Printable View
Hey guys. i been messing with these codes for a good hour and i got pretty much everything working but i cant get it to where when a user presses submit it checks that the fields are all filled and checks if the username he/she chose is being used or not and if the email he/she is using is being used.
Register.php
Spoiler:
File that adds users into the database
(i just call it regcheck.php in my files)Spoiler:
Mis-read the title.
testing now
-EDIT
Tested wouldn't work.
Changed about 20 lines of code and finally got to check username/password
Now i get the error:
And this is line 72-73:PHP Code:Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\regcheck.php on line 73
PHP Code:$q = SQL::Query("SELECT username FROM 'members'");
$check_names = mysql_num_rows($q);
Mis-Read the Title.
still get same error when pressing submit
Out of interest:Quote:
Originally Posted by sexychicken
1. Why do you use -
You are selecting every username from the members table..? Why? Surely you should be checking if the username already exists ->PHP Code:$q = mysql_query("SELECT username FROM 'members'");
2. The SQL class WizCoder used is completely wrong in my eyes; e.g.PHP Code:$q = mysql_query("SELECT COUNT(*) FROM `members` WHERE `username` = $username");
// The output of $q should be pre-counted so you can scrap mysql_num_rows();
mysql_num_rows does not return as a boolean (although technically it is if you consider 1 = true, 0 = false. But using == in the if statement makes this void)PHP Code:$check_names = mysql_num_rows($q);
if ( $check_names == true ) {
echo 'Username is already taken.';
} else if ( $check_names == false )
{
The else is not required, using WizCoder's class even though the username is taken the code will continue as there is nothing stopping it.PHP Code:if( $check_names > 0 ) {
echo 'Username is already taken.';
return;
}
All in all the class WizCoder has provided is basically useless for it's purpose (Sorry Wiz!)
If I get a moment on my lunch break today I will rewrite his class for you (Unless someone else beats me too it)
EDIT - IMPORTANT PART:
NOTE: This script includes NO database protection, add that yourself but this script can easily be exploited. - One fix would be not to use mysql_ but use PDO or MySQLiPHP Code:<?php
class SQL
{
/*MySQL Connection */
static function Connect()
{
$host = 'hostnamehere';
$user = 'username';
$pass = 'password';
$database = 'databasename';
$con = mysql_connect($host,$user,$pass) or die ( mysql_error() );
$db = mysql_select_db($database,$con) or die ( mysql_error() );
return $con;
}
static function Query($query)
{
$con = SQL::Connect();
$q = mysql_query($query);
return $q;
}
public static function Validation()
{
$username = $_POST['username'];
$email = $_POST['email'];
$pass1 = $_POST['pass1'];
$pass_check = $_POST['pass2'];
if( isset( $username, $pass1, $pass_check, $email ) ) {
if( !empty( $username) && !empty( $pass1 ) && !empty( $pass_check ) && !empty( $email ) ) {
if( $pass1 != $pass_check ){
echo 'Passwords do not match.';
return;
}
$q = SQL::Query("SELECT COUNT(*) FROM `members` WHERE `username` = '$username'");
if( $q > 0 ) {
echo 'Username is already taken.';
return;
}
$check_account = SQL::Query("INSERT INTO `members` (`username`, `password`, `email`) VALUES ('$username', '$password', '$email')");
}
} else {
echo 'A value is not set'; // One of the variables was not set - somehow
}
}
}
SQL::Connect();
SQL::Validation();
?>
There is your new class.
I noticed something majorly wrong with the code WizCoder gave you too, it wasn't for registration it was partly registration partly login (By fact it didn't insert any data into the database, just checked if the user existed to log you in...)
All the best,
Richard Komakech.
sorry I somehow mis-read the title lol wow.
You're doing registration , i'm going to delete my previous post I thought you were working with logging in the user lol.
When I get home later I Will re-write it and test it out for you unless someone does this before me.
My bad.
no i got it to login correctly. checks if password and username matches if not gives user message and so on. login is fine. i just can't seem to get the registration correct.
@Komakech
trying your method now. will post results
EDIT:
was getting "Username Already Exist" on every name i tried. Fixed
im getting mysql errors on passwords. Fixed
Just getting a blank page now and i know it isn't adding them into the database as i can see the database.
Glad I was able to do the login part for you so that won't be a problem, a blank page? that's strange check if its being redirected to a blank file.Quote:
Originally Posted by sexychicken
Hope you get this resolved!
no i did the login yesterday by myself lol but no its not being redirected its on the page it's supposed to be but it doesn't give me any errors or it doesn't do any of the echos for wrong password or username being used or anything
Replace the query function with that, see if anything flags up?PHP Code:static function Query($query)
{
$con = SQL::Connect();
$q = mysql_query($query) or die(mysql_error());
return $q;
}
All the best,
Richard Komakech.
now i get this and i looked at the files and that doesn't make sense as the column name is what its supposed to be called
PHP Code:Unknown column 'name' in 'where clause'
Post all the queries you have in your script for the registration part.Quote:
Originally Posted by sexychicken
All the best,
Richard Komakech.
I am pretty new to PHP, but someone told me that $_POST isn't quite secure. You shouldn't insert a $_POST right into your database. If you do, people can inject your databse. You should use something like
Correct me if I am wrong. ;)PHP Code:mysql_real_escape_string
It's not worth constantly having to clean all your passed data, the easiest method is never to use mysql_ syntax. Always use PDO or MySQLi.Quote:
Originally Posted by Galago
Their prepare functions clean up passed variables for you. It is just as easy as mysql_, if not easier.
Look up PDO (It's what I use - never really tried MySQLi but it's quite similar) and convert something into it to get used to it, then make sure to use it in all your projects and you will be protected from SQL Injections from then on.
All the best,
Richard Komakech.