Review and help with problem plz

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Review and help with problem plz

Post by John Cartwright »

Okay I just wipped together this registration/login script I'm building for my site..

I usually just slop it on together then re-write it once I have it all figured out with security and efficiency in mind.

My problem is right at the beginning where it checks to see if Logout has been clicked and then it redirects them back to the homepage after 4 seconds. It redirects them ok but it does not get rid of all the other $_GET. Therefor, it keeps the same page.. reloading itself.

Anyone know how to get rid of it?

heres what i got so far

Code: Select all

<?php
<? session_start(); 
include("config.php");
mysql_select_db("users");

echo "<link href='inc/css.css' rel='stylesheet' type='text/css'>";

$user      = $_POST["user"];
$pass      = $_POST["pass"];
$email     = $_POST["email"];
$firstname = $_POST["firstname"];
$lastname  = $_POST["lastname"];

if (isset($_GET["logout"]))
	{
	session_unset();
	echo "You have been succesfully logged out and are being redirected to the main page in a few moments.";
	echo "<meta http-equiv='refresh' content='4' url='index.php?home'>";
  	}

if ((isset($_SESSION["loggedin"])) && (!isset($_GET["logout"])))
	{
	echo "Error: You cannot log in or register while logged in as ".$_SESSION["user"];
	echo " - Click <a href='?user&logout'>here</a> to logout.";
	}
	elseif (isset($_GET["register"]))
	{
    $missing = array(); 
	if (isset($_POST['Submit']))
		{  
  		if(!empty($_POST)) 
			{ 
			$required = array('user','pass','pass2','email','email2');  
			} 
			foreach($required as $req)
				{ 
      			if(empty($_POST[$req]))
					{ 
        			$missing[] = $req; 
        			$error += 1; 
      				}		
     			}		 
		
		if ($_POST['email'] != $_POST['email2'])
			{
				$errormessage .= '&middot; Your emails do not match, please go back and enter identical emails.<br>';
				$error += 1;
			}	
		if ($_POST['pass'] != $_POST['pass2'])
			{
				$errormessage .= '&middot; Your passwords do not match, please go back and enter identical passwords.<br>';
				$error += 1;
			}
		if (strlen($_POST['pass']) < 6 && (isset($_POST['pass']))){
				$errormessage .= '&middot; Your password is too short, please enter a password of 6 or more characters.<br>';
				$error += 1;
			}
		    }
			
		if (($error==0) && (isset($_POST["Submit"])))
			{ 	
			$result = @mysql_query("SELECT * FROM users WHERE user='$user'") or die('Error performing query: '. mysql_error());
			
			if  (mysql_num_rows($result) > 0) 
				{
				echo "<font color='#660000'>Sorry, ".$_POST["user"]." already exists in our database. Please <a href='javascript:void' onclick='history.go(-1); return false;'>click here</a> to go back and choose another username.";
				}
				else
				{
				echo "Thank you for registering! You will receive an email with your user/pass for futur reference.
				     <br> You can now login <a href='?user&login'>here</a>";
					 
			  	@mysql_query("INSERT INTO users SET user='$user',pass='$pass',datejoined='$datejoined',email='$email',firstname='$firstname',lastname='$lastname'"); 
				
				}		
			
			}else{
		
?>

    <strong>Why Register?</strong><br><br>
	Because it's fast, easy, and gives you access to all the tutorials, forums, 
	and your own user panel for purchasing webspace or web design projects. When logged in you will be able to write reviews 
    and vote on tutorials and items at the portfolio section. <br>
	<br>A valid email must be entered to use our password recovery.
<? 
   if (isset($error))
		{
   	   	echo "<br><br><font color='#660000'>&middot; Please fill in the required fields</font>";
		echo "<br><font color='#660000'>".$errormessage."</font>";
		}
		
		
   $register = "set";
   include_once("forms.php");   

}
}elseif (isset($_GET["login"]))
	{
	if (isset($_POST["Submit"]))
		{	
		$result = @mysql_query("SELECT * FROM users WHERE user='$user' AND pass='$pass'") or die('Error performing query: '. mysql_error());	
		if (mysql_num_rows($result) > 0 )
			{
			$_SESSION["loggedin"] = "set";
			$_SESSION["user"] = $_POST["user"];
			echo "You have succesfully logged in";
			}
			else
			{
			echo "Invalid username and/or password";
			}
		}
	
	$login = "set";
	include("forms.php");
	
	}
	
	
	
	 ?>

?>
If anyone has a few minutes and wants to throw some ideas to my script plz do so... any feedback is most welcome.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'm assuming $_POST['Submit'] is supposed to be the submit button.. in which case, you probably shouldn't try to detect it, as hitting "enter" while inside a text field will submit the form without the button (most often)
Post Reply