Registration script

[cullinanweb]

I have the following code that I think should work, the process is SET VARIABLES -> CHECK FOR PASSWORD MATCH -> CHECK USERNAME EXISTANCE -> INSERT INTO DATABASE. Can somebody please look over my code and point me in the right direction. Ta

Code: Select all

<?php
    //cehcks for the presence of sessions
    if (!isset($_SESSION)) {
          session_start();
    }
    //includes the database include
    include("includes/dbase.php");
    
    if (isset($_POST['Submit'])) {
        //sets all variables
        $user     =    $_POST['uname'];
        $pass    =    $_POST['pass'];
        $email    =    $_POST['email'];
        $title    =    $_POST['title'];
        $fname    =    $_POST['fname'];
        $lname    =    $_POST['lname'];
        $street    =    $_POST['street'];
        $town    =    $_POST['town'];
        $county    =    $_POST['county'];
        $pcode    =    $_POST['pcode'];
        $tel    =    $_POST['tel'];
        $side    =    session_id();
        
        //Checks to see if user exists in database
        $checkuser = "SELECT users_uname FROM newusers WHERE users_uname='$uname'";
        $check    =    mysql_query($checkuser);
        if ($pass != $_POST['passcheck']) { $passcheck1 = "Passwords do not match"; } else {
        if ($check != NULL) { $check1="Already exists"; } else {
        $insert = "INSERT INTO newusers SET users_uname='$uname', users_pass='$pass', users_email='$email', users_title='$title', users_fname='$fname', users_lname='$lname', users_street='$street', users_town='$town', users_county='$county', users_pcode='$pcode', users_tel='$tel', sid='$sid'";
        $insquery = mysql_query($insert);
        }//end usercheck if
        }//end passcheck if
        if ($insquery != NULL) {echo "success"; }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<link href="screen.css" rel="stylesheet" type="text/css" />
</head>

<body>
<div id="wrapper">
  <div id="header"><?php include("includes/topnav.php");?></div>
  <div id="content">
    <h1>Register for your client-zone </h1>
    <p>Use the form below if you wish to be able to use the features of your
      client-zone.</p>
    <form action="" method="post" name="contactus" id="contactus">
    <fieldset id="users"><legend>User Details</legend><label for="label7">Email</label>
            <p>
              <input name="email" type="text" id="label7" value="<?php echo $email ?>" />
            </p>
            <label for="label8">User Name</label>
      <p>
        <input name="uname" type="text" id="label8" value="<?php echo $uname  ?>" />
        &nbsp;&nbsp;<?php echo $check1; ?></p>
            <label for="label9">Password</label>
            <p>
              <input name="pass" type="password" id="label9" />
           </p>
              <label for="textfield">Retype Password</label>
      <p><input name="passcheck" type="password" id="passcheck" />
      </p>
      <p><?php echo $passcheck1; ?>
      </p>
            
    </fieldset>
        <label for="select">Title</label>
        <p>
          <select name="title" id="title">
              <option>Select...</option>
              <option value="Mr">Mr</option>
              <option value="Mrs">Mrs</option>
              <option value="Miss">Miss</option>
              <option value="Ms">Ms</option>
              <option value="Other">Other</option>
              </select>
        </p>
        <label for="textfield">First Name</label>
            <p>
              <input name="fname" type="text" id="fname" value="<?php echo $fname  ?>" />
            </p>
            <label for="label">Surname</label>
            <p>
              <input name="lname" type="text" id="label" value="<?php echo $lname  ?>" />
            </p>
            <label for="label2">Street</label>
            <p>
              <input name="street" type="text" id="label2" value="<?php echo $street  ?>" />
            </p>
            <label for="label3">Town</label>
            <p>
              <input name="town" type="text" id="label3" value="<?php echo $town  ?>" />
            </p>
            <label for="label4">County</label>
            <p>
              <input name="county" type="text" id="label4" value="<?php echo $county  ?>" />
            </p>
            <label for="label5">Postcode</label>
            <p>
              <input name="pcode" type="text" id="label5" value="<?php echo $pcode  ?>" />
      </p><label for="label6">Telephone</label>
              <p><input name="tel" type="text" id="label6" value="<?php echo $tel  ?>" />
                <br />
                <input name="Submit" type="submit" class="submit" value="Submit" />
      </p>
    </p>
    </form>
  </div>
  <div id="footer">
    <p>&copy; Cullinan Web Services Ltd </p>
  </div>
</div>
</body>
</html>

[masonbarge]

Just at a quick look:

1. Get your database access out of your public directory. Any file with database user and password info should go into the root directory.
2. WHERE users_uname='$uname' I don't see $uname initialized.
3. You may be planning to add security later - you'll want regex for this.

[cullinanweb]

Thanks for spotting the uname error, but that wouldnt have stopped the record inserting into the database, which is the problem i am having, didnt really explain properly before.

I cant get the INSERT to actually do the insert job. I think I have the correct syntax but it just wont insert.

[masonbarge]

Quote:

Originally Posted by cullinanweb

Thanks for spotting the uname error, but that wouldnt have stopped the record inserting into the database, which is the problem i am having, didnt really explain properly before.

?? Well I won't argue with you. I will say that if column "user_name" is NOT NULL then trying to insert an unassigned variable into the column is going to throw an error for the entire insert.

The problem here is that the code does not have a sufficient framework to correct something -- there are too many fundamental errors. You really need to get a book and do a little more basic study in php/mysql, especially in the area of using php to extract information from a database and putting together a functional module. I'll try to do a basic rewrite for a few lines off the top of my head for you, hopefully that will help you:

$query ="SELECT users_uname, password FROM newusers WHERE users_uname='$user'";
$check = mysql_query($query);
$num = mysql_num_rows($check);
if ($num == 0) {
echo 'We\'re sorry, but that name is not in our system. Please check your spelling and try again, or if you have not registered, go to our <a href="./register.php">Registration Page</a>.';
exit();
} elseif ($num > 1) {
echo 'Somehow, that user name has gotten into our system more than once. We apologize for the error, but unfortunately, you will have to register again under a different user name. Please go to <a href="./register.php">Registration Page</a>.';
exit();
} else {
$row = mysql_fetch_row($check);
if $row[1] (!==$pass) {
$echo 'The password you entered does not match the password in our system. Police have been called, please put down your weapon and lie face down on the floor. yada yada yada';
exit();
} else {
echo "Welcome back, $user."
[[test and insert info....]]
}
}

I'm sure there's a glitch or two in that, but it's at least in a basic functional format for comparing a post against a SQL return. There are several other different ways to accomplish the same thing -- the "or die" method, using && and || to set different variables in the context of "if" clauses, would be two I have seen -- and then writing all the text, etc. . The point is, you have to treat the SQL return correctly to extract the information you want, and then write the PHP to treat all the various cases to completion.

Hope this helps.

[cullinanweb]

I totally understand the logic of what you have written. however...this is for the registration page. the user puts all the details in, username pass address etc, it then checks to make sure the username DOESNT exist already that the passwords match. These two areas work and are not the problem. The insert function is the only one that doesnt work. I will refer to my PHP book and let you know if i sort it out. Thanks for your help so far.

Dan

[cullinanweb]

I now have it working. see below for code. The main error was I was calling the wrong database DOH! but tidied up the code a little.

Code: Select all

<?php
    //cehcks for the presence of sessions
    if (!isset($_SESSION)) {
          session_start();
    }
    //includes the database include
    include("includes/dbase.php");
    
    if (isset($_POST['Submit'])) {
        //sets all variables
        $uname     =    $_POST['uname'];
        $pass    =    $_POST['pass'];
        $email    =    $_POST['email'];
        $title    =    $_POST['title'];
        $fname    =    $_POST['fname'];
        $lname    =    $_POST['lname'];
        $street    =    $_POST['street'];
        $town    =    $_POST['town'];
        $county    =    $_POST['county'];
        $pcode    =    $_POST['pcode'];
        $tel    =    $_POST['tel'];
        $sid    =    session_id();
        
        //Checks to see if user exists in database
        $checkuser = "SELECT users_uname FROM newusers WHERE users_uname='$uname'";
        $check    =    mysql_query($checkuser);
        $num = mysql_num_rows($check);
        if ($pass != $_POST['passcheck']) { $passcheck1 = "Passwords do not match"; } else {
        if ($num >= 1) { $check1="Already exists"; } else {
        $query = "INSERT INTO newusers SET users_uname='$uname', users_pass='$pass', users_email='$email', users_title='$title', users_fname='$fname', users_lname='$lname', users_street='$street', users_town='$town', users_county='$county', users_pcode='$pcode', users_tel='$tel', users_sid='$sid'";
        $insquery = mysql_query($query);
        }//end usercheck if
        }//end passcheck if
        if ($num2 >= 0) {header("Location:regsuccess.php"); }
}
?>

[cullinanweb]

doh, just looked code i put in its wrong see below:

Code: Select all

        $insquery = mysql_query($query);
        }//end usercheck if
        }//end passcheck if
        if ($insquery >= 1) {header("Location:regsuccess.php"); }

should be where $num2 is above