-
1. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
David_Powers Jun 25, 2009 8:04 AM (in response to the_missing_link)I didn't follow his security tutorial to a T-- I did change some variable names but I don't want to risk infringing on any of his rights.
The code printed in my books is there for readers to use. You're not infringing my rights by using code that I have released to the public.
-
2. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
the_missing_link Jun 25, 2009 11:12 AM (in response to David_Powers)Thank you david. here is the login code with the security <?php virtual('/Connections/userinfo.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } mysql_select_db($database_userinfo, $userinfo); $query_user_info_registration = "SELECT * FROM user_info_registration"; $user_info_registration = mysql_query($query_user_info_registration, $userinfo) or die(mysql_error()); $row_user_info_registration = mysql_fetch_assoc($user_info_registration); $totalRows_user_info_registration = mysql_num_rows($user_info_registration); $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) { $insertSQL = sprintf("INSERT INTO user_info_registration (user_id, username, password, email, firstname, lastname, gender) VALUES (%s, %s, %s, %s, %s, %s, %s)", GetSQLValueString($_POST['user_id'], "int"), GetSQLValueString($_POST['username'], "text"), GetSQLValueString($_POST['password'], "text"), GetSQLValueString($_POST['email'], "text"), GetSQLValueString($_POST['firstname'], "text"), GetSQLValueString($_POST['lastname'], "text"), GetSQLValueString(isset($_POST['gender']) ? "true" : "", "defined","'Y'","'N'")); mysql_select_db($database_userinfo, $userinfo); $Result1 = mysql_query($insertSQL, $userinfo) or die(mysql_error()); $insertGoTo = "/planet_zuda/welcome.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { //show array error messages $error = array(); // remove whitespace $_POST['Username'] = trim($_POST[Username]); $_POST[first_name] = trim($_POST['first_name']); $_POST['Last_Name'] = trim($_POST['Last_Name']); if (empty($_POST['first_name'])|| empty($_POST['Last_Name'])) { $error['name'] = 'Please enter your first name'; } //username security check $_POST['Username'] = trim($_POST['Username']); if (strlen($_POST['Username']) < 6) { $error ['length'] = 'please choose a username with 6 or more characters.'; } // checking to make sure password is valid $pwdvld = true; // trim whitespace $_POST['pwd'] = trim ($_POST['pwd']); if (strlen($_POST['pwd']) < 7);{ $error['pwd_length'] = 'due to reasons of security please choose a password with seven or more characters'; $pwdvld = false; } // if passwords don't match send an alert if ($_POST['pwd'] != trim($_POST['retpe_pwd'])) { $error['pwd'] = "your passwords do not match. Please try again!"; $pwdvld = false; } // if users password is validated okay go ahead with enhancements if($pwdvld) { $_POST['pwd'] = sha1($_POST['pwd']); } //if the form is completed with no errors continue with task if (!$error) { $insertSQL = sprintf("INSERT INTO user_registration (Username, first_name, Last_Name, Users_Password, Gender, e_mail) VALUES (%s, %s, %s, %s, %s, %s)", GetSQLValueString($_POST['Username'], "text"), GetSQLValueString($_POST['first_name'], "text"), GetSQLValueString($_POST['Last_Name'], "text"), GetSQLValueString($_POST['Users_Password'], "text"), GetSQLValueString(isset($_POST['Gender']) ? "true" : "", "defined","'Y'","'N'"), GetSQLValueString($_POST['e_mail'], "text")); mysql_select_db($database_userinfo, $userinfo); $Result1 = mysql_query($insertSQL, $userinfo); if(!Result1 && mysql_errno() == 1062) { $error['Username'] = $_POST['Username'] . 'sorry this username has been taken. Please choose a different username.'; } elseif (mysql_error()) { $error['dberror'] = 'Sorry, there was an error. Please try again later or email techs@planetzuda.com'; } else { $insertGoTo = "welcome.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } } } ?> <?php include("includes/body.php")?> <h1 class="move">register your free account<br /> </h1> <p> </p> <form action="<?php echo $editFormAction; ?>" method="post" name="form1" id="user_info_registration"> <input type="hidden" name="MM_insert" value="form1" /> </form> <form action="<?php echo $editFormAction; ?>" method="post" name="form2" id="form2"> <table align="center" class="zudanian"> <tr valign="baseline"> <td nowrap="nowrap" align="right">Username:</td> <td><input type="text" name="username" value="" size="32" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Password:</td> <td><input type="text" name="password" value="" size="32" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Email:</td> <td><input type="text" name="email" value="" size="32" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Firstname(optional:</td> <td><input type="text" name="firstname" value="" size="32" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Lastname(optional:</td> <td><input type="text" name="lastname" value="" size="32" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Gender:</td> <td valign="baseline"><table> <tr> <td><input type="radio" name="gender" value="m" /> male</td> </tr> <tr> <td><input type="radio" name="gender" value="f" /> female</td> </tr> </table></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right"> </td> <td><input type="submit" value="register" /></td> </tr> </table> <input type="hidden" name="MM_insert" value="form2" /> </form> <p> </p> </body> </html> <?php mysql_free_result($user_info_registration); ?> -
3. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
David_Powers Jun 26, 2009 5:38 AM (in response to the_missing_link)You have got two forms in your page: form1 and form2. The first one, form1, does nothing. It has only a hidden field, but no submit button. Consequently, your validation code never gets run, because all the error checking is controlled by this conditional statement:
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { //show array error messages $error = array(); etc... -
4. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
the_missing_link Jun 28, 2009 5:59 PM (in response to David_Powers)Thank you for looking over the code and finding that newb error for me. I'm
inspecting all of my php coding with a fine comb now! I know langauges being
case sensitive is helpful but it can also be a bit of a pain... I guess I'll
get better at it. I know form1 and form2 don't have anything to do with
cases I'm talking about other errors I've ran into.
-
5. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
QiQi86 Jul 2, 2009 7:42 PM (in response to the_missing_link)Okay, first of all it's better if u delete any form that is not being used. From your code i see u have made 2 coding for insert record and both also using different table name(user_info_registration, user_registration). Which one did u exactly use and which table where the problem is happened?
-
6. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
the_missing_link Jul 3, 2009 3:38 PM (in response to QiQi86)Thanks for the reply and taking the time to read all of the code! I have
tried to make the form work but I kinda gave up on it and started building a
new one so I won't run into my previous coding errors. I should have posted
that on the forum. Sorry sometimes I get wrapped up in my own little world
and forget to post. Oh to answer your question I'm using
user_info_registration. Again thank you for taking the time to read all of
the code!



