Registration script

john9292

Hello, this is a registration script that should verify password, check alias and email against the database to see if they exist and produce the appropriate errors or success in the index page.

I dont think the values are going into the database though therefore i dont get "Registered" showing up.

Please advise.
Thank you

Script:

<?php
	session_start();
	require "connect.php";

$email = $_POST['email'];
$alias = $_POST['alias'];
$password = $_POST['password'];
$password2 = $_POST['password2'];

if ($password == $password2)
{
	$email = mysql_query("SELECT * FROM accounts WHERE (email='$email')");
	$alias = mysql_query("SELECT * FROM accounts WHERE (alias='$alias')");
	if (mysql_num_rows($alias) > 0)
	{
		$error2 = "Alias Name Taken.";
		$_SESSION["error2"] = $error2;
		header("Location: index.php");
	}
	else if((mysql_num_rows($email) > 0))
	{
		$error4 = "Email taken.";
		$_SESSION["error4"] = $error4;
		header("Location: index.php");
	}
	else if((mysql_num_rows($email) > 0) && (mysql_num_rows($alias) > 0))
	{
		$error4 = "Email taken.";
		$_SESSION["error4"] = $error4;

		$error2 = "Alias Name Taken.";
		$_SESSION["error2"] = $error2;
		header("Location: index.php");
	}
	else
	{
		$email = $_POST['email'];
		$alias = $_POST['alias'];
		$passwordHash = sha1($password);
		$alias = mysql_query("INSERT INTO accounts VALUES('".$email."','".$alias."','".$passwordHash."')");
		$error3 = "Registered.";
		$_SESSION["error3"] = $error3;
		header("Location: index.php");
	}
}
else
{
	$error = "Password does not match.";
	$_SESSION["error"] = $error;
	header("Location: index.php");
}
?>

Index.php (part):



<?php
	if($error = "Password does not match.")
	{
		echo $_SESSION['error'];
	}

if($error2 = "Alias Name Taken.")
{
	echo $_SESSION['error2'];
}

if($error3 = "Registered.")
{
	echo $_SESSION['error3'];
}

if($error4 = "Email taken.")
{
	echo $_SESSION['error4'];
}

if($error5 = "Invalid login.")
{
	echo $_SESSION['error5'];
}

session_destroy();
header("Location: index.php");
?>

tomhath

Problem might be in your index.php page, all the 'if($error = "...")' are assignments (single =), not comparisons: 'if($error == "...") ' (double ==).

Also, you should be checking for an error after every mysql_* function call and using some other tool like phpmyadmin to look in the database and see if the rows are there. Don't assume that what your code is reporting is what actually happened while you're writing the code. :queasy:

john9292

Have not had a chance to test that yet because of FTP problems but cheers anyway.

tomhath

FTP problems? Why not install Apache/php/mysql locally and develop/test from there?

http://www.apachefriends.org/en/xampp.html

john9292

Ive got my own server which im using for this therefore ive got phpmyadmin, apache, PHP and mySQL.
FTP is tempremental as the server is behind a proxy server PC as people in my house are going to have servers to (one IP for all).
FTp when im inside the network i.e. using a local address is fine its just external - same applies for phpmyadmin.
Just needs a bit of tweaking I think e.g. opening more ports or something.
This is my latest script and I did what you said with the "==" in index page the only problem is no errors never show now - does the logic seem ok to you?

Cheers

<?php
	session_start();
	require "connect.php";

$email = $_POST['email'];
$alias = $_POST['alias'];
$password = $_POST['password'];
$password2 = $_POST['password2'];

if ($password == $password2)
{
	$email = mysql_query("SELECT * FROM accounts WHERE (email='$email')")
		or die("MySQL Error: ".mysql_error());
	$alias = mysql_query("SELECT * FROM accounts WHERE (alias='$alias')")
		or die("MySQL Error: ".mysql_error());
	if (mysql_num_rows($alias) > 0)
	{
		$error2 = "Alias Name Taken.";
		$_SESSION["error2"] = $error2;
		header("Location: index.php");
	}
	else if((mysql_num_rows($email) > 0))
	{
		$error4 = "Email taken.";
		$_SESSION["error4"] = $error4;
		header("Location: index.php");
	}
	else if((mysql_num_rows($email) > 0) && (mysql_num_rows($alias) > 0))
	{
		$error4 = "Email taken.";
		$_SESSION["error4"] = $error4;

		$error2 = "Alias Name Taken.";
		$_SESSION["error2"] = $error2;
		header("Location: index.php");
	}
	else
	{
		$email = $_POST['email'];
		$alias = $_POST['alias'];
		$passwordHash = sha1($password);
		$alias = mysql_query("INSERT INTO accounts VALUES('".$email."','".$alias."','".$passwordHash."')")
			or die("MySQL Error: ".mysql_error());
		$error3 = "Registered.";
		$_SESSION["error3"] = $error3;
		header("Location: index.php");
	}
}
else
{
	$error = "Password does not match.";
	$_SESSION["error"] = $error;
	header("Location: index.php");
}
?>

In index.php I comment out the redirect as otherwise it does not show the page.

<?php
	if($error == "Password does not match.")
	{
		echo $_SESSION['error'];
	}

if($error2 == "Alias Name Taken.")
{
	echo $_SESSION['error2'];
}

if($error3 == "Registered.")
{
	echo $_SESSION['error3'];
}

if($error4 == "Email taken.")
{
	echo $_SESSION['error4'];
}

if($error5 == "Invalid login.")
{
	echo $_SESSION['error5'];
}

session_destroy();
//header("Location: index.php");
?>

rincewind456

Two things you may want to think about.

When using a mysql database result as a check for duplicates use the LIMIT 1 clause, it can help to speed up queries.

And for the same reason don't do a broad search for all table fields with the *, just return the one field that you need.

tomhath

I don't see anything wrong. The index.php page seems to work; are you sure the relocate is working? I'd put some echo statements into the first page; maybe your connect.php has a blank line that's causing php to send the headers before the relocate or one of the "or die" clauses is printing something.

ClarkF1

if (mysql_num_rows($alias) > 0)
        {
            $error2 = "Alias Name Taken.";
            $_SESSION["error2"] = $error2;
            header("Location: index.php");
        }
        else if((mysql_num_rows($email) > 0))
        {
            $error4 = "Email taken.";
            $_SESSION["error4"] = $error4;
            header("Location: index.php");
        }
        else if((mysql_num_rows($email) > 0) && (mysql_num_rows($alias) > 0))
        {
            $error4 = "Email taken.";
            $_SESSION["error4"] = $error4;

        $error2 = "Alias Name Taken.";
        $_SESSION["error2"] = $error2;
        header("Location: index.php");
    }

You will have a problem with this as it'll never reach the third case, it'll either go to the first or second. Put the third case first.

tomhath

I was looking at that third "if" statement, thinking something didn't look right; completely missed that it's unreachable... :o

john9292

Well its getting there, couldnt figure out why it was not displaying therefore I tried a few things and replacing "==" for "=" worked for some reason.

So im almost there and after adding more email verification (to defend against bots) ill be done.

Please tell me why this script shows please fill in all fields even when all fields are filled in. Obviously one of the variables is coming through as empty but I dont know why.

Last question is, what is the name for the verification method that works against bots i.e. you have to enter characters shown in a picture into a form.

Thanks

<?php
	session_start();
	require "connect.php";

$email = $_POST['email'];
$alias = $_POST['alias'];
$password = $_POST['password'];
$password2 = $_POST['password2'];

if ($password == $password2)
{
	$email = mysql_query("SELECT * FROM accounts WHERE (email='$email')")
		or die("MySQL Error: ".mysql_error());
	$alias = mysql_query("SELECT * FROM accounts WHERE (alias='$alias')")
		or die("MySQL Error: ".mysql_error());
	if((mysql_num_rows($email) > 0) && (mysql_num_rows($alias) > 0))
	{
		$error4 = "Email name taken.";
		$_SESSION["error4"] = $error4;
		$error2 = "Alias Name Taken.";
		$_SESSION["error2"] = $error2;
		header("Location: index.php");
	}
	else if(mysql_num_rows($alias) > 0)
	{
		$error2 = "Alias Name Taken.";
		$_SESSION["error2"] = $error2;
		header("Location: index.php");
	}
	else if((mysql_num_rows($email) > 0))
	{
		$error4 = "Email taken.";
		$_SESSION["error4"] = $error4;
		header("Location: index.php");
	}
	else if((isset($email)) || (isset($alias)) || (isset($password)) || (isset($password2)))
	{
		$error6 = "Use all fields.";
		$_SESSION["error6"] = $error6;
		header("Location: index.php");
	}
	else
	{
		$email = $_POST['email'];
		$alias = $_POST['alias'];
		$passwordHash = sha1($password);
		$alias = mysql_query("INSERT INTO accounts VALUES('".$email."','".$alias."','".$passwordHash."')")
			or die("MySQL Error: ".mysql_error());
		$error3 = "Registered.";
		$_SESSION["error3"] = $error3;
		header("Location: index.php");
	}
}
else
{
	$error = "Password does not match.";
	$_SESSION["error"] = $error;
	header("Location: index.php");
}
?>

ClarkF1

Shouldn't

else if((isset($email)) || (isset($alias)) || (isset($password)) || (isset($password2)))

else if((!isset($email)) || (!isset($alias)) || (!isset($password)) || (!isset($password2)))

although personally I'd use

else if($email == "" || $alias == "" || $password == "" || $password == "")

I once had the situation that a condition was satisfied using isset because it was set to ""

At the moment it's giving the error message if at least one of the fields is filled in.

As for the image thing, you can call it what you want, I call it image verification.

john9292

Ok cheers it works now, how do I mark this thread as resolved.

ClarkF1

Using the Thread Tools menu at the top