register script problem

notaloser

the problem is:

even if there is an error like the passwords dont match, the mysql still creates the user in the database...


<?PHP

if($HTTP_POST_VARS['submit']) {

if (mysql_connect("localhost","root","pass") 
or die ("<div align=center><span class=text>Unable to connect to the database.  Try again later.</span></div>")) {

mysql_select_db('root'); 

}
else 
    print "Couldn't connect!";


if (!$username || !$userpass || !$confirmp || !$useremail) 

{

echo '<div align=center><span class=text>You have not entered all the fields. Please go back and fix the missing fields.</span></div>';

exit;

}

Else if ($userpass != $confirmp)

{

echo '<div align=center><span class=text>Your passwords do not match</span></div>';

exit;

}
    mysql_query("INSERT INTO users (user_name, user_pass, user_email, user_aimaol, user_msn, user_icq) VALUES ( '$username', '$userpass', '$useremail', '$useraimaol', '$usermsn', '$usericq'  ) ")
	or die ("<div align=center><span class=text>Unable to create user.  Try again later.</span></div>");

} //end if

?>

if anyone knows anything that could help me and add some more stuff to this script, tell!

bogu

Look again over your brackets an see were is your problem.
When you click on submit you make an insert into your database table, no condition on your insert, just when you submit you make the insertion.

bogu

Echo your condition:

echo "$userpass != $confirmp";

See if this is good.

helz

see if this helps a touch.

<?PHP 
if($HTTP_POST_VARS['submit']) { 

if (mysql_connect("localhost","root","pass")  
or die ("<div align=center><span class=text>Unable to connect to the database.  Try again later.</span></div>")) { 

mysql_select_db('root');  

} else  

    print "Couldn't connect!<br>"; 


if (!$username || !$userpass || !$confirmp || !$useremail) { 

echo '<div align=center><span class=text>You have not entered all the fields. Please go back and fix the missing fields.</span></div>'; 
exit; 

} Else if ($userpass != $confirmp) { 

echo '<div align=center><span class=text>Your passwords do not match</span></div>'; 
exit; 
// new part added ----------------------------------------------
} Else if (($userpass==$confirmp) && $username!=="" && $useremail!=="") {
    mysql_query("INSERT INTO users (user_name, user_pass, user_email, user_aimaol, user_msn, user_icq) VALUES ( '$username', '$userpass', '$useremail', '$useraimaol', '$usermsn', '$usericq'  ) ") 
    or die ("<div align=center><span class=text>Unable to create user.  Try again later.</span></div>"); 
} // end elseif
// ------------------------------------------------------------------
} //end else
?>

notaloser

thanks helz, that works right there, no more problem. now, lol, if you guys wanna help with my login you can stick around... if not, thanks

notaloser

<?



$db_name = "root";

$table_name = "users";



mysql_connect("localhost", "root", "pass") 

or die("Couldn't connect to the database.  Try again later.");



mysql_select_db($db_name)

or die("Couldn't select database.  Try again later.");



 $sql .= 'SELECT * FROM users WHERE user_name = "$user_name" AND user_pass = "$user_pass"';



if ($HTTP_POST_VARS['submit']) {



$result = mysql_query($sql) 

    or die ("<span class=text><div align=center>Could not execute query.</div></span>"); 



$num = mysql_numrows($result); 



if ($num != 0) { 



session_register('userok');



$userok = "yes";



}

}

?>

now its time to put the header in, but where? ive tried all over and i cant get it to work.

helz

can you post the code of the header here please.

notaloser

i dont remember where i put it, i put it all over at different times...

helz

so looking at that scripts it checks to see if the stuff entered into the form complies with the username and pass in the db and if so the session is started,
all i think i need to know now is what is inside the header?

notaloser

it should be

header ("Location: userhome.php");

i just dont know where to put it

helz

ah i thought so, a redirect to go back to the homepage
it should be within the last if command like so, cos you only want it to redirect when the user has logged in sucessfully correct?:

if ($num != 0) {

session_register('userok');
$userok = "yes";
header ("Location: userhome.php");
}

notaloser

yeah tahts what i tried, but then people who dont login correctly, you know use like the wrong information still go to userhome.php

notaloser

and just now when testing that, it doenst do it...

helz

maybe this then:

if ($num !== 0) {
session_register('userok');
$userok = "yes";
header ("Location: userhome.php");
} elseif ($num==0) {
echo "you botched up somewhere";
}

notaloser

<?



$db_name = "root";

$table_name = "users";



mysql_connect("localhost", "root", "pass") 

or die("Couldn't connect to the database.  Try again later.");



mysql_select_db($db_name)

or die("Couldn't select database.  Try again later.");



 $sql .= 'SELECT * FROM users WHERE user_name = "$user_name" AND user_pass = "$user_pass"';



if ($HTTP_POST_VARS['submit']) {



$result = mysql_query($sql) 

    or die ("<span class=text><div align=center>Could not execute query.</div></span>"); 



$num = mysql_numrows($result); 



if ($num !== 0) {

session_register('userok');

$userok = "yes";

header ("Location: userhome.php");

} elseif ($num==0) {

echo "Invalid username/password combination";
}

}
?>

now the problem is, even if i enter the right information, i get the error

helz

right this post is the whole code but changing the way where it checks to see if the user information is correct, read through it so you know whats changed and why, nothing like getting some code where you dont know how it was fixed:

<?
// defining db and table name
$db_name = "root";
$table_name = "users";

// connect to db
    mysql_connect("localhost", "root", "pass")  

    or die("Couldn't connect to the database.  Try again later."); 

mysql_select_db($db_name) 

or die("Couldn't select database.  Try again later."); 

// sql query
 $sql .= 'SELECT user_name AND user_pass FROM users'; 

// if form has been submitted
if ($HTTP_POST_VARS['submit']) { 

// execute sql query
$result = mysql_query($sql)  

    or die ("<span class=text><div align=center>Could not execute query.</div></span>");  

// loop to get information
while ( $row = mysql_fetch_array($result) ) {
             $db_user = $row["username"];
             $db_pass = $row["password"];
// check the form entry with the usernames in the database
    if ($user_name==$db_user && $user_pass==$db_pass) {$user=1;}
    else if ($username == $db_user) {$user=2;}
    }
if ($flag != 1 && $flag != 2) {
	die("You entered an incorrect username.");
    }elseif ($flag == 2) {
die("You entered an incorrect password for this username: ".$username."");

// if form information is correct create session
} else if ($flag == 1) {
session_register('userok'); 
$userok = "yes"; 
header ("Location: userhome.php");

}
}
?>

notaloser

I modified it to this, and i get the wrong username die error...

<?
// defining db and table name
$db_name = "root";
$table_name = "users";

// connect to db
    mysql_connect("localhost", "root", "pass")  

    or die("<span class=text><div align=center>Couldn't connect to the database.  Try again later.</span></div>"); 

mysql_select_db($db_name) 

or die("<span class=text><div align=center>Couldn't select database.  Try again later.</span></div>"); 

// sql query
 $sql .= 'SELECT user_name AND user_pass FROM users'; 

// if form has been submitted
if ($HTTP_POST_VARS['submit']) { 

// execute sql query
$result = mysql_query($sql)  

    or die ("<span class=text><div align=center>Could not execute query.</div></span>");  

// loop to get information
while ( $row = mysql_fetch_array($result) ) {
             $db_user = $row["user_name"];
             $db_pass = $row["user_pass"];
// check the form entry with the usernames in the database
    if ($user_name==$db_user && $user_pass==$db_pass) {$user=1;}
    else if ($username == $db_user) {$user=2;}
    }
if ($flag != 1 && $flag != 2) {
    die("<span class=text><div align=center>Invalid username/password combination.</span></div>");
    }elseif ($flag == 2) {
die("<span class=text><div align=center>Invalid username/password combination.</span></div>");

// if form information is correct create session
} else if ($flag == 1) {
session_register('userok'); 
$userok = "yes"; 
header ("Location: userhome.php");

}
}
?>

helz

lol i know why, theres a line where it says $username when it should say:
$user_name

also where you edited it, the way it works is that it tells the user which part they got wrong, when you changed it you effectivly got rid of the error.

notaloser

yeah i know but my site is for a game, its a gaming ladder and its going to be used by a wide variety of many people (around 1500-2000), and i dont want some users knowing other users exist so easily... and if you think my stuff is too simple, im going to add stuff to it and make it better later.

notaloser

i fixed it, it was in the else if and i still get the error for wrong username..... is there anything else you can see?