Page 1 of 1

Review and help with problem plz

Posted: Sun Jun 06, 2004 10:54 pm
by John Cartwright
Okay I just wipped together this registration/login script I'm building for my site..

I usually just slop it on together then re-write it once I have it all figured out with security and efficiency in mind.

My problem is right at the beginning where it checks to see if Logout has been clicked and then it redirects them back to the homepage after 4 seconds. It redirects them ok but it does not get rid of all the other $_GET. Therefor, it keeps the same page.. reloading itself.

Anyone know how to get rid of it?

heres what i got so far

Code: Select all

<?php
<? session_start(); 
include("config.php");
mysql_select_db("users");

echo "<link href='inc/css.css' rel='stylesheet' type='text/css'>";

$user      = $_POST["user"];
$pass      = $_POST["pass"];
$email     = $_POST["email"];
$firstname = $_POST["firstname"];
$lastname  = $_POST["lastname"];

if (isset($_GET["logout"]))
	{
	session_unset();
	echo "You have been succesfully logged out and are being redirected to the main page in a few moments.";
	echo "<meta http-equiv='refresh' content='4' url='index.php?home'>";
  	}

if ((isset($_SESSION["loggedin"])) && (!isset($_GET["logout"])))
	{
	echo "Error: You cannot log in or register while logged in as ".$_SESSION["user"];
	echo " - Click <a href='?user&logout'>here</a> to logout.";
	}
	elseif (isset($_GET["register"]))
	{
    $missing = array(); 
	if (isset($_POST['Submit']))
		{  
  		if(!empty($_POST)) 
			{ 
			$required = array('user','pass','pass2','email','email2');  
			} 
			foreach($required as $req)
				{ 
      			if(empty($_POST[$req]))
					{ 
        			$missing[] = $req; 
        			$error += 1; 
      				}		
     			}		 
		
		if ($_POST['email'] != $_POST['email2'])
			{
				$errormessage .= '&middot; Your emails do not match, please go back and enter identical emails.<br>';
				$error += 1;
			}	
		if ($_POST['pass'] != $_POST['pass2'])
			{
				$errormessage .= '&middot; Your passwords do not match, please go back and enter identical passwords.<br>';
				$error += 1;
			}
		if (strlen($_POST['pass']) < 6 && (isset($_POST['pass']))){
				$errormessage .= '&middot; Your password is too short, please enter a password of 6 or more characters.<br>';
				$error += 1;
			}
		    }
			
		if (($error==0) && (isset($_POST["Submit"])))
			{ 	
			$result = @mysql_query("SELECT * FROM users WHERE user='$user'") or die('Error performing query: '. mysql_error());
			
			if  (mysql_num_rows($result) > 0) 
				{
				echo "<font color='#660000'>Sorry, ".$_POST["user"]." already exists in our database. Please <a href='javascript:void' onclick='history.go(-1); return false;'>click here</a> to go back and choose another username.";
				}
				else
				{
				echo "Thank you for registering! You will receive an email with your user/pass for futur reference.
				     <br> You can now login <a href='?user&login'>here</a>";
					 
			  	@mysql_query("INSERT INTO users SET user='$user',pass='$pass',datejoined='$datejoined',email='$email',firstname='$firstname',lastname='$lastname'"); 
				
				}		
			
			}else{
		
?>

    <strong>Why Register?</strong><br><br>
	Because it's fast, easy, and gives you access to all the tutorials, forums, 
	and your own user panel for purchasing webspace or web design projects. When logged in you will be able to write reviews 
    and vote on tutorials and items at the portfolio section. <br>
	<br>A valid email must be entered to use our password recovery.
<? 
   if (isset($error))
		{
   	   	echo "<br><br><font color='#660000'>&middot; Please fill in the required fields</font>";
		echo "<br><font color='#660000'>".$errormessage."</font>";
		}
		
		
   $register = "set";
   include_once("forms.php");   

}
}elseif (isset($_GET["login"]))
	{
	if (isset($_POST["Submit"]))
		{	
		$result = @mysql_query("SELECT * FROM users WHERE user='$user' AND pass='$pass'") or die('Error performing query: '. mysql_error());	
		if (mysql_num_rows($result) > 0 )
			{
			$_SESSION["loggedin"] = "set";
			$_SESSION["user"] = $_POST["user"];
			echo "You have succesfully logged in";
			}
			else
			{
			echo "Invalid username and/or password";
			}
		}
	
	$login = "set";
	include("forms.php");
	
	}
	
	
	
	 ?>

?>
If anyone has a few minutes and wants to throw some ideas to my script plz do so... any feedback is most welcome.

Posted: Mon Jun 07, 2004 1:35 am
by feyd
I'm assuming $_POST['Submit'] is supposed to be the submit button.. in which case, you probably shouldn't try to detect it, as hitting "enter" while inside a text field will submit the form without the button (most often)