I am trying to create simple user registration form. I have an index.html file and a register.php file. When I click the submit button it goes to the register.php page, but nothing happens. There's no error or anything. I have some echo statements in register.php but they also don't work.
This is the code for index.html:
<form action="register.php" method="post">
<table width="384" border="1" align="center">
<? echo '<tr><td colspan="2">'.$final_report.'</td></tr>';?>
<tr>
<td width="50%">Username:</td>
<td width="50%"><label>
<input name="username" type="text" id="username" size="30" />
</label></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password" id="password" value="" size="30" /></td>
</tr>
<tr>
<td>Email:</td>
<td><input name="email" type="text" id="email" size="30" /></td>
</tr>
<tr>
<td> </td>
<td><label>
<input name="register" type="submit" id="register" value="Register" />
</label></td>
</tr>
</table>
</form>
This is code for register.php:
<?
include_once"config.php";
if(isset($_POST['register'])){
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$memip = $_SERVER['REMOTE_ADDR'];
$date = date("d-m-Y");
if($username == NULL OR $password == NULL OR $email == NULL){
$final_report.= "Please complete the form below..";
}else{
if(strlen($username) <= 3 || strlen($username) >= 30){
$final_report.="Your username must be between 3 and 30 characters..";
}else{
$check_members = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'");
if(mysql_num_rows($check_members) != 0){
$final_report.="The username is already in use!";
}else{
if(strlen($password) <= 6 || strlen($password) >= 12){
$final_report.="Your password must be between 6 and 12 digits and characters..";
}else{
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
$final_report.="Your email address was not valid..";
}else{
$create_member = mysql_query("INSERT INTO `members` (`id`,`username`, `password`,`email`, `ip`, `date`)
VALUES('','$username','$password','$email','$memip','$date')");
$final_report.="Thank you for registering, you may login.";
}}}}}}
?>
Can anyone see the error?
include_once"config.php"
You seem to be missing a space. Either make it include_once "config.php" (notice the space in between) or include_once("config.php").
Also you set $final_report in register.php but I don't see where you are actually printing anything.
Edit: I see you are trying to print $final_report in index.php. This won't work as you expect unless you include the register.php code directly into index.html. Why don't you just have a single register.php file with both the registration script and the HTML code?
Related
I have made a crud project with file upload functionality. For that, each time a user registers in the page a folder with his/her unique id name should be created in the main folder which has been created originally.
If that user, after logging in, uploads the file, it should get stored in that folder which was automatically created when he had registered himself.
For this , I have two files; register.php (code for register functionality) and add.php (for uploading data and file):
Code(Register.php):
if(isset($_POST['submit'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$user = $_POST['username'];
$pass = $_POST['password'];
mkdir("C:/xampp/htdocs/crud/crud_html/'.$name.'/");
if ($user == "" || $pass == "" || $name == "" || $email == "") {
echo "All fields should be filled. Either one or many fields are empty.";
echo "<br/>";
echo "<a href='register.php'>Go back</a>";
} else {
mysqli_query($mysqli, "INSERT INTO login(name, email, username, password) VALUES('$name', '$email', '$user', md5('$pass'))")
or die("Could not execute the insert query.");
echo "Registration successfully";
echo "<br/>";
echo "<a href='login.php'>Login</a>";
if(!file_exists("C:/xampp/htdocs/crud/crud_html/images/'.$id'")){
//if the folder doesn't exist, create it
mkdir("C:/xampp/htdocs/crud/crud_html/images/'.$id'");
else{
continue;
}
}
} else {
?>
<p><font size="+2">Register</font></p>
<form name="form1" method="post" onsubmit="return validatename()" action="">
<table width="75%" border="0">
<tr>
<td width="10%">Full Name</td>
<td><input type="text" name="name" maxlength="20" id="t1" required></td>
</tr>
<tr>
<td><label for="email">Email</label></td>
<td><input type="email" name="email" required ></td>
</tr>
<tr>
<td>Username</td>
<td><input type="text" name="username" maxlength="10" id="t2" required></td>
</tr>
<tr>
<td><label for="psw">Password</label></td>
<td><input type="password" name="password" required id="psw" pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
But this code is not working.
What correction is needed?
I believe the main problem is you reference, in your move_uploaded_file() function a variable called $newd, but in your code above, it looks like you named it $uploads_dir. The below code, simplified from yours, works for me.
Register.php
if ($user == "" || $pass == "" || $name == "" || $email == "") {
echo "All fields should be filled. Either one or many fields are empty.";
echo "<br/>";
echo "<a href='register.php'>Go back</a>";
} else {
mysqli_query($mysqli, "INSERT INTO login(name, email, username, password) VALUES('$name', '$email', '$user', md5('$pass'))")
or die("Could not execute the insert query.");
echo "Registration successfully";
echo "<br/>";
echo "<a href='login.php'>Login</a>";
//check if the folder exists
if(!file_exists("C:/xampp/htdocs/crud/crud_html/images/'.$id'")){
//if the folder doesn't exist, create it
mkdir("C:/xampp/htdocs/crud/crud_html/images/'.$id'");
}
}
Add.php
<?php
//only run this if the form was submitted
if(isset($_POST['Submit'])) {
$pname = rand(1000,10000)."-".$_FILES["file"]["name"]; #file name with random number so that similar don't get replaced
//get the name of the uploaded file
$tname = $_FILES["file"]["tmp_name"];
//set your upload directory
$uploads_dir= __DIR__;
//move the uploaded file to the new directory
move_uploaded_file($tname, $uploads_dir.'/'.$pname);
}
?>
<!--form that will allow the user to upload a file-->
<form action="" method="POST" enctype="multipart/form-data">
<input type="file" name="file" />
<input type="submit" name="Submit" />
</form>
Now I understand how to reverse a string in PHP:
<?php
echo strrev("Hello world!"); // outputs "!dlrow olleH"
?>
However, I have searched high and low and cannot figure out how to do what I want to do. (This is for a class project fyi)
I need to check that the password is the exact reverse of the username. So the user may choose whatever they want, but their password must be the exact reverse in order for them to proceed and log into the page.
EX:
username: me
Password: em
I do not need to store this in a file, just hard code it into the PHP script and have it check to make sure the one text field is the reverse of the other.
In theory (and I'm really new to this), I was thinking I should do something like this:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
echo ($_POST['password'] === strrev($_POST['username'])) ? 'true' : 'false'; // check that password is reverse of username
?>
However, this is obviously not right (or I wouldn't be here). No matter what I put it, it is allowing the user to go on to the next page.
Full code:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
echo ($_POST['password'] === strrev($_POST['username'])) ? 'true' : 'false'; // check that password is reverse of username
?>
<html>
<head></head>
<body>
<form action="amanot.php" method="post">
<table>
<tr>
<td><label>Username: </label></td>
<td><input type="text" name="username" id="username"/></td>
</tr>
<tr>
<td><label>Password: </label></td>
<td><input type="password" name="password" id="password"/></td>
</tr>
<tr>
<td><label>Submit</label></td>
<td><input type="submit" name="submit" id="submit"/></td>
</tr>
</table>
</form>
</body>
</html>
Edit
I noticed you used my (original) answer in its entirety, but named it as an .html extension. That will not work.
Use two seperate files. One as .html for the form and the other as amanot.php for the action file.
My original answer had action="" instead of what you were using, plus there was a \ at the end of .../amanot.php\ in your file --- Try this now:
HTML form (form.html)
<html>
<head></head>
<body>
<form action="amanot.php" method="post">
<table>
<tr>
<td><label>Username: </label></td>
<td><input type="text" name="username" id="username"/></td>
</tr>
<tr>
<td><label>Password: </label></td>
<td><input type="password" name="password" id="password"/></td>
</tr>
<tr>
<td><label>Submit</label></td>
<td><input type="submit" name="submit" id="submit"/></td>
</tr>
</table>
</form>
</body>
</html>
PHP (amanot.php) as a seperate file, not inside the form itself, it will not work.
<?php
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($password == strrev($username)){
echo "match"; // replace with header("Location: valid.php"); exit;
}
else{
echo "sorry"; // replace with header("Location: invalid.php"); exit;
}
} // brace for if(isset($_POST['submit']))
?>
Original answer
This works:
<?php
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($password == strrev($username)){
echo "match"; // replace with header("Location: valid.php"); exit;
}
else{
echo "sorry"; // replace with header("Location: invalid.php"); exit;
}
} // brace for if(isset($_POST['submit']))
?>
<html>
<head></head>
<body>
<form action="" method="post">
<table>
<tr>
<td><label>Username: </label></td>
<td><input type="text" name="username" id="username"/></td>
</tr>
<tr>
<td><label>Password: </label></td>
<td><input type="password" name="password" id="password"/></td>
</tr>
<tr>
<td><label>Submit</label></td>
<td><input type="submit" name="submit" id="submit"/></td>
</tr>
</table>
</form>
</body>
</html>
That logic should be correct. If by 'next page' you mean the page that your PHP script is executing on, then that is the correct behavior.
If you would like to stop the current page from loading, try this instead.
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if($_POST['password'] !== strrev($_POST['username'])) {
header('Location: ' . $_SERVER['HTTP_REFERER']);
}
else {
echo 'Successful';
}
?>
This question already has answers here:
How can I get useful error messages in PHP?
(41 answers)
Closed 9 years ago.
I'm trying to create a sign up form. However whnever I click on the sign up button, the database does not get updated but just shows the blank signup.php page. Any ideas?
This is my php code
<?php
include("config.php");
//including config.php in our file
if (!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['lastname']) && !empty($_POST['email'])){
// Now checking user name and password is entered or not.
$first_name= mysql_real_escape_string($_POST[`firstname`]);
$last_name= mysql_real_escape_string($_POST['lastname']);
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
$mail = mysql_real_escape_string($_POST['email']);
$check = "SELECT * from users where username = '".$user."'";
$qry = mysql_query($check);
$num_rows = mysql_num_rows($qry);
if ($num_rows > 0) {
// Check if username exists or not.
echo "The username you have entered already exists. Please try another username. Thank you";
echo 'Try Again';
exit;
}
// Insert the new user into the database
$query = "INSERT INTO Users (`firstname`,`lastname`,`email`,`username`,`password`,`is_active`) VALUES ('".$first_name."','".$last_name."','".$username."','".$password."','".$mail."','1');";
mysql_query($query);
echo "Thank You for Registering with us. You will now be able to use all our facilities.";
echo 'Click Here to login you account.';
exit;
}
?>
This is my html form
<html>
<head>
<title>Registration Page | Simple login form</title>
</head>
<body>
<div id="containt" align="center">
<form action="signup.php" method="post" class="form-signup">
<div id="header"><h2 class="sansserif">Sign up</h2></div>
<table>
<tr>
<td>Select Your Firstname:</td>
<td> <input type="text" name="firstname" size="20" placeholder="First name"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Lastname:</td>
<td> <input type="text" name="lastname" size="20" placeholder="Last name"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Username:</td>
<td> <input type="text" name="username" size="20" placeholder="User name"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Password:</td>
<td><input type="password" name="password" size="20" placeholder="Password"><span class="required">*</span></td>
</tr>
<tr>
<td>Select Your Email:</td>
<td> <input type="text" name="email" size="20" placeholder="Email"><span class="required">*</span>
</td>
</tr>
<tr>
<td><input type="submit" value="Sign Up" class="btn btn-large btn-primary"></td>
</tr>
</table>
</form>
</div>
</body>
</html>
if(!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['lastname'])
&& !empty($_POST['email'])){
// Now checking user name and password is entered or not.
$first_name= mysql_real_escape_string($_POST[`firstname`]);
$last_name= mysql_real_escape_string($_POST['lastname']);
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
$mail = mysql_real_escape_string($_POST['email']);
$check = "SELECT * from users where username = '".$user."'";
You check if username='$user' but you didn't declared any variable with the name of '$user'.
You should write:
$check = "SELECT * from users where username = '".$username."'";
I am making a web with a login system which is working fine.
I have also made a page which one has to log in to view. It is also working fine and when a user logs in it also gives a welcome "username" message.
However for an unknown reason this session variable is not being stored to the other pages. The thing is that I used the same methods which I used for the page with login restrictions.
Below is my login page. (works fine).
<?php
session_start();
?>
<form id="login_form" method="post" action="">
<p>
<?php
if(isset($_POST["username"]) && isset($_POST["password"])){
$username = $_POST["username"];
$password = $_POST["password"];
if(strlen($username) < 4 || strlen($password) < 4){
echo "Username or Password are invalid.";
}else{
require("connect.php");
$login = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password' ") or die(mysql_error());
if(mysql_num_rows($login) == 0){
echo "Username or Password are incorrect!";
} else{
require("member.php");
$member_info = mysql_fetch_assoc($login);
setMember($member_info["id"]);
$_SESSION['user'] = "$username";
echo "Welcome ".$member_info["fname"]." ".$member_info["lname"]."<br />";
echo "Redirecting... Please wait.";
jumpTo("my_logs_testing.php",2);
}
//Free result & close connection.
mysql_free_result($login);
mysql_close($link);
}
}else{
}
?>
</p>
<table frame="box" bgcolor="" width="40%" border="0" cellpadding="6" align="center">
<tr>
<td colspan="2"><div align="center"><font color="#FFFFFF"><strong>Diving Advisor | Log In System</strong></font> </div> </tr>
<tr>
<td width="25%"><font color="#FFFFFF"><strong><label for="username2">Username:</label></strong></font></td>
<td width="75%" align="left"><input name="username" type="text" id="username" size="30" maxlength="20" /></td>
</tr>
<tr>
<td><font color="#FFFFFF"><label for="password"><strong>Password:</label></strong></font></td>
<td align="left"><input name="password" type="password" id="password" size="30" maxlength="20" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit_login" id="submit_login" value="Log In" /></td>
</tr>
</table>
</form>
This is the page with login restriction (works fine).
<?php
session_start();
$current_user = $_SESSION['user'];
require("member.php");
if( !isMember() ){
header("Location: login.php");
} else {
?>
<?php
if(mysql_connect('localhost', 'root','') && mysql_select_db('diving_advisor')){
echo "Welcome ".$current_user;
$errors = array();
if(isset($_POST['datepicker'],$_POST['location'],$_POST['description'])) {
cont.......................
And this is one of the the other pages which is not working (session variable seems to be lost! HERE IS THE PROBLEM!!!!
<?php
session_start();
$current_user = $_SESSION['user'];
require("member.php");
?>
Here is code from template.......................
Then the editable region....
<?php
echo $current_user;
?>
<p><strong>Heading 1</strong></p>
<p>This is the home page of the diving advisor application.
Lore......
echo $currentuser is printing nothing on the page. It is suppose to print the logged in user but for some reason it is not.
Please help cause i really do not know what is wrong!!
Tks in advance.
session_start();
Needs to be the first thing that is called on each page.
I have link change password in my home page..NOw i am telling you what i am doing...
First of all i creating a html form named edit_profile.php in which i have three textboxes old password,new password,confirm password.I have attcahed this page as a link to home page for changing password.
Next page i have designed named edit_profile1.php in which i am comaparing if new password and confirm passwords are equal or not
Then i making a query to search data with password = old password
But this page is not working.Now i am giving you the code both files and in last i will tell you what type error i am facing..
edit_profile.php
<?php
session_start();
?>
<html>
<body bgcolor="pink">
<table cellpadding="10" cellspacing="6" align="center" width="500">
<form name="form" action="edit_profile1.php" method="POST" >
<tr>
<td><b><i>Your Username</i></b></td>
<td><input type="text" name="username" id="username" size="30" maxlength="30" value="<?php echo $_SESSION['employee']['username']; ?>" disabled="disabled"></td>
</tr>
<tr>
<td><b><i>Old Password</i></b></td>
<td><input type="password" name="opassword" id="opassword" size="30" maxlength="30" value="" ></td>
</tr>
<tr>
<td><b><i>New Password</i></b></td>
<td><input type="password" name="npassword" id="npassword" size="30" maxlength="30" value="" ></td>
</tr>
<tr>
<td><b><i>Confirm Password</i></b></td>
<td><input type="password" name="cpassword" id="cpassword" size="30" maxlength="30" value="" ></td>
</tr>
<tr>
<td align="center" colspan="100"> <input type="submit" name="submit" value="Change Password"></td>
</tr>
</table>
</body>
</html>
Next Page
Next page is for edit_profile1.php
<?php
session_start();
if(isset($_POST['opassword']) && ($_POST['npassword']))
{
$con=mysql_connect("localhost","root","");
if(!$con)
{
die('Could Not Connect:'.mysql_error());
}
mysql_select_db("tcs",$con);
$a=$_POST['opassword']; //old password value
$b=$_POST['npassword']; //new password value
$c=$_POST['cpassword'];
if ($b==$c) //checking if both new passowrd and c.password are equal or not
{
$pwd=hash('sha1',$b); //new value is assigned to pwd variable
$usr=$_SESSION['employee']['username']; //this varaible have value of username
$query="select * from employee where Username='{$usr}' and Password='{$a}'";
$result=mysql_query($query,$con);
$count = mysql_num_rows($result);
if ($count == 1)
{
$sql="update employee set Password='$pwd'";
$deepak=mysql_query($sql,$con);
if($deepak)
{
echo "Updation Successfull";
}
else
{
echo "Updation Not Possible.Some Error is there";
}
}
else
{
echo "There is some problem in macthing the old password with database password";
}
}
else
{
echo "Both Passwords are Not equal";
}
}
else
{
echo 'Error! Passwords were not sent!';
}
?>
<html>
<body bgcolor="orange">
<h4 style="position: relative;">Home Page</h4>
</body>
</html>
Error:
Every time i try to execute my programe the error is
Thhere is some problem in macthing the old password with database password
Now i am not getting where i am falling wrong.In database i have only one user row.Plz tell me what is error
Shouldn't
$query="select * from employee where Username='{$usr}' and Password='{$c}'";
be
$a = hash('sha1', $a); // added after conversation in comments
$query="select * from employee where Username='{$usr}' and Password='{$a}'";
instead? ($a instead of $c..)
Your script seems vulnerable to mysql-injection!
Apply mysql_real_escape_string to every value you insert in your SQL-Query!
It may be possible that your comparison doesn't work because there are extra spaces in the values your retrieve from the form. Try:
$a=trim($_POST['opassword']); //old password value
$b=trim($_POST['npassword']); //new password value
$c=trim($_POST['cpassword']);
Also:
if(isset($_POST['opassword']) && ($_POST['npassword']))
will not work.
You have to use:
isset($_POST['opassword']) && isset($_POST['npassword'])