problem with register_globals
Posted: Wed Oct 30, 2002 2:42 am
below is a simple registration script. after having registered it should show the user the details by which he/she has registered. unfortunately it will not work, again probably due to an error i have made with my superglobals. my register_globals are off. where i initiate the form (<INPUT TYPE="HIDDEN" NAME="action" VALUE="register">) i have the feeling that on submit it is not passing the value "register". this would then be the reason why it will not submit the provided details and go to page where the user can check its details. does anyone have an idea how i could repair this.
kind regards
hans
<?php
//register.php
include "./common_db_adv2.inc";
$link_id = db_connect();
mysql_select_db("sample_db");
$country_array = enum_options('usercountry', $link_id);
mysql_close($link_id);
function in_use($userid) {
global $user_tablename;
$query = "SELECT userid FROM $user_tablename WHERE userid = '$userid'";
$result = mysql_query($query);
if(!mysql_num_rows($result)) return 0;
else return 1;
}
function register_form() {
global $country_array;
$userid = $_GET['userid'];
$username = $_GET['username'];
$userpassword = $_GET['userpassword'];
$userpassword2 = $_GET['userpassword2'];
$usercountry = $_GET['usercountry'];
$useremail = $_GET['useremail'];
$userprofile = $_GET['userprofile'];
$PHP_SELF = $_SERVER['PHP_SELF'];
?>
<CENTER><H3>Create your account!</H3></CENTER>
<FORM METHOD="POST" ACTION="<?php echo $PHP_SELF ?>">
<INPUT TYPE="HIDDEN" NAME="action" VALUE="register">
<DIV ALIGN="CENTER"><CENTER><TABLE BORDER="1" WIDTH="90%">
<TR>
<TH WIDTH="30%" NOWRAP>Desired ID</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="userid"
VALUE="<?php echo $userid ?>"
SIZE="8" MAXLENGTH="8"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Desired Password</TH>
<TD WIDTH="70%"><INPUT TYPE="PASSWORD"
NAME="userpassword" SIZE="15"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Retype Password</TH>
<TD WIDTH="70%"><INPUT TYPE="PASSWORD"
NAME="userpassword2" SIZE="15"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Full Name</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="username"
VALUE="<?php echo $username ?>" SIZE="20"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Country</TH>
<TD WIDTH="70%"><SELECT NAME="usercountry" SIZE="1">
<?php
for($i=0; $i < count($country_array); $i++) {
if(!isset($usercountry) && $i == 0) {
echo "<OPTION SELECTED VALUE=\"". $country_array[$i] .
"\">" . $country_array[$i] . "</OPTION>\n";
}
else if($usercountry == $country_array[$i]) {
echo "<OPTION SELECTED VALUE=\"". $country_array[$i] . "\">" .
$country_array[$i] . "</OPTION>\n";
}
else {
echo "<OPTION VALUE=\"". $country_array[$i] . "\">" .
$country_array[$i] . "</OPTION>\n";
}
}
?>
</SELECT></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Email</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="useremail" SIZE="20"
VALUE="<?php echo $useremail ?>"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Profile</TH>
<TD WIDTH="70%"><TEXTAREA ROWS="5" COLS="40"
NAME="userprofile"></TEXTAREA></TD>
</TR>
<TR>
<TH WIDTH="30%" COLSPAN="2" NOWRAP>
<INPUT TYPE="SUBMIT" VALUE="Submit">
<INPUT TYPE="RESET" VALUE="Reset"></TH>
</TR>
</TABLE>
</CENTER></DIV>
</FORM>
<?php
}
function create_account() {
$userid = $_GET['userid'];
$username = $_GET['username'];
$userpassword = $_GET['userpassword'];
$userpassword2 = $_GET['userpassword2'];
$usercountry = $_GET['usercountry'];
$useremail = $_GET['useremail'];
$userprofile = $_GET['userprofile'];
global $default_dbname, $user_tablename;
if(empty($userid)) error_message("Enter your desired ID!");
if(empty($userpassword)) error_message("Enter your desired password!");
if(strlen($userpassword) < 4 ) error_message("Password too short!");
if(empty($userpassword2))
error_message("Retype your password for verification!");
if(empty($username)) error_message("Enter your full name!");
if(empty($useremail)) error_message("Enter your email address!");
if(empty($userprofile)) $userprofile = "No Comment.";
if($userpassword != $userpassword2)
error_message("Your desired password and retyped password mismatch!");
$link_id = db_connect($default_dbname);
if(in_use($userid))
error_message("$userid is in use. Please choose a different ID.");
$query = "INSERT INTO user VALUES(NULL, '$userid',
password('$userpassword'), '$username',
'$usercountry', '$useremail',
'$userprofile', curdate(), NULL)";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
$usernumber = mysql_insert_id($link_id);
html_header();
?>
<CENTER><H3>
<?php echo $username ?>, thank you for registering with us!
</H3></CENTER>
<DIV ALIGN="CENTER"><CENTER><TABLE BORDER="1" WIDTH="90%">
<TR>
<TH WIDTH="30%" NOWRAP>User Number</TH>
<TD WIDTH="70%"><?php echo $usernumber ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Desired ID</TH>
<TD WIDTH="70%"><?php echo $userid ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Desired Password</TH>
<TD WIDTH="70%"><?php echo $userpassword ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Full Name</TH>
<TD WIDTH="70%"><?php echo $username ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Country</TH>
<TD WIDTH="70%"><?php echo $usercountry ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Email</TH>
<TD WIDTH="70%"><?php echo $useremail ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Profile</TH>
<TD WIDTH="70%"><?php echo htmlspecialchars($userprofile) ?></TD>
</TR>
</TABLE>
</CENTER></DIV>
<?php
html_footer();
}
if (!empty($_GET['action'])) {
switch ($_GET['action']) {
case 'register':
create_account();
break;
default:
html_header();
register_form();
html_footer();
break;
}
} else {
html_header();
register_form();
html_footer();
}
?>
kind regards
hans
<?php
//register.php
include "./common_db_adv2.inc";
$link_id = db_connect();
mysql_select_db("sample_db");
$country_array = enum_options('usercountry', $link_id);
mysql_close($link_id);
function in_use($userid) {
global $user_tablename;
$query = "SELECT userid FROM $user_tablename WHERE userid = '$userid'";
$result = mysql_query($query);
if(!mysql_num_rows($result)) return 0;
else return 1;
}
function register_form() {
global $country_array;
$userid = $_GET['userid'];
$username = $_GET['username'];
$userpassword = $_GET['userpassword'];
$userpassword2 = $_GET['userpassword2'];
$usercountry = $_GET['usercountry'];
$useremail = $_GET['useremail'];
$userprofile = $_GET['userprofile'];
$PHP_SELF = $_SERVER['PHP_SELF'];
?>
<CENTER><H3>Create your account!</H3></CENTER>
<FORM METHOD="POST" ACTION="<?php echo $PHP_SELF ?>">
<INPUT TYPE="HIDDEN" NAME="action" VALUE="register">
<DIV ALIGN="CENTER"><CENTER><TABLE BORDER="1" WIDTH="90%">
<TR>
<TH WIDTH="30%" NOWRAP>Desired ID</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="userid"
VALUE="<?php echo $userid ?>"
SIZE="8" MAXLENGTH="8"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Desired Password</TH>
<TD WIDTH="70%"><INPUT TYPE="PASSWORD"
NAME="userpassword" SIZE="15"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Retype Password</TH>
<TD WIDTH="70%"><INPUT TYPE="PASSWORD"
NAME="userpassword2" SIZE="15"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Full Name</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="username"
VALUE="<?php echo $username ?>" SIZE="20"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Country</TH>
<TD WIDTH="70%"><SELECT NAME="usercountry" SIZE="1">
<?php
for($i=0; $i < count($country_array); $i++) {
if(!isset($usercountry) && $i == 0) {
echo "<OPTION SELECTED VALUE=\"". $country_array[$i] .
"\">" . $country_array[$i] . "</OPTION>\n";
}
else if($usercountry == $country_array[$i]) {
echo "<OPTION SELECTED VALUE=\"". $country_array[$i] . "\">" .
$country_array[$i] . "</OPTION>\n";
}
else {
echo "<OPTION VALUE=\"". $country_array[$i] . "\">" .
$country_array[$i] . "</OPTION>\n";
}
}
?>
</SELECT></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Email</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="useremail" SIZE="20"
VALUE="<?php echo $useremail ?>"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Profile</TH>
<TD WIDTH="70%"><TEXTAREA ROWS="5" COLS="40"
NAME="userprofile"></TEXTAREA></TD>
</TR>
<TR>
<TH WIDTH="30%" COLSPAN="2" NOWRAP>
<INPUT TYPE="SUBMIT" VALUE="Submit">
<INPUT TYPE="RESET" VALUE="Reset"></TH>
</TR>
</TABLE>
</CENTER></DIV>
</FORM>
<?php
}
function create_account() {
$userid = $_GET['userid'];
$username = $_GET['username'];
$userpassword = $_GET['userpassword'];
$userpassword2 = $_GET['userpassword2'];
$usercountry = $_GET['usercountry'];
$useremail = $_GET['useremail'];
$userprofile = $_GET['userprofile'];
global $default_dbname, $user_tablename;
if(empty($userid)) error_message("Enter your desired ID!");
if(empty($userpassword)) error_message("Enter your desired password!");
if(strlen($userpassword) < 4 ) error_message("Password too short!");
if(empty($userpassword2))
error_message("Retype your password for verification!");
if(empty($username)) error_message("Enter your full name!");
if(empty($useremail)) error_message("Enter your email address!");
if(empty($userprofile)) $userprofile = "No Comment.";
if($userpassword != $userpassword2)
error_message("Your desired password and retyped password mismatch!");
$link_id = db_connect($default_dbname);
if(in_use($userid))
error_message("$userid is in use. Please choose a different ID.");
$query = "INSERT INTO user VALUES(NULL, '$userid',
password('$userpassword'), '$username',
'$usercountry', '$useremail',
'$userprofile', curdate(), NULL)";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
$usernumber = mysql_insert_id($link_id);
html_header();
?>
<CENTER><H3>
<?php echo $username ?>, thank you for registering with us!
</H3></CENTER>
<DIV ALIGN="CENTER"><CENTER><TABLE BORDER="1" WIDTH="90%">
<TR>
<TH WIDTH="30%" NOWRAP>User Number</TH>
<TD WIDTH="70%"><?php echo $usernumber ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Desired ID</TH>
<TD WIDTH="70%"><?php echo $userid ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Desired Password</TH>
<TD WIDTH="70%"><?php echo $userpassword ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Full Name</TH>
<TD WIDTH="70%"><?php echo $username ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Country</TH>
<TD WIDTH="70%"><?php echo $usercountry ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Email</TH>
<TD WIDTH="70%"><?php echo $useremail ?></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Profile</TH>
<TD WIDTH="70%"><?php echo htmlspecialchars($userprofile) ?></TD>
</TR>
</TABLE>
</CENTER></DIV>
<?php
html_footer();
}
if (!empty($_GET['action'])) {
switch ($_GET['action']) {
case 'register':
create_account();
break;
default:
html_header();
register_form();
html_footer();
break;
}
} else {
html_header();
register_form();
html_footer();
}
?>