Naughty code, shouldn't be doing this???
Posted: Mon Nov 25, 2002 3:58 pm
Hey,
Ok below is the sign up script for my site, now I have a problem. I am validating email addresses so that I don't get any addresses without @ in them. Thing is, even though I tell it to output an error message, it still inputs the information into the database. Can you guys spot anything wrong?
Cheers,
Chris
Ok below is the sign up script for my site, now I have a problem. I am validating email addresses so that I don't get any addresses without @ in them. Thing is, even though I tell it to output an error message, it still inputs the information into the database. Can you guys spot anything wrong?
Code: Select all
<?php
#open session#
session_save_path('/home/mydir/data');
session_start();
if ($access_name=="") {
$title = "Hello, you are not logged in. Please click <a href="login.php">here</a> to log in. To sign up click
<a href=signup.php>here</a>.";
}else{
$title = "Hello $access_name, please click <a href=/members/welcome.php>here</a> to visit the members section.";
}
$form_complete="";
if ($formsubmit==1) {$formsubmit="";$sucess="";
#db connection#
include("access/data.inc.php");
mysql_connect ($SQLhost, $SQLuser, $SQLpass);
mysql_select_db ($SQLdb);
#null error report.#
$error="";
if ( ($firstname=="") || ($lastname=="") || ($addressline1=="") || ($city=="") || ($postcode=="") || ($telephonenumber=="") || ($email=="") )
{
$error_field=1;
$error.="Please ensure that you have entered all information requested by the signup form.";
}else{
#Check email address validity#
if(!ereg("^ї_a-zA-Z0-9-]+(.ї_a-zA-Z0-9-]+)*@(їa-zA-Z0-9-]+.)+(їa-zA-z]{2,3})$",$email)) {
$error .= "Your email address is not valid, please try again.<br>\n";
}else{
}
#search for id#
$res_access = mysql_query ("SELECT id, userid, registered, password FROM users where userid='$id'");
$num_access = mysql_num_rows ($res_access);
#duplicates found#
if ($num_access>1)
{
$error .= "Duplicates found, please contast the webmaster about this problem.<br>\n";
#no user found#
}else if ($num_access==0)
{
$error .= "ID wasn't found in our database.<br>\n";
}else{
#insert user into database#
$registered = mysql_result ($res_access,0,"registered");
$password = mysql_result ($res_access,0,"password");
if ($registered=="0")
{
$name = $firstname." ".$lastname;
$address = $addressline1.", ".$addressline2.", ".$city.", ".$county.", ".$postcode;
$telephonenumber;
$email;
$name = strtolower ($name);
$name = ucwords ($name);
$postcode = strtoupper ($postcode);
$postcode = ucwords ($postcode);
$address = strtoupper ($address);
$address = ucwords ($address);
$address = str_replace (", , ",", ",$address);
$telephonenumber = str_replace (" ", "", $telephonenumber);
$telephonenumber = str_replace ("-", "", $telephonenumber);
$telephonenumber = trim ($telephonenumber);
#update db#
@mysql_query ("update users set name='$name', address='$address', telephone='$telephonenumber', email='$email', registered='1' WHERE userid='$id' ");
$error .= "New user registration completed. You have been emailed your password.<br>\n";
#send email with password#
$From = 'Registration <chris@yduk.net>';
$headers .= "From: $From\r\n";
$subject = "Your details...";
$message = "Dear $name,\n\nThank you for registering!\n\nBelow are your login details needed to access the website. We advise you to keep these details in a secure place.\n\nID: $id \nPassword: $password";
mail($email, $subject, $message, $headers);
//mail($contactemail, $subject, $message, $headers);
header("Location: success.php?Name=$name&Email=$email");
$sucess=1;
}else{
#user already registered#
$error .= "This ID has already been registered.<br>\n";
}
}
}
$form_complete="1";
}
?>Chris