Page 1 of 1
Trouble with registration code
Posted: Mon Apr 26, 2010 6:17 pm
by tkfrench
Ok, i'm extremely new to PHP and would like to ask for some help. I'm trying to create a registraton formfor a website that will be password protected. This is what i have;
This is register-exec.php
Code: Select all
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$cname = clean($_POST['cname']);
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$cpassword = clean($_POST['cpassword']);
//Input Validations
if($cname == '') {
$errmsg_arr[] = 'Company name missing';
$errflag = true;
}
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
//If there are input validations, redirect back to the registration form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: register-form.php");
exit();
}
//Check for duplicate login ID
if($login != '') {
$qry = "SELECT * FROM members WHERE login='$login'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Login ID already in use';
$errflag = true;
}
@mysql_free_result($result);
}
else {
die("Query failed");
}
> //Create INSERT query
<?php Syntax: [ Download ] [ Show ]
$qry = "INSERT INTO members (company name, login, password) VALUES('$cname','$login','".md5($password)."')";
$result = @mysql_query($qry);
//Check whether the query was successful or not
if($result) {
header("location: login-form.php");
exit();
}else {
<?php die(mysql_error());
}
?>
I'm getting the "Query failed" error at the very end. I'm not sure why it is making it to the end and failing on me. Thanks in advance for any help.
Re: Trouble with registration code
Posted: Mon Apr 26, 2010 6:54 pm
by social_experiment
You have 2 places in your code where you call the
die() function. Both with the message 'Query failed'. This means your query could be stopping at either one. Replace them with
then paste the error you are receiving. Also, you should use 'mysql_real_escape_string()' when you write data to your database because you are risking SQL Injection otherwise.
Code: Select all
<?php $qry = "INSERT INTO members (company name, login, password) VALUES('$cname','$login','".mysql_real_escape_string(md5($_POST['password']))."')"; ?>
From looking at the query, im guessing the 'company name' will be the problem, change it to
company_name and see what happens. Also change the name in your table otherwise you will have the same problem.
Re: Trouble with registration code
Posted: Mon Apr 26, 2010 7:06 pm
by tkfrench
Alright, great. That seemed to have helped get me past there. Now the page is going to
http://www.englishlaundrylicensees.com/ ... r-exec.php instead of straight to the login page wher i thought i had it directed. Is there something wrong with the form code. Here is the code:
This is the register-form.php
Code: Select all
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Form</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
<form id="loginForm" name="loginForm" method="post" action="register-exec.php">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th>Company Name</th>
<td><input name="cname" type="text" class="textfield" id="cname" /></td>
</tr>
<tr>
<th width="124">Login</th>
<td width="168"><input name="login" type="text" class="textfield" id="login" /></td>
</tr>
<tr>
<th>Password</th>
<td><input name="password" type="password" class="textfield" id="password" /></td>
</tr>
<tr>
<th>Confirm Password </th>
<td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Register" /></td>
</tr>
</table>
</form>
</body>
</html>
Or in the register-exec code do i have it pointed to the wrong place?
Re: Trouble with registration code
Posted: Mon Apr 26, 2010 7:14 pm
by social_experiment
That seems to be code to a login form

Re: Trouble with registration code
Posted: Mon Apr 26, 2010 7:22 pm
by tkfrench
hmmmm...i didn't know there was a difference. I thought i was asking them to register there names in my MySQL database, and then they could use the login page whenever they wanted to log in. Is this not right? Told you i was new!
Re: Trouble with registration code
Posted: Mon Apr 26, 2010 7:31 pm
by social_experiment
tkfrench wrote:hmmmm...i didn't know there was a difference. I thought i was asking them to register there names in my MySQL database, and then they could use the login page whenever they wanted to log in. Is this not right? Told you i was new!
Their details are written to a MySQL database.
tkfrench wrote:Or in the register-exec code do i have it pointed to the wrong place?
It's possible that the problem is there. Please paste the code of that page.
Re: Trouble with registration code
Posted: Mon Apr 26, 2010 8:28 pm
by tkfrench
It's the code i place in the first post. That you initially help me fix.
Re: Trouble with registration code
Posted: Tue Apr 27, 2010 12:55 pm
by tkfrench
So i tried a couple of things and it still isn't working. When i click register the on the page it directs me too the register-exec.php which it is supposed to reading and then executing to send me to the login page. I'm not sure what is going on.
Re: Trouble with registration code
Posted: Tue Apr 27, 2010 2:03 pm
by a94060
tkfrench wrote:So i tried a couple of things and it still isn't working. When i click register the on the page it directs me too the register-exec.php which it is supposed to reading and then executing to send me to the login page. I'm not sure what is going on.
Would you be able to edit the first post and put the names of the pages right before the code? Also, I am not understanding what you mean by it should be redirecting to register-exec.php. The only pages I know of are register-success.php and register-form.php You may want to make the program echo a number everytime it passes a stage. Then you will know how far it has reached in your program, and can help you pin point your error.
Side note:
Code: Select all
$qry = "INSERT INTO members (company name, login, password) VALUES('$cname','$login','".md5($_POST['password'])."')";
should be
Code: Select all
$qry = "INSERT INTO members (company name, login, password) VALUES('$cname','$login','".md5($password)."')";
because otherwise you are just taking the uncleaned password. (clean one is stored in $password,unclean one is in $_POST['password'])
Re: Trouble with registration code
Posted: Tue Apr 27, 2010 3:10 pm
by tkfrench
I labeled the two different codes. One in the first post the other in the third. Here is the link to the registration form. When you fill it out and click register it doesn't go where i intended it to. I'm trying to get it to go to the login-form.php and instead it isgoing to the register-exec.php. Thanks for the help.
http://www.englishlaundrylicensees.com/ ... r-form.php
Re: Trouble with registration code
Posted: Tue Apr 27, 2010 4:03 pm
by a94060
Check in your Registration form page. Your line:
Code: Select all
<form id="loginForm" name="loginForm" method="post" action="register-exec.php">
should read
Code: Select all
<form id="loginForm" name="loginForm" method="post" action="login-form.php">
If I am understanding what you are trying to do,that should be what you want. The logic im seeing is: register-form.php->register-exec.php . If this is the logic, then I think that change may be what you are looking for. If its not correct,post up again
On a side note:
http://www.englishlaundrylicensees.com/ad_photos.html the picture are broken. First rule of web design (by me) NO spaces ever in any locations,urls,database names,queries,etc. use the _ instead
Re: Trouble with registration code
Posted: Tue Apr 27, 2010 4:21 pm
by tkfrench
That does seem to send it to the right page but i don't think the registration-exec.php form is being utilized if you do that. I want someone to be able to go to the register-form.php page fill it out and if it validates the information then send it to the login-form.php. So, they can then login on the password protected website these pages will link to. I need the members able on the MySQL to store there registration information. Which is what i am trying to do with the register-exec.php. I may have some of this confused on how it works.
Re: Trouble with registration code
Posted: Tue Apr 27, 2010 6:42 pm
by a94060
Why dont you just have it do everything in one page? Have the user type the stuff on the page you had setup ( I saw it already) and have it post to another page. Use the second page to do all of the validation (check if the user is valid,query the database,etc,etc) and if all is fine, redirect them to the page you want to. If you plan to use this method, you may want to read up on sessions,which would be a great way to make sure the user doesn't lose access from page to page.