Registration / Image Upload Problem

nbewley

Hi there,

Not sure if anyone can help me with a coding problem that has arisen when creating a user registration system with an image upload. Everything was working great until I began coding the image upload feature (I want to force users to add a profile picture image when registering). If all the parameters are entered correctly, the script works properly and will upload their picture and display it with their other profile information. However, I am getting an undefined index error that is conflicting with the scripts internal error reporting, thereby causing it to fail.

Here is the relevant php:

if (isset ($_POST['username'])){

 $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers
 $gender = preg_replace('#[^a-z]#i', '', $_POST['gender']); // filter everything but lowercase letters
 $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); // filter everything but numbers
 $b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); // filter everything but numbers
 $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); // filter everything but numbers
 $email1 = $_POST['email1'];
 $email2 = $_POST['email2'];
 $pass1 = $_POST['pass1'];
 $pass2 = $_POST['pass2'];
 $user_pic = $_POST['user_pic'];

 include_once "scripts/connect_to_mysql.php";
 $emailCHecker = mysql_real_escape_string($email1);
 $emailCHecker = str_replace("`", "", $emailCHecker);
 $sql_uname_check = mysql_query("SELECT username FROM myMembers WHERE username='$username'"); 
 $uname_check = mysql_num_rows($sql_uname_check);
 $sql_email_check = mysql_query("SELECT email FROM myMembers WHERE email='$emailCHecker'");
 $email_check = mysql_num_rows($sql_email_check);
 if ((!$username) || (!$gender) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2) || (!$user_pic)) { 

 $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';

 if(!$username){ 
   $errorMsg .= ' * User Name<br />';
 } 
 if(!$gender){ 
   $errorMsg .= ' * Gender: Confirm your sex.<br />';
 } 	
 if(!$b_m){ 
   $errorMsg .= ' * Birth Month<br />';      
 }
 if(!$b_d){ 
   $errorMsg .= ' * Birth Day<br />';        
 } 
 if(!$b_y){ 
   $errorMsg .= ' * Birth year<br />';        
 } 		
 if(!$email1){ 
   $errorMsg .= ' * Email Address<br />';      
 }
 if(!$email2){ 
   $errorMsg .= ' * Confirm Email Address<br />';        
 } 	
 if(!$pass1){ 
   $errorMsg .= ' * Login Password<br />';      
 }
 if(!$pass2){ 
   $errorMsg .= ' * Confirm Login Password<br />';        
 } 	
 if(!$user_pic){ 
   $errorMsg .= ' * Add a Profile Plank<br />';        
 } 	

 } else if ($email1 != $email2) {
          $errorMsg = 'ERROR: Your Email fields below do not match<br />';
 } else if ($pass1 != $pass2) {
          $errorMsg = 'ERROR: Your Password fields below do not match<br />';
 } else if ($humancheck != "") {
          $errorMsg = 'ERROR: The Human Check field must be cleared to be sure you are human<br />';		 
 } else if (strlen($username) < 4) {
           $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />"; 
 } else if (strlen($username) > 20) {
           $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />"; 
 } else if ($uname_check > 0){ 
          $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />"; 
 } else if ($email_check > 0){ 
          $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />"; 
 } else if ($_FILES['user_pic']['tmp_name'] != "") { 
        $maxfilesize = 51200; // 51200 bytes equals 50kb
        if($_FILES['user_pic']['size'] > $maxfilesize ) { 

                    $error_msg = '<font color="#FF0000">ERROR: Your image was too large, please try again.</font>';
                    unlink($_FILES['user_pic']['tmp_name']); 

        } else if (!preg_match("/\.(gif|jpg|png)$/i", $_FILES['user_pic']['name'] ) ) {

                    $error_msg = '<font color="#FF0000">ERROR: Your image was not one of the accepted formats, please try again.</font>';
                    unlink($_FILES['user_pic']['tmp_name']); 
		}

} { 
 $email1 = mysql_real_escape_string($email1);
 $pass1 = mysql_real_escape_string($pass1);
 $db_password = md5($pass1); 
 $full_birthday = "$b_y-$b_m-$b_d";
 $ipaddress = getenv('REMOTE_ADDR');

 $sql = mysql_query("INSERT INTO myMembers (username, gender, birthday, email, password, ipaddress, sign_up_date) 
 VALUES('$username','$gender','$full_birthday','$email1','$db_password', '$ipaddress', now())")  
 or die (mysql_error());

 $id = mysql_insert_id();

 mkdir("members/$id", 0755);
      $newname = "image01.jpg";
      $place_file = move_uploaded_file( $_FILES['user_pic']['tmp_name'], "members/$id/".$newname);


   include_once 'msgToUser.php'; 
   exit();

   }

} else { // if the form is not posted with variables, place default empty variables so no warnings or errors show

  $errorMsg = "";
  $username = "";
  $gender = "";
  $b_m = "";
  $b_d = "";
  $b_y = "";
  $email1 = "";
  $email2 = "";
  $pass1 = "";
  $pass2 = "";
  $user_pic = "";
}

And the html form:

    <table class="table_f" width="100%" cellpadding="3"> 
       <form action="register.php" method="post" enctype="multipart/form-data">
          <tr>
            <td colspan="2"><font color="#94A0D1"><?php print "$errorMsg"; ?></font></td></tr>       

          <tr><td><h11>Add Profile Photo: </h11></td>         

              <td width="521"><input name="user_pic" type="file" class="formFields" id="user_pic" size="42" />
              50 kb max </td></tr> 
          <tr><td>
              <input type="submit" style="color: #a2a2a2; font-family: helvetica; font-size: 11px; letter-spacing: 1px" name="Submit" value="Register" /></td></tr>
        </form>
      </table>

I am getting an undefined index for "user_pic" on line

$user_pic = $_POST['user_pic'];

that seems to be conflicting with the scripts internal error reporting. When everything is entered properly, the script works fine. But if the user inputs incorrect information (i.e. image too large, duplicate username, invalid email, etc) the script fails.

Does anyone have any ideas? I feel as if I have painted myself into a corner.

Thanks in advance for any suggestions.
nbewley

johanafm

If there was an error uploading the file, such as file exceeding max file size or max post size, there will obviously be no file. Always check $_FILES['...']['error']: [man]features.file-upload[/man]

Derokorian

Access file uploaded via the $FILES superglobal not the $POST:

$user_pic = $_FILES['user_pic'];

The $FILES array is actually multidimensional. $FILES['user_pic'] is an array with keys including 'error' 'temp_name' and 'name'

HTH

nbewley

Thank you very much for your advice.

I changed $user_pic = $_FILES['user_pic'];

which seemed to get me past many of the error pitfalls. However, I am still getting some undefined variables when trying to post to the form. I am able to report most of the errors, but I think that there is something wrong with how I have constructed:

		if(!preg_match("/\.(gif|jpg|png)$/i", $_FILES['user_pic']['name'])) {
       			$errorMsg .= ' * Your image was in an unacceptable format<br />';        

       			unlink($_FILES['user_pic']['tmp_name']); 
			}

Thanks for any suggestions. The current status of the php code is listed below for clarification.

Thanks again. I'm still up at 430 am on day 6 of trying to figure this out, so every suggestion is appreciated.

<?php
$from = ""; // Initialize the email from variable
// This code runs only if the username is posted
if (isset ($_POST['username'])){

 $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers
 $gender = preg_replace('#[^a-z]#i', '', $_POST['gender']); // filter everything but lowercase letters
 $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); // filter everything but numbers
 $b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); // filter everything but numbers
 $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); // filter everything but numbers
 $email1 = $_POST['email1'];
 $email2 = $_POST['email2'];
 $pass1 = $_POST['pass1'];
 $pass2 = $_POST['pass2'];
 $user_pic = $_FILES['user_pic'];

 $humancheck = $_POST['humancheck'];

 $email1 = stripslashes($email1); 
 $pass1 = stripslashes($pass1); 
 $email2 = stripslashes($email2);
 $pass2 = stripslashes($pass2); 

 $email1 = strip_tags($email1);
 $pass1 = strip_tags($pass1);
 $email2 = strip_tags($email2);
 $pass2 = strip_tags($pass2);

 // Connect to database
 include_once "scripts/connect_to_mysql.php";
 $emailCHecker = mysql_real_escape_string($email1);
 $emailCHecker = str_replace("`", "", $emailCHecker);
 // Database duplicate username check setup for use below in the error handling if else conditionals
 $sql_uname_check = mysql_query("SELECT username FROM myMembers WHERE username='$username'"); 
 $uname_check = mysql_num_rows($sql_uname_check);
 // Database duplicate e-mail check setup for use below in the error handling if else conditionals
 $sql_email_check = mysql_query("SELECT email FROM myMembers WHERE email='$emailCHecker'");
 $email_check = mysql_num_rows($sql_email_check);

 // Error handling for missing data
 if ((!$username) || (!$gender) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2) || (!$user_pic)) { 

 $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';

 if(!$username){ 
   $errorMsg .= ' * User Name<br />';
 } 
 if(!$gender){ 
   $errorMsg .= ' * Gender: Confirm your sex.<br />';
 } 	
 if(!$b_m){ 
   $errorMsg .= ' * Birth Month<br />';      
 }
 if(!$b_d){ 
   $errorMsg .= ' * Birth Day<br />';        
 } 
 if(!$b_y){ 
   $errorMsg .= ' * Birth year<br />';        
 } 		
 if(!$email1){ 
   $errorMsg .= ' * Email Address<br />';      
 }
 if(!$email2){ 
   $errorMsg .= ' * Confirm Email Address<br />';        
 } 	
 if(!$pass1){ 
   $errorMsg .= ' * Login Password<br />';      
 }
 if(!$pass2){ 
   $errorMsg .= ' * Confirm Login Password<br />';        
 } 	
 if(!$user_pic){ 
   $errorMsg .= ' * Add a Profile Photo<br />';        
 } 

 } else if ($email1 != $email2) {
          $errorMsg = 'ERROR: Your Email fields below do not match<br />';
 } else if ($pass1 != $pass2) {
          $errorMsg = 'ERROR: Your Password fields below do not match<br />';
 } else if ($humancheck != "") {
          $errorMsg = 'ERROR: The Human Check field must be cleared to be sure you are human<br />';		 
 } else if (strlen($username) < 4) {
           $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />"; 
 } else if (strlen($username) > 20) {
           $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />"; 
 } else if ($uname_check > 0){ 
          $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />"; 
 } else if ($email_check > 0){ 
          $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />"; 

 } else if ($_FILES['user_pic']['tmp_name'] != "") { 
        $maxfilesize = 51200; // 51200 bytes equals 50kb
        if($_FILES['user_pic']['size'] > $maxfilesize ) { 
   			$errorMsg .= ' * Your image was too large<br />';        
            unlink($_FILES['user_pic']['tmp_name']); 

		}

		if(!preg_match("/\.(gif|jpg|png)$/i", $_FILES['user_pic']['name'])) {
   			$errorMsg .= ' * Your image was in an unacceptable format<br />';        
   			unlink($_FILES['user_pic']['tmp_name']); 
		}
 } else { 
 $email1 = mysql_real_escape_string($email1);
 $pass1 = mysql_real_escape_string($pass1);

 // Add MD5 Hash to the password variable
 $db_password = md5($pass1); 

 // Convert Birthday to a DATE field type format(YYYY-MM-DD) out of the month, day, and year supplied 
 $full_birthday = "$b_y-$b_m-$b_d";

 // GET USER IP ADDRESS
 $ipaddress = getenv('REMOTE_ADDR');

 // Add user info into the database table for the main site table
 $sql = mysql_query("INSERT INTO myMembers (username, gender, birthday, email, password, ipaddress, sign_up_date) 
 VALUES('$username','$gender','$full_birthday','$email1','$db_password', '$ipaddress', now())")  
 or die (mysql_error());

 $id = mysql_insert_id();

 // Create directory(folder) to hold each user's files(pics, MP3s, etc.)		
 mkdir("members/$id", 0755);	
                    $newname = "image01.jpg";
                    $place_file = move_uploaded_file( $_FILES['user_pic']['tmp_name'], "members/$id/".$newname);
  } // Close else after duplication checks

} else { // if the form is not posted with variables, place default empty variables so no warnings or errors show

  $errorMsg = "";
  $username = "";
  $gender = "";
  $b_m = "";
  $b_d = "";
  $b_y = "";
  $email1 = "";
  $email2 = "";
  $pass1 = "";
  $pass2 = "";
  $user_pic = "";
}

?>

bradgrafelman

nbewley;10986653 wrote:
However, I am still getting some undefined variables when trying to post to the form.

What are the exact error messages? It's hard for us to help you if you just tell us there are errors rather than telling us what those errors actually are.

nbewley;10986653 wrote:
I am able to report most of the errors, but I think that there is something wrong with how I have constructed:
		if(!preg_match("/\.(gif|jpg|png)$/i", $_FILES['user_pic']['name'])) {
       			$errorMsg .= ' * Your image was in an unacceptable format<br />';        

       			unlink($_FILES['user_pic']['tmp_name']); 
			}

Why do you think that? Does something not work? If not, what happens versus what was expected?

Also note that PHP automatically deletes temporary uploaded files if they haven't been moved by the time your script ends.

For an overall review of the code (since I have no idea what is specifically wrong with it):

First and foremost, you need to find a coding style that fits you best and learn it (and subsequently stick to it). It's really hard to read and understand code (even your own, let alone someone else's) when you don't consistently follow any sort of rules about whitespace, indentation, line breaks, etc.

$from = ""; // Initialize the email from variable

This variable is never used.

$username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers
	 $gender = preg_replace('#[^a-z]#i', '', $_POST['gender']); // filter everything but lowercase letters
	 $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); // filter everything but numbers
     $b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); // filter everything but numbers
	 $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); // filter everything but numbers

Why are you doing all of this "filtering" on the user input?

If I submitted my username as "Brad G" and your script 'filtered' it to "BradG", I would have no clue why there is no such account as "Brad G" since that is what I submitted.

$email1 = stripslashes($email1); 
     $pass1 = stripslashes($pass1); 
     $email2 = stripslashes($email2);
     $pass2 = stripslashes($pass2);

Why are you using [man]stripslashes/man? You shouldn't be.. unless magic_quotes_gpc is enabled, in which case you should simply disable it.

```
	 
     $email1 = strip_tags($email1);
     $pass1 = strip_tags($pass1);
     $email2 = strip_tags($email2);
     $pass2 = strip_tags($pass2);
```
Again, why are you using [man]strip_tags/man here and changing the user's data?

If I tell you my password is "<bradgrocks>", why would you silently change that into an empty string (thanks to strip_tags()) and then blame me for entering a blank password?

Same with e-mail address - if you remove parts of the e-mail address I give you, do you think it will still work? Of course not! So why do it?
```
$emailCHecker = str_replace("`", "", $emailCHecker);
```
More of the same as above; why are you changing the data into something else? Why not go further and change "@" to "a", or "b" to "c", or ...

	 // Database duplicate username check setup for use below in the error handling if else conditionals
	 $sql_uname_check = mysql_query("SELECT username FROM myMembers WHERE username='$username'"); 
     $uname_check = mysql_num_rows($sql_uname_check);
     // Database duplicate e-mail check setup for use below in the error handling if else conditionals
     $sql_email_check = mysql_query("SELECT email FROM myMembers WHERE email='$emailCHecker'");
     $email_check = mysql_num_rows($sql_email_check);

For optimization, you could eliminate this entire section and just perform the INSERT query, checking to see if it fails due to duplicate entry for one of the UNIQUE keys on the username or email column. That is, of course, assuming you've properly designed the table and included such indexes.

     // Error handling for missing data
     if ((!$username) || (!$gender) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2) || (!$user_pic)) {

 $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';

 if(!$username){ 
   $errorMsg .= ' * User Name<br />';
 } 
 if(!$gender){ 
   $errorMsg .= ' * Gender: Confirm your sex.<br />';
 } 	
 if(!$b_m){ 
   $errorMsg .= ' * Birth Month<br />';      
 }
 if(!$b_d){ 
   $errorMsg .= ' * Birth Day<br />';        
 } 
 if(!$b_y){ 
   $errorMsg .= ' * Birth year<br />';        
 } 		
 if(!$email1){ 
   $errorMsg .= ' * Email Address<br />';      
 }
 if(!$email2){ 
   $errorMsg .= ' * Confirm Email Address<br />';        
 } 	
 if(!$pass1){ 
   $errorMsg .= ' * Login Password<br />';      
 }
 if(!$pass2){ 
   $errorMsg .= ' * Confirm Login Password<br />';        
 } 	
 if(!$user_pic){ 
   $errorMsg .= ' * Add a Profile Photo<br />';        
 }

Be careful with just negating all of those values and doing a boolean comparison. It's not clear what is meant; consider writing more meaningful expressions (that actually do what was intended as a bonus! 😉) e.g. using [man]empty/man, [man]strlen[/man], etc.

     } else if ($email1 != $email2) {
              $errorMsg = 'ERROR: Your Email fields below do not match<br />';
     } else if ($pass1 != $pass2) {
              $errorMsg = 'ERROR: Your Password fields below do not match<br />';
     } else if ($humancheck != "") {
              $errorMsg = 'ERROR: The Human Check field must be cleared to be sure you are human<br />';		 
     } else if (strlen($username) < 4) {
	           $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />"; 
     } else if (strlen($username) > 20) {
	           $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />"; 
     } else if ($uname_check > 0){ 
              $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />"; 
     } else if ($email_check > 0){ 
              $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />"; 

 }

Why the sudden switch to one long 'if/elseif/elseif/..' branch? If the first if() condition is met, none of the others will even be checked (which is the opposite behavior of the previous series of if() statements above).

            if($_FILES['user_pic']['size'] > $maxfilesize ) { 
       			$errorMsg .= ' * Your image was too large<br />';        

                unlink($_FILES['user_pic']['tmp_name']); 

		}

		if(!preg_match("/\.(gif|jpg|png)$/i", $_FILES['user_pic']['name'])) {
   			$errorMsg .= ' * Your image was in an unacceptable format<br />';        
   			unlink($_FILES['user_pic']['tmp_name']); 
		}

Even if the first if() statement is met and the file is removed, the second if() statement will still execute and not only be checking the filename of a file that was already rejected and deleted, but it also attempts to delete that already deleted file.

```
     $pass1 = mysql_real_escape_string($pass1);

 // Add MD5 Hash to the password variable
 $db_password = md5($pass1); 
```
If you're going to hash the user-supplied data, there's really no need to sanitize it first.
```
	 // Convert Birthday to a DATE field type format(YYYY-MM-DD) out of the month, day, and year supplied 
	 $full_birthday = "$b_y-$b_m-$b_d";
```
This code comment is misleading; there really is no "converting" taking place here - just concatenation. If I enter my birth month and day as "5" and "7" respectively, you'll end up with a date looking like 1989-5-7 (which MySQL is going to reject since it's not a YYYY-MM-DD date).

In addition (and even more importantly), you're not sanitizing the user-supplied data at all before putting it into a SQL query.

To solve both problems at once, consider using [man]sprintf/man (which will allow you to use placeholders like '%02u' to not only cast the data to an integer but also force that integer to be left-padding with 0's to a minimum width of two).

Bonus points if you use [man]checkdate/man to verify that they actually give you a valid date as well.

else { // if the form is not posted with variables, place default empty variables so no warnings or errors show

  $errorMsg = "";
  $username = "";
  $gender = "";
  $b_m = "";
  $b_d = "";
  $b_y = "";
  $email1 = "";
  $email2 = "";
  $pass1 = "";
  $pass2 = "";
  $user_pic = "";
}

?>

Is there more that you haven't shown us? If not, then this last section makes no sense - the script ends after the outer if() statement, so why would warnings or errors show if you didn't initialize a bunch of variables right before your script simply ends?

nbewley

Okay…

Well, not quite sure whether to feel encouraged or beaten down.

I felt very close to having the correct code, considering that I was able to register users and upload their images to the appropriate locations and generate "most" of the proper error messages. The only problem has come in displaying "all" of the appropriate error messages (those associated with the image upload).

I will attempt a full rewrite of the code structure as you suggest, but if anyone has any advice that might allow me to fix my current code I would very much appreciate it.

nbewley

After many failed attempts to get the former implementation to work, I am trying to rework the code in a new format.

I understand that there might be many errors in my construction, but any helpful thoughts would be appreciated.

<?php

// sorry guessing here with this first line. Not sure if this is the appropriate way to construct the isset(). Not sure if && is the proper comparison.
if( isset( $_FILES['user_pic'] ) && isset( $_POST['username'] ) ) {
    $username = isset( $_POST['username'] ) ? $_POST["username"] : '';
    $gender = isset( $_POST['gender'] ) ? $_POST["gender"] : '';
    $b_m = isset( $_POST['b_m'] ) ? $_POST["b_m"] : '';
    $b_d = isset( $_POST['b_d'] ) ? $_POST["b_d"] : '';
    $b_y = isset( $_POST['b_y'] ) ? $_POST['b_y'] : '';
    $email1 = isset( $_POST['email1'] ) ? $_POST["email1"] : '';
    $email2 = isset( $_POST['email2'] ) ? $_POST["email2"] : '';
    $pass1 = isset( $_POST['pass1'] ) ? $_POST["pass1"] : '';
    $pass2 = isset( $_POST['pass2'] ) ? $_POST["pass2"] : '';
    $user_pic = isset( $_FILES['user_pic'] ) ? $_FILES["user_pic"] : '';

include_once "scripts/connect_to_mysql.php";
$emailCHecker = mysql_real_escape_string($email1);
$emailCHecker = str_replace("`", "", $emailCHecker);
$sql_uname_check = mysql_query("SELECT username FROM myMembers WHERE username='$username'"); 
$uname_check = mysql_num_rows($sql_uname_check);
$sql_email_check = mysql_query("SELECT email FROM myMembers WHERE email='$emailCHecker'");
$email_check = mysql_num_rows($sql_email_check);

$maxfilesize = 51200; 

$errormessage =  array();
if( empty( $username ) )
    $errormessage[] = "Please enter a username";
if( empty( $gender ) )
    $errormessage[] = "Please identify your gender";
if( empty( $b_m ) )
    $errormessage[] = "Please select the month of your birth";
if( empty( $b_d ) )
    $errormessage[] = "Please select the day of your birth";
if( empty( $b_y ) )
    $errormessage[] = "Please select the year you were born";
if( empty( $email1 ) )
    $errormessage[] = "Please enter your email address";
if( empty( $email2 ) )
    $errormessage[] = "Please verify your email by re-entering it";
if( empty( $pass1 ) )
    $errormessage[] = "Please enter a password";
if( empty( $pass2 ) )
    $errormessage[] = "Please verify your password by re-entering it";
if( $email1 != $email2 )
    $errormessage[] = "Your email entries do not match";
if( $pass1 != $pass2 )
    $errormessage[] = "Your password entries do not match";
if( strlen( $username ) < 4 ) 
    $errormessage[] = "Your username must be longer than 4 characters";
if( strlen( $username ) > 20 )
    $errormessage[] = "Your username must be shorter than 20 characters";
if( $uname_check > 0 )
    $errormessage[] = "Your username is already inside of our system";
if( $email_check > 0 )
    $errormessage[] = "Your email is already inside of our system";
if( $_FILES['user_pic']['tmp_name'] != "" )
    $errormessage[] = "You must upload an image";
    unlink($_FILES['user_pic']['tmp_name']); 
if( $_FILES['user_pic']['size'] > $maxfilesize )
    $errormessage[] = "Your image is too large";
    unlink($_FILES['user_pic']['tmp_name']); 
if( !preg_match("/\.(gif|jpg|png)$/i", $_FILES['user_pic']['name'] ) )
    $errormessage[] = "Your image is in an unacceptabe format";
    unlink($_FILES['user_pic']['tmp_name']); 
    // sorry guessing here with this.
if( $_FILES['user_pic']['error'] == 4 )
    $errormessage[] = "There was an error uploading your image";
    unlink($_FILES['user_pic']['tmp_name']); 

} else {

// Add MD5 Hash to the password variable
$db_password = md5($pass1); 

// Convert Birthday to a DATE field type format(YYYY-MM-DD) out of the month, day, and year supplied 
$full_birthday = "$b_y-$b_m-$b_d";

// GET USER IP ADDRESS
$ipaddress = getenv('REMOTE_ADDR');

// Add user info into the database table for the main site table
$sql = mysql_query("INSERT INTO myMembers (username, gender, birthday, email, password, ipaddress, sign_up_date) 
VALUES('$username','$gender','$full_birthday','$email1','$db_password', '$ipaddress', now())")  
or die (mysql_error());

$id = mysql_insert_id();

// Create directory to hold each user's files(pics, MP3s, etc.)		
mkdir("members/$id", 0755);	
$newname = "image01.jpg";
$place_file = move_uploaded_file( $_FILES['user_pic']['tmp_name'], "members/$id/".$newname);

}

?>

The html form is as follows:

<table class="table_f" width="100%" cellpadding="3">

<form action="register.php" method="post" enctype="multipart/form-data">

    <tr><td colspan="2"><font color="#94A0D1"><?php print "$errormessage"; ?></font></td></tr>       
    <tr><td><h11>User Name:</h11></td><td><input name="username" type="text" class="formFields" id="username" value="<?php print "$username"; ?>" size="32" maxlength="20" /></tr>

    <tr><td><h11>Gender:</h11></td>
    <td><label><input name="gender" style="color: #a2a2a2; font-family: 'light', Verdana; font-size: 11px; letter-spacing: 1px" type="radio" id="gender" value="m" checked="checked" />Male &nbsp;<input type="radio" name="gender" id="gender" value="f" />Female</label></td></tr>

    <tr><td><h11>Date of Birth: </h11></td>
    <td>
        <select name="birth_month" class="formFields" id="birth_month">
        <option value="<?php print "$b_m"; ?>"><?php print "$b_m"; ?></option>
        <option value="01">January</option>
        <option value="02">February</option>
        <option value="03">March</option>
        <option value="04">April</option>
        <option value="05">May</option>
        <option value="06">June</option>
        <option value="07">July</option>
        // etc.. other values removed for space considerations

        </select> 
        <select name="birth_day" class="formFields" id="birth_day">
        <option value="<?php print "$b_d"; ?>"><?php print "$b_d"; ?></option>
        <option value="01">1</option>
        <option value="02">2</option>
        <option value="03">3</option>
        <option value="04">4</option>
        <option value="05">5</option>
        // etc..

        </select> 
        <select name="birth_year" class="formFields" id="birth_year">
        <option value="<?php print "$b_y"; ?>"><?php print "$b_y"; ?></option>
        <option value="2010">2010</option>
        <option value="2009">2009</option>
        <option value="2008">2008</option>
        <option value="2007">2007</option>
        <option value="2006">2006</option>
        // etc.

        </select> 
    </td></tr>                  

    <tr><td><h11>Email Address: </h11></td>
    <td><input name="email1" type="text" class="formFields" id="email1" value="<?php print "$email1"; ?>" size="32" maxlength="48" /></td></tr>

    <tr><td><h11>Confirm Email: </h11></td>
    <td><input name="email2" type="text" class="formFields" id="email2" value="<?php print "$email2"; ?>" size="32" maxlength="48" /></td></tr>

    <tr><td><h11>Create Password: </h11></td>
    <td><input name="pass1" type="password" class="formFields" id="pass1" size="32" maxlength="16" /></tr>

    <tr><td><h11>Confirm Password: </h11></td>
    <td><input name="pass2" type="password" class="formFields" id="pass2" size="32" maxlength="16" /></tr>

    <tr><td><h11>Add Profile Photo: </h11></td>         
    <td width="521"><input name="user_pic" type="file" class="formFields" id="user_pic" size="42" /> 50 kb max </td></tr> 

    <tr><td>&nbsp;</td>
    <td><input type="submit" style="color: #a2a2a2; font-family: helvetica; font-size: 11px; letter-spacing: 1px" name="Submit" value="Register" /></td></tr>

</form>

</table>
<br />
</div>
<?php include_once "footer_template.php"; ?>
</div>
</body>
</html>

Currently, the script is generating this error code:

"Warning: mysql_query() [function.mysql-query]: Access denied for user 'nbewley'@'localhost' (using password: NO) in /home/nbewley/public_html/manualprintcompany.com/register.php on line 82

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/nbewley/public_html/manualprintcompany.com/register.php on line 82
Access denied for user 'nbewley'@'localhost' (using password: NO)"

which corresponds with the query:

$sql = mysql_query("INSERT INTO myMembers (username, gender, birthday, email, password, ipaddress, sign_up_date) 
    VALUES('$username','$gender','$full_birthday','$email1','$db_password', '$ipaddress', now())")  

    or die (mysql_error());

Truthfully, I'm guessing here a bit, but hoping to piece together my knowledge into a workable piece of code. I'm not sure why my query is now generating an error, to begin with. The query is the same that I was using before (which was working) and the database values are the same. I'm sure something is wrong with the way I have structured the code, but I'm not sure what.

Thanks in advance for any advice.
nbewley

Derokorian

Read the error message, it tells you exaclty why its not working:

Access denied for user 'nbewley'@'localhost' (using password: NO)

You're connect_to_mysql script is not functioning properly. and you apparently don't have error checking to make sure you are connected before continuing.

nbewley

Thanks for your input.

I understand that the script is no longer connecting to the database. However, I do not understand why the script is no longer connecting to the database because I did not change the file "scripts/connect_to_mysql.php." In the other implementation of my registration form (posted above), the same call:

 include_once "scripts/connect_to_mysql.php";

allows me to connect to the database. I am not sure why this call no longer is working. Is there anything else concerning the structure of my code that could be generating this error:

"Warning: mysql_query() [function.mysql-query]: Access denied for user 'nbewley'@'localhost' (using password: NO) in /home/nbewley/public_html/manualprintcompany.com/register.php on line 82

I really appreciate any input. Thanks for your time.

nbewley

I tried another method to check for error messages. This time, I had no problems connecting to the database using the same script "connect_to_mysql" and the same sql queries (still not sure why).

However, I still am having problems displaying the error messages appropriately. I believe that it may be in the way that I am constructing my isset() statements, but I would appreciate any relevant suggestions. Here is another way that I have tried to formulate the php. The script is now generating no errors at all, whereas before the defined errors were being printed to the page. I understand that there is a logical problem with my construction of this form, but have yet to figure out why. If anyone has a suggestion, I would very much appreciate it. Below is the newest re-write:

<?php

if (isset($_POST['username'], $_POST['gender'], $_POST['b_m'], $_POST['b_d'], $_POST['b_y'], $_POST['email1'], $_POST['email2'], $_POST['pass1'], $_POST['pass2'], $_FILES['user_pic'])) {

$image_name = $_FILES['user_pic']['name'];
$image_size = $_FILES['user_pic']['size'];
$image_temp = $_FILES['user_pic']['tmp_name'];

$allowed_ext = array('jpg', 'jpeg', 'png', 'gif');
$image_ext = strtolower(end(explode('.', $image_name)));

$username = $_POST['username'];
$gender = $_POST['gender'];
$b_m = $_POST['b_m'];
$b_d = $_POST['b_d'];
$b_y = $_POST['b_y'];
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$user_pic = $_FILES['user_pic'];

include_once "scripts/connect_to_mysql.php";
$emailCHecker = mysql_real_escape_string($email1);
$emailCHecker = str_replace("`", "", $emailCHecker);
$sql_uname_check = mysql_query("SELECT username FROM myMembers WHERE username='$username'"); 
$uname_check = mysql_num_rows($sql_uname_check);
$sql_email_check = mysql_query("SELECT email FROM myMembers WHERE email='$emailCHecker'");
$email_check = mysql_num_rows($sql_email_check);

$errors = array();

if (empty($username) || empty($gender) || empty($b_m) || empty($b_d) || empty($b_y) || empty($email1) || empty($email2) || empty($pass1) || empty($pass2) || empty($user_pic)) {
	$errors[] = 'You did not include all of the required inputs';

} else {

	if ($email1 != $email2) {
		$errors[] = 'Your email inputs did not match';
	}

	if ($pass1 != $pass2) {
		$errors[] = 'Your email inputs did not match';
	}

	if (strlen($username) < 4) {
		$errors[] = 'Your username must be at least 4 characters';
	}

	if (strlen( $username ) > 20) {
		$errors[] = 'Your username must be less than 20 characters';
	}

	if ($uname_check > 0) {
		$errors[] = 'Your username already exists in our system';
	}

	if ($email_check > 0) {
		$errors[] = 'Your email address already exists in our system';
	}

	if (in_array($image_ext, $allowed_ext) === false) {
		$errors[] = 'File type not allowed';
	}

	if ($image_size > 2097152) {
		$errors[] = 'Maximum file size is 2mb';
	}

}

if (!empty($errors)) {
	foreach ($errors as $error) {
		echo $error, '<br />';
	}

} else {

	$db_password = md5($pass1); 
	$full_birthday = "$b_y-$b_m-$b_d";
	$ipaddress = getenv('REMOTE_ADDR');

	$sql = mysql_query("INSERT INTO myMembers (username, gender, birthday, email, password, ipaddress, sign_up_date) 
	VALUES('$username','$gender','$full_birthday','$email1','$db_password', '$ipaddress', now())")  
	or die (mysql_error());

	$id = mysql_insert_id();

	mkdir("members/$id", 0755);	
	$newname = "image01.jpg";
	$place_file = move_uploaded_file( $_FILES['user_pic']['tmp_name'], "members/$id/".$newname);

}
}

?>

Thanks!
nbewley