Help with PHP script

[KevinZuiker]

Hi Ragezone,

Since this has to do with my development of FunCMS, I thought I could post this here.
This is just the main source of my register page, so you can't see any of the Habbo style code in this source.

Well I've got this code:

<form action="../data/register.php" method="post">
<table width="100%" border="0" cellspacing="2" cellpadding="2">
<tbody><tr><td width="13%" align="left" valign="middle"><strong>Username</strong></td>
<td width="2%" align="left" valign="middle">:</td>
<td width="85%" align="left" valign="middle"><label>
<input name="username" class="textbox" id="username" type="text">
</label></td>
</tr>
<tr>
<td width="13%" align="left" valign="middle"><strong>Password</strong></td>
<td width="2%" align="left" valign="middle">:</td>
<td width="85%" align="left" valign="middle"><label>
<input name="password" class="textbox" id="password" type="password">
</label></td>
</tr>
<tr>

<td align="left" valign="middle"> </td>
<td align="left" valign="middle"> </td>
<td align="left" valign="middle"><label>
<input name="register" class="submit" id="register" type="submit" value="Register">
</label></td>
</tr>
</tbody></table>
</form>

And this is the source of the action file:

<?php
include("../data/config.php");

$username=$_POST['username'];
$password=$_POST['password'];

$query=mysql_query("INSERT INTO users` (`id`, `username`, `password`) VALUES ('', '$username', '$password')");

if($query)
{

echo '<div style="color: rgb(0, 128, 0); font-weight: bold;">Register was successfully!</div>';
}else
{
echo '<div style="color: rgb(194, 79, 0); font-weight: bold;">unable to register !!</div>';
}

?>

Now every time I try to test this I get the "unable to register" message.

Why isn't this working probably? Can anybody please help me?

Thanks in advanced.

 

[azaidi]

After the mysql_query put "or die(mysql_error());"

So
Mysql_query("insert thing") or die(mysql_error());

Then please tell me what the error says.

 

[KevinZuiker]

Now with the "or die(mysql_error());" script:

Parse error: syntax error, unexpected T_LOGICAL_OR in C:\xampp 1.7.3\xampp\htdocs\data\register.php on line 7

 

[azaidi]

Remove the $query= part

 

[KevinZuiker]

But than the if($query) function will not work right?

 

[Divide]

<?php
include("../data/config.php");

$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);

mysql_query("INSERT INTO users` (`id`, `username`, `password`) VALUES (NULL, '$username', '$password')") or die(mysql_error());
$lastinst = mysql_insert_id();

$query = mysql_fetch_assoc(mysql_query("SELECT id FROM users WHERE id = '".$lastinst."'"));

if(!$query)
{
echo '<div style="color: rgb(194, 79, 0); font-weight: bold;">Unable to register !!</div>';
}else
{
echo '<div style="color: rgb(0, 128, 0); font-weight: bold;">Register was successfully!</div>';
}

?>

 

[Liam]

<?php
include("../data/config.php");

$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);

mysql_query("INSERT INTO users` (`id`, `username`, `password`) VALUES (NULL, '$username', '$password')") or die(mysql_error());
$lastinst = mysql_insert_id();

$query = mysql_fetch_assoc(mysql_query("SELECT id FROM users WHERE id = '".$lastinst."'"));

if(!$query)
{
echo '<div style="color: rgb(194, 79, 0); font-weight: bold;">Unable to register !!</div>';
}else
{
echo '<div style="color: rgb(0, 128, 0); font-weight: bold;">Register was successfully!</div>';
}

?>

Why the hell would you mysql_real_escape_string a password... I would salt it then MD5 it ;3 Just if you want users to have a somewhat security.. <3

 

[KevinZuiker]

Fixed it:

<?php include("../data/config.php");

$username= $_POST['username']; $password= $_POST['password'];

$query= mysql_query("INSERT INTO users (username, password) VALUES ('$username', '$password')");

if($query) {
Blablabla

But now I want md5 hash and username availability check .
I know how to do md5 hash: $_post['password'] needs to be md5($_POST[' password']);

But I have no idea how to check username availability.
Can anyone tell me?

Edit: I found it:
$username = filter($_POST['username']);
mysql_query("SELECT * FROM users WHERE username = '$username'");

If you want to know what filter means, it's my own function with all the filter stuff to prevent sql injections.