Registration Script

Nathan__02

I have made a registration script which records a users username, password, email, msn, realname, location, and signature. But when I pass the variables to auth.php they never get inserted into the database...why?

config.php

<?php
$dbuser = 'root'; // your MySQL username, usually 'root' unless you have other accounts

$dbhost = 'localhost'; // usually 'localhost', unless you have an external MySQL host
$dbname = 'shelta'; // the database's name where the tables are found


$db = mysql_connect($dbhost,$dbuser,$dbpass);
mysql_select_db($dbname,$db);
?>

reg.php

<?php
require("config.php");
include("style.css");

//form

echo("<div style='position:absolute; top:100; left:100; width:800'>");
echo("<form action='/shelta/auth.php' method='post'>");
echo("<table border='0' cellpadding='3' cellspacing='0'>");
echo("<tr><Td colspan='2'><h3><u>Fill in all fields.</u></h3></td></tr>");
echo("<tr><td>Username </td><td><input type='text' name=username class='field'></td></tr>");
echo("<tr><td>Password</td><td><input type='password' name=password1 class='field'></td></tr>");
echo("<tr><td>Repeat Password</td><td><input type='password' name=password2 class='field'></td></tr>");
echo("<tr><td>Real Name</td><td><input type='text' name=realname class='field'></td></tr>");
echo("<tr><td>Location</td><td><input type='text' name=location class='field'></td></tr>");
echo("<tr><td>Email</td><td><input type='text' name=email class='field'></td></tr>");
echo("<tr><td>MSN</td><td><input type='text' name=msn class='field'></td></tr>");
echo("<tr><td>Signature</td><td><textarea cols='50' rows='10'></textarea></td></tr>");
echo("<tr><td><input type='submit' value='Register' name=submit class='formbutton'>");
echo("</table></form>");
echo("</div>");


?>

auth.php

<?php
include("config.php");
include("style.css");

$ip= $REMOTE_ADDR;
echo("<div style='position:absolute; top:100; left:100; width:800'>");

if (empty($username)) {
echo("You didn't enter a username!");
} elseif (empty($password1)) {
echo("You didn't fill in both password fields!");
} elseif ($password1 != $password2) {
echo("Your passwords don't match!");
} else {
$query=mysql_query("INSERT * INTO users VALUES ('$username','$password1','$msn','$signature','$realname','$location','$email','$ip')");
} 

if ($query) {
echo("You were added into the database!");
}


echo("</div>");

?>

also what is the best way to check if someone's ip is already in a db?

sgoku01

You didn't specify where PHP has to insert the values. Change:

$query=mysql_query("INSERT * INTO users VALUES  ('$username','$password1','$msn','$signature','$re
alname','$location','$email','$ip')");

into:

$query=mysql_query("INSERT * INTO users (username, password, msn, siggie, name, location, mail, ip) VALUES  ('$username','$password1','$msn','$signature','$re
alname','$location','$email','$ip')");

And replace username (...) ip with the names of the fields you want to save the values in. 🙂

Nathan__02

it still doesn't work...i changed it a bit so it echos "sorry you could not be added tot he database!" if it doesnt work and tahts what keeps coming up

<?php
include("config.php");
include("style.css");

$ip= $REMOTE_ADDR;
echo("<div style='position:absolute; top:100; left:100; width:800'>");

if (empty($username)) {
echo("You didn't enter a username!");
} elseif (empty($password1)) {
echo("You didn't fill in both password fields!");
} elseif ($password1 != $password2) {
echo("Your passwords don't match!");
} else {
$query=mysql_query("INSERT * INTO users (username, password, msn, signature, realname, location, email, ip_address) VALUES   ('$username','$password1','$msn','$signature','$re
alname','$location','$email','$ip')");
} 

if ($query) {
echo("You were added into the database!");
} else {
echo("Sorry, you could not be added to the database!");
}

echo("</div>");

?>

sgoku01

What happens if you remove the ?
So INSERT INTO -> INSERT INTO

Nathan__02

Thank You!
That is perfect.

Since your pretty good at this do you know any way of if their ip is the same as one int the database it wont add it...i tried using something like this

<?

$query=mysql_query("SELECT ip_address FROM users"); 

if ($REMOTE_ADDR == $query) {
echo("You already have an account!<BR>");
}

//rest of code

but it doesnt work...ne ideas?

edselman

I'm pretty new to php, but the ip address checking is not a good idea. Require a email address to be used for checking. Since people's ip addresses change all the time, that won't work. Make it so test@test.com will get kicked out if they try to signup again.

DAne

laserlight

mysql_query() returns a resource, so you'll need to use something like mysql_fetch_assoc() on it first, e.g.

$extracted_ip = mysql_fetch_assoc($query);
if ($_SERVER['REMOTE_ADDR'] == $extracted_ip['ip_address'])

that sort of thing.
still, ip addresses arent always static, and can be masked etc.