Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PHP Problems.


  • Please log in to reply
2 replies to this topic

#1 yozo67

yozo67

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisville, KY
  • Local time:06:25 PM

Posted 17 April 2014 - 05:34 PM

Hey, my first time back at BC in a while. Anyway, here's my problem.

 

I'm setting up a register/login system for my new website, and I have all of the code set up properly, and it even gives the pre-set confirmation message upon 'registration', however, the user information does not appear in the database that the code states it should, and as so the Login does not work.

 

Here's some more information:

 

Registration Code:

<?php
$reg = @$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; // Password 2
$d = ""; // Sign up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(@$_POST['fname']);
$ln = strip_tags(@$_POST['lname']);
$un = strip_tags(@$_POST['username']);
$em = strip_tags(@$_POST['email']);
$em2 = strip_tags(@$_POST['email2']);
$pswd = strip_tags(@$_POST['password']);
$pswd2 = strip_tags(@$_POST['password2']);
$d = date("D-m-y"); // Year - Month - Day
 
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
//Check whether Email already exists in the database
$e_check = mysql_query("SELECT email FROM users WHERE email='$em'");
//Count the number of rows returned
$email_check = mysql_num_rows($e_check);
if ($check == 0) {
  if ($email_check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
die("<h2>Welcome to <b>Project Popcorn!</b></h2>Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
 echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
?>


BC AdBot (Login to Remove)

 


#2 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 08 May 2014 - 02:45 AM

Are you sure you have connection to database established?


Member of the Bleeping Computer A.I.I. early response team!


#3 neilbuddy

neilbuddy

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester MN
  • Local time:05:25 PM

Posted 16 June 2014 - 11:14 AM

You need to connect and select your database like:

mysql_connect('localhost','username','password');
mysql_select_db('yourdatabase');

 

Good idea to also escape your user input to protect against SQL injection attacks using mysql_real_escape_string($string)


Edited by neilbuddy, 16 June 2014 - 11:16 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users