Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/g/r/o/groc42683/html/php/registration.php:11) in /home/content/g/r/o/groc42683/html/includes/reg_form.inc.php on line 5
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/g/r/o/groc42683/html/php/registration.php:11) in /home/content/g/r/o/groc42683/html/includes/reg_form.inc.php on line 5
The Web Sites:
http://www.moultonlava.com/php/registration
http://www.moultonlava.com/login/login
Registration Code
Code: Select all
<?php require_once($_SERVER['DOCUMENT_ROOT'].'/connections/con_clients.php');?>
<?php
//Prevent incursion attack
if (!isset($_SESSION)) {
session_start();
}
//Check for session, if false create it
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue):
mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
//This sets up a call to this page
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
// Begin the Server-Side Checks ---------------------------------------------
//Create an empty array to hold any error messages
$error = array();
//Set an insert flag to see if the form has been submitted look at the bottom of the form and you should
//find a hidden field with the value "MM_insert"
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
// check that there are values in the name fields of the form
if (empty($_POST['cfirst']) || empty($_POST['clast'])) {
$error['name'] = 'Please enter both first name and last name';
}
// Set a flag that assumes the password is OK
$pwdOK = true;
// trim any leading and trailing white space - Note: ˆ have the user enter the password twice, in two
// separate fields. I only store the password from the first field
$_POST['cpassword1'] = trim($_POST['cpassword1']);
// if the password is less than 6 characters, create alert and set flag to false
if (strlen($_POST['cpassword1']) < 6) {
$error['pwd_length'] = 'Your password must be at least 6 characters';
$pwdOK = false;
}
// if passwords do not match, create alert and set flag to false
if ($_POST['cpassword1'] != trim($_POST['cpassword2'])) {
$error['pwd'] = 'Your passwords don\'t match';
$pwdOK = false;
}
// if password OK, encrypt it to a 40 character string hash - Your database password field
// must be varchar and at least 40 characters in size
if ($pwdOK) {
$_POST['cpassword1'] = sha1($_POST['cpassword1']);
}
// validate the proper form of the email address using a regular expression
$checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
if (!preg_match($checkEmail, trim($_POST['cemail']))) {
$error['email'] = 'Please enter a valid email address';
}
// Check the length of the email address to insure that it is at least 6 characters - x@x.xx
$_POST['cemail'] = trim($_POST['cemail']);
$loginUsername = $_POST['cemail'];
if (strlen($loginUsername) < 6) {
$error['length'] = 'Please select a username that contains at least 6 characters';
}
// check that the email address doesn't already exist in the database
$LoginRS__query = sprintf("SELECT c_email FROM c_register_info WHERE c_email=%s", GetSQLValueString($loginUsername,
"text"));
mysql_select_db($database_con_clients, $con_clients);
$LoginRS=mysql_query($LoginRS__query, $con_clients) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the username was found - cannot add the requested username
// VERY IMPORTANT - note that the text string is in double quotes so the value of $loginUsername
// can be shown, NOT just the variable name
if($loginFoundUser){
$error['username'] = "$loginUsername is already in use. Please choose a different username (email address).";
}
//Addition server-side checks would be added here to validate other fields in the form
} // This closes the whole check portion that began with testing to see if the form had been submitted
//If there are no errors, then insert the record
if (!$error) { //This line has been added to surround the regular dreamweaver insert code
// Determines if the form has been submitted
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "frmreg")) {
// Populate the session
$_SESSION['clientfirst'] = $_REQUEST['cfirst'];
$_SESSION['clientlast'] = $_REQUEST['clast'];
$insertSQL = sprintf("INSERT INTO c_register_info (c_last, c_first, c_password1, c_email, c_areacode, c_phone, c_ext, c_address, c_city, c_state, c_postal, c_join) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['clast'], "text"),
GetSQLValueString($_POST['cfirst'], "text"),
GetSQLValueString($_POST['cpassword1'], "text"),
GetSQLValueString($_POST['cemail'], "text"),
GetSQLValueString($_POST['careacode'], "text"),
GetSQLValueString($_POST['cphone'], "text"),
GetSQLValueString($_POST['cext'], "text"),
GetSQLValueString($_POST['caddress'], "text"),
GetSQLValueString($_POST['ccity'], "text"),
GetSQLValueString($_POST['cstate'], "text"),
GetSQLValueString($_POST['cpostal'], "text"),
GetSQLValueString($_POST['joined'], "text"));
mysql_select_db($database_con_clients, $con_clients);
$Result1 = mysql_query($insertSQL, $con_clients) or die(mysql_error());
$insertGoTo = "http://www.moulonglava.com/index.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
} // This ends the surround that submits the record if there are no server-side validation errors
//If the record has been inserted to the database, clear the $_POST array
$_POST = array();
}
?>
<div class="post">
<h2>Registration Form</h2>
<?php
// This displays the error array if it is not empty, if it is empty the user sees only the regular code
// if there are errors, each error is displayed in its own list item
if ($error) {
echo '<ul class="warning">';
foreach ($error as $alert) {
echo "<li>$alert</li>\n";
}
echo '</ul>';
}
?>
<p>All fields marked with an asterisk (*) are required.</p>
<form action="<?php echo $editFormAction; ?>" method="post" name="frmreg" id="frmreg"
onsubmit="MM_validateForm('cfirst','','R','clast','','R','cemail','','RisEmail','cpassword1','','R','cpassword2','','R'
,'chint','','R','canswer','','R','careacode','','RisNum','cphone','','R');return document.MM_returnValue">
<fieldset>
<legend>Identification and Login Information</legend>
<label for="cfirst">*First name: </label>
<input type="text" name="cfirst" id="cfirst" tabindex="1" size="10" />
<br />
<label for="clast">*Last name: </label>
<input type="text" name="clast" id="clast" tabindex="2" size="15"/>
<br />
<label for="cemail">*Email: </label>
<input type="text" name="cemail" id="cemail" size="30" tabindex="3" />
(This will be your user name)<br />
<label for="cpassword1">*Password: </label>
<input type="password" name="cpassword1" id="cpassword1" tabindex="4" /> (must be at least 6
characters)
<br />
<label for="cpassword2">*Password: </label>
<input type="password" name="cpassword2" id="cpassword2" tabindex="5" onBlur="checkPassword();"
/>
(Please retype the password)<br />
</fieldset>
<fieldset>
<legend>Contact Information</legend>
<label for="caddress">Address: </label>
<input type="text" name="caddress" id="caddress" size="40" tabindex="11" class="notreq" />
<br />
<label for="ccity">City: </label>
<input type="text" name="ccity" id="ccity" size="20" tabindex="13" class="notreq" />
<br />
<label for="cstate">State:</label>
<select name="cstate" size="1" id="cstate" tabindex="14" title="State Postal Abbreviations" class="notreq">
<option selected="selected">Select a State or Province</option>
<option value="AB">Alberta</option>
<option value="AL">Alabama</option>
<option value="AK">Alaska</option>
<option value="AZ">Arizona</option>
<option value="AR">Arkansas</option>
<option value="BC">British Columbia</option>
<option value="CA">California</option>
<option value="CO">Colorado</option>
<option value="CT">Connecticutt</option>
<option value="DE">Delaware</option>
<option value="FL">Florida</option>
<option value="GA">Georgia</option>
<option value="HI">Hawaii</option>
<option value="ID">Idaho</option>
<option value="IL">Illinois</option>
<option value="IN">Indiana</option>
<option value="IA">Iowa</option>
<option value="KS">Kansas</option>
<option value="KY">Kentucky</option>
<option value="LA">Louisiana</option>
<option value="MB">Manitoba</option>
<option value="ME">Maine</option>
<option value="MD">Maryland</option>
<option value="MA">Massachusetts</option>
<option value="MI">Michigan</option>
<option value="MN">Minnesota</option>
<option value="MS">Mississippi</option>
<option value="MO">Missouri</option>
<option value="MT">Montana</option>
<option value="NB">New Brunswick</option>
<option value="NE">Nebraska</option>
<option value="NL">Newfoundland and Labrador</option>
<option value="NT">Northwest Territories</option>
<option value="NS">Nova Scotia</option>
<option value="NU">Nunavut</option>
<option value="NV">Nevada</option>
<option value="NH">New Hampshire</option>
<option value="NJ">New Jersey</option>
<option value="NM">New Mexico</option>
<option value="NY">New York</option>
<option value="NC">North Carolina</option>
<option value="ND">North Dakota</option>
<option value="OH">Ohio</option>
<option value="OK">Oklahoma</option>
<option value="ON">Ontario</option>
<option value="OR">Oregon</option>
<option value="PA">Pennsylvania</option>
<option value="PE">Prince Edward Island</option>
<option value="QC">Quebec</option>
<option value="RI">Rhode Island</option>
<option value="SC">South Carolina</option>
<option value="SD">South Dakota</option>
<option value="SK">Saskatchewan</option>
<option value="TN">Tennessee</option>
<option value="TX">Texas</option>
<option value="UT">Utah</option>
<option value="VT">Vermont</option>
<option value="VA">Virginia</option>
<option value="WA">Washington</option>
<option value="WV">West Virginia</option>
<option value="WI">Wisconsin</option>
<option value="WY">Wyoming </option>
<option value="YT">Yukon</option>
</select>
<br />
<label for="cpostal">Zip\Postal:</label>
<input type="text" name="cpostal" id="cpostal" size="10" tabindex="15" class="notreq"/>
<br />
<label for="careacode" title="Phone number beginning with the area Code">Phone:</label>
(
<input type="text" name="careacode" id="careacode" size="3" tabindex="17" class="notreq"/>
)
<label for="cphone" title="Phone number" style="float:none; padding:0;"> </label>
<input type="text" name="cphone" id="cphone" size="8" tabindex="18" class="notreq"/>
<span>Ext.</span>
<label for="cext" title="Extension" style="float:none; padding:0;"> </label>
<input type="text" name="cext" id="cext" size="5" tabindex="19" class="notreq"/>
<br />
<label for="cregister" title="Click the Register button to complete the registration process"> </label>
<input type="submit" name="submit" id="cregister" value="Register" tabindex="20" />
<input type="hidden" name="MM_insert" value="frmreg" />
<?php
//This will create a date for the joined field below
ini_set('date.timezone', 'America/Boise');
$time = date('Y-m-d');
?>
<input type="hidden" name="joined" value="<?php echo $time; ?>" />
</fieldset>
</form>
</div>
Code: Select all
<?php require_once($_SERVER['DOCUMENT_ROOT'].'/connections/con_clients.php');?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['cemail'])) {
$loginUsername=$_POST['cemail'];
$password=$_POST['cpassword'];
$MM_fldUserAuthorization = "c_level";
$MM_redirectLoginSuccess = "/login/succeed.php";
$MM_redirectLoginFailed = "/login/login.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_con_clients, $con_clients);
$LoginRS__query=sprintf("SELECT c_email, c_password1, c_level FROM c_register_info WHERE c_email=%s AND c_password1=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $con_clients) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'c_level');
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<?php
//set knownuser flag, by default is is false, but if a cookie is present that was set when a user
// registered, then the flag is changed and the values are retrieved from the cookie
$user = false;
if ($_COOKIE['client']){
$user = true;
$userfirst = $_COOKIE['client']['firstname'];
$userlast = $_COOKIE['client']['lastname'];
$usersname = $userfirst." ".$userlast;
}
?>
<?php
// This code is shown only if the known user flag is true. It displays a login form so the user can login
if ($user) {
echo "<h3>Welcome $usersname</h3>";
echo '<form action="" method="post" name="frmlogin" style="font-size:smaller">';
echo '<fieldset>';
echo '<label for="uname">Username:</label><input type="text" id="uname" size="15" /><br />';
echo '<label for="pswd">Password:</label><input type="password" id="pswd" size="10" /><br />';
echo '<label for="login" </label><input type="submit" id="submit" value="Login" /><br />';
echo '<a href="/clients/restore.php" title="Login help page link">Forgot Login Information</a>';
echo '</fieldset>';
echo '</form>';
}?>
<div class="post">
<?php
// This displays the error array if it is not empty, if it is empty the user sees only the regular code
// if there are errors, each error is displayed in its own list item
if ($error) {
echo '<ul class="warning">';
foreach ($error as $alert) {
echo "<li>$alert</li>\n";
}
echo '</ul>';
}
?>
<form action="<?php echo $loginFormAction; ?>" method="POST" name="frmreg" id="frmreg"
onsubmit="MM_validateForm('cfirst','','R','clast','','R','cemail','','RisEmail','cpassword1','','R','cpassword2','','R'
,'chint','','R','canswer','','R','careacode','','RisNum','cphone','','R');return document.MM_returnValue">
<fieldset>
<legend>Login</legend>
<label for="cemail">Username: </label>
<input type="text" name="cemail" id="cemail" tabindex="1" size="30" />
<br />
<label for="cpassword1">Password:</label>
<input type="password" name="cpassword" id="cpassword" tabindex="2" size="15"/>
<br />
<label for="clogin" title="Click the Login button to complete the login process"> </label>
<input type="submit" name="submit" id="clogin" value="Login" tabindex="3" />
<input type="hidden" name="MM_insert" value="frmreg" />
</fieldset>
</form>
</div>