Page 1 of 1

Registration Form

Posted: Fri Apr 09, 2010 11:50 am
by Mister_Bob
If anyone could tell me where I am going wrong it would be appreciated. The form is working and going through to the database it just isnt telling me on registration.php what the error is if it fails ie. no username.

register.php

Code: Select all

<div id="content">
<?php
	if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
		echo '<ul class="err">';
		foreach($_SESSION['ERRMSG_ARR'] as $msg) {
			echo '<li>',$msg,'</li>'; 
		}
		echo '</ul>';
		unset($_SESSION['ERRMSG_ARR']);
	}
?>
<form id="Register" name="Register" method="post" action="register-exec.php">
  <table width="505" align="center" cellpadding="2" cellspacing="0">
      <td align="center" colspan="2"><img src="images/register.png" width="155" height="30" alt="Register"/>
</td>
      </tr>
             <tr>
      <td colspan="2">&nbsp;</td>
     </tr>
      <tr >
      <th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"  align="left" width="157">UserName </th>
      <td  border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"  width="338"><input name="username" type="text" class="textfield" id="username" size="25" maxlength="25" /></td>
    </tr>
       <tr>
      <td colspan="2">&nbsp;</td>
     </tr>
    <tr>
      <th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"  align="left">Password</th>
      <td border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"  ><input name="password" type="password" class="textfield" id="password" size="25" maxlength="100" /></td>
    </tr>
    <tr>
      <th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"   align="left">Confirm Password </th>
      <td border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"  ><input name="cpassword" type="password" class="textfield" id="cpassword" size="25" maxlength="100" /></td>
    </tr>
           <tr>
      <td colspan="2">&nbsp;</td>
     </tr>
        <tr>
      <th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"   align="left">Email </th>
      <td border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"  ><input name="email" type="text" class="textfield" id="email" size="25" maxlength="100" /></td>
    </tr>
            <tr>
      <th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"  align="left">Comfirm Email </th>
      <td border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"  ><input name="cemail" type="text" class="textfield" id="cemail" size="25" maxlength="188" /></td>
    </tr>
           <tr>
      <td colspan="2">&nbsp;</td>
     </tr>
    <tr>
    <th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left">Basic Membership </th>
    <th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left" >
        <input type="radio" name="basic" id="subscription" value="basic" checked/> &#163;1 p/m
    </td></tr>
    <tr>
    <tr>
    <th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left">Gold Membership </th>
    <th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left" >
    <input type="radio" name="gold" id="subscription" value="gold" unchecked/> &#163;2 p/m</td></tr>
    <tr>
      <th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"  align="left">Paypal Email </th>
      <td border="1" bordercolor="#FFCC00" bgcolor="#FFFF99"  ><input name="pemail" type="text" class="textfield" id="cemail" size="25" maxlength="188" /> Please ensure this is correct as payments will be sent here.</td>
    </tr>
    <tr>
      <td colspan="2"></td>
     </tr>
     <tr>
      <td colspan="2">&nbsp;</td>
     </tr>
      <td align="center" colspan="2"><input type="image" name="Submit" src="images/registerbtn.png" alt="Register" method="post" action="register-exec.php"/>
</td>
      </tr>
  </table>
</form>
</div>
register-exec.php

Code: Select all

<?php
	//Start session
	session_start();
	
	//Include database connection details
	require_once('dbconfig.php');
	
	//Array to store validation errors
	$errmsg_arr = array();
	
	//Validation error flag
	$errflag = false;
	
	//Connect to mysql server
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	}
	
	//Select database
	$db = mysql_select_db(DB_DATABASE);
	if(!$db) {
		die("Unable to select database");
	}
	
	//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
	
	//Sanitize the POST values
	$username = clean($_POST['username']);
	$password = clean($_POST['password']);
	$cpassword = clean($_POST['cpassword']);
	$email= clean($_POST['email']);
	$cemail = clean($_POST['cemail']);
	$pemail = clean($_POST['pemail']);
	$subscription = clean($_POST['subscription']);
	//Input Validations
	if($username == '') {
		$errmsg_arr[] = 'Username missing';
		$errflag = true;
	}
	if($password == '') {
		$errmsg_arr[] = 'Password missing';
		$errflag = true;
	}
	if($cpassword == '') {
		$errmsg_arr[] = 'Confirm password missing';
		$errflag = true;
	}
	if( strcmp($password, $cpassword) != 0 ) {
		$errmsg_arr[] = 'Passwords do not match';
		$errflag = true;
	}
		if($email == '') {
		$errmsg_arr[] = 'Email missing';
		$errflag = true;
	}
	if($cemail == '') {
		$errmsg_arr[] = 'Confirm email missing';
		$errflag = true;
	}
	if( strcmp($email, $cemail) != 0 ) {
		$errmsg_arr[] = 'Emails do not match';
		$errflag = true;
	}
	//Check for duplicate username
	if($username != '') {
		$qry = "SELECT * FROM Users WHERE username='$username'";
		$result = mysql_query($qry);
		if($result) {
			if(mysql_num_rows($result) > 0) {
				$errmsg_arr[] = 'Username already in use';
				$errflag = true;
			}
			@mysql_free_result($result);
		}
		else {
			die("Query failed");
		}
	}
	
	//Check for duplicate email
	if($email != '') {
		$qry = "SELECT * FROM Users WHERE email='$email'";
		$result = mysql_query($qry);
		if($result) {
			if(mysql_num_rows($result) > 0) {
				$errmsg_arr[] = 'Email already in use';
				$errflag = true;
			}
			@mysql_free_result($result);
		}
		else {
			die("Query failed");
		}
	}
	
	//If there are input validations, redirect back to the registration form
	if($errflag) {
		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
		session_write_close();
		header("location: register.php");
		exit();
	}

	//Create INSERT query
	$qry = "INSERT INTO Users(Username, PaypalEmail, Email, Subscription, Password) VALUES('$username','$pemail','$email','$subscription','".md5($_POST['password'])."')";
	$result = @mysql_query($qry);
	
	//Check whether the query was successful or not
	if($result) {
		header("location: register-success.php");
		exit();
	}else {
		die("Query failed");
	}
?>
Thank you in advance if anyone is able to help with this.

Bob

Re: Registration Form

Posted: Fri Apr 09, 2010 12:43 pm
by Mister_Bob
Ok ignore me I'm a crazy person :D I missed my session_start(); on top of my page :D FIN