View Full Version : What's wrong with this script?
Viral
09-29-2007, 10:03 PM
Every time a user signs up, it says 'You didn't finish your fields.'
<?php
require_once("includes/global.php");
require_once("includes/header.php");
ob_start();
session_start();
$datejoined = date("D,F,d,Y");
$code2 = rand(1,10000);
echo "<font color=white>Welcome to the register page. Please fill in the fields to sign up";
echo "
<fieldset>
<legend>
<font color='white'>Lodithia Register</font>
</legend>
<form action='$PHP_SELF?act=register' method='POST'>
<font color=white>Real Name: <br><input type='text' name='realname'>
<br><font color=white>Username: <br><input type='text' name='username'>
<font color=white><br />Password: <br><input type='password' name='password'>
<font color=white><br />Password Confirm: <br><input type='password' name='password2'>
<font color=white><br />Email: <br><input type='text' name='email'>
<font color=white><br />Confirm email: <br><input type='text' name='email2'>
<font color=white><br />Type this code in: $code2 <br><input type='text' name='code'>
<input type='submit' value='Submit'>
</fieldset>
";
$user = mysql_query("SELECT * FROM users WHERE username='$username'");
$emailcheck = mysql_query("SELECT * FROM users WHERE email='$email'");
if ($act == 'register') {
if (empty($username) || empty($password) || empty($email) || empty($email2) {
error("You forgot to fill in a field");
} elseif (strlen($username) < 5) {
error("Your username cannot be less then 5 characters");
} elseif (strlen($username) > 15) {
error("Your Username cannot be more then 15 characters");
} elseif (strlen($password) < 3) {
error("Your Password cannot be smaller then 3 characters");
} elseif (strlen($password) > 10) {
error("Your Password cannot be more then 10 characters");
} elseif (strlen($realname) > 20) {
error ("Your Realname can't be more then 20 characters");
} elseif (mysql_num_rows($user)) {
error("This username has already been used to sign up");
} elseif (mysql_num_rows($emailcheck)) {
error ("This email has already been used to sign up"); }
$realname = $_POST['realname'];
$username = $_POST['username'];
$password = md5($_POST['password']);
$password2 = md5($_POST['password2']);
$email = $_POST['email'];
$email2 = $_POST['email2'];
$code = $_POST['code'];
$ip = $REMOTE_ADDR;
if (!ctype_alnum($username)) {
error("Only [Aa-Zz] && 0-9 please.");
}
if ($email == $email2 && $password == $password2 && $_SESSION['code'] = $code2) {
mysql_query("INSERT INTO users
(username,password,email,realname,ip,date) VALUES('$username','$password','$email','$realname ','$ip','$datejoined')");
mysql_query("UPDATE `system` SET `signed_up`=signed_up +1");
header("Location: login.php");
} else {
error("<br>Your Passwords,Emails or the code didn't match");
}}
?>
FuRom
09-29-2007, 10:08 PM
if (empty($username) || empty($password) || empty($email) || empty($email2) {
should be :
if (empty($username) || empty($password) || empty($email) || empty($email2)) {
That fixes the parse error, I'll read more into to help you fix and improve it.
Viral
09-29-2007, 10:09 PM
Thanks Saga. :)
Now to figure out why it won't let users register..
if ($act == 'register') {
if (empty($username) || empty($password) || empty($email) || empty($email2)) {
error("You forgot to fill in a field");
I assume there's some sort of problem here?
FuRom
09-29-2007, 10:29 PM
<?php
require_once("includes/global.php");
require_once("includes/header.php");
ob_start();
session_start();
$datejoined = date("D,F,d,Y");
$code2 = rand(1,10000);
echo "<font color=white>Welcome to the register page. Please fill in the fields to sign up";
echo "
<fieldset>
<legend>
<font color='white'>Lodithia Register</font>
</legend>
<form action='$PHP_SELF?act=register' method='POST'>
<font color=white>Real Name: <br><input type='text' name='realname'>
<br><font color=white>Username: <br><input type='text' name='username'>
<font color=white><br />Password: <br><input type='password' name='password'>
<font color=white><br />Password Confirm: <br><input type='password' name='password2'>
<font color=white><br />Email: <br><input type='text' name='email'>
<font color=white><br />Confirm email: <br><input type='text' name='email2'>
<font color=white><br />Type this code in: $code2 <br><input type='text' name='code'>
<input type='submit' value='Submit'>
</fieldset>
";
$user = mysql_query("SELECT * FROM users WHERE username='$username'");
$emailcheck = mysql_query("SELECT * FROM users WHERE email='$email'");
if ($act == 'register') {
if (empty($username) || empty($password) || empty($email) || empty($email2)){
error("You forgot to fill in a field");
}else if(strlen($username) < 5) {
error("Your username cannot be less then 5 characters");
}else if(strlen($username) > 15) {
error("Your Username cannot be more then 15 characters");
}else if(strlen($password) < 3) {
error("Your Password cannot be smaller then 3 characters");
}else if(strlen($password) > 10) {
error("Your Password cannot be more then 10 characters");
}else if(strlen($realname) > 20) {
error ("Your Realname can't be more then 20 characters");
}else if(mysql_num_rows($user)) {
error("This username has already been used to sign up");
}else if(mysql_num_rows($emailcheck)) {
error ("This email has already been used to sign up"); }
$realname = $_POST['realname'];
$username = $_POST['username'];
$password = md5($_POST['password']);
$password2 = md5($_POST['password2']);
$email = $_POST['email'];
$email2 = $_POST['email2'];
$code = $_POST['code'];
$ip = $REMOTE_ADDR;
if (!ctype_alnum($username)) {
error("Only [Aa-Zz] && 0-9 please.");
}
if ($email == $email2 && $password == $password2 && $_SESSION['code'] = $code2) {
mysql_query("INSERT INTO users
(username,password,email,realname,ip,date) VALUES('$username','$password','$email','$realname ','$ip','$datejoined')");
mysql_query("UPDATE `system` SET `signed_up`=signed_up +1");
header("Location: login.php");
} else {
error("<br>Your Passwords,Emails or the code didn't match");
}}
?>
I think that pretty much fixes all of your parse errors. I'm too lazy to handle rewriting or editing it any further. I do my sign up checking in a different way. I would like to mention something about the code thing. It's not the greatest way to go about having an anti-bot code system. It's easy to program a bot that can parse through that and get the code and return it as post data. Just thought I would mention that. Maybe someone else can help you with anything else, I've got too much of a headache to deal with anything remotely technical.
Viral
09-29-2007, 10:40 PM
I plugged in what you put, but I still get
You forgot to fill in a field
FuRom
09-30-2007, 12:23 AM
Try this.... I just realized that the variables defined by $_POST variables were after many of the important if statements.
<?php
require_once("includes/global.php");
require_once("includes/header.php");
ob_start();
session_start();
$datejoined = date("D,F,d,Y");
$code2 = rand(1,10000);
echo "<font color=white>Welcome to the register page. Please fill in the fields to sign up";
echo "
<fieldset>
<legend>
<font color='white'>Lodithia Register</font>
</legend>
<form action='$PHP_SELF?act=register' method='POST'>
<font color=white>Real Name: <br><input type='text' name='realname'>
<br><font color=white>Username: <br><input type='text' name='username'>
<font color=white><br />Password: <br><input type='password' name='password'>
<font color=white><br />Password Confirm: <br><input type='password' name='password2'>
<font color=white><br />Email: <br><input type='text' name='email'>
<font color=white><br />Confirm email: <br><input type='text' name='email2'>
<font color=white><br />Type this code in: $code2 <br><input type='text' name='code'>
<input type='submit' value='Submit'>
</fieldset>
";
$user = mysql_query("SELECT * FROM users WHERE username='$username'");
$emailcheck = mysql_query("SELECT * FROM users WHERE email='$email'");
if ($act == 'register') {
$realname = $_POST['realname'];
$username = $_POST['username'];
$password = md5($_POST['password']);
$password2 = md5($_POST['password2']);
$email = $_POST['email'];
$email2 = $_POST['email2'];
$code = $_POST['code'];
$ip = $REMOTE_ADDR;
if (empty($username) || empty($password) || empty($email) || empty($email2)){
error("You forgot to fill in a field");
}else if(strlen($username) < 5) {
error("Your username cannot be less then 5 characters");
}else if(strlen($username) > 15) {
error("Your Username cannot be more then 15 characters");
}else if(strlen($password) < 3) {
error("Your Password cannot be smaller then 3 characters");
}else if(strlen($password) > 10) {
error("Your Password cannot be more then 10 characters");
}else if(strlen($realname) > 20) {
error ("Your Realname can't be more then 20 characters");
}else if(mysql_num_rows($user)) {
error("This username has already been used to sign up");
}else if(mysql_num_rows($emailcheck)) {
error ("This email has already been used to sign up"); }
if (!ctype_alnum($username)) {
error("Only [Aa-Zz] && 0-9 please.");
}
if ($email == $email2 && $password == $password2 && $_SESSION['code'] = $code2) {
mysql_query("INSERT INTO users
(username,password,email,realname,ip,date) VALUES('$username','$password','$email','$realname ','$ip','$datejoined')");
mysql_query("UPDATE `system` SET `signed_up`=signed_up +1");
header("Location: login.php");
} else {
error("<br>Your Passwords,Emails or the code didn't match");
}}
?>
Viral
09-30-2007, 12:40 AM
Tested with a 4-character pass, got this:
Your Password cannot be more then 10 characters
Vivacity
09-30-2007, 12:51 AM
combine your strlen else's
elseif(strlen($username) < 5 || strlen($username) > 15) {
// error stuffs
}elseif(strlen($_POST['password']) < 3 || strlen($_POST['password']) > 10) {
// error stuffs
}
That should work, you are md5 hashing the password string before testing its length, which will yield a result greater than 10 characters every time. So I just replaced the md5 hashed password ($password) with the actual postdata ($_POST['password'])
Viral
09-30-2007, 12:58 AM
How do I combine them? I'm not the scripter, I'm just trying to get help while my coder is asleep. :(
This is what I tried:
<?php
require_once("includes/global.php");
require_once("includes/header.php");
ob_start();
session_start();
$datejoined = date("D,F,d,Y");
$code2 = rand(1,10000);
echo "<font color=white>Welcome to the register page. Please fill in the fields to sign up";
echo "
<fieldset>
<legend>
<font color='white'>Lodithia Register</font>
</legend>
<form action='$PHP_SELF?act=register' method='POST'>
<font color=white>Real Name: <br><input type='text' name='realname'>
<br><font color=white>Username: <br><input type='text' name='username'>
<font color=white><br />Password: <br><input type='password' name='password'>
<font color=white><br />Password Confirm: <br><input type='password' name='password2'>
<font color=white><br />Email: <br><input type='text' name='email'>
<font color=white><br />Confirm email: <br><input type='text' name='email2'>
<font color=white><br />Type this code in: $code2 <br><input type='text' name='code'>
<input type='submit' value='Submit'>
</fieldset>
";
$user = mysql_query("SELECT * FROM users WHERE username='$username'");
$emailcheck = mysql_query("SELECT * FROM users WHERE email='$email'");
if ($act == 'register') {
$realname = $_POST['realname'];
$username = $_POST['username'];
$password = md5($_POST['password']);
$password2 = md5($_POST['password2']);
$email = $_POST['email'];
$email2 = $_POST['email2'];
$code = $_POST['code'];
$ip = $REMOTE_ADDR;
if (empty($username) || empty($password) || empty($email) || empty($email2)){
error("You forgot to fill in a field");
elseif(strlen($username) < 5 || strlen($username) > 15) {
error ("Re-check your username!");
}elseif(strlen($_POST['password']) < 3 || strlen($_POST['password']) > 10) {
error ("Re-check your password!");
}else if(strlen($realname) > 20) {
error ("Your Realname can't be more then 20 characters");
}else if(mysql_num_rows($user)) {
error("This username has already been used to sign up");
}else if(mysql_num_rows($emailcheck)) {
error ("This email has already been used to sign up"); }
if (!ctype_alnum($username)) {
error("Only [Aa-Zz] && 0-9 please.");
}
if ($email == $email2 && $password == $password2 && $_SESSION['code'] = $code2) {
mysql_query("INSERT INTO users
(username,password,email,realname,ip,date) VALUES('$username','$password','$email','$realname ','$ip','$datejoined')");
mysql_query("UPDATE `system` SET `signed_up`=signed_up +1");
header("Location: login.php");
} else {
error("<br>Your Passwords,Emails or the code didn't match");
}}
?>
And I get:
Parse error: syntax error, unexpected T_ELSEIF in /register.php on line 39
FuRom
09-30-2007, 01:02 AM
Me in all my laziness..... lulz. There. Just needed to take the md5() function off of the variable $password and $password2 for them to be properly compared and then added $password = md($password); right before the insert query. Sorry for the slack job of helpin, but I've been multi-tasking for quite a few hours xD.
<?php
require_once("includes/global.php");
require_once("includes/header.php");
ob_start();
session_start();
$datejoined = date("D,F,d,Y");
$code2 = rand(1,10000);
echo "<font color=white>Welcome to the register page. Please fill in the fields to sign up";
echo "
<fieldset>
<legend>
<font color='white'>Lodithia Register</font>
</legend>
<form action='$PHP_SELF?act=register' method='POST'>
<font color=white>Real Name: <br><input type='text' name='realname'>
<br><font color=white>Username: <br><input type='text' name='username'>
<font color=white><br />Password: <br><input type='password' name='password'>
<font color=white><br />Password Confirm: <br><input type='password' name='password2'>
<font color=white><br />Email: <br><input type='text' name='email'>
<font color=white><br />Confirm email: <br><input type='text' name='email2'>
<font color=white><br />Type this code in: $code2 <br><input type='text' name='code'>
<input type='submit' value='Submit'>
</fieldset>
";
$user = mysql_query("SELECT * FROM users WHERE username='$username'");
$emailcheck = mysql_query("SELECT * FROM users WHERE email='$email'");
if ($act == 'register') {
$realname = $_POST['realname'];
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$email = $_POST['email'];
$email2 = $_POST['email2'];
$code = $_POST['code'];
$ip = $REMOTE_ADDR;
if (empty($username) || empty($password) || empty($email) || empty($email2)){
error("You forgot to fill in a field");
}else if(strlen($username) < 5) {
error("Your username cannot be less then 5 characters");
}else if(strlen($username) > 15) {
error("Your Username cannot be more then 15 characters");
}else if(strlen($password) < 3) {
error("Your Password cannot be smaller then 3 characters");
}else if(strlen($password) > 10) {
error("Your Password cannot be more then 10 characters");
}else if(strlen($realname) > 20) {
error ("Your Realname can't be more then 20 characters");
}else if(mysql_num_rows($user)) {
error("This username has already been used to sign up");
}else if(mysql_num_rows($emailcheck)) {
error ("This email has already been used to sign up"); }
if (!ctype_alnum($username)) {
error("Only [Aa-Zz] && 0-9 please.");
}
if ($email == $email2 && $password == $password2 && $_SESSION['code'] = $code2) {
$password = md5($password);
mysql_query("INSERT INTO users
(username,password,email,realname,ip,date) VALUES('$username','$password','$email','$realname ','$ip','$datejoined')");
mysql_query("UPDATE `system` SET `signed_up`=signed_up +1");
header("Location: login.php");
} else {
error("<br>Your Passwords,Emails or the code didn't match");
}}
?>
Vivacity
09-30-2007, 01:05 AM
How do I combine them? I'm not the scripter, I'm just trying to get help while my coder is asleep. :(
This is what I tried:
And I get:
Parse error: syntax error, unexpected T_ELSEIF in /register.php on line 39
Change this:
elseif(strlen($username) < 5 || strlen($username) > 15) {
error ("Re-check your username!");
to this:
}elseif(strlen($username) < 5 || strlen($username) > 15) {
error ("Re-check your username!");
Viral
09-30-2007, 01:20 AM
Yay! It works!
Thanks!
vBulletin® v3.7.2, Copyright ©2000-2009, Jelsoft Enterprises Ltd.