Php help

dobbin · 14-09-2008, 09:15 AM

Can any of you see a problem with this script?

PHP Code:


<?php

$user_name = $_POST["user_name"];
$password = $_POST["password"];
$admin = $_POST["admin"];

if( $admin == 'on' ) {
    $admin = 1;
} else {
    $admin = 0;
}

echo $user_name.','.$password.','.$admin;

//echo $user_name;

if( $user_name == '' or $password == '' ) {
    header( 'location: create_user.html' );
}

$user = 'temp_admin';
$password = '';
$host = 'localhost';
$database = 'security';

$cxn = mysqli_connect( $host, $user, $password, $database )
    or die( 'Could not connect to database' );

$sql = "insert into user ( user_name, password, admin )
        values ( '" .$user_name. "', '" .$password. "', " .$admin. " )";

$result = mysqli_query( $cxn, $sql );

echo "Created user ".$user_name;

?>

~~Calon~~ · 14-09-2008, 09:17 AM

PHP Code:


echo $user_name;

echo $password;

echo $admin;

Jxhn · 14-09-2008, 10:25 AM

It would help if you told us what's going wrong.

dobbin · 14-09-2008, 11:54 AM

Ok you can sign normal people up but when you wont to sign a admin up it doesn't work

Decode · 14-09-2008, 11:56 AM

Are you sure you are posting $_POST['admin'] as "on"?

Invent · 14-09-2008, 06:24 PM

PHP Code:


<?php

$user_name = $_POST[ 'user_name' ];
$password = $_POST[ 'password' ];
$admin = $_POST[ 'admin' ];

if( $admin == 'on' )
{

    $admin = '1';

}
else
{

    $admin = '0';
    
}

echo $user_name . ',' . $password . ',' . $admin;

//echo $user_name;

if( $user_name == '' || $password == '' )
{

    header( 'Location: create_user.html' );
    die;
    
}

$user = 'temp_admin';
$password = '';
$host = 'localhost';
$database = 'security';

$cxn = mysqli_connect( $host, $user, $password, $database ) or die( 'Could not connect to database' );

$sql = "INSERT INTO `user` ( `user_name`, `password`, `admin` ) VALUES ( '" . $user_name . "', '" . $password . "', '" . $admin . "' )";

$result = mysqli_query( $cxn, $sql );

echo 'Created user ' . $user_name;

?>

That should work...if not please tell me/us the error.

~~Calon~~ · 14-09-2008, 06:37 PM

I hate it when people capitalize the first letter of php and leave the rest in lowercase

Sorry, but your explanation really didn't help me, Simon's code looks like it should work, I haven't seen it, but yeah..

Hypertext · 14-09-2008, 07:17 PM

I hope your not basing administrator abilities on a post, fyi this could easily be spoofed.

Kyle! · 15-09-2008, 12:51 PM

Originally Posted by Hypertext

I hope your not basing administrator abilities on a post, fyi this could easily be spoofed.

Ah... Looks like he is.

Source · 15-09-2008, 01:00 PM

It shouldn't be a problem, as this looks like its in an admin control area... its for making users and not logging in etc...

Thread: Php help

Thread Tools

Php help

Posting Permissions