Hi, I payed a coder some money to make a simple site for me with registering form. The problem is not that I can't use the registering form but it's how it works. I told him to make all testboxes required also and one checkbox. He didn't do that, so now I can just click on submit with out writing in any information and the script registers no information. Also I asked him to make sure people could not register same username but that doesn't seem to work ether. What I'm looking for is that all textboxes and cheakboxs are required. if left blank the page just refreshes and has a red error text saying what is wrong. and that people can't register the same username. Here is the register.php file. If you can find what's wrong I'll gladly pay you few bucks for it. Best regards, <?php session_start(); include "includes/header.php"; if ($_POST['form'] == 'sent'){ $rand = rand(10000000,99999999); $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $email = $_POST['email']; $username = $_POST['username']; $password = $_POST['password']; $checkbox = $_POST['checkbox']; $membership = $_POST['membership']; $sel = mysql_query("SELECT id FROM members WHERE username = '$username' ") or die (mysql_error()); $num = mysql_num_rows($sel); if($num != 0){ $exist = 1; }else{ $res = mysql_query("INSERT INTO members VALUE ('','$firstname','$lastname','$email','$username','$password','0', '0', '$rand')") or die (mysql_error()); $id = mysql_insert_id(); } } if ($membership == '0'){ $email_headers = "MIME-Version: 1.0\r\nContent-type: text/plain; charset=iso-8859-1\r\nFrom: \"$site_name Admin\" <noReply@noreply.com>\r\nReply-To: \"NoReply\" <noreply@noreply.com>\r\nX-Priority: 3\r\nX-Mailer: PHP 4\r\n"; mail($email, "Thank you for registering at $site_name!", "$firstname, thank you for registration!\n\nYour $site_name login is: $username\nYour $title password is: $password\n\nTo activate your account you have to open the following link:\n$self_url" . "activate.php?rand=$rand&uid=$id\nClick it or copy-paste it to your browser's query string.\n\n$site_name Admin", $email_headers); ?> <table align="center"><tr><td align="center"> <h3>Thank you for registering!<br> Please check your email for your account activation link.<br>The activation link for your account was sent to <b><?php echo $email; ?></b></h3> </p></td></tr></table> <?php }elseif ($membership == '1'){ $_SESSION['user_id'] = $id; $_SESSION['rand'] = $rand; $_SESSION['paypal'] = "done"; ?> <table align="center"><tr><td align="center"> <h3>Thank you for registering!<br> Please click on the button bellow to go to PayPal secure page and pay for your membership.</h3> <br><br> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="<?php echo $admin_paypal; ?>"> <input type="hidden" name="item_name" value="Paid Membersip - <?php echo $site_name; ?>"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="amount" value="<?php echo $membership_price; ?>"> <input type="hidden" name="return" value="<?php echo $self_url; ?>activate.php?"> <input type="hidden" name="cancel_return" value="<?php echo $self_url; ?>registration.php"> <input type="image" src="http://www.paypal.com/en_US/i/btn/x-click-but01.gif" name="submit" alt="Make payments with PayPal - it's fast, free and secure!"> </form> </td></tr></table> <?php }else{ ?> <table class="mid" align="center"> <tr><td align="center" colspan="2"><h2> Registration Form</h2> </td></tr> <?php if ($exist == 1) echo "<tr><td align='center' colspan='2'><font color='red'>This username already exist!</font></td></tr>"; ?> <form action="" method="post" name="registration" id="registration"> <tr><td width="100" align="left">First Name</td><td align="left"><input type="text" name="firstname" value="" size="21" /></td></tr> <tr><td width="100" align="left">Last Name</td><td align="left"><input type="text" name="lastname" value="" size="21" /></td></tr> <tr><td width="100" align="left">E-Mail</td><td align="left"><input type="text" name="email" value="" size="21" /></td></tr> <tr><td width="100" align="left">Username</td><td align="left"><input type="text" name="username" value="" size="21" /></td></tr> <tr><td width="100" align="left">Password</td><td align="left"><input type="password" name="password" value="" size="21" /></td></tr> <tr><td width="100" align="left">Membership</td><td align="left"><select name="membership"><option value="1">Paid Membersip - $7</option> <option value="0">Free Membersip</option></select> <tr><td width="100" align="left">Terms of service</td><td align="left"><input type="checkbox" name="checkbox" value="true" checked="checked"/>I have read and agree to <a target="_blank" href="/terms.php">terms of service</a></td></tr> <tr><td width="100" align="center" colspan="2"><label><input type="submit" name="Register" class="button" value="Register" /></label></td></tr> <input type="hidden" name="form" value="sent"> </form> </table> <?php } include "includes/footer.php"; ?> PHP:
The username unique constraint is easy. Open phpMyAdmin and add a unique constraint to the username column. for the other fields just do something like: if (trim($firstname) == "") { echo "First name cannot be blank"; exit; } It all depends on how strict you want to get with each field. I personally like to use regular expressions to validate things. You should also be using mysql_escape_string() for anything you're inserting or updating into the database. After validating $firstname, try: $firstname=mysql_escape_string($firstname);
Okey, I'm going to my phpmyadmin and trying to find it but where should I but the code you just showed me?? on top or next to the checkbox??? best regards,
For each line that looks like: $firstname = $_POST['firstname']; PHP: Replace it with: if (trim($_POST['firstname']) == "") { echo "First name cannot be blank"; exit; } $firstname=mysql_escape_string($_POST['firstname']); PHP: That will make sure each field contains something other than a blank space. Duplicate this bit of code for each of your text fields.
What forestone said. User management, form validation & redisplay, security, this stuff can get complicated, and needs to be done right. You should really try to get another coder rather than hack it together piecemeal.