Page 1 of 1

Registration problem

Posted: Sat May 10, 2008 4:51 pm
by S A N T A
i am trying to create a registration page for a blog but i have a problem with this code:

Code: Select all

<?php
 
session_start();
 
require("config.php");
 
$db = mysql_connect($dbhost, $dbuser);
mysql_select_db($dbdatabase, $db);
 
if($_POST['submit']) {
   if($_POST['password'] == $_POST['password2']) {
      $checksql = "SELECT * FROM user WHERE username = '" . $_POST['username'] . "';";
      $checkresult = mysql_query($checksql)or die(mysql_error());
      $checknumrows = mysql_num_rows($checkresult);
 
if($checknumrows == 1) {
   header("Location: " . $config_basedir . "reg.php?error=taken");
   }
   
else {
   
      for($i = 0; $i < 16; $i++) {
         $randomstring .= chr(mt_rand(32,126));
         }
         
         
         $verifystring = urlencode($randomstring);
         $validusername = $_POST['username'];
         
         $sql = "INSERT INTO user(username, password, name, lastname) VALUES('" . $_POST['username'] . "', '" . $_POST['password'] . "' '" . $_POST['name'] . "' '" . $_POST['lastname'] . "' '" . addslashes($randomstring) . "', 0);";
         $query = mysql_query($sql)or die(mysql_error());
         require("header.php");
         }
         if(!$query) {
            header("Location: " . $config_basedir . "reg.php?error=pass");
         }
         if(!empty($_GET['error'])){
         
            require("header.php");
            
            switch($_GET['error']) {
            case "pass":
               echo "Passwords do not match!";
               break;
            case "taken":
               echo "Username taken, please use another.";
            break;
               case "no":
                  echo "Incorect login details!";
               break;
               
            }
        
            
         
?>
<h2>Register</h2>
To register on <?php echo $config_blogname; ?>, fill out the form below.
<form action="<?php echo $SCRIPT_NAME ?>" method="POST">
<table>
<tr>
   <td>Username</td>
   <td><input type="text" name="username"></td>
</tr>
<tr>
   <td>Password</td>
   <td><input type="password" name="password"></td>
</tr>
<tr>
   <td>Re-type Password</td>
   <td><input type="password" name="password2"></td>
</tr>
<tr>
   <td>First Name</td>
   <td><input type="text" name="name"></td>
</tr>
<tr>
   <td>Last Name</td>
   <td><input type="text" name="lastname"></td>
</tr>
<tr>
   <td></td>
   <td><input type="submit" value="Register!"></td>
</tr>
</table>
</form>
<?php
}
}
}
 
 
require("footer.php");
 
?>
 
the problem is that it is suppose to display the form to register but it doesn't display i have tried for soo long

thanks in advance

Re: Registration problem

Posted: Sat May 10, 2008 5:00 pm
by onion2k
Ok, so you've told us what isn't happening, now tell us what is happening. Do you get any error messages? Any output at all? Did you try to work out where in the script it fails?

Re: Registration problem

Posted: Sat May 10, 2008 5:01 pm
by S A N T A
i just get the output on footer.php witch is my copyright message. thats it

Re: Registration problem

Posted: Sun May 11, 2008 3:38 am
by Mordred
1. SQL Injection all over
2. <input type="submit" name="submit" value="Register!">
3. Don't rely on it anyway (some browsers may not send it if the form is submitted with Enter instead of the button click), instead check for the required fields in the form.

Re: Registration problem

Posted: Sun May 11, 2008 12:50 pm
by S A N T A
so what how do i make it display?