Registration Form
Posted: Fri Apr 09, 2010 11:50 am
If anyone could tell me where I am going wrong it would be appreciated. The form is working and going through to the database it just isnt telling me on registration.php what the error is if it fails ie. no username.
register.php
register-exec.php
Thank you in advance if anyone is able to help with this.
Bob
register.php
Code: Select all
<div id="content">
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
<form id="Register" name="Register" method="post" action="register-exec.php">
<table width="505" align="center" cellpadding="2" cellspacing="0">
<td align="center" colspan="2"><img src="images/register.png" width="155" height="30" alt="Register"/>
</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr >
<th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left" width="157">UserName </th>
<td border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" width="338"><input name="username" type="text" class="textfield" id="username" size="25" maxlength="25" /></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left">Password</th>
<td border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" ><input name="password" type="password" class="textfield" id="password" size="25" maxlength="100" /></td>
</tr>
<tr>
<th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left">Confirm Password </th>
<td border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" ><input name="cpassword" type="password" class="textfield" id="cpassword" size="25" maxlength="100" /></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left">Email </th>
<td border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" ><input name="email" type="text" class="textfield" id="email" size="25" maxlength="100" /></td>
</tr>
<tr>
<th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left">Comfirm Email </th>
<td border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" ><input name="cemail" type="text" class="textfield" id="cemail" size="25" maxlength="188" /></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left">Basic Membership </th>
<th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left" >
<input type="radio" name="basic" id="subscription" value="basic" checked/> £1 p/m
</td></tr>
<tr>
<tr>
<th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left">Gold Membership </th>
<th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left" >
<input type="radio" name="gold" id="subscription" value="gold" unchecked/> £2 p/m</td></tr>
<tr>
<th border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" align="left">Paypal Email </th>
<td border="1" bordercolor="#FFCC00" bgcolor="#FFFF99" ><input name="pemail" type="text" class="textfield" id="cemail" size="25" maxlength="188" /> Please ensure this is correct as payments will be sent here.</td>
</tr>
<tr>
<td colspan="2"></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<td align="center" colspan="2"><input type="image" name="Submit" src="images/registerbtn.png" alt="Register" method="post" action="register-exec.php"/>
</td>
</tr>
</table>
</form>
</div>Code: Select all
<?php
//Start session
session_start();
//Include database connection details
require_once('dbconfig.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$cpassword = clean($_POST['cpassword']);
$email= clean($_POST['email']);
$cemail = clean($_POST['cemail']);
$pemail = clean($_POST['pemail']);
$subscription = clean($_POST['subscription']);
//Input Validations
if($username == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
if($email == '') {
$errmsg_arr[] = 'Email missing';
$errflag = true;
}
if($cemail == '') {
$errmsg_arr[] = 'Confirm email missing';
$errflag = true;
}
if( strcmp($email, $cemail) != 0 ) {
$errmsg_arr[] = 'Emails do not match';
$errflag = true;
}
//Check for duplicate username
if($username != '') {
$qry = "SELECT * FROM Users WHERE username='$username'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Username already in use';
$errflag = true;
}
@mysql_free_result($result);
}
else {
die("Query failed");
}
}
//Check for duplicate email
if($email != '') {
$qry = "SELECT * FROM Users WHERE email='$email'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Email already in use';
$errflag = true;
}
@mysql_free_result($result);
}
else {
die("Query failed");
}
}
//If there are input validations, redirect back to the registration form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: register.php");
exit();
}
//Create INSERT query
$qry = "INSERT INTO Users(Username, PaypalEmail, Email, Subscription, Password) VALUES('$username','$pemail','$email','$subscription','".md5($_POST['password'])."')";
$result = @mysql_query($qry);
//Check whether the query was successful or not
if($result) {
header("location: register-success.php");
exit();
}else {
die("Query failed");
}
?>Bob