[RESOLVED] A problem concerning a registration form.

DekkoN

Hi ,
I've been working for a while now on a registration form , and i can not seem to find out my problem...
Basically what i wanna do is force a user to agree to the terms , on a checkbox.
Now problem is , whatever i try to do , it does not work - the message i keep getting is 'You must agree to the terms' , even though i did check the checkbox.
Another thing i'd like to do is save the passwords as md5 , could it work with trim?

here's my code:

<html>
<?php
if (isset($_POST['username']))
{
	$username = trim($_POST['username']);
}
if (isset($_POST['pw']))
{
	$pw = trim($_POST['pw']);
}
if (isset($_POST['age']))
{
	$age = trim($_POST['age']);
}
if (isset($_POST['email']))
{
	$email = trim($_POST['email']);
}
if (isset($_POST['sig']))
{
	$sig = trim($_POST['sig']);
}
if (isset($_POST['bnet']))
{
	$bnet = trim($_POST['bnet']);
}
if (isset($_POST['game']))
{
	$game = trim($_POST['game']);
}
if (isset($_POST['race']))
{
	$race = trim($_POST['race']);
}
if (isset($_POST['pwcon']))
{
	$pwcon = trim($_POST['pwcon']);
}
if (isset($_POST['emailcon']))
{
	$emailcon = trim($_POST['emailcon']);
}
if (empty($username) || empty($pw) || empty($email) || empty($bnet) || empty($emailcon) || empty($pwcon))
{
	die('ERROR:Not all required fields are filled.');
}
if ($pw!=$pwcon)
{
	die('Unmatching passwords.');
}
if ($email!=$emailcon)
{
	die('Unmatching emails.');
}
if ($_POST['cb_rules_agree']=='off');
{
	die('You MUST agree to the terms !');
}
$con = mysql_connect('host' , 'username', 'password');
if (!$con)
{
      	die('Could not connect: ' . mysql_error());
}

mysql_select_db("db",$con);
$exists=mysql_query("SELECT username FROM players WHERE username='$username'");
if ($exists)
{
	die('Such username already exists in the database. Please choose another one.');
}
else
{    

    $sql=sprintf("INSERT INTO players (username, pw , age , email , sig , bnet , game , race)
    VALUES ('$username', '$pw', '$age', '$email', '$sig', '$bnet', '$game' , '$race')",
    mysql_real_escape_string($username),
    mysql_real_escape_string($pw),
    mysql_real_escape_string($age),
    mysql_real_escape_string($email),
    mysql_real_escape_string($sig),
    mysql_real_escape_string($race),
    mysql_real_escape_string($bnet),
    mysql_real_escape_string($game));

if (!mysql_query($sql,$con))
    die ('Error: '. mysql_error());

mysql_close($con);
echo "You have registered successfully";
}
?>
</html>

thanks ahead guys =)

Bunkermaster

concidering that cb_rules_agree is most probably a checkbox, if it's not checked the browser will not send it via $_POST. It only goes through if ticked and will send the value param which is by default 'on' if not set but is a lot easier to use if set to value='1'

Piranha

Hard to know what the problem is without seeing the page that sends the variables as well. But you should really change the check of the checkbox. Now you have:

if ($_POST['cb_rules_agree']=='off');
{
    die('You MUST agree to the terms !');
}

In other words, a user that have namaged to get to this page without using your page and thus don't have $_POST['cb_rules_agree'] set to anything, or set to anything that means something, will be accepted. The only way to do these kind of things is to check if they accept:

if (!($_POST['cb_rules_agree']=='on'));
{
    die('You MUST agree to the terms !');
}

DekkoN

Tried it now.. still the same thing.
here's the html to that - http://dekkon.5gbfree.com/registration.html

DekkoN

sry for the doublepost i just noticed Bunker's comment.
well , tried to see what your saying but i didnt quite catch what u ment by value='1'.
do u mean that sayin something=='on' is equivalent to saying something=='1' or i should make it value='1' and do something with that?

big_nerd

You can always set the checkbox value to be "1" and when you get the variable with:

$checkagree = $_POST['cb_rules_agree'];

if ($checkagree == 1) {
    echo "You Agree'd! Good Job!";
} else {
   You Didn't Agree, That's not nice";
}

Either that, or you can use Javascript Form Validation for ensure they can't submit the ticket unless they have agreed.

Here is a URL for the Javascript Version.
http://mediazeal.com/checkbox-validator.htm.

I am personally a thorogh person, so I would go with the PHP way, or both.

Bunkermaster

DekkoN wrote:
sry for the doublepost i just noticed Bunker's comment.
well , tried to see what your saying but i didnt quite catch what u ment by value='1'.
do u mean that sayin something=='on' is equivalent to saying something=='1' or i should make it value='1' and do something with that?

If you don't set the value of the tickbox in your form HTML it will be passed to the form processing as "on" if checked. setting the value of the checkbox in HTML to a more easily usable value (like 1) is good practice.

<INPUT TYPE=CHECKBOX NAME="somefield"> will send 'on'
<INPUT TYPE=CHECKBOX NAME="somefield" value="1"> will send '1'

Piranha

big.nerd wrote:
Either that, or you can use Javascript Form Validation for ensure they can't submit the ticket unless they have agreed.

Here is a URL for the Javascript Version.
http://mediazeal.com/checkbox-validator.htm.

I am personally a thorogh person, so I would go with the PHP way, or both.

By checking with only javascript you are very vunrable. JS is easily bypassed or turned off, then you would not get any check at all.

DekkoN

But if I set the value to be 1 , it will always be 1 , no matter what the user does ...
thus it will always be 'checked' for the php...
correct me if im wrong.

Bunkermaster

the form only sees the checkbox if it is checked. if not the $_POST['checkbox1'] is not set.

DekkoN

Bunkermaster wrote:
the form only sees the checkbox if it is checked. if not the $_POST['checkbox1'] is not set.

i don't really get what u want to say by that...
what do u mean when u say checkbox1?
sry for my ignorance.

wilku

Carry out a little experiment: on the page that processes the form (when you are suppose to check $POST[] varibles) use var_dump($POST); and submit your form with or without the checkbox checked. Notice the difference. You can switch to source view for the page to see it better.

DekkoN

wilku wrote:
Carry out a little experiment: on the page that processes the form (when you are suppose to check $POST[] varibles) use var_dump($POST); and submit your form with or without the checkbox checked. Notice the difference. You can switch to source view for the page to see it better.

well ,
either i didn't do that right or there's no difference...
I'm really clueless here ..
Shall i rebuild this whole php page?
would it help ? (considering the fact it probably won't be too different from the current one ;o )

DekkoN

nevermind , found my problem which was an extra ; in the if sentence
ty everyone =]