6 Replies Latest reply: Jul 3, 2009 3:38 PM by the_missing_link RSS

    Creating a login\register form in DW and xampp mysql will only hold one query?? help please.

    the_missing_link Community Member

      Hi;

      I have been doing a lot of research on how to code in php and mysql. I've read one of david powers books that has a few chapters on DW and php but I've also been watching tutorials at lynda.com. Whenever I make a form and I connect to my mysql database via xampp it will only hold one username  at a time in the mysql database. I'm trying to figure out if this is a problem with the php or if somethings wrong with my database settings. I will gladly copy over the DW php form and anything from my mysql database.  I know the form is currently susceptable to mysql injections thats cause the versions I will display won't show the security codes because I learned that from Mr. Powers book. I didn't follow his security tutorial to a T-- I did change some variable names but I don't want to risk infringing on any of his rights.

        • 1. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
          David_Powers CommunityMVP

          I didn't follow his security tutorial to a T-- I did change some variable names but I don't want to risk infringing on any of his rights.

          The code printed in my books is there for readers to use. You're not infringing my rights by using code that I have released to the public.

          • 2. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
            the_missing_link Community Member
            Thank you david. here is the login code with the security <?php virtual('/Connections/userinfo.php'); ?>
            <?php
            if (!function_exists("GetSQLValueString")) {
            function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
            {
              if (PHP_VERSION < 6) {
                $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
              }
              $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
              switch ($theType) {
                case "text":
                  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
                  break;    
                case "long":
                case "int":
                  $theValue = ($theValue != "") ? intval($theValue) : "NULL";
                  break;
                case "double":
                  $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
                  break;
                case "date":
                  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
                  break;
                case "defined":
                  $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
                  break;
              }
              return $theValue;
            }
            }
            mysql_select_db($database_userinfo, $userinfo);
            $query_user_info_registration = "SELECT * FROM user_info_registration";
            $user_info_registration = mysql_query($query_user_info_registration, $userinfo) or die(mysql_error());
            $row_user_info_registration = mysql_fetch_assoc($user_info_registration);
            $totalRows_user_info_registration = mysql_num_rows($user_info_registration);
            $editFormAction = $_SERVER['PHP_SELF'];
            if (isset($_SERVER['QUERY_STRING'])) {
              $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
            }
            if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
              $insertSQL = sprintf("INSERT INTO user_info_registration (user_id, username, password, email, firstname, lastname, gender) VALUES (%s, %s, %s, %s, %s, %s, %s)",
                                   GetSQLValueString($_POST['user_id'], "int"),
                                   GetSQLValueString($_POST['username'], "text"),
                                   GetSQLValueString($_POST['password'], "text"),
                                   GetSQLValueString($_POST['email'], "text"),
                                   GetSQLValueString($_POST['firstname'], "text"),
                                   GetSQLValueString($_POST['lastname'], "text"),
                                   GetSQLValueString(isset($_POST['gender']) ? "true" : "", "defined","'Y'","'N'"));
              mysql_select_db($database_userinfo, $userinfo);
              $Result1 = mysql_query($insertSQL, $userinfo) or die(mysql_error());
              $insertGoTo = "/planet_zuda/welcome.php";
              if (isset($_SERVER['QUERY_STRING'])) {
                $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
                $insertGoTo .= $_SERVER['QUERY_STRING'];
              }
              header(sprintf("Location: %s", $insertGoTo));
            }
            if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
             
             //show array error messages 
            $error = array();
            // remove whitespace
            $_POST['Username'] = trim($_POST[Username]);
            $_POST[first_name] =  trim($_POST['first_name']);
            $_POST['Last_Name'] = trim($_POST['Last_Name']);
            if (empty($_POST['first_name'])|| empty($_POST['Last_Name'])) {
            $error['name'] = 'Please enter  your first name';
            }
            //username security check 
            $_POST['Username'] = trim($_POST['Username']);
            if (strlen($_POST['Username']) < 6) {
            $error ['length'] = 'please choose a username with 6 or more characters.';
            }
            // checking to make sure password is valid
            $pwdvld = true;
            // trim whitespace
            $_POST['pwd'] = trim ($_POST['pwd']);
            if (strlen($_POST['pwd']) < 7);{
            $error['pwd_length'] = 'due to reasons of security please choose a password with seven or more characters';
            $pwdvld = false;
            }
            // if passwords don't match send an alert
            if ($_POST['pwd'] != trim($_POST['retpe_pwd'])) { 
            $error['pwd'] = "your passwords do not match. Please try again!";
            $pwdvld = false;
            }
            // if users password is validated okay go ahead with enhancements
            if($pwdvld) { 
            $_POST['pwd'] = sha1($_POST['pwd']);
            }
            //if the form is completed with no errors continue with task
            if (!$error) {
              $insertSQL = sprintf("INSERT INTO user_registration (Username, first_name, Last_Name, Users_Password, Gender, e_mail) VALUES (%s, %s, %s, %s, %s, %s)",
                                   GetSQLValueString($_POST['Username'], "text"),
                                   GetSQLValueString($_POST['first_name'], "text"),
                                   GetSQLValueString($_POST['Last_Name'], "text"),
                                   GetSQLValueString($_POST['Users_Password'], "text"),
                                   GetSQLValueString(isset($_POST['Gender']) ? "true" : "", "defined","'Y'","'N'"),
                                   GetSQLValueString($_POST['e_mail'], "text"));
              mysql_select_db($database_userinfo, $userinfo);
              $Result1 = mysql_query($insertSQL, $userinfo);
              if(!Result1 && mysql_errno() == 1062) { 
              $error['Username'] = $_POST['Username'] .  'sorry this username has been taken. Please choose a different username.';
             } elseif (mysql_error()) {
              $error['dberror'] = 'Sorry, there was an error. Please try again later or email techs@planetzuda.com';
             } else { 
              $insertGoTo = "welcome.php";
              if (isset($_SERVER['QUERY_STRING'])) {
                $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
                $insertGoTo .= $_SERVER['QUERY_STRING'];
              }
              header(sprintf("Location: %s", $insertGoTo));
            }
            }
            }
            ?>
            <?php include("includes/body.php")?>
            <h1 class="move">register your free account<br />
            </h1>
            <p> </p>
            <form action="<?php echo $editFormAction; ?>" method="post" name="form1" id="user_info_registration">
              <input type="hidden" name="MM_insert" value="form1" />
            </form>
            <form action="<?php echo $editFormAction; ?>" method="post" name="form2" id="form2">
              <table align="center" class="zudanian">
                <tr valign="baseline">
                  <td nowrap="nowrap" align="right">Username:</td>
                  <td><input type="text" name="username" value="" size="32" /></td>
                </tr>
                <tr valign="baseline">
                  <td nowrap="nowrap" align="right">Password:</td>
                  <td><input type="text" name="password" value="" size="32" /></td>
                </tr>
                <tr valign="baseline">
                  <td nowrap="nowrap" align="right">Email:</td>
                  <td><input type="text" name="email" value="" size="32" /></td>
                </tr>
                <tr valign="baseline">
                  <td nowrap="nowrap" align="right">Firstname(optional:</td>
                  <td><input type="text" name="firstname" value="" size="32" /></td>
                </tr>
                <tr valign="baseline">
                  <td nowrap="nowrap" align="right">Lastname(optional:</td>
                  <td><input type="text" name="lastname" value="" size="32" /></td>
                </tr>
                <tr valign="baseline">
                  <td nowrap="nowrap" align="right">Gender:</td>
                  <td valign="baseline"><table>
                    <tr>
                      <td><input type="radio" name="gender" value="m" />
                        male</td>
                    </tr>
                    <tr>
                      <td><input type="radio" name="gender" value="f" />
                        female</td>
                    </tr>
                  </table></td>
                </tr>
                <tr valign="baseline">
                  <td nowrap="nowrap" align="right"> </td>
                  <td><input type="submit" value="register" /></td>
                </tr>
              </table>
              <input type="hidden" name="MM_insert" value="form2" />
            </form>
            <p> </p>
            </body>
            </html>
            <?php
            mysql_free_result($user_info_registration);
            ?> 
            
            
            
            • 3. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
              David_Powers CommunityMVP

              You have got two forms in your page: form1 and form2. The first one, form1, does nothing. It has only a hidden field, but no submit button. Consequently, your validation code never gets run, because all the error checking is controlled by this conditional statement:

               

              if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
               
               //show array error messages 
               $error = array();
              
               etc...
              
              • 4. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
                the_missing_link Community Member

                Thank you for looking over the code and finding that newb error for me. I'm

                inspecting all of my php coding with a fine comb now! I know langauges being

                case sensitive is helpful but it can also be a bit of a pain... I guess I'll

                get better at it. I know form1 and form2 don't have anything to do with

                cases I'm talking about other errors I've ran into.

                • 5. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
                  QiQi86 Community Member

                  Okay, first of all it's better if u delete any form that is not being used. From your code i see u have made 2 coding for insert record and both also using different table name(user_info_registration, user_registration). Which one did u exactly use and which table where the problem is happened?

                  • 6. Re: Creating a login\register form in DW and xampp mysql will only hold one query?? help please.
                    the_missing_link Community Member

                    Thanks for the reply and taking the time to read all of the code! I have

                    tried to make the form work but I kinda gave up on it and started building a

                    new one so I won't run into my previous coding errors. I should have posted

                    that on the forum. Sorry sometimes I get wrapped up in my own little world

                    and forget to post. Oh to answer your question I'm using

                    user_info_registration. Again thank you for taking the time to read all of

                    the code!