When you press register, it doesn't add the contents to the database. All it does is refresh the page.


<?php

if($logged['in'] == 1){
header("Location: index.php");
}

if(row_exists('users','ip',$ip)){ ?>
Your IP ($ip) has already been registered with.
<?php }

else{
if($_GET["action"] == "register"){
$username = clean($_POST['username']);
$email = clean($_POST['email']);
$password = clean($_POST['password']);
$cpassword = clean($_POST['cpassword']);

$errors = 0;
$error_message = '';

if(empty($username) || empty($email) || empty($password) || empty($cpassword)){
$errors++;
$error_message = 'All fields must be filled in.';
}

if(row_exists('users','username',$username)){
$errors++;
$error_message = 'That username is already taken.';
}

if(row_exists('users','email',$email) || !is_valid_email($email)){
$errors++;
$error_message = 'That email is alreayd in use or is incorrect.';
}

$password = enc($password);
$cpassword = enc($cpassword);

if($password != $cpassword){
$errors++;
$error_message = 'The two passwords you entered do not match.';
}

if($errors = 0){
$insert = mysql_query("INSERT INTO `users` (`username`,`password`,`email`,`ip`,`joindate`,`jo intime`) VALUES ('".$username."','".$password."','".$email."','".$ip."','".$date."','".$time."')");

$subject = "Welcome to willSystem";
$body = "Thanks for joining (test message from willSystem demo.)";
send_mail($email,$subject,$body);

?>

Thanks for joining, you may now <a href="login.php">login</a>.

<?php

exit();
} else{
echo $error_message;
}

}

?>
<form method="post" action="?action=register">
Username<br />
<input type="text" name="username" value="<?=$username?>" maxlength="12"><br /><br />

Email<br />
<input type="text" name="email" value="<?=$email?>"><br /><br />

Password<br />
<input type="password" name="password"> Confirm <input type="password" name="cpassword"><br /><br />

<input type="submit" name="register" value="Register"><br /><br />

All fields are required.
</form>

<?php
}
?>

Thanks for any help given.

Hi,

Could you please try this code so we can find out if there are any errors with your MySQL query/database.



<?php

if($logged['in'] == 1){
header("Location: index.php");
}

if(row_exists('users','ip',$ip)){ ?>
Your IP ($ip) has already been registered with.
<?php }

else{
if($_GET["action"] == "register"){
$username = clean($_POST['username']);
$email = clean($_POST['email']);
$password = clean($_POST['password']);
$cpassword = clean($_POST['cpassword']);

$errors = 0;
$error_message = '';

if(empty($username) || empty($email) || empty($password) || empty($cpassword)){
$errors++;
$error_message = 'All fields must be filled in.';
}

if(row_exists('users','username',$username)){
$errors++;
$error_message = 'That username is already taken.';
}

if(row_exists('users','email',$email) || !is_valid_email($email)){
$errors++;
$error_message = 'That email is alreayd in use or is incorrect.';
}

$password = enc($password);
$cpassword = enc($cpassword);

if($password != $cpassword){
$errors++;
$error_message = 'The two passwords you entered do not match.';
}

if($errors == 0){
$insert = mysql_query("INSERT INTO `users` (`username`,`password`,`email`,`ip`,`joindate`,`jo intime`) VALUES ('".$username."','".$password."','".$email."','".$ip."','".$date."','".$time."')") or die( mysql_error() );

$subject = "Welcome to willSystem";
$body = "Thanks for joining (test message from willSystem demo.)";
send_mail($email,$subject,$body);

?>

Thanks for joining, you may now <a href="login.php">login</a>.

<?php

exit();
} else{
echo $error_message;
}

}

?>
Please reply with any errors that occur (if any).

Also, if your if statement is meant to compare to values, remember to use two equals signs and not one. (See "if($errors = 0)"). This may be the cause of your error, I am not sure until you can report back any errors.

Thanks,
Invent

http://kolzy.com/ws/register.php

Doesn't give out an error.

Please see my edit.
That probably won't fix your issue, so I'll try to scan through your code now.

Please see my edit.
That probably won't fix your issue, so I'll try to scan through your code now.

Oh my god I love you! Thanks a hundred times. (it worked obv)

Ah, fantastic! Good to hear your problem is fixed :)

Now there's a problem with the login page. :l It says that "the entered password doens't match the password of that user." When it actually does.


<?php

if($logged['in'] === 1){
header("Location: index.php");
}

if($_POST['login']){
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$password = enc($password);

$errors = 0;
$error_message = '';

if(empty($username) || empty($password)){
$errors++;
$error_message = 'Both fields must be filled in.';
}

if(!row_exists('users','username','$username')){
$errors++;
$error_message = 'That user does not exist.';
} else{
$query = mysql_query("SELECT `id`, `username`, `password` FROM `users` WHERE `username` = '".$username."' LIMIT 1");
$u = mysql_fetch_object($query);
}

if($u->password_reset == $password){
$c_pass = $u->password_reset;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
} else {
$c_pass = $u->password;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
}

if($password != $c_pass){
$errors++;
$error_message = 'The entered password does not match the password of that user.';
}

if($errors == 0){
$_SESSION['id'] = $u->id;
$_SESSION['username'] = $u->username;
$_SESSION['password'] = $u->password;

header("Location: index.php");
} else{
echo $error_message;
}

}
?>

Hi,

As a method of debugging, could you please alter the script (where it would usually output "the entered password doens't match the password of that user") so that it outputs the value of $password against the value of $c_pass. (EG: "echo ( $password . ' > ' . $c_pass )"). This will help me find out if the variables are actually equal to each other or if one is incorrect.

Thanks,
Invent

9c5c7e79a2d17ca57911871290a4e8a6 > The entered password does not match the password of that user. That's what it says (using the code you gave). Would you want me to un-encrypt the password?

Hi,

Sorry, please use this code and report back the outputted data (so I know the exact issue):



<?php

if($logged['in'] === 1){
header("Location: index.php");
}

if($_POST['login']){
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$password = enc($password);

$errors = 0;
$error_message = '';

if(empty($username) || empty($password)){
$errors++;
$error_message = 'Both fields must be filled in.';
}

if(!row_exists('users','username','$username')){
$errors++;
$error_message = 'That user does not exist.';
} else{
$query = mysql_query("SELECT `id`, `username`, `password` FROM `users` WHERE `username` = '".$username."' LIMIT 1");
$u = mysql_fetch_object($query);
}

if($u->password_reset == $password){
$c_pass = $u->password_reset;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
} else {
$c_pass = $u->password;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
}

if($password != $c_pass)
{

echo ( $password . ' > ' . $c_pass );

}

if($errors == 0){
$_SESSION['id'] = $u->id;
$_SESSION['username'] = $u->username;
$_SESSION['password'] = $u->password;

header("Location: index.php");
} else{
echo $error_message;
}

}
?>


You're saying $password DOES equal $c_pass so it should output for example, (lets say the password was "lol") the code should output "lol > lol". If not, the issue will become apparent.

Thanks,
Simon

9c5c7e79a2d17ca57911871290a4e8a6 > That user does not exist.

What the - that user does exist.

Could you add a die() under the echo I added sorry! :P If it outputs "9c5c7e79a2d17ca57911871290a4e8a6 >" then obviously the issue is $c_pass doesn't have a value.

Thanks,
Simon

"1That user does not exist. "

And the 'die' code should be:


echo ( $password . ' > ' . $c_pass ) or die();

right?

Hi,

Sorry, the code at the moment should be:



<?php

if($logged['in'] === 1){
header("Location: index.php");
}

if($_POST['login']){
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$password = enc($password);

$errors = 0;
$error_message = '';

if(empty($username) || empty($password)){
$errors++;
$error_message = 'Both fields must be filled in.';
}

if(!row_exists('users','username','$username')){
$errors++;
$error_message = 'That user does not exist.';
} else{
$query = mysql_query("SELECT `id`, `username`, `password` FROM `users` WHERE `username` = '".$username."' LIMIT 1");
$u = mysql_fetch_object($query);
}

if($u->password_reset == $password){
$c_pass = $u->password_reset;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
} else {
$c_pass = $u->password;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
}

if($password != $c_pass)
{

echo ( $password . ' > ' . $c_pass );
die();

}

if($errors == 0){
$_SESSION['id'] = $u->id;
$_SESSION['username'] = $u->username;
$_SESSION['password'] = $u->password;

header("Location: index.php");
} else{
echo $error_message;
}

}
?>

Please report back the results (:

-Invent

Ooh, stupid me. ;l


9c5c7e79a2d17ca57911871290a4e8a6 >

Hi,

So the issue is $c_pass has no value, which means the error lies in this block of code:



if($u->password_reset == $password){
$c_pass = $u->password_reset;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
} else {
$c_pass = $u->password;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
}


Please check over your MySQL database structure to see if you can find the error.

I've got to go now (to sleep - it's 4:33AM here!), if you can't fix it I'll help you tomorrow :)

Thanks,
Invent

Alrighty, thanks for the help. (I'll post tomorrow morning if I've fixed it or not - probably not as I'm going to sleep now too)

Yeah, I still need help. I tried a couple things before I went to sleep and none of them worked.

Your problem is here:

!row_exists('users','username','$username')'' will treat the string as literal, i.e it will check for "$username" not "Bill" or "Hello", remove the quotes and it should work.


!row_exists('users','username',$username)

You might also want to consider changing this:

`username` = '".$username."'

To this:

`username` LIKE '".$username."'

for case insensitive matching of usernames, also you'll want to change % to \% and _ to \_ in your mysql cleaning function to stop wildcards.

Instead of using a LIKE statement like Dan suggested you could just change



`username` = '".$username."'


to



LOWER( `username` ) = '". strtolower( $username )."'


I'm not completely sure if Dan's method is more efficient, but this way you wouldn't have to deal with cleaning the $username variable against SQL vulnerabilities through the LIKE statement.

Thanks,
Invent