problem with register_globals

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
gecko
Forum Commoner
Posts: 34
Joined: Thu Oct 24, 2002 3:45 am

problem with register_globals

Post by gecko »

below is a simple registration script. after having registered it should show the user the details by which he/she has registered. unfortunately it will not work, again probably due to an error i have made with my superglobals. my register_globals are off. where i initiate the form (<INPUT TYPE="HIDDEN" NAME="action" VALUE="register">) i have the feeling that on submit it is not passing the value "register". this would then be the reason why it will not submit the provided details and go to page where the user can check its details. does anyone have an idea how i could repair this.

kind regards

hans

<?php
//register.php
include "./common_db_adv2.inc";

$link_id = db_connect();
mysql_select_db("sample_db");
$country_array = enum_options('usercountry', $link_id);
mysql_close($link_id);

function in_use($userid) {
global $user_tablename;

$query = "SELECT userid FROM $user_tablename WHERE userid = '$userid'";
$result = mysql_query($query);
if(!mysql_num_rows($result)) return 0;
else return 1;
}

function register_form() {
global $country_array;
$userid = $_GET['userid'];
$username = $_GET['username'];
$userpassword = $_GET['userpassword'];
$userpassword2 = $_GET['userpassword2'];
$usercountry = $_GET['usercountry'];
$useremail = $_GET['useremail'];
$userprofile = $_GET['userprofile'];
$PHP_SELF = $_SERVER['PHP_SELF'];
?>
<CENTER><H3>Create your account!</H3></CENTER>
<FORM METHOD="POST" ACTION="<?php echo $PHP_SELF ?>">
<INPUT TYPE="HIDDEN" NAME="action" VALUE="register">
<DIV ALIGN="CENTER"><CENTER><TABLE BORDER="1" WIDTH="90%">
<TR>
<TH WIDTH="30%" NOWRAP>Desired ID</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="userid"
VALUE="<?php echo $userid ?>"
SIZE="8" MAXLENGTH="8"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Desired Password</TH>
<TD WIDTH="70%"><INPUT TYPE="PASSWORD"
NAME="userpassword" SIZE="15"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Retype Password</TH>
<TD WIDTH="70%"><INPUT TYPE="PASSWORD"
NAME="userpassword2" SIZE="15"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Full Name</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="username"
VALUE="<?php echo $username ?>" SIZE="20"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Country</TH>
<TD WIDTH="70%"><SELECT NAME="usercountry" SIZE="1">
<?php
for($i=0; $i < count($country_array); $i++) {
if(!isset($usercountry) && $i == 0) {
echo "<OPTION SELECTED VALUE=\"". $country_array[$i] .
"\">" . $country_array[$i] . "</OPTION>\n";
}
else if($usercountry == $country_array[$i]) {
echo "<OPTION SELECTED VALUE=\"". $country_array[$i] . "\">" .
$country_array[$i] . "</OPTION>\n";
}
else {
echo "<OPTION VALUE=\"". $country_array[$i] . "\">" .
$country_array[$i] . "</OPTION>\n";
}
}
?>
</SELECT></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Email</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="useremail" SIZE="20"
VALUE="<?php echo $useremail ?>"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Profile</TH>
<TD WIDTH="70%"><TEXTAREA ROWS="5" COLS="40"
NAME="userprofile"></TEXTAREA></TD>
</TR>
<TR>
<TH WIDTH="30%" COLSPAN="2" NOWRAP>
<INPUT TYPE="SUBMIT" VALUE="Submit">
<INPUT TYPE="RESET" VALUE="Reset"></TH>
</TR>
</TABLE>
</CENTER></DIV>
</FORM>
<?php
}

function create_account() {
$userid = $_GET['userid'];
$username = $_GET['username'];
$userpassword = $_GET['userpassword'];
$userpassword2 = $_GET['userpassword2'];
$usercountry = $_GET['usercountry'];
$useremail = $_GET['useremail'];
$userprofile = $_GET['userprofile'];

global $default_dbname, $user_tablename;
if(empty($userid)) error_message("Enter your desired ID!");
if(empty($userpassword)) error_message("Enter your desired password!");
if(strlen($userpassword) < 4 ) error_message("Password too short!");
if(empty($userpassword2))
error_message("Retype your password for verification!");
if(empty($username)) error_message("Enter your full name!");
if(empty($useremail)) error_message("Enter your email address!");
if(empty($userprofile)) $userprofile = "No Comment.";

if($userpassword != $userpassword2)
error_message("Your desired password and retyped password mismatch!");

$link_id = db_connect($default_dbname);

if(in_use($userid))
error_message("$userid is in use. Please choose a different ID.");
$query = "INSERT INTO user VALUES(NULL, '$userid',
password('$userpassword'), '$username',
'$usercountry', '$useremail',
'$userprofile', curdate(), NULL)";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
$usernumber = mysql_insert_id($link_id);
html_header();
?>
<CENTER><H3>
<?php echo $username ?>, thank you for registering with us!
</H3></CENTER>

<DIV ALIGN="CENTER"><CENTER><TABLE BORDER="1" WIDTH="90%">
<TR>
<TH WIDTH="30%" NOWRAP>User Number</TH>
<TD WIDTH="70%"><?php echo $usernumber ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Desired ID</TH>
<TD WIDTH="70%"><?php echo $userid ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Desired Password</TH>
<TD WIDTH="70%"><?php echo $userpassword ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Full Name</TH>
<TD WIDTH="70%"><?php echo $username ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Country</TH>
<TD WIDTH="70%"><?php echo $usercountry ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Email</TH>
<TD WIDTH="70%"><?php echo $useremail ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Profile</TH>
<TD WIDTH="70%"><?php echo htmlspecialchars($userprofile) ?></TD>
</TR>
</TABLE>
</CENTER></DIV>
<?php
html_footer();
}

if (!empty($_GET['action'])) {
switch ($_GET['action']) {
case 'register':
create_account();
break;
default:
html_header();
register_form();
html_footer();
break;
}
} else {
html_header();
register_form();
html_footer();
}
?>
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

That's a lot of code but from a cursory glance it appears that although you are using method="post" you are trying to access the variables from the $_GET array, you should change this to $_POST instead and have a read of this:
viewtopic.php?t=511

Mac
gecko
Forum Commoner
Posts: 34
Joined: Thu Oct 24, 2002 3:45 am

register_globals

Post by gecko »

shame on me. i should really have seen this myself. i am very sorry for waisting your time like that. thanks for waking me up.

regards

hans
Post Reply