Gaaah! Error codes and everything!
Posted: Mon Dec 18, 2006 3:46 pm
Everah | Please do not post actual database connection credentials.
I'm thinking it's cuz I'm drained (been learnin' this all day and such) but I can just not, for the life of me, figure out what's wrong with this.
For the most part I'm pretty sure it's okay security-wise, but now I tried to be professional here, with this whole "your password AND email are wrong" and I think I'm just effing it up somehow.
The first problem, is that when they typo their email, it will no matter what say that they typo'd their second password also. (as in, "you have typo'd your password AND your email is wrong")
The second is that no matter what, in this code:
Even if they have the same double email, it will still tell them their NAME is already in use. 
What can you guys do for me?! (also if you happen to notice any other errors, I'm open)
I'm thinking it's cuz I'm drained (been learnin' this all day and such) but I can just not, for the life of me, figure out what's wrong with this.
Code: Select all
<?php
$con = mysql_connect("localhost","****","****");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
define('username',$_POST['username']);
define('password',$_POST['password']);
define('cpassword',$_POST['cpassword']);
define('email',$_POST['email']);
//Checking for typo's and stuff now.
$findat = strpos(email, "@");
$finddot = strpos(email, ".");
//Now Check Email Is ---Entered---.
//$findat & $finddot Are Defined Earlier.
if ((username == "") || (password == "") || (cpassword == "") || (email == "")) {
die("You must fill out all fields! Go back and fix it.";
}
//(If Pass1 Is Unequal To Pass 2) And (If "@" Not Found Or "." Not Found)
if ((password!=cpassword) && ($findat == false) || ($finddot == false))
{
echo "The passwords you entered do not match, and your email was incorrect. Go back and fix it!";
}
//Check Passwords Are Equal.
elseif ((password!=cpassword)) {
echo "The passwords you entered do not match!";
echo 'Go back and fix it!';
}
//Now Check Email Is ---Valid---.
elseif ((($findat == false) || ($finddot == false)) && ($mail != "")) {
echo "The email you entered is invalid!";
echo 'Go back and fix it!';
}
mysql_select_db("burnttoa_monbre", $con);
//To prevent people from having two of the same name.
$query = mysql_query("SELECT name FROM user");
$usernamecheck = @mysql_fetch_array($query);
if (($usernamecheck = $usernamecheck['name']) && !($usernamecheck['name'] = "")) {
die("Sorry, that name's already in use! You'll have to pick another.");
}
//To prevent people from having two of the same email.
$querytwo = mysql_query("SELECT email FROM user");
$emailcheck = @mysql_fetch_array($querytwo);
if (($emailcheck = $emailcheck['email']) && !($emailcheck['email'] = "")) {
die("Sorry, that email's already in use! You'll have to pick another.");
}
mysql_query("INSERT INTO user (ID, name, pword, email, money, ranch, barn, happy, tlevel, verified)
VALUES ('', '".username."', '".password."', '".email."', '3000', '1', '1', '70', '1', 'no')")
or die(mysql_error());
mysql_query("INSERT INTO items (userbagID)
VALUES ('')")
or die(mysql_error());
if (($findat == true) && ($finddot == true))
{
echo "Welcome to Monbre, ".username."! Soon you will get an email that requires your email adress to be verified before actually allowing acess to the game.";
}
?>The first problem, is that when they typo their email, it will no matter what say that they typo'd their second password also. (as in, "you have typo'd your password AND your email is wrong")
The second is that no matter what, in this code:
Code: Select all
//To prevent people from having two of the same name.
$query = mysql_query("SELECT name FROM user");
$usernamecheck = @mysql_fetch_array($query);
if (($usernamecheck = $usernamecheck['name']) && !($usernamecheck['name'] = "")) {
die("Sorry, that name's already in use! You'll have to pick another.");
}
//To prevent people from having two of the same email.
$querytwo = mysql_query("SELECT email FROM user");
$emailcheck = @mysql_fetch_array($querytwo);
if (($emailcheck = $emailcheck['email']) && !($emailcheck['email'] = "")) {
die("Sorry, that email's already in use! You'll have to pick another.");
}What can you guys do for me?! (also if you happen to notice any other errors, I'm open)