}
}
else{
$sql= ("select * from user where user_username='$user_username' and user_password= '$user_password' ");
$result = mysql_query($sql);
if(!$result){
echo "Error".mysql_error();
}
else
{
$row= mysql_num_rows($result);
if($row==0) {
echo 'Invalid username or password';
}
else
{
$data= mysql_fetch_array($result);
session_start();
$_SESSION['name'] = $data['user_username'];
$_SESSION['start']=time();
$_SESSION['expire']= $_SESSION['start'] + 400;
header("location: UserIndex.php");
}
}
}
}
?>
So, I have the following code:
<?php
mysql_connect("HOSTADDRESS", "USERNAME", "PASS") or die(mysql_error());
mysql_select_db("DATABASENAME") or die(mysql_error());
//Checks if there is a login cookie;
if(isset($_COOKIE["ID_my_site"]))
//If there is, it logs you in and directs you to the member page
{
$username = $_COOKIE["ID_my_site"];
$pass = $_COOKIE["ID_my_site"];
$check = mysql_query("SELECT * FROM userdata WHERE emailaddress = '$emailaddress'") or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info["password"])
{
}
else
{
header("Location: members.php");
}
}
}
//If the login form is submitted;
if (isset($_POST["submit"])) { //If form has been submitted
//Makes sure they are filled in
if(!$_POST["emailaddress"] | !$_POST["pass"]) {
die("You did not fill in all required fields.");
}
//Checks it against the database;
if (!get_magic_quotes_gpc()) {
$_POST["email"] = addslashes($_POST["email"]);
}
$check = mysql_query("SELECT * FROM userdata WHERE emailaddress = '".$_POST["emailaddress"]."'") or die(mysql_error());
//Gives error if user doesn't exist;
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die("That users does not exist in our database. <a href=register.php>Click here to register</a>");
}
while($info = mysql_fetch_array( $check ))
{
$_POST["pass"] = stripslashes($_POST["pass"]);
$info["password"] = stripslashes($info["password"]);
$_POST["pass"] = md5($_POST["pass"]);
//Gives error if the password is wrong
if ($_POST["pass"] != $info["password"]) {
die("Incorrect password, please try again.");
}
else
{
//If login is ok then we add a cookie
$_POST["emailaddress"] = stripslashes($_POST["emailaddress"]);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST["emailaddress"], $hour);
setcookie(Key_my_site, $_POST["pass"], $hour);
//Then it redirects them to the members area
header("Location: members.php");
}
}
}
else
{
//If they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Email Address:</td><td>
<input type="text" name="emailaddress" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="12">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
When I try to login via the website, even though the password is identical to the password on the database, it reads 'Incorrect password, please try again.' If I try the password with the encryption version which is found on the database, it also shows this message. Please could someone help me with this bug?
if(!$_POST["emailaddress"] | !$_POST["pass"]) {
use || so will be
if(!$_POST["emailaddress"] || !$_POST["pass"]) {
I have a form that allows me to enter a user into my database. However, whenever I click on submit I receive the query failed error message. Below is my the form I have built:
register-admin.php
<form id="resgisterform" name="registerform" method="post" action="register-admin-exec.php">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th>Username </th>
<td><input name="username" type="text" class="textfield" id="username" /></td>
</tr>
<tr>
<th>First Name </th>
<td><input name="first_name" type="text" class="textfield" id="first_name" /></td>
</tr>
<tr>
<th>Last Name </th>
<td><input name="last_name" type="text" class="textfield" id="last_name" /></td>
</tr>
<tr>
<th>Muvdigital Email </th>
<td><input name="muvdigital_email" type="text" class="textfield" id="muvdigital_email" /></td>
</tr>
<tr>
<th>Personal Email </th>
<td><input name="personal_email" type="text" class="textfield" id="personal_email" /></td>
</tr>
<tr>
<th>Title </th>
<td><input name="title" type="text" class="textfield" id="title" /></td>
</tr>
<tr>
<th>Address 1 </th>
<td><input name="address_1" type="text" class="textfield" id="address_1" /></td>
</tr>
<tr>
<th>Address 2 </th>
<td><input name="address_2" type="text" class="textfield" id="address_2" /></td>
</tr>
<tr>
<th>City </th>
<td><input name="city" type="text" class="textfield" id="city" /></td>
</tr>
<tr>
<th>State </th>
<td><input name="state" type="text" class="textfield" id="state" /></td>
</tr>
<tr>
<th>Zip Code </th>
<td><input name="zip" type="text" class="textfield" id="zip" /></td>
</tr>
<tr>
<th>Phone </th>
<td><input name="phone" type="text" class="textfield" id="phone" /></td>
</tr>
<tr>
<th>Password </th>
<td><input name="password" type="password" class="textfield" id="password" /></td>
</tr>
<tr>
<th>Confirm Password </th>
<td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Register" /></td>
</tr>
</table>
</form>
The values from this form are then brought over to the register-admin-exec.php page which is below
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = #trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//define and validate the post values
/*if (isset ($_POST['admin_id']) && !empty ($_POST['admin_id'])) {
$admin_id = $_POST['admin_id'];
} else {
echo 'Error: admin id not provided!';
}*/
if (isset ($_POST['username']) && !empty ($_POST['username'])) {
$username = clean($_POST['username']);
} else {
echo 'Error: username not provided!';
}
if (isset ($_POST['first_name']) && !empty ($_POST['first_name'])) {
$first_name = clean($_POST['first_name']);
} else {
echo 'Error: first name not provided!';
}
if (isset ($_POST['last_name']) && !empty ($_POST['last_name'])) {
$last_name = clean($_POST['last_name']);
} else {
echo 'Error: last name not provided!';
}
if (isset ($_POST['muvdigital_email']) && !empty ($_POST['muvdigital_email'])) {
$muvdigital_email = clean($_POST['muvdigital_email']);
} else {
echo 'Error: muvdigital email not provided!';
}
if (isset ($_POST['personal_email']) && !empty ($_POST['personal_email'])) {
$personal_email = clean($_POST['personal_email']);
} else {
echo 'Error: personal email not provided!';
}
if (isset ($_POST['title']) && !empty ($_POST['title'])) {
$title = clean($_POST['title']);
} else {
echo 'Error: title not provided!';
}
if (isset ($_POST['phone']) && !empty ($_POST['phone'])) {
$phone = clean($_POST['phone']);
} else {
echo 'Error: phone not provided!';
}
if (isset ($_POST['address_1']) && !empty ($_POST['address_1'])) {
$address_1 = clean($_POST['address_1']);
} else {
echo 'Error: address 1 not provided!';
}
$address_2 = clean($_POST['address_2']);
if (isset ($_POST['city']) && !empty ($_POST['city'])) {
$city = clean($_POST['city']);
} else {
echo 'Error: city not provided!';
}
if (isset ($_POST['state']) && !empty ($_POST['state'])) {
$state = clean($_POST['state']);
} else {
echo 'Error: state not provided!';
}
if (isset ($_POST['zip']) && !empty ($_POST['zip'])) {
$zip = clean($_POST['zip']);
} else {
echo 'Error: zip not provided!';
}
if (isset ($_POST['password']) && !empty ($_POST['password'])) {
$password = clean($_POST['password']);
} else {
echo 'Error: password not provided!';
}
if (isset ($_POST['cpassword']) && !empty ($_POST['cpassword'])) {
$cpassword = clean($_POST['cpassword']);
} else {
echo 'Error: confirm password not provided!';
}
//encrypt the password
$salt = sha1($username);
$password = sha1($salt.$password);
//Check for duplicate login ID
if($username != '') {
$qry = "SELECT * FROM members WHERE username='".$username."'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Login ID already in use';
$errflag = true;
}
#mysql_free_result($result);
}
else {
die("Query failed");
}
}
//If there are input validations, redirect back to the registration form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: register-admin.php");
exit();
}
//Create INSERT query
$qry = "INSERT INTO admins (
'username',
'password',
'first_name',
'last_name',
'muvdigital_email',
'personal_email',
'titles',
'phone',
'address_1',
'address_2',
'city',
'state',
'zip')
VALUES (
'$username',
'$password',
'$first_name',
'$last_name',
'$muvdigital_email',
'$personal_email',
'$title',
'$phone',
'$address_1',
'$address_2',
'$city',
'$state',
'$zip')";
$result = mysql_query($qry);
//Check whether the query was successful or not
if($result) {
header("location: register-success.php");
exit();
}else {
die("Query failed $qry");
}
?>
I know it is failing at my insert statement because I have tried commenting out the previous validation check for duplicate login ids and it still fails. I cannot figure out why my insert statement isn't working. After echoing the $qry, i get
INSERT INTO admins ( 'username', 'password', 'first_name', 'last_name', 'muvdigital_email', 'personal_email', 'titles', 'phone', 'address_1', 'address_2', 'city', 'state', 'zip') VALUES ( 'johndoe', '7afbb2186cf26d85bdfe948d367fb6baa6739283', 'john', 'doe', 'john.doe#muvdigital.com', 'jdoe#gmail.com', 'intern', '6024013776', '18b main st', 'apt 12', 'Hooksett', 'NH', '03106')
so the $_POST function is working. I have tried manually entering the insert statement at the command line and i receive ERROR 1054 (42S22): Unknown column 'johndoe' in 'field list'.
The admin_id is an auto_increment field which is why I have commented it out (and I have tried uncommenting it and manually creating an admin_id, which stil does not work)
Anyone have an idea as to why this is happening?
You have quoted all your column names with single quotes, which is incorrect. They should be unquoted, except if you have used a MySQL reserved keyword (which you have not)
// Column names are unquoted, but VALUES() should be quoted.
$qry = "INSERT INTO admins (
username,
password,
first_name,
last_name,
muvdigital_email,
personal_email,
titles,
phone,
address_1,
address_2,
city,
state,
zip)
VALUES (
'$username',
'$password',
'$first_name',
'$last_name',
'$muvdigital_email',
'$personal_email',
'$title',
'$phone',
'$address_1',
'$address_2',
'$city',
'$state',
'$zip')";
$result = mysql_query($qry);
I've been reading alot of tutorials on how to and looking at samples regarding registration. I have my database config file, reg_form and register-exec files. When I try on a production server, I get file not found for register-exec.
Here's my reg_form:
<?php
session_start ();
?>
<html>
<head>
<title>Login Form</title>
</head>
<body>
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count ($_SESSION['ERRMSG_ARR']) >0 ){
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
</body>
<form id="loginForm" name="loginForm" method="post" action="register-exec.php">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th>Full Name</th>
<td><input name="fname" type="text" class="textfield" id="fname" /></td>
</tr>
<tr>
<th>Email Address (Must be valid)</th>
<td><input name="email" type="text" class="email" id="email" /></td>
</tr>
<tr>
<th>Password (must not be longer than 6)</th>
<td><input name="password" type="password" class="textfield" id="password" /></td>
</tr>
<tr>
<th>Confirm Password</th>
<td><input name="copassword" type="password" class="textfield" id="copassword" />"</td>
</tr>
<tr>
<td> </td>
<td><input type="hidden" name="form_submitted" value="1" />"<input type="submit" name="submit" value="Register" />"</td>
</tr>
</table>
The following is the register-exec.php file, I'm not sure where I went wrong with it.
<?php
//Start session
session_start();
//Include database
require_once('db_conn.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Create a random 6 digit cid for users
$new_cid = mt_rand(100000, 999999);
//Create random activation key
$act_key = mt_rand().mt_rand().mt_rand().mt_rand().mt_rand();
//Connect to mysql
$link = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD);
if (!$link){
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Sanitize the values
$fname = clean($_POST['fname']);
$email = clean($_POST['email']);
$password = clean($_POST['password']);
$copassword = clean($_POST['copassword']);
//Make sure they submitted the form
if($_POST['form_submitted'] == '1'){
//Make sure they inputted information
if($fname == '') {
$errmsg_arr[] = 'Full Name missing';
$errflag = true;
}
if($email == ''){
$errmsg_arr[] = 'Email missing';
$errflag = true;
}
if($password == ''){
$errmsg_arr[] = 'Missing password';
$errflag = true;
}
if($copassword == ''){
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($password, $copassword) != 0 ){
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
$sql="INSERT INTO users (fname, email, password, act_key, cid) VALUES ('$fname', '$password', '$act_key', '$new_cid')";
if (!mysql_query($sql))
{
die('Error:' . mysql_error());
}
echo "An email has been sent to $_POST[email] with an activation key. Please check your mail to complete registration.";
//Send the first activation email
$to = $_POST['email'];
$subject = "VMATSIM Registration";
$message = "Welcome to VMATSIM. You or someone using your email address has completed registration at vmatsim.net. You can complete reigstration by clicking the following link:\rhttp://vmatsim.net/register-exec.php?$act_key\r\rIf this is an error, ignore this email and you will be removed from our system.\r\rRegards, VMATSIM Team";
$headers = 'From: noreply#vmatsim.net' . "\r\n" .
'Reply-To: noreply#vmatsim.net' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject,$message,$headers);
//User is activating
} else {
$queryString = $_SERVER['QUERY_STRING'];
$query = "SELECT * FROM users";
$result = mysql_query($query) or die (mysql_error());
while($row = mysql_fetch_array($result)){
if($queryString == $row["act_key"]){
echo "Congratulations" . $row["fname"] . " is now the proud owner of a VMATSIM account.";
$sql = "UPDATE users SET act_key = ''";
if(!mysql_query($sql))
{
die('Error:' . mysql_error());
}
}
}
}
?>
Any pointers would be very helpful.
Make sure your reg_form.php, db_conn.php and register-exec.php are in the same location or make sure to specify the path to them when calling/using them.
Try to test, if you can call the files manually to see if it is a permission issue. Simply type into your browser the full path to the file.
Depending on how you copied it, you might not enjoy the same permissions on your production server and thus PHP can't access the file. Try setting it with
chmod 777 filename.php
and then if it works, make sure you revert back to the amount of privileges you need.
If the files are sitting in a different locations give the absolute path:
require_once("/var/config/my_config_files.php");