Send Registration Error

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
brmcdani44
Forum Commoner
Posts: 26
Joined: Fri Oct 08, 2010 3:52 pm

Send Registration Error

Post by brmcdani44 »

I have a registration form that calls verify.php which is what I will post the code for. For some reason the code is only executing to the point where I check rather or not the email has been registered. If I enter an email that has been registered it redirects me like it is supposed to to suspectedregistered.php

I am sure the error is somewhere with my if statements. I dont know if I need an if else or else if. Please take a look at my code for me and let me know where I am going wrong. Thanks!

Code: Select all

<?php
if (!$_POST[email]){
echo "You forgot to enter an email address, hit the back button and try again</br>";
exit();
}

if (!$_POST[password]){
echo "You forgot to enter a password, hit the back button and try again</br>";
exit();
}

if (!$_POST[repassword]){
echo "Please enter a password confirmation, hit the back button and try again</br>";
exit();
}

if ($_POST[password] != $_POST[repassword]){
echo "Passwords do not match, hit the back button and try again</br>";
exit();
}

$sql2=mysql_query("Select * from users WHERE email='$email'");
$verifynotregistered = mysql_num_rows($sql2) or die(mysql_error());

if ($verifynotregistered > 0)
{
header('Location: suspectedregistered.php');
exit();
}

if ($_POST['form_submitted'] == '1') {
##User is registering, insert data until we can activate it
$activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();
$firstname = mysql_real_escape_string($_POST[firstname]);
$lastname = mysql_real_escape_string($_POST[lastname]);
$username = mysql_real_escape_string($_POST[username]);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST[email]);
$sql="INSERT INTO users (firstname,lastname,username, password, email, activationkey, status) VALUES ('$firstname', '$lastname', '$username', '$password', '$email', '$activationKey', 'verify')";



else if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }

echo "An email has been sent to $_POST[email] with an activation key. Please check your mail to complete registration.";
##Send activation Email
$to      = $_POST[email];
$subject = " BassNation.com Registration";
$message = "Welcome to our website!\r\rYou, or someone using your email address, has completed registration at BassNation.com. You can complete registration by clicking the following link:\rhttp://www.BassNation.us/TournamentApp/admin/verify.php?$activationKey\r\rIf this is an error, ignore this email and you will be removed from our mailing list.\r\rRegards,\ BassNation.com Team";

$headers = 'From: noreply@BassNation.com' . "\r\n" .
    'Reply-To: noreply@BassNation.com' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
}

else {
##User isn't registering, check verify code and change activation code to null, status to activated on success
$queryString = $_SERVER['QUERY_STRING'];
$query = "SELECT * FROM users";
$result = mysql_query($query) or die(mysql_error());
  while($row = mysql_fetch_array($result)){
    if ($queryString == $row["activationkey"]){
       echo "Congratulations! " . $row["username"] . " you may now login by <a href=\"http://www.BassNation.us/EastTexas/TournamentApp/admin/login.php\">CLICKING HERE</a> \r to start posting tournaments.";
       $sql="UPDATE users SET activationkey = '', status='activated' WHERE (id = $row[id])";
       if (!mysql_query($sql))
  {
        die('Error: ' . mysql_error());
  }
    }
  }
}
?>
User avatar
spedula
Forum Commoner
Posts: 81
Joined: Mon Mar 29, 2010 5:24 pm

Re: Send Registration Error

Post by spedula »

$sql="INSERT INTO users (firstname,lastname,username, password, email, activationkey, status) VALUES ('$firstname', '$lastname', '$username', '$password', '$email', '$activationKey', 'verify')";
Is just a variable holding the query. Not an actual mysql_query().

You did this a few times in your script. Check over it and make sure all your $query and $sql are actual queries and not just strings.

:D
User avatar
spedula
Forum Commoner
Posts: 81
Joined: Mon Mar 29, 2010 5:24 pm

Re: Send Registration Error

Post by spedula »

Just to clarify. The code should look like this:

Code: Select all

$sql="INSERT INTO users (firstname,lastname,username, password, email, activationkey, status) VALUES ('$firstname', '$lastname', '$username', '$password', '$email', '$activationKey', 'verify')";

$query = mysql_query($sql);
Quick count. You have 3 places where you need to fix this.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Send Registration Error

Post by social_experiment »

You forget the single quotations marks on all of your $_POST variables (except for $_POST['password']). What happens if you use var_dump() on $firstname, $lastname, $username, $email (and $password) ?

Code: Select all

<?php
$firstname = mysql_real_escape_string($_POST[firstname]);
$lastname = mysql_real_escape_string($_POST[lastname]);
$username = mysql_real_escape_string($_POST[username]);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST[email]);
?>
brmcdani44 wrote:I am sure the error is somewhere with my if statements.
The problem isn't the statements but more the logic you apply when using them. When checking if an email address exists your code should follow this type of logic :

Code: Select all

PSEUDO_CODE
-----------------
$rows = mysql_num_rows($yourQuery);
if $rows > 1 
 do something
else $rows = 0
 do something else
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply