i have a members registration form that displays perfectly until i add the php. Once the php code is added the form completely disappears. I have tried everything but i think a fresh set of eyes is needed at this stage.
Any help would be greatly appreciated. Cheers.
<?php
if ( $_POST['registerbtn'] ) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser) {
if ($getemail) {
if($getpass) {
if ($getretypepass) {
if ($getpass === $getretypepass) {
if ( (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$password = md5($password);
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$getpassword', '$getemail', '0', '$getcode', '$getdate'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getusername'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site ="http://localhost/member.php";
$webmaster = "Bror Phren <bmdoublec#hotmail.com>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = "Thanks for registering. Click the link below to activate your account";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account t login.";
if (mail($getemail, $subject, $message, $headers) ) {
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b> ";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent";
}
else
$errormsg = "An error has occured. Your account was not created.\n";
}
else
$errormsg = "There is already a user with that email";
}
else
$errormsg = "There is already a user with that username";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter password to register.";
}
else
$errormsg = "You must enter email to register.";
}
else
$errormsg = "You must enter username to register.";
}
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
}
?>
Your echo statement is inside your if ( $_POST['registerbtn'] ) {} block, meaning the form isn't displayed if it isn't submitted.
I think you need to use else
<?php
if (isset($_POST['registerbtn'])) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser) {
if ($getemail) {
if($getpass) {
if ($getretypepass) {
if ($getpass === $getretypepass) {
if ( (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$password = md5($password);
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$getpassword', '$getemail', '0', '$getcode', '$getdate'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getusername'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site ="http://localhost/member.php";
$webmaster = "Bror Phren <bmdoublec#hotmail.com>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = "Thanks for registering. Click the link below to activate your account";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account t login.";
if (mail($getemail, $subject, $message, $headers) ) {
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b> ";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent";
}
else
$errormsg = "An error has occured. Your account was not created.\n";
}
else
$errormsg = "There is already a user with that email";
}
else
$errormsg = "There is already a user with that username";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter password to register.";
}
else
$errormsg = "You must enter email to register.";
}
else
$errormsg = "You must enter username to register.";
}
}
here
else{
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
}
?>
You have errors in PHP code which are preventing anything from running.
I would suggest running your code through something like PHPLint to see the errors.
Also, you may want to consider structuring your code in a way that is easier to read and maintain.
For example, you could avoid all those nested if statements and write it as:
if (!$getuser) {
$errormsg = "You must enter username to register.";
}
else if (!$getemail) {
$errormsg = "You must enter email to register.";
}
...
EDIT: As mentioned by Armon Toubman, the form will only display if relevant data has been posted to the page. You need to move the form outside of the if statement. See code below:
<?php
if ( $_POST['registerbtn'] ) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser) {
if ($getemail) {
if($getpass) {
if ($getretypepass) {
if ($getpass === $getretypepass) {
if ( (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$password = md5($password);
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$getpassword', '$getemail', '0', '$getcode', '$getdate'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getusername'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site ="http://localhost/member.php";
$webmaster = "Bror Phren <bmdoublec#hotmail.com>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = "Thanks for registering. Click the link below to activate your account";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account t login.";
if (mail($getemail, $subject, $message, $headers) ) {
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b> ";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent";
}
else
$errormsg = "An error has occured. Your account was not created.\n";
}
else
$errormsg = "There is already a user with that email";
}
else
$errormsg = "There is already a user with that username";
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter password to register.";
}
else
$errormsg = "You must enter email to register.";
}
else
$errormsg = "You must enter username to register.";
}
mysql_close();
}
?>
<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'><?php if(isset($errormsg){ echo $errormsg; } ?></font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='<?php if(isset($getuser){ echo $getuser; } ?>' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='<?php if(isset($getemail){ echo $getemail; } ?>' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>
Related
The PHP file is blank when I open it up in the browser. Also, when I open the source code, it is empty as well.
This is the tutorial I am following
And here is the code:
<?php
error_reporting(E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member System - Register</title>
</head>
<body>
<?php
if ($_POST['registerbtn']) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getconfirmpass = $_POST['confirmpass'];
if ($getuser) {
if ($getemail) {
if ($getpass) {
if ($getconfirmpass) {
if ($getpass === $getconfirmpass) {
if (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, ".")) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$password = md5 (md5("kjfiufj".$getpass."Fjf56fj"));
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$password', '$getemail', '0', '$code', '$date'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site = "http://localhost/PHP Projects/Member System";
$webmaster = "Askman <donotreply#askmanproducts.com>";
$headers = "From: $webmaster";
$subject = "Activate Your New Account!";
$message = "Thanks for regisntering. Click the link below to activate your account!\n";
$message .= "$site/activate?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";
if (mail($getemail, $subject, $message, $headers)){
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent.";
}
else
$errormsg = "An error has occured. Your account was not created.";
}
else
$errormsg = "There is already a user with that email.";
}
else
$errormsg = "There is already a user with that username.";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "Your passwords did not match.";
}
else
$errormsg = "You must confirm your password to register.";
}
else
$errormsg = "You must enter your password to register.";
}
else
$errormsg = "You must enter your email to register.";
}
else
$errormsg = "You must enter your username to register.";
}
$form = "<form action='./register' method='post'>
<table>
<tr>
<td</td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='confirmpass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
</body>
</html>
you have error on this line
if (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, ".")) {
it must be if ((strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
alse the source code in the browser will show you the html code not the php php is server side so it's code is inside the server and browser can not see the
php code
full code
<?php
error_reporting(E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member System - Register</title>
</head>
<body>
<?php
if ($_POST['registerbtn']) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getconfirmpass = $_POST['confirmpass'];
if ($getuser) {
if ($getemail) {
if ($getpass) {
if ($getconfirmpass) {
if ($getpass === $getconfirmpass) {
if ((strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))) {
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$password = md5 (md5("kjfiufj".$getpass."Fjf56fj"));
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$password', '$getemail', '0', '$code', '$date'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$site = "http://localhost/PHP Projects/Member System";
$webmaster = "Askman <donotreply#askmanproducts.com>";
$headers = "From: $webmaster";
$subject = "Activate Your New Account!";
$message = "Thanks for regisntering. Click the link below to activate your account!\n";
$message .= "$site/activate?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";
if (mail($getemail, $subject, $message, $headers)){
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occured. Your activation email was not sent.";
}
else
$errormsg = "An error has occured. Your account was not created.";
}
else
$errormsg = "There is already a user with that email.";
}
else
$errormsg = "There is already a user with that username.";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "Your passwords did not match.";
}
else
$errormsg = "You must confirm your password to register.";
}
else
$errormsg = "You must enter your password to register.";
}
else
$errormsg = "You must enter your email to register.";
}
else
$errormsg = "You must enter your username to register.";
}
$form = "<form action='./register' method='post'>
<table>
<tr>
<td</td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='confirmpass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
</body>
</html>
I have been trying to create a member log in page to link to my website. I have a number of nested If's within my PHP page however no matter what I try I receive the $errormsg from the first else statement.
The only way I have managed to change this is to add an additional empty else at the bottom of the code (before the table), when i click the reigisterbtn I either receive the first else result or a blank page displaying nothing.
Am I missing something really obvious?
<?php
error_reporting (E_ALL ^ E_NOTICE);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Register Page</title>
</head>
<body>
<?php
if ( $_POST ['registerbtn']) {
$getuser =$_post ['user'];
$getemail =$_post ['email'];
$getpass =$_post ['pass'];
$getretypepass =$_post ['retypepass'];
if($getuser){
if ($getemail){
if ($getpass){
if ($getretypepass){
if ($getpass === $getretypepass){
if ((strlen ($getemail) >=7 ) && (strstr ($getemail, "#")) && (strstr ($getemail, "."))) {
require ("./connect.php");
$query = mysql_query ("SELECT * FROM users WHERE username ='$getuser'");
$numrows = mysql_num_rows ($query);
if ($numrows == 0){
$query = mysql_query ("SELECT * FROM users WHERE email ='$getemail'");
$numrows = mysql_num_rows ($query);
if ($numrows == 0){
$password =md5 (md5 ("kjfiufj".$password."Fj56fj"));
$date("F d, Y");
$code = md5(rand ());
mysql_query ("INSERT INTO users VALUES (
'', '$getuser','$password','$getemail', '0', '$code', '$date')");
$query = mysql_query ("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows ($query);
if ($numrows == 1){
$site = "http://www.andyhoole.co.uk";
$webmaster = "AndyHoole <admin#andyhoole.co.uk>";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = " Thank you for registering :) . Clink the link below to activate your account.\n ";
$message .="$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account to log in.";
if ( mail($getemail,$subject, $message, $headers) ){
$errormsg = "You have been registered, you must activate your account form the activation link sent to <b> $getemail </b>";
$getuser = "";
$getemail = "";
}else
$errormsg = "An error has occured. Your activation email was not sent.";
}else
$errormsg = " An error has occured and your account has not been created. ";
}else
$errormsg = " This email address already exsists.";
}else
$errormsg = " This username already exsists.";
mysql_close();
}else
$errormsg = "You must enter a valid email address to register.";
}else
$errormsg = "Your passwords did not match.";
}else
$errormsg = "You must retype your password to register.";
}else
$errormsg = "You must enter your password to register.";
}else
$errormsg = "You must enter your email address to register.";
}else
$errormsg = "You must enter your User name to register.";
}
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
</body>
</html>
Thank you for looking :)
you also should use $_POST instead of $_post since php is case sensitive!
Hi again this is me nearly done with the gubbings of the site but im scratching my head to why this reset password page does not go through any of it procedures. Im sure it is again something minor but i cant see it, seems as though my reset button is not working at all but its the correct spelling when i call it and all the brackets as far as i can tell are correct. im sure the more i get used to these errors the more ill catch them myself. apologies for the dumb question.
Here's my code:
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
?>
<html>
<head>
<title> Member system : Forgot password</title>
</head>
<body>
<?php
if(!$username && !$userid) {
if($_POST['resetbtn']) {
//get form data
$user = $_POST['user'];
$email = $_POST['email'];
//make sure info provided
if($user) {
if($email) {
if((strlen($email) > 7) && (strstr($email, "#")) && (strstr($email, ".")) ) {
require("./connect.php");
$query = mysql_query("SELECT * FROM user WHERE username='$user'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
// info about account
$row = mysql_fetch_assoc($query);
$dbemail = $row['email'];
//make sure email is correct
if($email == $dbemail) {
// generate a password
$pass = rand();
$pass = md5($pass);
$pass = substr($pass, 0, 15);
$password = md5(md5("12345".$pass."54321"));
//update db with new pass
mysql_query("UPDATE user SET password='$password' WHERE username='$user'");
//make sure password was changed
$query = mysql_query("SELECT * FROM user WHERE username='$user' AND password='$password'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
//create our email variables
$webmaster = "mwilkins877#gmail.com";
$headers = "From: Mike<$webmaster>";
$subject = "Your new password";
$message = "Your password has been reset, your new password is below. \n";
$message .= "Password: $pass\n";
echo $pass."<br/>";
if(mail($email, $subject, $message, $headers)) {
echo "Your password has been reset an email has been sent with your new password";
}
else
echo "An error has occured and your email wasnt sent containing your new password";
}
else
echo "An error has occured and the password was not set";
}
else
echo "You have entered the wrong email address";
}
else
echo "The user name was not found";
mysql_close();
}
else "Please enter a valid email address";
}
else
echo "please enter your email";
}
else
echo "Please enter your user name";
}
else
echo"<from action='./forgotpass.php' method='post'>
<table>
<tr>
<td>User name</td>
<td><input type='text' name='user'/></td>
</tr>
<tr>
<td>email</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='resetbtn' value='Reset password'/> </td>
</tr>
</table>
</form>";
}
else
echo "Please log out to view this page";
?>
</body>
</html>
I would appreciate your help on this as its only just me learning for fun. Look forward to hearing back of some one hopefully. thanks in advance.
please correct the spelling of the form
echo"<from action='./forgotpass.php' method='post'>
to
echo"<form action='./forgotpass.php' method='post'>
Hope this will fix your issue
Just try this. Its working for me.
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
?>
<body>
<?php
if(!$username && !$userid) {
if($_POST['resetbtn']) {
//get form data
$user = $_POST['user'];
$email = $_POST['email'];
//make sure info provided
if($user) {
if($email) {
if((strlen($email) > 7) && (strstr($email, "#")) && (strstr($email, ".")) ) {
require("./connect.php");
$query = mysql_query("SELECT * FROM user WHERE username='$user'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
// info about account
$row = mysql_fetch_assoc($query);
$dbemail = $row['email'];
//make sure email is correct
if($email == $dbemail) {
// generate a password
$pass = rand();
$pass = md5($pass);
$pass = substr($pass, 0, 15);
$password = md5(md5("12345".$pass."54321"));
//update db with new pass
mysql_query("UPDATE user SET password='$password' WHERE username='$user'");
//make sure password was changed
$query = mysql_query("SELECT * FROM user WHERE username='$user' AND password='$password'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
//create our email variables
$webmaster = "mwilkins877#gmail.com";
$headers = "From: Mike<$webmaster>";
$subject = "Your new password";
$message = "Your password has been reset, your new password is below. \n";
$message .= "Password: $pass\n";
echo $pass."<br/>";
if(mail($email, $subject, $message, $headers)) {
echo "Your password has been reset an email has been sent with your new password";
}
else
echo "An error has occured and your email wasnt sent containing your new password";
}
else
echo "An error has occured and the password was not set";
}
else
echo "You have entered the wrong email address";
}
else
echo "The user name was not found";
mysql_close();
}
else "Please enter a valid email address";
}
else
echo "please enter your email";
}
else
echo "Please enter your user name";
}
else
echo"<form action='./forgotpass.php' method='post'>
<table>
<tr>
<td>User name</td>
<td><input type='text' name='user'/></td>
</tr>
<tr>
<td>email</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='resetbtn' value='Reset password'/> </td>
</tr>
</table>
</form>";
I've started writing a community-based website with a login (user / pass / avatar etc.). All of these variables are being stored on a sql server so I can access them for the login, etc.
I've looked all over google, and my code seems sound, and my email validation is sent. But none of the data uploads to my sql database, so no users can be created.
I've included the code for my website below, with the connect info taken out for security reasons. Why aren't I able to write data to my database? Any help would be appreciated.
register.php
<?php require('top.php'); ?>
<div id="full">
<?php
$form = " <form action='register.php' method='post'>
<table cellspacing='10px'>
<tr>
<td></td>
<td>Required Feilds <font color='red'>*</font></td>
</tr>
<tr>
<td>First Name:</td>
<td><input type='text' name='firstname' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type='text' name='lastname' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='repassword' class='textbox'><font color='red'>*</font></td>
</tr>
<tr>
<td>Avatar:</td>
<td><input type='file' name='avatar' > </td>
</tr>
<tr>
<td>Website Address:</td>
<td><input type='text' name='website' class='textbox'></td>
</tr>
<tr>
<td>YouTube Username:</td>
<td><input type='text' name='youtube' class='textbox'></td>
</tr>
<tr>
<td>Bio:</td>
<td><textarea name='bio' cols='35' rows='5' class='textbox'></textarea> </td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submitbtn' value='Register' class='button'></td>
</tr>
</table>
</form>";
if($_POST['submitbtn']) {
$firstname = strip_tags($_POST['firstname']);
$lastname = strip_tags($_POST['lastname']);
$username = strip_tags($_POST['username']);
$email = strip_tags($_POST['email']);
$password = strip_tags($_POST['password']);
$repassword = strip_tags($_POST['repassword']);
$website = strip_tags($_POST['website']);
$youtube = strip_tags($_POST['youtube']);
$bio = strip_tags($_POST['bio']);
$name = $_FILES['avatar']['name'];
$type = $_FILES['avatar']['type'];
$size = $_FILES['avatar']['size'];
$tmpname = $_FILES['avatar']['tmp_name'];
$ext = substr($name, strrpos($name, '.'));
if ($firstname && $lastname && $username && $email && $password && $repassword) {
if ($password == $repassword){
if ( strstr($email, "#") && strstr($email, ".") && strlen($email) >= 6) {
require('connect.php');
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email='$email'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$pass = md5(md5($password));
$date =date("F d, Y");
if ($name) {
move_uploaded_file($tmpname, "avatars/$username.$ext");
$avatar = "$username.$ext";
}
else
$avatar = "avatars/defavatar.png";
$code = substr(md5(rand (1111111111, 99999999999999999)), 2, 25);
mysql_query("INSERT INTO users VALUES ('','$firstname','$lastname,'$username','$email','$pass','$avatatar','$bio','$website','$youtube','','0','$code','0','$date')");
$webmaster = "email#email.com";
$subject = "Activate Your Account";
$headers = "From: a person <$webmaster>";
$message = "Hello $firstname. Welcome to awebsite.com Below is a link for you to activate your account.\n\n Click Here to Activate Your Account: http://awebsite.netii.net/activate.php?code=$code";
mail ($email, $subject, $message, $headers);
echo "Thank You for registering. To access your account please activate your account by folowing the link sent to <b>$email</b>. If you do not see the email in your inbox, check your junk mail as it may have been filtered. If you are expeiriencing any problems please contact the site administrator at <a href='mailto:email#email.com'>email#email.com</a>";
}
else
echo "That email is already taken. $form";
}
else
echo "That username is already taken. $form";
}
else
echo "You did not enter a valid email. $form";
}
else
echo "Your Passwords did not match. $form";
}
else
echo "You did not fill in all the required feilds. $form";
}
else
echo "$form";
?>
</div>
<?php require('bottom.php');?>
</div>
</body>
</html>
Activate.php
<?php $title = "Activate Your Account"; ?>
<?php require('top.php');?>
<div id="full">
<?php
$getcode =$_GET['code'];
$form = "<form action='activate.php' method='post'>
<table>
<tr>
<td>Activate Code:</td>
<td><input type='text' name='code' value='$getcode' size='30' </td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username' </td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' </td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submitbtn' value='Activate'</td>
</tr>
</table>
</form>";
if ($_POST['submitbtn']) {
$code = strip_tags($_POST['code']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
if ($code && $username && $password) {
if (strlen($code) == 25) {
$pass = md5(md5($password));
require('connect.php');
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$pass'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbcode = $row['code'];
if ($code == $dbcode) {
mysql_query("UPDATE users SET active='1' WHERE username='$username'");
echo "Your account has been activated. You may now login. Click<a href='login.php'>here</a> to login.";
}
else
echo"Your activation code was incorrect. $form";
}
else
echo "Your username or password are invalid. $form";
}
else
echo "You have not supplied a valid code. $form";
}
else
echo "You did not fill out the entire form. $form";
}
else
echo "$form";
?>
</div>
<?php require('bottom.php');?>
connect.php
<?php
$server = "";
$dbuser = "";
$dbpass = "";
$database = "";
mysql_connect($server, $dbuser, $dbpass) or die("Unable to connect to $server");
mysql_select_db($database) or die( "Unable to select $database" );
?>
There is typo mistake in your code.
First we have to check if submit request is set or not, so => if($_POST['submitbtn']) should be,
if( isset($_POST['submitbtn']) ) {
...
}
Make change in code and check.
EDIT
You can reformat your code. Check for all variables not empty, use mysql escape instead of strip tags and don't use any escapes on password, only hash(md5).
if (isset($_POST['submitbtn'])) {
$code = mysql_real_escape_string($_POST['code']);
$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$errors = array();
if (empty($code) || empty($username) || empty($password)) {
$errors[] = "You did not fill out the entire form." . $form;
} elseif(strlen($code) !== 25) {
$errors[] = "You have not supplied a valid code." . $form;
} else {
// further code...
}
} else {
echo $form;
}
In register.php, change:
<form action='register.php' method='post'>
To:
<form action='register.php' method='post' enctype="multipart/form-data">
This is required to upload files using <input type="file" ...>.
You should not use $pass = md5(md5($password)); - It is just way to easy to crack. Instead look into crypt() - http://php.net/crypt
As this is new code, please consider changing from mysql_* functions to mysqli_* or PDO as PHP is depreciating mysql_* and this will save you time later.
This registration form worked like a charm for months. I have changed nothing. Now, it gets through all the conditionals of duplicate name, email, and the password check, and then fails to INSERT mysql and returns the "An error has occurred. Your account was not created." I don't see why. Has syntax changed or what?
<div id="backdrop"></div>
<div id="register">
<img src="http://www.staketheclaim.com/wp-content/themes/retlehs-roots-c526a84/dropbox/2012/rotate/header<?php echo(rand(1,4)); ?>.png" style="margin-left: -25px;margin-top: -20px;" />
<div id="regi" style="width:400px;float: right;">
<?php
if ($username && $userid) {
echo "<div id='log-re' style='margin-left: 6px;width: 413px;'><h2>You must logout to register a new account. Not your Account?</h2>" . "<br /><br /><div id='cta'><a href='http://www.staketheclaim.com/logout/' class='button' style='padding-left: 36px;font-size: 24px;top: 2px;right: -160px;'>Logout Now</a></div></div>";
}
else {
if ($_POST['registerbtn']) {
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$password = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser) {
if(strpos($getuser, ' ') > 0 == false ){
if ($getemail) {
if ($password) {
if ($getretypepass) {
if ( $password === $getretypepass) {
if ( (strlen($getemail) >= 7) && (strstr($getemail, "#")) && (strstr($getemail, "."))){
require("base.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$password = md5(md5("ss3verds4g".$password."ss357rd5sg"));
$date = date("F d Y");
$code = md5(rand());
$bio = "Bio";
$location = "Location";
mysql_query("INSERT INTO users VALUES (
'','$getuser', '$password', '$getemail', '0', '$code', '$date', '$bio', '$location', '1'
)");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
$site = "http://www.staketheclaim.com";
$webmaster = "noreply <noreply#staketheclaim.com>";
$headers = "From: $webmaster";
$subject = "Activate Your Account";
$message = "Thanks for registering. Click the link below to activate your account.\n";
$message .= "$site/activate/?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";
if (mail($getemail, $subject, $message, $headers )) {
$errormsg = "You have been registered. You must activate your account from the activition link send to <b>$getemail</b>.";
$getuser = "";
$getemail = "";
}
else
else
$errormsg ="An error has occured. Your account was not created.";
}
else
$errormsg ="Their is already a user with that email.";
}
else
$errormsg ="Their is already a user with that username.";
mysql_close;
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "Your passwords did not match.";
} else
$errormsg = "You must retype you password to register.";
} else
$errormsg = "You must enter a password to register.";
} else
$errormsg = "You must enter you email to register.";
} else
$errormsg = "Your username cannot have any spaces.<br />";
} else
$errormsg = "You must enter a username to register.<br />";
} $form = "<form action='' method='post' style='margin-top:-20px;'>
<h2>Sign up for StakeTheClaimâ„¢.<br /> It's free!</h2>
<br />
<font color='red'>$errormsg</font>
<br />
<br />
Username:
<br />
<input type='text' name='user' value='$getuser' style='' />
<br />
<br />
Email:
<br />
<input type='text' name='email' value='$getemail' />
<br />
<br />
Password:
<br />
<input type='password' name='pass' value='' />
<br />
<br />
Re-Password:
<br />
<input type='password' name='retypepass' value='' />
<br />
<input type='submit' name='registerbtn' value='Register' />
</form>";
echo $form;
}
?></div></div>
It is possible this is a mysql data type issue (well, limit really). You say it fails on update but I'm only seeing an insert statement.
What are the column types on the table users where the insert is being run?
Basically, if you reach the limit of the column type, the insert will fail. This would be consistent with what you have said.
Edit: Also, PHP is depreciating mysql_* calls. Shift to either mysqli_* or another alternative like PDO. The shift to mysqli for this code would be easy, but then your code needs for a full review, it is full of issues. What version of PHP are you running?