Page 1 of 1

Send Registration Error

Posted: Wed Jan 05, 2011 6:36 pm
by brmcdani44
I have a registration form that calls verify.php which is what I will post the code for. For some reason the code is only executing to the point where I check rather or not the email has been registered. If I enter an email that has been registered it redirects me like it is supposed to to suspectedregistered.php

I am sure the error is somewhere with my if statements. I dont know if I need an if else or else if. Please take a look at my code for me and let me know where I am going wrong. Thanks!

Code: Select all

<?php
if (!$_POST[email]){
echo "You forgot to enter an email address, hit the back button and try again</br>";
exit();
}

if (!$_POST[password]){
echo "You forgot to enter a password, hit the back button and try again</br>";
exit();
}

if (!$_POST[repassword]){
echo "Please enter a password confirmation, hit the back button and try again</br>";
exit();
}

if ($_POST[password] != $_POST[repassword]){
echo "Passwords do not match, hit the back button and try again</br>";
exit();
}

$sql2=mysql_query("Select * from users WHERE email='$email'");
$verifynotregistered = mysql_num_rows($sql2) or die(mysql_error());

if ($verifynotregistered > 0)
{
header('Location: suspectedregistered.php');
exit();
}

if ($_POST['form_submitted'] == '1') {
##User is registering, insert data until we can activate it
$activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();
$firstname = mysql_real_escape_string($_POST[firstname]);
$lastname = mysql_real_escape_string($_POST[lastname]);
$username = mysql_real_escape_string($_POST[username]);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST[email]);
$sql="INSERT INTO users (firstname,lastname,username, password, email, activationkey, status) VALUES ('$firstname', '$lastname', '$username', '$password', '$email', '$activationKey', 'verify')";



else if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }

echo "An email has been sent to $_POST[email] with an activation key. Please check your mail to complete registration.";
##Send activation Email
$to      = $_POST[email];
$subject = " BassNation.com Registration";
$message = "Welcome to our website!\r\rYou, or someone using your email address, has completed registration at BassNation.com. You can complete registration by clicking the following link:\rhttp://www.BassNation.us/TournamentApp/admin/verify.php?$activationKey\r\rIf this is an error, ignore this email and you will be removed from our mailing list.\r\rRegards,\ BassNation.com Team";

$headers = 'From: noreply@BassNation.com' . "\r\n" .
    'Reply-To: noreply@BassNation.com' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
}

else {
##User isn't registering, check verify code and change activation code to null, status to activated on success
$queryString = $_SERVER['QUERY_STRING'];
$query = "SELECT * FROM users";
$result = mysql_query($query) or die(mysql_error());
  while($row = mysql_fetch_array($result)){
    if ($queryString == $row["activationkey"]){
       echo "Congratulations! " . $row["username"] . " you may now login by <a href=\"http://www.BassNation.us/EastTexas/TournamentApp/admin/login.php\">CLICKING HERE</a> \r to start posting tournaments.";
       $sql="UPDATE users SET activationkey = '', status='activated' WHERE (id = $row[id])";
       if (!mysql_query($sql))
  {
        die('Error: ' . mysql_error());
  }
    }
  }
}
?>

Re: Send Registration Error

Posted: Wed Jan 05, 2011 8:53 pm
by spedula
$sql="INSERT INTO users (firstname,lastname,username, password, email, activationkey, status) VALUES ('$firstname', '$lastname', '$username', '$password', '$email', '$activationKey', 'verify')";
Is just a variable holding the query. Not an actual mysql_query().

You did this a few times in your script. Check over it and make sure all your $query and $sql are actual queries and not just strings.

:D

Re: Send Registration Error

Posted: Wed Jan 05, 2011 8:55 pm
by spedula
Just to clarify. The code should look like this:

Code: Select all

$sql="INSERT INTO users (firstname,lastname,username, password, email, activationkey, status) VALUES ('$firstname', '$lastname', '$username', '$password', '$email', '$activationKey', 'verify')";

$query = mysql_query($sql);
Quick count. You have 3 places where you need to fix this.

Re: Send Registration Error

Posted: Fri Jan 07, 2011 11:53 am
by social_experiment
You forget the single quotations marks on all of your $_POST variables (except for $_POST['password']). What happens if you use var_dump() on $firstname, $lastname, $username, $email (and $password) ?

Code: Select all

<?php
$firstname = mysql_real_escape_string($_POST[firstname]);
$lastname = mysql_real_escape_string($_POST[lastname]);
$username = mysql_real_escape_string($_POST[username]);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST[email]);
?>
brmcdani44 wrote:I am sure the error is somewhere with my if statements.
The problem isn't the statements but more the logic you apply when using them. When checking if an email address exists your code should follow this type of logic :

Code: Select all

PSEUDO_CODE
-----------------
$rows = mysql_num_rows($yourQuery);
if $rows > 1 
 do something
else $rows = 0
 do something else