[RESOLVED] Probelm inserting encrypted data in DB

kostis12345

I get no errors but nothing get entered in the DB

here's my code

	<html>
	<head>
    <script type="text/javascript">
	function Unamehelp()
		{
			alert("Maximum 15 characters,only letters and numbers" + '\n' + "allowed.");
		}

function passhelp()
	{
		alert("Maximum 30 characters,only letters and numbers" + '\n' + "allowed");
	}

function scndpasshelp()
	{
		alert("Input the password exactly as above");
	}

function campnamehelp()
	{
		alert("Maximum 15 characters,only letters and numbers" + '\n' + "allowed" + '\n' + "" + '\n' + "Your Camp's name");
	}

function leadnamehelp()
	{
		alert("Maximum 15 characters,only letters and numbers" + '\n' + "allowed" + '\n' + "" + '\n' + "Your camp leader's name");
	}
</script>
</head>
	</head>
	<body>
	<center>
	<form action="register.php?add=yes" method="post">
	Username <input type=text name="username"> <a href="javascript:Unamehelp();"><b>?</b></a><br />
	Password <input type=password name="password"> <a href="javascript:passhelp();"><b>?</b></a><br />
	Password Again <input type=password name="password2"> <a href="javascript:scndpasshelp();"><b>?</b></a><br />
	Camp name <input type=text name="campname"> <a href="javascript:campnamehelp();"><b>?</b></a><br />
	Leader's name<input type=text name="leadername"> <a href="javascript:leadnamehelp();"><b>?</b></a><br />
	<input type="submit" value="Go!">
	</center>
	</form>
	<?php


if ($add=='yes')
	{
	include ('functions.php');
	testifempty();
		if ($_POST[password] == $_POST[password2])
		{
	    include ('config.php');
	    $securepass= encryptdata($_POST['password']);
			$get="INSERT INTO Users (username, password, campname, leadername) VALUES ('$_POST[username]','".encryptdata($_POST['password'])."','$_POST[campname]','$_POST[leadername]')";


			if (!mysql_query($get,$con))
			{
				die('Error: ' . mysql_error());
			}
			echo "You have successfully registered";
			echo "<br/>";
			echo "You can now login";
			echo "<a href=/login.php>here</a>";
			mysql_close($con);
			}

			else
			{
				echo "Passwords do not match";
			}


	}

?>
</body>
</html>

and the function is here

function encryptdata($string)
{
$passmd5 = md5($string);
$passenc = sha1($passmd5);
}

I've also tried doing this

$securepass= encryptdata($_POST['password']);
				$get="INSERT INTO Users (username, password, campname, leadername) VALUES ('$_POST[username]','$securepass','$_POST[campname]','$_POST[leadername]')";

Can anybody please tell me where is my error?
Thanks in advance

dagon

what error do you get? your hashing a hash is superfluous.

dagon

if ($add=='yes')

should be

if ($_GET[add]=='yes')

but your posting the form checking the post submit value would be better.

Weedpacket

function leadnamehelp()
        {
            alert("Maximum 15 characters,only letters and numbers" + '\n' + "allowed" + '\n' + "" + '\n' + "Your camp leader's name");
        }

So O'Reilly can't be a camp leader? (Hint: [man]mysql_real_escape_string/man or [man]PDO[/man] prepared statements are your friends.)

function passhelp() {
            alert("Maximum 30 characters,only letters and numbers" + '\n' + "allowed"); 
}

Why not? Who's going to be looking?

kostis12345

dagon;10911224 wrote:
what error do you get? your hashing a hash is superfluous.

I don't get any errors.I think I should but...

dagon;10911225 wrote:
if ($add=='yes')

should be

if ($_GET[add]=='yes')

but your posting the form checking the post submit value would be better.

Ok,I've changed my code.

Weedpacket;10911230 wrote:
function leadnamehelp()
        {
            alert("Maximum 15 characters,only letters and numbers" + '\n' + "allowed" + '\n' + "" + '\n' + "Your camp leader's name");
        } 
So O'Reilly can't be a camp leader? (Hint: [man]mysql_real_escape_string/man or [man]PDO[/man] prepared statements are your friends.)
function passhelp() {
            alert("Maximum 30 characters,only letters and numbers" + '\n' + "allowed"); 
}
Why not? Who's going to be looking?

I haven't yet added mysql_real_escape_string yet because I still can't get how to use them.Can you please escape one of my "$_POST"s as an example ?

Thanks in advance

Weedpacket

$username = mysql_real_escape_string($_POST['username']);

kostis12345

Thanks a bunch!!
Now,to try if it works I enter some double quotes in the fields ?

kostis12345

Sorry for the double post.

I think I found the prob but I can't solve it.
the function encryptdata() only defines $passmd5 and $passenc so I can't just use the following.

$password = mysql_real_escape_string($_POST['password']);
$securepass = encryptdata($password);

I've tried doing this but it doesn't work.

encryptdata($password);
$get="INSERT INTO Users (username, password, campname, leadername) VALUES ('$username','$passenc','$campname','$leadername')";

kostis12345

OK,I fixed it

I changed the function to the following and the hash is stored in a Session.

function encryptdata($string)
{
$stringmd5 = md5($string);
$stingmd5andsha1 = sha1($stringmd5);
$_SESSION['stringenc'] = $stingmd5andsha1;
}

here's the new register.php(only the part I changed)

$username = mysql_real_escape_string($_POST['username']);
			$password = mysql_real_escape_string($_POST['password']);
			encryptdata($password);
			$securepass = $_SESSION['stringenc'];

		$campname = mysql_real_escape_string($_POST['campname']);
		$leadername = mysql_real_escape_string($_POST['leadername']);

			$get="INSERT INTO Users (username, password, campname, leadername) VALUES ('$username','$securepass','$campname','$leadername')";