Signup code doing something rather odd...no sense at all

darthmahon

Hey,

Ok I've got a signup form which checks for email validitiy etc. Anyway, if I fill out the form and make sure the email address is not valid it will output an error message saying "This email address is not valid" The user can then go back and edit their email address. Once I change the address to a VALID one, it SIGNS me up, sends me an email but says that the id had ALREADY been registered when it hasbn't...

NOW, if I make sure there are no errors in the email address first time, it will take me to a success page...I'm wondering if the order of my error commands are correct? Anyway, here's the code if you can see anything wrong...I can't =/

Cheers,
Chris

<?php 
#open session#
session_save_path('/home/usr/accessdata'); 
session_start(); 

if ($access_name=="") {
$title = '<img src="images/menu-notloggedin.png" width="135" height="18">';
}else{ 
$title = '<img src="images/menu-loggedin.png" width="135" height="18">';
}


$form_complete="";
if ($formsubmit==1) {$formsubmit="";$sucess="";

#db connection#
include("access/data.inc.php");
mysql_connect ($SQLhost, $SQLuser, $SQLpass);
mysql_select_db ($SQLdb);

#null error report.#
$error="";

#search for id#
$res_access = mysql_query ("SELECT id, userid, registered, password FROM users where userid='$id'");
$num_access = mysql_num_rows ($res_access);

#duplicates found#
if ($num_access>1) 
    { 
    $error_field=1; $error .= "Duplicates found, please contact the webmaster about this problem.<br>\n"; 

#no user found#
    }else if ($num_access==0) 
    {     

    $error_field=1; $error .= "ID wasn't found in our database.<br>\n";

}

if ($id=="") {$error_field=1; $error.="Please enter your ID.<br>\n";}
if ($firstname=="") {$error_field=1; $error.="Please enter your First Name.<br>\n";}
if ($lastname=="") {$error_field=1; $error.="Please enter your Last Name.<br>\n";}
if ($addressline1=="") {$error_field=1; $error.="Please enter your Address.<br>\n";}
if ($city=="") {$error_field=1; $error.="Please enter your City.<br>\n";}
if ($postcode=="") {$error_field=1; $error.="Please enter your Post Code.<br>\n";}
if ($telephonenumber=="") {$error_field=1; $error.="Please enter your Telephone Number.<br>\n";}
if ($email=="") {$error_field=1; $error.="Please enter your Email Address.<br>\n";}

if($error_field != 1){

#Check email address validity#
if(!ereg("^[a-z0-9]+([^[:space:]]?[a-z0-9])+@[a-z0-9]+([-_.]?[a-z0-9])+.[a-z]{2,6}$",$email)) {
$error_field=1; $error .= "Your email address is not valid, please try again.<br>\n";
}else{

#insert user into database#
$registered = mysql_result ($res_access,0,"registered");
$password = mysql_result ($res_access,0,"password");
        if ($registered=="0")
            {

$firstname = trim ($firstname);
$firstname = strtolower ($firstname);
$firstname = ucwords ($firstname);
$lastname = trim ($lastname);
$lastname = strtolower ($lastname);
$lastname = ucwords ($lastname);
$addressline1 = trim ($addressline1);
$addressline1 = strtolower ($addressline1);
$addressline1 = ucwords ($addressline1);
$addressline1 = str_replace (", , ",", ",$addressline1);
$addressline2 = trim ($addressline2);
$addressline2 = strtolower ($addressline2);
$addressline2 = ucwords ($addressline2);
$addressline2 = str_replace (", , ",", ",$addressline2);
$city = trim ($city);
$city = strtolower ($city);
$city = ucwords ($city);
$county = trim ($county);
$county = strtolower ($county);
$county = ucwords ($county);
$postcode = strtoupper ($postcode);
$postcode = ucwords ($postcode);
$telephonenumber = str_replace (" ", "", $telephonenumber);
$telephonenumber = str_replace ("-", "", $telephonenumber);
$telephonenumber = trim ($telephonenumber);
$email = trim ($email);
$email = strtolower ($email);

#update db#
@mysql_query ("update users set title='$title2', firstname='$firstname', lastname='$lastname', address1='$addressline1', address2='$addressline2', city='$city', county='$county', country='$country', postcode='$postcode', telephone='$telephonenumber', email='$email', registered='1' WHERE userid='$id' ");
$error .= "New user registration completed. You have been emailed your password.<br>\n";

#send email with password#
$From = 'Registration <chris@yduk.net>';
$headers .= "From: $From\r\n";

$subject = "Your details...";
$message = "Dear $name,\n\nThank you for registering.";
mail($email, $subject, $message, $headers);

//mail($contactemail, $subject, $message, $headers);
header("Location: success.php?Name=$name&Email=$email");

$sucess=1;
            }else{
#user already registered#
{$error_field=1; $error.="This ID has already been registered.<br>\n";}
            }
    }

}

$form_complete="1";
}

?>

MeX

hi darthmahon!

are you sure that this part of your code is correct!?

#insert user into database#
$registered = mysql_result ($res_access,0,"registered");
$password = mysql_result ($res_access,0,"password");

if ($registered=="0") {

ceeyaa.MeX

darthmahon

Looks ok to me...why, you see something wrong with it?

MeX

ups ... no sorry ... everything ok ... never used that function!!

mybe it's just the comment ( insert ... ) ... should read more carefully!! 😉

but anyway, can't find any bug!!

maybe you could try to echo $error and $error_field in some parts of your script ... maybe they get overwritten/forgotten in any case you didn't think of!!

AND TRY THIS => MY LAST CHANCE


#duplicates found#
if ($num_access >= 1) {
  $error_field=1;
  $error .= "Duplicates found ... <br>\n";
} else {
  $error_field=1;
  $error .= "ID wasn't found in our database.<br>\n";
}

ceeyaa.MeX

Duey

using eregi for emails, doesnt really gurentee that the email is authentic all it says is it has the correct chars. to check if the email is really an email you need to split it up and check the domain.

<?
$email = "lala@netdupe.com";
$email = explode("@", $email);
if(!gethostbyname($email['1'])){
//email not valid
}
else{
//email valid
}
?>

thought you should know 🙂