Registration Form Problems [Archive]

Click to See Complete Forum and Search --> : Registration Form Problems

btwoodward

02-24-2005, 01:10 AM

Hi! I was wondering if you saw any problems with the following PHP scripts? I have an online signup form (http://www.bruceworksltd.com/Login.php) that will not recognize the correct password on sign-in, and will not accept new sign-ups. Please help!!! (also, if you enter any state besides the default "Alabama" it comes back with a "required field missing" error.

<B><I>Login.php</b></i>

<?php
/* Program: Login.php
* Desc: Login program for the Members Only section of BruceWorks Ltd. It provides two options: (1) Login<br>
* using an existing Login Name and (2) enter a new login name. Login Names and passwords are stored
* in a MySql database.
*/
session_start();
include("file name hidden for security reasons");
switch (@$_GET['do'])
{
case "login":
$connection = mysql_connect($host, $user,$password) or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection) or die ("Couldn't connect to database.");

$sql = "SELECT loginName FROM Member WHERE loginName='$_POST[fusername]'";
$result = mysql_query($sql) or die("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num == 1) // Login name was found
{
$sql = "SELECT loginName FROM Member WHERE loginName='$_POST[fusername]'
AND password=password('$_POST[fpassword]')";
$result2 = mysql_query($sql) or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['fusername'];
$_SESSION['logname'] = $logname;
$today = date("Y-m-d h:m:s");
$sql = "INSERT INTO Login (loginName,loginTime) VALUES ('$logname','$today')";
mysql_query($sql) or die("Can't execute query.");
header("Location: Member_page.php");
}
else // password is not correct
{
unset($do);
$message="The Login Name, '$_POST[fusername]' exists, but you have not entered the
correct password! Please try
again.<br>";
include("login_form.inc");
}
}
elseif ($num == 0) // login name not found
{
unset($do);
$message = "The Login Name you entered does not exist! Please try again.<br>";
include("login_form.inc");
}
break;

case "new":
foreach($_POST as $field => $value)
{
if ($field != "fax")
{
if ($value == "")
{
unset($_GET['do']);
$message_new = "Required information is missing. Please try again.";
include("login_form.inc");
exit();
}
}
if (ereg("(Name)",$field))
{
/*if (!ereg("^[A-Za-z' -]{1,50}$",$value))
{
unset($_GET['do']);
$message_new = "$field is not a valid name. Please try again.";
include("login_form.inc");
exit();
}*/
}
$$field = strip_tags(trim($value));
} // end foreach
if (!ereg("^[0-9]{5,5}(\-[0-9]{4,4})?$",$zip))
{
unset($_GET['do']);
$message_new = "$zip is not a valid zip code. Please try again.";
include("login_form.inc");
exit();
}
if (!ereg("^[0-9)(xX -]{7,20}$",$phone))
{
unset($_GET['do']);
$message_new = "$phone is not a valid phone number. Please try again.";
include("login_form.inc");
exit();
}
if ($fax != "")
{
if (!ereg("^[0-9)(xX -]{7,20}$",$fax))
{
unset($_GET['do']);
$message_new = "$fax is not a valid phone number. Please try again.";
include("login_form.inc");
exit();
}
}
if (!ereg("^.+@.+\\..+$",$email))
{
unset($_GET['do']);
$message_new = "$email is not a valid email address. Please try again.";
include("login_form.inc");
exit();
}
/* Check to see if login name already exists */
$connection = mysql_connect($host,$user,$password) or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection) or die ("I hate sql.");
$sql = "SELECT loginName FROM Member WHERE loginName='$newname'";
$result = mysql_query($sql) or die("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num > 0)
{
unset($_GET['do']);
$message_new = "$newname already used. Select another Member ID.";
include("login_form.inc");
exit();
}
else
{
$today = date("Y-m-d");
$sql = "INSERT INTO Member (loginName,createDate,password,firstName,lastName,street,city,state,
zip,phone,fax,email) VALUES ('$newname','$today',password('$newpass'),'$firstName', '$lastName',
'$street','$city','$state','$zip','$phone','$fax','$email')";
mysql_query($sgl);
$_SESSION['auth']="yes";
$_SESSION['logname'] = $newname;
/* send email to new member */
$emess = "A new Member Account has been setup. ";
$emess.= "Your new Member ID and Password are: ";
$emess.= "\n\n\t$newname\n\t$newpass\n\n";
$emess.= "We appreciate your interest BruceWorks Ltd.";
$emess.= " at BruceWorksLtd.com. \n\n";
$emess.= "If you have any questions or problems,";
$emess.= " email customer.service@bruceworksltd.com";
$ehead="From: help_desk@bruceworksltd.com\r\n";
$subj = "Your new Member Account from BruceWorks Ltd.";
$mailsend=mail("$email","$subj","$emess","$ehead");
header("Location: New_member.php");
}
break;

default:
include("login_form.inc");
}
?>

<B><I>login_form.inc </b></i>

<?php
/* File: login_form.inc
* Desc: Displays Login page. Page displays two forms--one form for entering an existing login name
* and password and another form for the information needed to apply for a new account.
*/
include("functions12.inc");
?>
<html>
<head>
<title>BruceWorks Ltd -- Members Only Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<table border="0" cellpadding="5" cellspacing="0">
<tr><td coldspan="3" bgcolor="#f2f5f7" align="center">
<font color="blue" size="+10">
<b>Members Only Section</b></font></td></tr>
<tr>
<td width="33%" valign="top">
<font size="+1"><b>Are you a member?</b></font>
<p>

<form action="Login.php?do=login" method="POST">
<table border="0">
<?php
if (isset($message))
echo "<tr><td colspan='2'>$message </td></tr>";
?>
<tr><td align=right><b>Username</b></td>
<td><input type="text" name="fusername" size="20" maxsize="20">
</td></tr>
<tr><td width="120" align="right"><b>Password</b></td>
<td><input type="password" name="fpassword" size="20" maxsize="20"></td></tr>
<tr><td align="center" colspan="2">
<br><input type="submit" name="log" value="Enter"></td></tr>
</table>
</form>
</td>
<td width="1" bgcolor="#f2f5f7"></td>
<td width="67%">
<p><font size="+1"><b>Not a member yet?</b></font>
Get a Newsletter, advanced notice of new specials, new rates<br>
and more! Fill in the information below and join! It's easy and FREE!

<form action="Login.php?do=new" method="POST">
<p>
<table border="0" width="100%">
<?php
if (isset($message_new))
echo "<tr><td colspan='2'><b>$message_new</b></td></tr>";
?>
<tr><td align="right"><b>Member ID</b></td>
<td><input type="text" name="newname" value="<?php echo @$newname ?>" size="20" maxlength="20"></td></tr>
<tr><td align="right"><b>Password</b></td>
<td><input type="password" name="newpass" value="<?php echo @$newpass ?>" size="10" maxlength="8"></td></tr>
<tr><td align="right"><b>First Name</b></td>
<td><input type="text" name="firstName" value="<?php echo @$firstName ?>" size="40" maxlength="40"></td></tr>
<tr><td align="right"><b>Last Name</b></td>
<td><input type="text" name="lastName" value="<?php echo @$lastName ?>" size="40" maxlength="40"></td></tr>
<tr><td align="right"><b>Street</b></td>
<td><input type="text" name="street" value="<?php echo @$street ?>" size="55" maxlength="50"></td></tr>
<tr><td align="right"><b>City</b></td>
<td><input type="text" name="city" value="<?php echo @$city ?>" size="40" maxlength="40"></td></tr>
<tr><td align="right"><b>State</b></td>
<td><select name="state">
<?php
$stateName=getStateName();
$stateCode=getStateCode();
for ($n=1;$n<=50;$n++)
{
$state=$stateName[$n];
$scode=$stateCode[$n];
echo “<option value=’$scode’”;
if ($scode== “AL”)
echo “ selected”;
echo “>$state\n”;
}
?>
</select>
   &nbsp<b>Zip</b>
<input type="text" name="zip" value="<?php @$zip ?>" size="10" maxsize="10"></td></tr>
<tr><td align="right"><b>Phone</b></td>
<td><input type="test" name="phone" value="<?php @$phone ?>" size="15" maxlength="20">
   <b>Fax</b>
<input type="text" name="fax" value="<?php @$fax ?>" size="15" maxlength="20"></td></tr>
<tr><td align="right"><b>Email Address</b></td>
<td><input type="test" name="email" value="<?php @$email ?>" size="55" maxlength="67"></td></tr>
<tr><td> </td>
<td align="center">
<input type="submit" value="Become a Member"></td>
</tr>
</table>
</form>
</td>
</tr>
<tr><td colspan="3" bgcolor="#f2f5f7"> </td></tr>
</table>

<div align="center"><font size="-1">
All comments and suggestions are appreciated. Please
send comments to <a href="mailto:customer.service@bruceworksltd.com">
Customer.Service@bruceworksltd.com</a></font></div>

</body>
</html>

btwoodward

02-24-2005, 02:21 AM

I have gotten the exsisting member login working properly, however, the new member signup is still not working. upon registering, it will take you to the member page, but it does not register you in the database ... and gives a script error as well. As well, still if you go with any state other than alabama it will give you a field reequired error.

btwoodward

02-24-2005, 02:49 AM

?php
function getStateCode()
{
$stateCode = array(1=> "AL" ,
"AK" ,
"AZ" ,
"AR" ,
"CA" ,
"CO" ,
"CT" ,
"DE" ,
"FL" ,
"GA" ,
"HI" ,
"ID" ,
"IL" ,
"IN" ,
"IA" ,
"KS" ,
"KY" ,
"LA" ,
"ME" ,
"MD" ,
"MA" ,
"MI" ,
"MN" ,
"MS" ,
"MO" ,
"MT" ,
"NE" ,
"NV" ,
"NH" ,
"NJ" ,
"NM" ,
"NY" ,
"NC" ,
"ND" ,
"OH" ,
"OK" ,
"OR" ,
"PA" ,
"RI" ,
"SC" ,
"SD" ,
"TN" ,
"TX" ,
"UT" ,
"VT" ,
"VA" ,
"WA" ,
"WV" ,
"WI" ,
"WY" );
return stateCode;
}

function getStateName()
{
$stateName = array(1=> "Alabama",
"Alaska",
"Arizona",
"Arkansas",
"California",
"Colorado",
"Connecticut",
"Delaware",
"Florida",
"Georgia",
"Hawaii",
"Idaho",
"Illinois",
"Indiana",
"Iowa",
"Kansas",
"Kentucky",
"Louisiana",
"Maine",
"Maryland",
"Massachusetts",
"Michigan",
"Minnesota",
"Mississippi",
"Missouri",
"Montana",
"Nebraska",
"Nevada",
"New Hampshire",
"New Jersey",
"New Mexico",
"New York",
"North Carolina",
"North Dakota",
"Ohio",
"Oklahoma",
"Oregon",
"Pennsylvania",
"Rhode Island",
"South Carolina",
"South Dakota",
"Tennessee",
"Texas",
"Utah",
"Vermont",
"Virginia",
"Washington",
"West Virginia",
"Wisconsin",
"Wyoming" );
return $stateName;
}
?>

(that should be called up with this:

<?php
$stateName=getStateName();
$stateCode=getStateCode();
for ($n=1;$n<=50;$n++)
{
$state=$stateName[$n];
$scode=$stateCode[$n];
echo "<option value='$scode'";
if ($scode== "AL")
echo " selected";
echo ">$state\n";
}
?>

btwoodward

02-24-2005, 04:49 AM

I think that I have narrowed it down to it is simply not posting to the database the form information. And I am not sure why. I changed the script somewhat (http://www.bruceworksltd.com/Login.php) ... here is the new script...

Login.php

<?php
/* Program: Login.php
* Desc: Login program for the Members Only section of
* BruceWorks Ltd. It provides two options: (1) Login
* using an existing Login Name and (2) enter a new
* login name. Login Names and passwords are stored
* in a MySql database.
*/
session_start();
include("obscure.inc");
switch (@$_GET['do'])
{
case "login":
$connection = mysql_connect($host, $user,$password) or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection) or die ("I hate sql.");

$sql = "SELECT loginName FROM Member WHERE loginName='$_POST[fusername]'";
$result = mysql_query($sql) or die("**** this piece of ****.");
$num = mysql_num_rows($result);
if ($num == 1) // Login name was found
{
$sql = "SELECT loginName FROM Member WHERE loginName='$_POST[fusername]'
AND password='$_POST[fpassword]'";
$result2 = mysql_query($sql) or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['fusername'];
$_SESSION['logname'] = $logname;
$today = date("Y-m-d h:m:s");
$sql = "INSERT INTO Login (loginName,loginTime) VALUES ('$logname','$today')";
mysql_query($sql) or die("Can't execute query.");
header("Location: Members.php");
}
else // password is not correct
{
unset($do);
$message="The Login Name, '$_POST[fusername]' exists, but you have not entered the
correct password! Please try
again.<br>";
include("login_form.inc");
}
}
elseif ($num == 0) // login name not found
{
unset($do);
$message = "The Login Name you entered does not exist! Please try again.<br>";
include("login_form.inc");
}
break;

case "new":
foreach($_POST as $field => $value)
{
if ($field != "fax")
{
if ($value == "")
{
unset($_GET['do']);
$message_new = "Required information is missing. Please try again.";
include("login_form.inc");
exit();
}
}
if (ereg("(Name)",$field))
{
/*if (!ereg("^[A-Za-z' -]{1,50}$",$value))
{
unset($_GET['do']);
$message_new = "$field is not a valid name. Please try again.";
include("login_form.inc");
exit();
}*/
}
$$field = strip_tags(trim($value));
} // end foreach
if (!ereg("^[0-9]{5,5}(\-[0-9]{4,4})?$",$zip))
{
unset($_GET['do']);
$message_new = "$zip is not a valid zip code. Please try again.";
include("login_form.inc");
exit();
}
if (!ereg("^[0-9)(xX -]{7,20}$",$phone))
{
unset($_GET['do']);
$message_new = "$phone is not a valid phone number. Please try again.";
include("login_form.inc");
exit();
}
if ($fax != "")
{
if (!ereg("^[0-9)(xX -]{7,20}$",$fax))
{
unset($_GET['do']);
$message_new = "$fax is not a valid phone number. Please try again.";
include("login_form.inc");
exit();
}
}
if (!ereg("^.+@.+\\..+$",$email))
{
unset($_GET['do']);
$message_new = "$email is not a valid email address. Please try again.";
include("login_form.inc");
exit();
}
/* Check to see if login name already exists */
$connection = mysql_connect($host,$user,$password) or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection) or die ("I hate sql.");
$sql = "SELECT loginName FROM Member WHERE loginName='$newname'";
$result = mysql_query($sql) or die("FU CKERS.");
$num = mysql_num_rows($result);
if ($num > 0)
{
unset($_GET['do']);
$message_new = "$newname already used. Select another Member ID.";
include("login_form.inc");
exit();
}
else
{
$today = date("Y-m-d");
$sql = "INSERT INTO Member (loginName,password,createDate,lastName,firstName,street,city,state,
zip,country,email,phone,fax) VALUES ('$newname','$newpass','$today','$lastName','$firstName',
'$street','$city','$state','$zip',$country,'$email','$phone','$fax')";
mysql_query($sql);
$_SESSION['auth']="yes";
$_SESSION['logname'] = $newname;
/* send email to new member */
$emess = "A new Member Account has been setup. ";
$emess.= "Your new Member ID and Password are: ";
$emess.= "\n\n\t$newname\n\t$newpass\n\n";
$emess.= "We appreciate your interest BruceWorks Ltd.";
$emess.= " at BruceWorksLtd.com. \n\n";
$emess.= "If you have any questions or problems,";
$emess.= " email customer.service@bruceworksltd.com";
$ehead="From: help_desk@bruceworksltd.com\r\n";
$subj = "Your new Member Account from BruceWorks Ltd.";
$mailsend=mail("$email","$subj","$emess","$ehead");
header("Location: New_member.php");
}
break;

default:
include("login_form.inc");
}
?>

And the associated file login_form.inc:

<?php
/* File: login_form.inc
* Desc: Displays Login page. Page displays two forms--one form for entering an existing login name
* and password and another form for the information needed to apply for a new account.
*/
include("function12.inc");
?>
<html>
<head>
<title>BruceWorks Ltd -- Members Only Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<table border="0" cellpadding="5" cellspacing="0">
<tr><td coldspan="3" bgcolor="#f2f5f7" align="center">
<font color="blue" size="+10">
<b>Members Only Section</b></font></td></tr>
<tr>
<td width="33%" valign="top">
<font size="+1"><b>Are you a member?</b></font>
<p>

<form action="Login.php?do=login" method="POST">
<table border="0">
<?php
if (isset($message))
echo "<tr><td colspan='2'>$message </td></tr>";
?>
<tr><td align=right><b>Username</b></td>
<td><input type="text" name="fusername" size="20" maxsize="20">
</td></tr>
<tr><td width="120" align="right"><b>Password</b></td>
<td><input type="password" name="fpassword" size="20" maxsize="20"></td></tr>
<tr><td align="center" colspan="2">
<br><input type="submit" name="log" value="Enter"></td></tr>
</table>
</form>
</td>
<td width="1" bgcolor="#f2f5f7"></td>
<td width="67%">
<p><font size="+1"><b>Not a member yet?</b></font>
Get a Newsletter, advanced notice of new specials, new rates<br>
and more! Fill in the information below and join! It's easy and FREE!

<form action="Login.php?do=new" method="POST">
<p>
<table border="0" width="100%">
<?php
if (isset($message_new))
echo "<tr><td colspan='2'><b>$message_new</b></td></tr>";
?>
<tr><td align="right"><b>Member ID</b></td>
<td><input type="text" name="newname" value="<?php echo @$newname ?>" size="20" maxlength="20"></td></tr>
<tr><td align="right"><b>Password</b></td>
<td><input type="password" name="newpass" value="<?php echo @$newpass ?>" size="10" maxlength="8"></td></tr>
<tr><td align="right"><b>First Name</b></td>
<td><input type="text" name="firstName" value="<?php echo @$firstName ?>" size="40" maxlength="40"></td></tr>
<tr><td align="right"><b>Last Name</b></td>
<td><input type="text" name="lastName" value="<?php echo @$lastName ?>" size="40" maxlength="40"></td></tr>
<tr><td align="right"><b>Street</b></td>
<td><input type="text" name="street" value="<?php echo @$street ?>" size="55" maxlength="50"></td></tr>
<tr><td align="right"><b>City</b></td>
<td><input type="text" name="city" value="<?php echo @$city ?>" size="40" maxlength="40"></td></tr>
<tr><td align="right"><b>State</b></td>
<td><input type="text" name="state" value="<?php echo @$state ?>" size="14" maxlength="14">
   &nbsp<b>Zip</b>
<input type="text" name="zip" value="<?php @$zip ?>" size="10" maxsize="10">
   &nbsp<b>Country</b>
<input type="text" name="country" value="<?php echo @$country ?>" size="15" maxlength="15"</td></tr>
<tr><td align="right"><b>Phone</b></td>
<td><input type="test" name="phone" value="<?php @$phone ?>" size="15" maxlength="20">
   <b>Fax</b>
<input type="text" name="fax" value="<?php @$fax ?>" size="15" maxlength="20"></td></tr>
<tr><td align="right"><b>Email Address</b></td>
<td><input type="test" name="email" value="<?php @$email ?>" size="55" maxlength="67"></td></tr>
<tr><td> </td>
<td align="center">
<input type="submit" value="Become a Member"></td>
</tr>
</table>
</form>
</td>
</tr>
<tr><td colspan="3" bgcolor="#f2f5f7"> </td></tr>
</table>

<div align="center"><font size="-1">
All comments and suggestions are appreciated. Please
send comments to <a href="mailto:customer.service@bruceworksltd.com">
Customer.Service@bruceworksltd.com</a></font></div>

</body>
</html>

btwoodward

02-24-2005, 05:47 AM

OK ... I have discovered that it is emailing the sign-up info (username and password) to the email address provided on the signup form, but it is still not inserting the info into the database table, and therefor makes the username and password that is emailed, unrecognized. I am confused!!!

btwoodward

02-24-2005, 05:50 AM

Well, after about 5 hours of looking (total) i discovered that I simply had forgotten some apostrophies. OH MY GOD. lol It seems to be working now, though!