[SATLUG] help with php

twistedpickles twistedpickles at gmail.com
Thu Jul 20 17:42:29 CDT 2006


The following is a form I put together and the purpose is to add users
to a database. This part of the script works fine.

I've tried to create the script to redirect back to itself and pass an
error message through a query when the user fails to fill out all
fields, selected a login name already in use, or if the verify
password fails.

All the error checks such as empty fields, if login exists, and
password verifying fail. As do the redirects ex code:

//This makes sure they did not leave any fields blank
if (!$_POST['login'] | !$_POST['pass'] | !$_POST['pass2'] ) {
header( "Location: addUser.php?formErr=Please fill in all fields" );
}

The submit process continues and the SQL Insert is successful.

Below is the entire script and is also included as a text file. This
is my first attempt at a php web app. Any help is appreciated. I can't
figure out what I'm doing wrong.

<pre>


<?php
session_start();

//check to make sure the session variable is registered
if (!session_is_registered('login')) {
header( "Location: index.php" );
}

//includes
include("functions.php");
include("ink/dbConnect.php");

//This code runs if the form has been submitted
if (isset($_POST['submit'])) {

//This makes sure they did not leave any fields blank
if (!$_POST['login'] | !$_POST['pass'] | !$_POST['pass2'] ) {
header( "Location: addUser.php?formErr=Please fill in all fields" );
}

// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['login'] = addslashes($_POST['login']);
}
$usercheck = $_POST['login'];
$check = mysql_query("SELECT login FROM member WHERE login =
'$usercheck'") or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
#header("Location: addUser.php?formErr=Sorry the username
".$_POST['login']." is already in use.");
echo "error";
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
header("Location: addUser.php?formErr=Your passwords did not match.");
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = nocat_crypt($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['login'] = addslashes($_POST['login']);
}

// now we insert it into the database
$insert = "INSERT INTO member (login, pass, priv) VALUES
('".$_POST['login']."', '".$_POST['pass']."', '".$_POST['priv']."')";
$add_member = mysql_query($insert);

// Redirect to main page after successfull insert
header("Location: main.php");
?>

<?php
}
// If form has not been submitted then display form
else
{	
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
<meta name="Robots" content="NOINDEX" />
<meta http-equiv="PRAGMA" content="NO-CACHE" />
<link rel="stylesheet" type="text/css" href="css/layout.css" />
<link rel="stylesheet" type="text/css" href="css/presentation.css" />
</head>

<body>
<!-- Header -->
<div id="header">

<?php include("ink/whoami.php");?>

</div>
<!-- end of header -->


<!-- left column -->
<div id="lh-col">

<?php include("ink/nav.php");?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table>
	<thead>
		<tr>
			<th colspan="2">Add User Account</th>
		</tr>
	</thead>

	<tfoot>
		<tr>
			<th colspan="2">&nbsp;</th>
		</tr>
	</tfoot>
	<tbody>
		<?php
			//Display Errors from Query		
			if (isset($_GET['formErr'])){
			echo ("<tr><td colspan=\"2\" id=\"Err\">".$_GET['formErr']."</td></tr>");
		} ?>

		<tr><td>Username:</td><td><input type="text" name="login"
maxlength="60"></td></tr>
		<tr><td>Password:</td><td><input type="password" name="pass"
maxlength="10"></td></tr>
		<tr><td>Confirm Password:</td><td><input type="password"
name="pass2" maxlength="10"></td></tr>

<?php
//Check privs to find what type of users can be created
switch ($_SESSION['priv']){

	case "6":
		echo '<tr><td>Account type:</td><td><select name="priv"><option
value="0">User</option><option value="1">Hotel / Misc.
User</option><option value="2">Swank User</option><option
value="4">Super User</option><option value="5">Manager</option><option
value="6">Admin</option></select></td></tr>';
	break;

	case "5":
		echo '<tr><td>Account type:</td><td><select name="priv"><option
value="0">User</option><option value="1">Hotel / Misc.
User</option><option value="2">Swank User</option><option
value="4">Super User</option><option
value="5">Manager</option></select></td></tr>';
	break;

	default:
		echo '<tr><td>Account type:</td><td><select name="priv"><option
value="0">User</option><option value="1">Hotel / Misc.
User</option><option value="2">Swank
User</option></select></td></tr>';

}


?>

			<tr><th colspan=2><input type="submit" name="submit" value="add
user"></th></tr>
	</tbody>
</table>
</form>

<?php
}
?>
</div>
<!-- end of left column -->


<!-- right column -->

<div id="rh-col">

<?php include("ink/tips.php");?>

</div>
<!-- end of right column -->

</body>
</html>









</pre>




-- 
::twistedPickles:: :
-------------- next part --------------
<?php
session_start();

//check to make sure the session variable is registered
if (!session_is_registered('login')) {
header( "Location: index.php" );
} 

//includes
include("functions.php");
include("ink/dbConnect.php");

//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

//This makes sure they did not leave any fields blank
if (!$_POST['login'] | !$_POST['pass'] | !$_POST['pass2'] ) {
header( "Location: addUser.php?formErr=Please fill in all fields" );
}

// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['login'] = addslashes($_POST['login']);
}
$usercheck = $_POST['login'];
$check = mysql_query("SELECT login FROM member WHERE login = '$usercheck'") or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
#header("Location: addUser.php?formErr=Sorry the username ".$_POST['login']." is already in use.");
echo "error";
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
header("Location: addUser.php?formErr=Your passwords did not match.");
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = nocat_crypt($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['login'] = addslashes($_POST['login']);
}

// now we insert it into the database 
$insert = "INSERT INTO member (login, pass, priv) VALUES ('".$_POST['login']."', '".$_POST['pass']."', '".$_POST['priv']."')";
$add_member = mysql_query($insert);

// Redirect to main page after successfull insert
header("Location: main.php");
?>

<?php 
} 
// If form has not been submitted then display form
else 
{	
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
<meta name="Robots" content="NOINDEX" />
<meta http-equiv="PRAGMA" content="NO-CACHE" />
<link rel="stylesheet" type="text/css" href="css/layout.css" />
<link rel="stylesheet" type="text/css" href="css/presentation.css" />
</head>

<body>
<!-- Header -->
<div id="header">

<?php include("ink/whoami.php");?>

</div>
<!-- end of header -->


<!-- left column -->
<div id="lh-col">

<?php include("ink/nav.php");?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table>
	<thead>
		<tr>
			<th colspan="2">Add User Account</th>
		</tr>
	</thead>

	<tfoot>
		<tr>
			<th colspan="2">&nbsp;</th>
		</tr>
	</tfoot>
	<tbody>
		<?php 
			//Display Errors from Query		
			if (isset($_GET['formErr'])){
			echo ("<tr><td colspan=\"2\" id=\"Err\">".$_GET['formErr']."</td></tr>");
		} ?>

		<tr><td>Username:</td><td><input type="text" name="login" maxlength="60"></td></tr>
		<tr><td>Password:</td><td><input type="password" name="pass" maxlength="10"></td></tr>
		<tr><td>Confirm Password:</td><td><input type="password" name="pass2" maxlength="10"></td></tr>

<?php 
//Check privs to find what type of users can be created
switch ($_SESSION['priv']){

	case "6":
		echo '<tr><td>Account type:</td><td><select name="priv"><option value="0">User</option><option value="1">Hotel / Misc. User</option><option value="2">Swank User</option><option value="4">Super User</option><option value="5">Manager</option><option value="6">Admin</option></select></td></tr>';
	break;

	case "5":
		echo '<tr><td>Account type:</td><td><select name="priv"><option value="0">User</option><option value="1">Hotel / Misc. User</option><option value="2">Swank User</option><option value="4">Super User</option><option value="5">Manager</option></select></td></tr>';
	break;

	default:
		echo '<tr><td>Account type:</td><td><select name="priv"><option value="0">User</option><option value="1">Hotel / Misc. User</option><option value="2">Swank User</option></select></td></tr>';

}


?>

			<tr><th colspan=2><input type="submit" name="submit" value="add user"></th></tr> 
	</tbody>
</table>
</form>

<?php 
} 
?>
</div>
<!-- end of left column -->


<!-- right column -->

<div id="rh-col">

<?php include("ink/tips.php");?>

</div>
<!-- end of right column -->

</body>
</html>


More information about the SATLUG mailing list