Sniffy Posted May 21, 2007 Share Posted May 21, 2007 So i have been working on a registration script for my site. It seems to be going quite smoothly until i came into an error in my script that i might be overlooking and need advice on.Ok, so here's what i put in on my form for my username:Username: tss909Here is my script for regProcess.php <?phpsession_start();//if already logged in, redirect to home pageif(isset($_SESSION['userName'])){ echo "<script type='text/javascript'>window.location = 'index.php';</script>";}//connect to host$con = mysql_connect("fdb1.awardspace.com", ".;..;;.;;..", ".;l;.;.;;..") or die(mysql_error());//select databasemysql_select_db("sniffygerbil_db", $con);$userName = htmlentities($_POST['userName']);if(preg_match("/^[a-zA-Z0-9]{3,16}$/", $userName)){ $checkUserName = mysql_query("SELECT userName FROM basicUserInfo WHERE userName='".$userName."'"); if(!$checkUserName) { //if username wasn't found insert it into the database $insertUserName = true; } else { $insertUserName = false; }}else{ $insertUserName = false;}//Check to make sure password is valid, insert it into database under new user name or stop processif($_POST['password'] == $_POST['confirmPassword']){ $password = htmlentities($_POST['password']); if(preg_match("/^[a-zA-Z0-9]{3,8}$/", $password)) { $insertPassword = true; } else { $insertPassword = false; }}else{ $insertPassword = false;}if($_POST['email'] == $_POST['confirmEmail']){ $email = htmlentities($_POST['email']); if(preg_match("/^[a-zA-Z0-9._-]{6,50}$/", $email)) { $insertEmail = true; } else { $insertEmail = false; }}else{ $insertEmail = false;}$furColor = $_POST['furColor'];$eyeColor = $_POST['eyeColor'];//if all required fields are accurate, insert newly created user into the databaseif($insertUserName && $insertPassword && $insertEmail){ $insertAll = mysql_query("INSERT INTO basicUserInfo VALUES ('".$userName."', '".$password."', '".$email."', '".$furColor."', '".$eyeColor."', 1, 0, 100, 0, 'no')"); if(!$insertAll) { $insertUserName = false; $insertPassword = false; $insertEmail = false; } else { echo "Success! You are now registered as:".$userName."!"; $regMailMessage = "Congratulations! You are now a member of Gerbius. Your user name is:".$userName.". Your password is:".$password.". [url="http://sniffygerbil.com";"]http://sniffygerbil.com";[/url] mail($email, "Gerbius Registration", $regMailMessage); }}//if not, alert the user on their errorselseif(!$insertUserName){ echo "User name was invalid. This could be that your desired user name was already taken."; echo "This could also be the fact that your user name was not between 3 to 16 characters in length."; echo "This could also be the fact that your user name was not made up of only alpha-numeric characters.";}elseif(!$insertPassword){ echo "Password was invalid. This could be that your password was not between 3 to 8 characters in length."; echo "This could also be the fact that your password was not made up of only alpha-numberic characters.";}elseif(!$insertEmail){ echo "Email was invalid. Please make sure your email is between 6 to 50 characters in length."; echo "Make sure your email address is also made up of alpha-numeric characters and \"-\",\".\",\"_\", only!";}?> Here is register.php with the form <?php//if already logged in, redirect to home pageif(isset($_SESSION['userName'])){ echo "<script type='text/javascript'>window.location = 'index.php';</script>";}?><html> <head> <title>Gerbius - Registration</title> </head> <body> <form action="regProcess.php" method="post"> Username: <input type="text" name="userName" /> <br /> Password: <input type="password" name="password" /> <br /> Confirm Password: <input type="text" name="confirmPassword" /> <br /> Email: <input type="text" name="email" /> <br /> Confirm Email: <input type="text" name="confirmEmail" /> <br /> Fur Color: <select name="furColor"> <option value="gold">Gold</option> <option value="white">White</option> <option value="red">Red</option> <option value="brown">Brown</option> <option value="black">Black</option> <option value="blue">Blue</option> <option value="green">Green</option> <option value="purple">Purple</option> </select> <br /> Eye Color: <select name="eyeColor"> <option value="white">White</option> <option value="black">Black</option> <option value="blue">Blue</option> <option value="green">Green</option> <option value="red">Red</option> <option value="yellow">Yellow</option> <option value="purple">Purple</option> <option value="brown">Brown</option> </select> <br /> <input type="submit" value="Submit" /> <input type="reset" value="Reset" /> </form> </body></html> When i click on submit, this is what comes up on regProcess.php:User name was invalid. This could be that your desired user name was already taken.This could also be the fact that your user name was between 3 to 16 characters in length.This could also be the fact that your user name was not made up of only alpha-numeric characters. I did enter a valid password though, so what is the problem?It could be a little bug in my script, my as i said, i am probably overlooking it. Link to comment Share on other sites More sharing options...
justsomeguy Posted May 21, 2007 Share Posted May 21, 2007 It's not enough to say this: $checkUserName = mysql_query("SELECT userName FROM basicUserInfo WHERE userName='".$userName."'"); if(!$checkUserName) { The if statement will only be true if the query failed with an error. If the query did not fail, and just returned an empty result set (no rows), the if statement will evaluate that as being true. You are checking if the query failed, not if it returned any results (those are different; a query that returned 0 results did not fail). Instead you need to check if any rows were returned.if(!mysql_num_rows($checkUserName)) Link to comment Share on other sites More sharing options...
astralaaron Posted May 22, 2007 Share Posted May 22, 2007 Hey I am no expert with PHPbut I have made a few successfull registration pages, i changed your script around a littletry this: <?phpsession_start();//if already logged in, redirect to home pageif(isset($_SESSION['userName'])){header('location:index.php');}$con = mysql_connect("fdb1.awardspace.com", ".;..;;.;;..", ".;l;.;.;;..") or die('connection to mysql failed');mysql_select_db("sniffygerbil_db", $con)or die("bad db name");$furColor = $_POST['furColor'];$eyeColor = $_POST['eyeColor'];$userName = htmlentities($_POST['userName']);$email = htmlentities($_POST['email']);$email_confirm = $_POST['confirmEmail'];$pw_confirm = $_POST['confirmPassword'];$pw = $_POST['password'];if(preg_match("/^[a-zA-Z0-9]{3,16}$/", $userName)){ $checkUserName = mysql_query("SELECT * FROM basicUserInfo WHERE userName='$userName'");if(!$checkUserName) { die('error: ' . mysql_error());}$count = mysql_num_rows($checkUserName);if(!$insertUserName && !$insertPassword && !$insertEmail){die('all fields must be filled out')}else if($count > 0){//if username exists then die die('username exists');} //Check to make sure password is valid, insert it into database under new user name or stop processelse if($pw != $pw_confirm){die('password fields did not match') } else if(!preg_match("/^[a-zA-Z0-9]{3,8}$/", $pw)) {die('invalid password');} else if($email != $email_confirm){die('email fields did not match') } else if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/i", $email)) { die('that is not a vaild email address')} else {//if all required fields are accurate, insert newly created user into the database $insertAll = mysql_query("INSERT INTO basicUserInfo VALUES ('$userName', '$password', '$email', '$furColor', '$eyeColor', 1, 0, 100, 0, 'no')");if(!$insertAll) { die('error : ' . mysql_error());} else {$regMailMessage = "Congratulations! You are now a member of Gerbius. Your user name is:".$userName.". Your password is:".$password.". [url="http://sniffygerbil.com";"]http://sniffygerbil.com";[/url]$sentmail = mail($email, "Gerbius Registration", $regMailMessage); }if ($sentmail){echo "Success! You are now registered as:".$userName."!"; }?> I am a little tired though hopefully I didnt have any errors! i did not test it, but give it a try Link to comment Share on other sites More sharing options...
Sniffy Posted May 27, 2007 Author Share Posted May 27, 2007 Thanks guys, but after doing some research of my own i managed to do something simlar to the support i was given.Now I have another problem that i need suggestions on. I don't know PHP that well so it could be a syntax bug that i am unaware of. Anyways, i can sign up, the account was created, but when i try to log in it says user/password was invalid, why is this?logIn.php <?phpsession_start();if(isset($_SESSION['userName'])){ header("location:http://sniffygerbil.com");}?><html> <head> <title>Gerbius - Login</title> </head> <body> <form action='logProcess.php' method='post'> User Name: <input type='text' name='userName' /> <br /> Password: <input type='password' name='password' /> <input type='submit' value='Log In' /> <input type='reset' value='Clear Entry' /> </form> </body></html> logProcess.php (I will be joining the two together after i get this to work) <?phpsession_start();if(isset($_SESSION['userName'])){ header("location:http://sniffygerbil.com");}$userName = htmlentities($_POST['userName']);$password = htmlentities($_POST['password']);//connect to host$con = mysql_connect("fdb1.awardspace.com", "fghghfghfhfg", "hghgfhgfh") or die(mysql_error());//select databasemysql_select_db("sniffygerbil_db", $con) or die("could not connect to db");//validation begins$query = mysql_query("SELECT password FROM basicUserInfo WHERE userName='$userName'") or die(mysql_error());if(mysql_num_rows($query) == 1 && $query == $password){ $_SESSION['userName'] = $userName;}else{ echo "Password or user name was incorrect.";}?> what is my problem? Link to comment Share on other sites More sharing options...
Sniffy Posted May 27, 2007 Author Share Posted May 27, 2007 nevermind, it's ok i managed to fix it just after i posted this problem with the AND keyword in my query Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.