Jump to content

Registration Script not Adding Correctly to the Database.

McBryver

By McBryver
in PHP Coding Help

 Share

Recommended Posts

McBryver Member

McBryver

Posted
Posted

Ok Here is my Problem the following works great except it does not add the $user var to the account_details. As well as outputs md5 wrong it outputs something but its different than the password should be.

 

Heres my PHP code:

 

<?php
session_start();
/**
* @author Brian T. Flores
* @copyright 2010 - 2014
*/
error_reporting(E_ALL);



$conn = mysql_connect($db_host, $db_user, $db_pass) or die ('Error connecting to mysql');


mysql_select_db($db_name);


    
    if($_GET['goahead']==1){ // If GoAhead Is set
      
    if(isset($_GET['user'])){ // If isset GoAhead
        $user = mysql_real_escape_string($_GET['user']); // Clean User for Transfer.
        
        
        
        $user_check = mysql_query("SELECT * FROM `account_details` WHERE `username01` = '$user'"); // Check to see if username is taken.
        $ucount = mysql_num_rows($user_check); // Get Username Check Count
                      
                        if($ucount!=""){ // If Username is Taken.
                        
                        die(3); // Die Error Number 3
                        
                    } // End If Username is Taken.
                    
        if(isset($_GET['pass'])){ // If password is set.
            $pass = mysql_real_escape_string($_GET['pass']);  // Clean Password for Transfer.
            $encPass = md5($pass); // Encrypt Password
            
            if(isset($_GET['race'])){// If Race is Set.
                
                $race = mysql_real_escape_string($_GET['race']); // Clean Race for Transfer.
                
                if(isset($_GET['email'])){ // If Email is set.
                    
                    $email = mysql_real_escape_string($_GET['email']); // Clean Email for Transfer.
                    $email_check = mysql_query("SELECT * FROM `account_details` WHERE `email` = '$email'");// Check to see if Email is Taken.
                    $ecount = mysql_num_rows($email_check); //  Get Email Check Count.
                    if($ecount!=""){ // If Email is Taken. 
                        
                        die(2); // Die Error Number 2
                        
                    } // End If Email is Taken.
                    
                    if(isset($_GET['email2'])){ // If email confirmation is set.
                        $email2 = mysql_escape_string($_GET['email2']); // Clean Email Confirmation for Transfer.
                        
                        if($email == $email2){ // If emails match.
                            
                            if(isset($_GET['planet'])){ // If Planet Name is Set.
                            $pname = mysql_real_escape_string($_GET['planet']); // Clean Planet Name for Transfer. 
                           if(isset($_GET['security_code'])){ // If Security Code Input is set.
                            
                            $security_code = mysql_real_escape_string($_GET['security_code']); // Clean Security Code.
                            $security_enc = md5($security_code); // Encrypt Security Code.
                            
                            $security_code2 = $_SESSION['image_random_value']; // Get Security Code Session
                            if($security_enc == $security_code2){ // If Codes Match.
                                $randActive = rand(11111111111111111111,99999999999999999999); // Get Activation Link pre-encrypt.
                                $activation_link = md5($randActive); // Get Encrypted Activation Link.
                                

$q = "INSERT INTO `account_details` (`username01`, `password01`, `loggedIn`, `currentlyLogged`, `active`, `activelink`, `race`, `email`) VALUES ('$user', '$encPass', 0, 0, 0, '$activation_link', '$race', '$email');";
// ^ Add Account Query.

$res = mysql_query($q) or die("Error Detected! <br />".mysql_error());
// ^ Add Account to SQL.
                                
$q = mysql_query("SELECT * FROM `account_details` WHERE `username01` = '$user'")or die(mysql_error());
// ^ Get Information from New Account.

$newuserinfo = mysql_fetch_array($q);// Get New User Information

$id = $newuserinfo['id']; // Set New Account Id.

$q="INSERT INTO `planets` (`owner`, `name`, `recource1`, `recource2`, `recource3`, `recource4`, `recource5`, `turns_01`, `untrained_units_01`, `attackers_01`, `defenders_01`, `miners_01`, `covert_01`, `anticovert_01`, `ship_01`, `ship_02`, `ship_03`, `ship_04`, `ship_05`, `ship_06`, `ship_07`, `building01`, `building02`, `building03`, `building04`, `building05`, `building06`, `building07`, `building08`, `building09`) VALUES ('$id', '$pname', 35000, 15000, 12000, 135000, 125000, 220, 150, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0);";
// ^ Add Planet Query.
$res2 = mysql_query($q) or die("Error Detected! <br />".mysql_error()); // Add Planet to SQL.


$body = "
Hello ".$user.",
  
  Congradulations! Your account on Ultimate Conquest has been Registed Today!
  
  Click the following Link to Activate Account:
  http://testing.ultimateconquest.net/activate.php?code=".$activation_link."
  
  If you have not registered an account and have found this message in error please click the following link to report this error:
  
  http://testing.ultimateconquest.net/errorreg.php?account=".$user."

Thank you for registering for Ultimate Conquest - ULC,
Head Admin Brian Flores AKA Photonic....
"; // Activation Email Information.

if (mail($email, "Activate your ULC Ultimate Conquest Account! No-Reply!", $body)) { // If Email Is Sent.
    
die("1"); // Die Error Number 1

} // End Send Email   

}else{ // If Security Codes do Not Match.
        die("12"); // Die Error Number 12
    }
    }else{ // If Security Code is Not Set
        die("11"); // Die Error Number 13
    }
    }else{ // If Planet Name is Not Set.
        die("10"); // Die Error Number 10.
    }
    }else{ // If Emails do not match.
        die("9"); // Die Error Number 9.
    } 
    }else{ // If email confirmation is not set.
        die("8"); // Die Error Number 8.
    }
    }else{ // If email is not set.
        die("7"); // Die Error Number 7.
    }
    }else{ // If race is not set.
        die("6"); // Die Error Number 6.
    }
    }else{ // If Password is not set.
        die("5"); // Die Error Number 5.
    }
    }else{ // If Username is not set.
        die("4"); // Die Error Number 4.
    }
    }else{ // If GoAhead is Not Set.
    die("Go Ahead Not Established By Game System!");
}


?>

 

Here is the Register Function in Javascript:

 

  function regMast(){
    var user = document.getElementById('username_client').value;
    var pass = document.getElementById('password_client').value;
    var race1 = document.getElementById('races1').value;
    if(race1 !=""){var race = document.getElementById('races1').value;}
    var race2 = document.getElementById('races2').value;
    if(race2 !=""){var race = document.getElementById('races2').value;}
    var race3 = document.getElementById('races3').value;
    if(race3 !=""){var race = document.getElementById('races3').value;}
    var race4 = document.getElementById('races4').value;
    if(race4 !=""){var race = document.getElementById('races4').value;}
    var planet_name = document.getElementById('pname').value;
    var email = document.getElementById('email').value;
    var email2 = document.getElementById('email2').value;
    var security_code = document.getElementById('security_code').value;
    
    var ajaxRequest;  // The variable that makes Ajax possible!

try{
	// Opera 8.0+, Firefox, Safari
	ajaxRequest = new XMLHttpRequest();
} catch (e){
	// Internet Explorer Browsers
	try{
		ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
	} catch (e) {
		try{
			ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
		} catch (e){
			// Something went wrong
			alert("Your browser broke!");
			return false;
		}
	}
}
    // Create a function that will receive data sent from the server
ajaxRequest.onreadystatechange = function(){
	if(ajaxRequest.readyState == 4){
		var returni = ajaxRequest.responseText;
            
            if(returni == "1"){
                document.getElementById('reg_error').innerHTML = 'Registration Completed! Check Activation Email for more information.';
            }
            if(returni == "2"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Email Address Already Taken!';
            }
            if(returni == "3"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Username Already Taken!';
            } 
            if(returni == "4"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Username Field Empty!';
            }   
            if(returni == "5"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Password Field Empty!';
            }
            if(returni == "6"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! You must select a race!';
            }
            if(returni == "7"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Email Field Empty!';
            }     
            if(returni == "8"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Email Confirmation Field Empty!';
            }    
            if(returni == "9"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Emails did not Match!';
            }    
            if(returni == "10"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Planet Name Field Empty!';
            } 
            if(returni == "11"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! You did not Input the Security Code!';
            }
            if(returni == "12"){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! The Security Code you Inputed did not Match the Image!';
            }else{
              document.getElementById('reg_error').innerHTML = returni;  
            }                                                 
	}
}
var queryString = "?goahead=1&user=" + user + "&pass=" + pass + "&race=" + race + "&email=" + email + "&email2=" + email2 + "&security_code=" + security_code + "&planet=" + planet_name;
ajaxRequest.open("GET", "register.php" + queryString, true);
ajaxRequest.send(null); 
    
}

Link to comment
Share on other sites
JasonLewis Member

JasonLewis

Posted
Posted

There are a few things you can use to clean your code up. For one, take a look at mysql_insert_id, you can use that instead of running a query after inserting the user data to retrieve the new user ID.

 

Are you 100% sure that all variables are being set properly, that is, they are being retrieved and actually contain values both client and server side.

 

I'd also like to recommend using a JavaScript library, such as jQuery. It neatens the whole process up. And when doing that, I'd POST the data, instead of using get. Someone could quite easily navigate to register.php in there browser and spam creation of users or worse.

Link to comment
Share on other sites
McBryver Member

McBryver

Posted
  • Author
Posted

Looking over the php manual link you gave me did not know that function existed. thanks...

I cannot use POST as I am using Ajax to transfer the information to the register.php page.  Unless you know of a way to transfer using the post method. I have died the information to make sure and it shows up correctly.

 

Been looking over this for a couple hours and cannot figure it out...

 

Brian.

Link to comment
Share on other sites
JasonLewis Member

JasonLewis

Posted
Posted

You can use POST with AJAX, see this article on how it's done. The reason I suggest you use POST for this kind of request is that you're inserting data, and it's much safer to use POST to send the data to the script then GET. GET should generally be used for when you are fetching data.

 

As I said above, to make life a lot easier you can use the jQuery framework, it'll speed up your development.

Link to comment
Share on other sites
JasonLewis Member

JasonLewis

Posted
Posted

It may not solve your problem. You should debug it, ensure that your variables are retrieved correctly with JavaScript. When you send the variables to PHP, again make sure that everything is set and is shown correctly, just die each variable and alert the response text with JavaScript. You need to trace the problem to its source, if you're not getting the correct output check your input. It's usually where it's screwing up.

Link to comment
Share on other sites
McBryver Member

McBryver

Posted
  • Author
Posted

Ok I have updated the Ajax to POST method and Updated the PHP right now it does nothing and there is no error in the firefox error console.

 

Let me know if I did it right:

 

PHP:

<?php
session_start();
/**
* @author Brian T. Flores
* @copyright 2010 - 2014
*/
error_reporting(E_ALL);

$db_name = "ultimbq0_ultimatelc"; // Database Name
$db_user = "ultimbq0_shoppin"; // Database Account Username
$db_pass = "enterprise"; // Database Account Password
$db_host = "localhost"; // Database Host Domain

$conn = mysql_connect($db_host, $db_user, $db_pass) or die ('Error connecting to mysql');


mysql_select_db($db_name);


    
    if($_POST['goahead']==1){ // If GoAhead Is set
      
    if(isset($_GET['user'])){ // If isset GoAhead
        $user = mysql_real_escape_string($_POST['user']); // Clean User for Transfer.
        
        
        
        $user_check = mysql_query("SELECT * FROM `account_details` WHERE `username01` = '$user'"); // Check to see if username is taken.
        $ucount = mysql_num_rows($user_check); // Get Username Check Count
                      
                        if($ucount!=""){ // If Username is Taken.
                        
                        die(3); // Die Error Number 3
                        
                    } // End If Username is Taken.
                    
        if(isset($_POST['pass'])){ // If password is set.
            $pass = $_POST['pass'];  // Clean Password for Transfer.
            $encPass = md5($pass); // Encrypt Password
            
            if(isset($_POST['race'])){// If Race is Set.
                
                $race = mysql_real_escape_string($_POST['race']); // Clean Race for Transfer.
                
                if(isset($_POST['email'])){ // If Email is set.
                    
                    $email = mysql_real_escape_string($_POST['email']); // Clean Email for Transfer.
                    $email_check = mysql_query("SELECT * FROM `account_details` WHERE `email` = '$email'");// Check to see if Email is Taken.
                    $ecount = mysql_num_rows($email_check); //  Get Email Check Count.
                    if($ecount!=""){ // If Email is Taken. 
                        
                        die(2); // Die Error Number 2
                        
                    } // End If Email is Taken.
                    
                    if(isset($_POST['email2'])){ // If email confirmation is set.
                        $email2 = mysql_escape_string($_GET['email2']); // Clean Email Confirmation for Transfer.
                        
                        if($email == $email2){ // If emails match.
                            
                            if(isset($_POST['planet'])){ // If Planet Name is Set.
                            $pname = mysql_real_escape_string($_POST['planet']); // Clean Planet Name for Transfer. 
                           if(isset($_POST['security_code'])){ // If Security Code Input is set.
                            
                            $security_code = $_POST['security_code']; // Clean Security Code.
                            $security_enc = md5($security_code); // Encrypt Security Code.
                            
                            $security_code2 = $_SESSION['image_random_value']; // Get Security Code Session
                            if($security_enc == $security_code2){ // If Codes Match.
                                $randActive = rand(11111111111111111111,99999999999999999999); // Get Activation Link pre-encrypt.
                                $activation_link = md5($randActive); // Get Encrypted Activation Link.
                                

$q = "INSERT INTO `account_details` (`username01`, `password01`, `loggedIn`, `currentlyLogged`, `active`, `activelink`, `race`, `email`) VALUES ('$user', '$encPass', 0, 0, 0, '$activation_link', '$race', '$email');";
// ^ Add Account Query.

$res = mysql_query($q) or die("Error Detected! <br />".mysql_error());
// ^ Add Account to SQL.
                                
$q = mysql_query("SELECT * FROM `account_details` WHERE `username01` = '$user'")or die(mysql_error());
// ^ Get Information from New Account.

$newuserinfo = mysql_fetch_array($q);// Get New User Information

$id = $newuserinfo['id']; // Set New Account Id.

$q="INSERT INTO `planets` (`owner`, `name`, `recource1`, `recource2`, `recource3`, `recource4`, `recource5`, `turns_01`, `untrained_units_01`, `attackers_01`, `defenders_01`, `miners_01`, `covert_01`, `anticovert_01`, `ship_01`, `ship_02`, `ship_03`, `ship_04`, `ship_05`, `ship_06`, `ship_07`, `building01`, `building02`, `building03`, `building04`, `building05`, `building06`, `building07`, `building08`, `building09`) VALUES ('$id', '$pname', 35000, 15000, 12000, 135000, 125000, 220, 150, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0);";
// ^ Add Planet Query.
$res2 = mysql_query($q) or die("Error Detected! <br />".mysql_error()); // Add Planet to SQL.


$body = "
Hello ".$user.",
  
  Congradulations! Your account on Ultimate Conquest has been Registed Today!
  
  Click the following Link to Activate Account:
  http://testing.ultimateconquest.net/activate.php?code=".$activation_link."
  
  If you have not registered an account and have found this message in error please click the following link to report this error:
  
  http://testing.ultimateconquest.net/errorreg.php?account=".$user."

Thank you for registering for Ultimate Conquest - ULC,
Head Admin Brian Flores AKA Photonic....
"; // Activation Email Information.

if (mail($email, "Activate your ULC Ultimate Conquest Account! No-Reply!", $body)) { // If Email Is Sent.
    
die("1"); // Die Error Number 1

} // End Send Email   

}else{ // If Security Codes do Not Match.
        die("12"); // Die Error Number 12
    }
    }else{ // If Security Code is Not Set
        die("11"); // Die Error Number 13
    }
    }else{ // If Planet Name is Not Set.
        die("10"); // Die Error Number 10.
    }
    }else{ // If Emails do not match.
        die("9"); // Die Error Number 9.
    } 
    }else{ // If email confirmation is not set.
        die("8"); // Die Error Number 8.
    }
    }else{ // If email is not set.
        die("7"); // Die Error Number 7.
    }
    }else{ // If race is not set.
        die("6"); // Die Error Number 6.
    }
    }else{ // If Password is not set.
        die("5"); // Die Error Number 5.
    }
    }else{ // If Username is not set.
        die("4"); // Die Error Number 4.
    }
    }else{ // If GoAhead is Not Set.
    die("Go Ahead Not Established By Game System!");
}


?>

 

Ajax/Javascript:

 

   
  function regMast(){
    var user = document.getElementById('username_client').value;
    var pass = document.getElementById('password_client').value;
    var race = document.getElementById('race').value;
    var planet_name = document.getElementById('pname').value;
    var email = document.getElementById('email').value;
    var email2 = document.getElementById('email2').value;
    var security_code = document.getElementById('security_code').value;
    
    var ajaxRequest;  // The variable that makes Ajax possible!

try{
	// Opera 8.0+, Firefox, Safari
	ajaxRequest = new XMLHttpRequest();
} catch (e){
	// Internet Explorer Browsers
	try{
		ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
	} catch (e) {
		try{
			ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
		} catch (e){
			// Something went wrong
			alert("Your browser broke!");
			return false;
		}
	}
}
    
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", params.length);
http.setRequestHeader("Connection", "close");

    // Create a function that will receive data sent from the server
ajaxRequest.onreadystatechange = function(){
	if(ajaxRequest.readyState == 4 && http.status == 200){
		var returni = ajaxRequest.responseText;
            
            if(returni == 1){
                document.getElementById('reg_error').innerHTML = 'Registration Completed! Check Activation Email for more information.';
            }
            if(returni == 2){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Email Address Already Taken!';
            }
            if(returni == 3){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Username Already Taken!';
            } 
            if(returni == 4){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Username Field Empty!';
            }   
            if(returni == 5){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Password Field Empty!';
            }
            if(returni == 6){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! You must select a race!';
            }
            if(returni == 7){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Email Field Empty!';
            }     
            if(returni == {
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Email Confirmation Field Empty!';
            }    
            if(returni == 9){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Emails did not Match!';
            }    
            if(returni == 10){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! Planet Name Field Empty!';
            } 
            if(returni == 11){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! You did not Input the Security Code!';
            }
            if(returni == 12){
                document.getElementById('reg_error').innerHTML = 'Registration Incomplete! The Security Code you Inputed did not Match the Image!';
            }else{
              document.getElementById('reg_error').innerHTML = returni;  
            }                                                 
	}
}
var queryString = "?goahead=1&user=" + user + "&pass=" + pass + "&race=" + race + "&email=" + email + "&email2=" + email2 + "&security_code=" + security_code + "&planet=" + planet_name;
ajaxRequest.open("POST", "register.php", true);
ajaxRequest.send(queryString); 
    
}
function register(){

    document.getElementById('reg_error').innerHTML = '<img src="images/loading.gif" />';
    
    regMast();
}   

 

All it does is displays the loading gif and does not move on....

Link to comment
Share on other sites
JasonLewis Member

JasonLewis

Posted
Posted

You're using http as the object in JavaScript, when your object is called ajaxRequest, so you need to change these lines:

http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", params.length);
http.setRequestHeader("Connection", "close");

 

To:

ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
ajaxRequest.setRequestHeader("Content-length", params.length);
ajaxRequest.setRequestHeader("Connection", "close");

 

Also move these lines:

var queryString = "?goahead=1&user=" + user + "&pass=" + pass + "&race=" + race + "&email=" + email + "&email2=" + email2 + "&security_code=" + security_code + "&planet=" + planet_name;
   ajaxRequest.open("POST", "register.php", true);
   ajaxRequest.send(queryString);

So that they are above the setRequestHeader calls and in the Content-length header change params to queryString. You can also remove the ? from in front of goahead.

 

In your PHP you are using $_GET in a few places still.

Link to comment
Share on other sites
gizmola Prolific Member

gizmola

Posted
Posted

I know that post is safer and more secure I just did not know it could be used with ajax.. Ill try changing it over to Post and see if that solves the Problem.. Ill be back posting in this post if it does not fix it.

 

 

This is one of my pet peeves, but there is nothing more secure about POST.  It may be slightly more obscure, but not enough so to make the argument that you added security to your app.  Even script kiddies know how to use tools that show you the HTTP headers and let you manipulate them.  If you need security, you have to engineer it in somehow.

Link to comment
Share on other sites
JasonLewis Member

JasonLewis

Posted
Posted

I know that post is safer and more secure I just did not know it could be used with ajax.. Ill try changing it over to Post and see if that solves the Problem.. Ill be back posting in this post if it does not fix it.

 

 

This is one of my pet peeves, but there is nothing more secure about POST.  It may be slightly more obscure, but not enough so to make the argument that you added security to your app.  Even script kiddies know how to use tools that show you the HTTP headers and let you manipulate them.  If you need security, you have to engineer it in somehow.

 

True, but POST is still the better option in this instance.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.