• Unfortunately, we have experienced significant hard drive damage that requires urgent maintenance and rebuilding. The forum will be a state of read only until we install our new drives and rebuild all the configurations needed. Please follow our Facebook page for updates, we will be back up shortly! (The forum could go offline at any given time due to the nature of the failed drives whilst awaiting the upgrades.) When you see an Incapsula error, you know we are in the process of migration.

Help with PHP script

K

KevinZuiker

Junior Spellweaver
Joined
May 5, 2012
Messages
110
Reaction score
10
Hi Ragezone,

Since this has to do with my development of FunCMS, I thought I could post this here.
This is just the main source of my register page, so you can't see any of the Habbo style code in this source.

Well I've got this code:
<form action="../data/register.php" method="post">
<table width="100%" border="0" cellspacing="2" cellpadding="2">
<tbody><tr><td width="13%" align="left" valign="middle"><strong>Username</strong></td>
<td width="2%" align="left" valign="middle">:</td>
<td width="85%" align="left" valign="middle"><label>
<input name="username" class="textbox" id="username" type="text">
</label></td>
</tr>
<tr>
<td width="13%" align="left" valign="middle"><strong>Password</strong></td>
<td width="2%" align="left" valign="middle">:</td>
<td width="85%" align="left" valign="middle"><label>
<input name="password" class="textbox" id="password" type="password">
</label></td>
</tr>
<tr>

<td align="left" valign="middle"> </td>
<td align="left" valign="middle"> </td>
<td align="left" valign="middle"><label>
<input name="register" class="submit" id="register" type="submit" value="Register">
</label></td>
</tr>
</tbody></table>
</form>
Click to expand...
And this is the source of the action file:
<?php
include("../data/config.php");

$username=$_POST['username'];
$password=$_POST['password'];

$query=mysql_query("INSERT INTO users` (`id`, `username`, `password`) VALUES ('', '$username', '$password')");

if($query)
{

echo '<div style="color: rgb(0, 128, 0); font-weight: bold;">Register was successfully!</div>';
}else
{
echo '<div style="color: rgb(194, 79, 0); font-weight: bold;">unable to register !!</div>';
}

?>
Click to expand...

Now every time I try to test this I get the "unable to register" message.

Why isn't this working probably? Can anybody please help me?

Thanks in advanced.
 
Sort by date Sort by votes
The Best DDoS Protected Servers
K

KevinZuiker

Junior Spellweaver
Joined
May 5, 2012
Messages
110
Reaction score
10
Now with the "or die(mysql_error());" script:

Parse error: syntax error, unexpected T_LOGICAL_OR in C:\xampp 1.7.3\xampp\htdocs\data\register.php on line 7
 
Upvote 0
D

Divide

Banned
Banned
Joined
Aug 4, 2011
Messages
852
Reaction score
331
Code: 
<?php
include("../data/config.php");

$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);

mysql_query("INSERT INTO users` (`id`, `username`, `password`) VALUES (NULL, '$username', '$password')") or die(mysql_error());
$lastinst = mysql_insert_id();

$query = mysql_fetch_assoc(mysql_query("SELECT id FROM users WHERE id = '".$lastinst."'"));

if(!$query)
{
echo '<div style="color: rgb(194, 79, 0); font-weight: bold;">Unable to register !!</div>';
}else
{
echo '<div style="color: rgb(0, 128, 0); font-weight: bold;">Register was successfully!</div>';
}

?>
 
Upvote 0
Liam

Liam

Gamma Spamma
[VIP] Member
1000 Posts [VIP] Subscriber 10 Happy Years
Joined
Dec 16, 2011
Messages
1,994
Reaction score
633
Divide said:
Code: 
<?php
include("../data/config.php");

$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);

mysql_query("INSERT INTO users` (`id`, `username`, `password`) VALUES (NULL, '$username', '$password')") or die(mysql_error());
$lastinst = mysql_insert_id();

$query = mysql_fetch_assoc(mysql_query("SELECT id FROM users WHERE id = '".$lastinst."'"));

if(!$query)
{
echo '<div style="color: rgb(194, 79, 0); font-weight: bold;">Unable to register !!</div>';
}else
{
echo '<div style="color: rgb(0, 128, 0); font-weight: bold;">Register was successfully!</div>';
}

?>
Click to expand...
Why the hell would you mysql_real_escape_string a password... I would salt it then MD5 it ;3 Just if you want users to have a somewhat security.. <3
 
Upvote 0
K

KevinZuiker

Junior Spellweaver
Joined
May 5, 2012
Messages
110
Reaction score
10
Fixed it:
<?php include("../data/config.php");

$username= $_POST['username']; $password= $_POST['password'];

$query= mysql_query("INSERT INTO users (username, password) VALUES ('$username', '$password')");

if($query) {
Blablabla
Click to expand...
But now I want md5 hash and username availability check .
I know how to do md5 hash: $_post['password'] needs to be md5($_POST[' password']);

But I have no idea how to check username availability.
Can anyone tell me?

Edit: I found it:
$username = filter($_POST['username']);
mysql_query("SELECT * FROM users WHERE username = '$username'");

If you want to know what filter means, it's my own function with all the filter stuff to prevent sql injections.
 
Last edited:
Upvote 0
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
100
Guests online
7,876
Total visitors
7,976
Totals may include hidden visitors.

Forum statistics

Threads
429,198
Messages
4,590,913
Members
281,311
Latest member
ismodev
Most visitors online was 12720 , on 2 May 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top