Topic: Password question

[Steve]

The script must be connecting to the DB. So i tried this just to try and write to it, and no dice.

Code: [Select]

$test = "Testing";

mysql_query("INSERT INTO asa_registered_clubs (clubname) VALUES ('$test')");
I have NEVER had a problem with this before. I would say its because i havent done it in a few months but im using code i saved because i knew it worked. I already have the password code done for generating it and hashing it and that should be harder then a basic login and populate. WTF

[Steve]

Ok i cleaned up the form page code because it was something that already existed, and it needed it. Now im down to only a few errors. I have been working on other stuff and coming back to this. I'm close to scrapping the whole form and php file and starting over from my own from scratch.

Notice: Undefined index: url in /home/content/i/y/q/iyq2havfun/html/CMDONOTOPEN/process_clubreg.php on line 30

Shouldnt it say undefined variable? And it is defined, both in the php file and from the form. Here is line 30:

Code: [Select]

$url = $_POST["url"];

Notice: Undefined variable: clubgroupname’ in /home/content/i/y/q/iyq2havfun/html/CMDONOTOPEN/process_clubreg.php on line 42

Notice: Undefined variable: type’ in /home/content/i/y/q/iyq2havfun/html/CMDONOTOPEN/process_clubreg.php on line 42

Notice: Undefined variable: banner in /home/content/i/y/q/iyq2havfun/html/CMDONOTOPEN/process_clubreg.php on line 42

These are referring to the mentioned variables in the insert query code. Also, these have been defined. I dont get it. And defined the same as everything else, yet they are errorous and not the others.

Code: [Select]

mysql_query("INSERT INTO asa_registered_clubs (clubgroupname, type, address1, address2, city, state, zip, ownername, phone1, contactname1, phone2, contactname2, url, url2, ismembershipreq, byob, sex, dresscode, username, rss, banner) VALUES ('$clubgroupname’, ‘$type’, '$address1', '$address2', '$city', '$state', '$zip', '$ownername', '$phone1', '$contactname1', '$phone2', '$contactname2', '$url', '$url2', '$ismembershipreq', '$byob', '$sex', '$dresscode', '$username', '$rss', '$banner')");
I would like to figure this out so i can put the full script together and get your feedback on the security of the actual finished file. The rest of it is done basically, and i really dont get it. If you guys dont see it ill check on it again in the morning with a clear mind.

Here is both files, in full. The form code is done very sloppy imo, but the clients liked the page so i am attempting to just use the existing one with editing. I'm VERY close to just making a new one using the same look.

Form:

Code: [Select]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>ASA-sign up</title>
<meta name="author" content="Computer Medic | (239) 549-2989">
<meta name="generator" content="ASA Club and Group Registration">
<style type="text/css">
div#container
{
   width: 831px;
   position: relative;
   margin-top: 0px;
   margin-left: auto;
   margin-right: auto;
   text-align: left;
}
body
{
   text-align: center;
   margin: 0;
}
</style>
<style type="text/css">
a
{
   color: #FFFFFF;
}
a:visited
{
   color: #FFFFFF;
}
a:active
{
   color: #FFFFFF;
}
a:hover
{
   color: #8B0000;
}
</style>

<script type="text/javascript">
<!--
 
function validateForm(form)
{
if(form.clubgroupname.value==''){
alert('Club or Group Name must be given.');
return false;
}
if(form.type.value==''){
alert('Club or Group type must be given.');
return false;
}
if(form.address1.value==''){
alert('You must provide an address.');
return false;
}

if(form.city.value==''){
alert('You must provide a city.');
return false;
}

if(form.state.value==''){
alert('You must provide a state.');
return false;
}
if(form.zip.value==''){
alert('You must provide your zip code.');
return false;
}
if(form.ownername.value==''){
alert('Owner or Manager name must be given.');
return false;
}

if(form.ismembershipreq.value==''){
alert('You must select a membership status.');
return false;
}

if(form.byob.value==''){
alert('You must choose an alcohol status.');
return false;
}

if(form.sex.value==''){
alert('You must select an option for sex status.');
return false;
}
if(form.dresscode.value==''){
alert('You must choose an option for dress code.');
return false;
}
if(form.username.value==''){
alert('You must choose your desired username.');
return false;
}

}
if(form.rss.value==''){
alert('Please choose an RSS option.');
return false;
}


//
document.getElementById('err').innerHTML = 'Form is Processing.';
return 1;
}

 
 //-->
 
</script>





</head>


<body background="images/backgrn0.jpg" bgcolor="#000000" text="#000000" style="background-attachment:fixed;background-repeat:repeat-y;background-position:center top ;">
<div id="container">




<div id="wb_Text1" style="position:absolute;left:93px;top:12px;width:631px;height:37px;z-index:0" align="center">
<font style="font-size:19px" color="#FFFFFF" face="Times New Roman"><b><i><u>American Swingers Association: Club and Group Registration </u></i></b></font><font style="font-size:21px" color="#000000" face="Arial"><br>
</font></div>

 

<div id="wb_Text2" style="position:absolute;left:65px;top:88px;width:750px;height:937px;z-index:1" align="left">
<font style="font-size:15px" color="#FFFFFF" face="Arial"><b>Club or Group Name:&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; *<br>
<br>
<h5 style="position:absolute; left:582px; top:10px; z-index:1"> Public info &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;Private</h5>
Type of Group:&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; *&nbsp;&nbsp; &nbsp;&nbsp; <br>
<br>
Address&nbsp; #1:&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; * <br>
<br>
Address&nbsp; #2:&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; <br>
<br>
City:&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; *<br>
<br>
State:&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; *<br>
<br>
Zip:&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; </b></font><font style="font-size:13px" color="#FFFFFF" face="Arial"><b>&nbsp;&nbsp;&nbsp; * <br>
<br>
</b></font><font style="font-size:15px" color="#FFFFFF" face="Arial"><b>Owners/Managers Name: </b></font>
<br>
</font><font style="font-size:13px" color="#FFFFFF" face="Arial"><b><br>
</b></font><font style="font-size:15px" color="#FFFFFF" face="Arial"><b>Phone #1:</b></font>
<br>
</font><font style="font-size:13px" color="#FFFFFF" face="Arial"><b>
&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; <br>
</font><font style="font-size:15px" color="#FFFFFF" face="Arial"><b>Contact Name #1:<br>
<br>
Phone #2:<br>
</b></font><font style="font-size:13px" color="#FFFFFF" face="Arial"><b>&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; <br>
</b></font><font style="font-size:15px" color="#FFFFFF" face="Arial"><b>Contact Name #2:</b></font><font style="font-size:13px" color="#FFFFFF" face="Arial"><b>&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; <br>
<br>
</b></font><font style="font-size:15px" color="#FFFFFF" face="Arial"><b>Web Address: </b></font><font style="font-size:13px" color="#FFFFFF" face="Arial"><b>&nbsp;&nbsp; <br>
</b></font><font style="font-size:15px" color="#FFFFFF" face="Arial"><b><br>
Alternate Web Address: </b></font><font style="font-size:13px" color="#FFFFFF" face="Arial"><b>&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; <br>
<br>
</b></font><font style="font-size:15px" color="#FFFFFF" face="Arial"><b>Membership Required:</b></font><font style="font-size:13px" color="#FFFFFF" face="Arial"><b> <br>
<br>
</b></font><font style="font-size:15px" color="#FFFFFF" face="Arial"><b>BYOB: <br>
<br>
Sex Permitted: <br>
<br>
Dress Code:&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; </b>(see definitions) <b>&nbsp; <br>
<br>
Username:&nbsp;&nbsp; <br>
<br>
Password is generated and assigned by server. <br>
<br>
<br>
Download RSS feed <br>
to your website:&nbsp; <br>
<br>
Upload Club Banner:<br>
<br>
</font></div>

<div id="wb_Text4" style="position:absolute;left:63px;top:814px;width:637px;height:15px;z-index:3" align="left">
<font face="Arial" size="2"><a href="index.html"></a><a href="#"></a></font><a href="#"></a></div>


<form name="clubreg" method="POST" action="process_clubreg.php">

<input type="text" id="clubgroupname" style="position:absolute;left:249px;top:87px;width:260px;font-family:Arial;font-size:13px;z-index:4" size="43" name="clubgroupname" value="">

<input type="text" id="address1" style="position:absolute;left:249px;top:160px;width:366px;font-family:Arial;font-size:13px;z-index:5" size="61" name="address1" value="">
<input type="radio" id="ad1" name="ad1" value="public"  style="position:absolute;left:649px;top:160px;font-family:Arial;font-size:13px;z-index:5">
<input name="ad1" type="radio" id="ad1"  style="position:absolute;left:739px;top:160px;font-family:Arial;font-size:13px;z-index:5" value="npublic" checked>

<div id="wb_Text6" style="position:absolute;left:324px;top:826px;width:150px;height:15px;z-index:6" align="left">
<font face="Arial" size="2"></a></font></div>
<div id="wb_Text7" style="position:absolute;left:296px;top:959px;width:150px;height:15px;z-index:7" align="left">
<font size="2" face="Arial"></a></font></div>

<select name="type" size="1" id="ctype" style="position:absolute;left:249px;top:124px;width:129px;font-family:Arial;font-size:13px;z-index:8">
<option value="c1" >Swingers</option>
<option value="c2" >Nudist</option>
<option value="c3" >Lesbian</option>
<option value="c4" >Gay</option>
<option value="c5" >BDSM</option>
</select>

<input type="text" id="address2" style="position:absolute;left:249px;top:195px;width:366px;font-family:Arial;font-size:13px;z-index:9" size="61" name="address2" value="">
<input type="radio" id="ad2" name="ad2" value="public"  style="position:absolute;left:649px;top:195px;font-family:Arial;font-size:13px;z-index:5">
<input name="ad2" type="radio" id="ad2"  style="position:absolute;left:739px;top:195px;font-family:Arial;font-size:13px;z-index:5" value="npublic" checked>


<input type="text" id="city" style="position:absolute;left:249px;top:228px;width:258px;font-family:Arial;font-size:13px;z-index:10" size="43" name="city" value="">


<select style="position:absolute;left:248px;top:261px;width:258px;font-family:Arial;font-size:13px;z-index:11" name="state" id="state">
              <option value="AK" >AK</option>
<option value="AL" >AL</option>
<option value="AR" >AR</option>
<option value="AS" >AS</option>
<option value="AZ" >AZ</option>
<option value="CA" >CA</option>
<option value="CO" >CO</option>
<option value="CT" >CT</option>
<option value="DC" >DC</option>
<option value="DE" >DE</option>
<option value="EL" >FL</option>
<option value="GA" >GA</option>
<option value="GU" >GU</option>
<option value="HI" >HI</option>
<option value="IA" >IA</option>
<option value="ID" >ID</option>
<option value="IL" >IL</option>
<option value="IN" >IN</option>
<option value="KS" >KS</option>
<option value="KY" >KY</option>
<option value="LA" >LA</option>
<option value="MA" >MA</option>
<option value="MD" >MD</option>
<option value="ME" >ME</option>
<option value="MI" >MI</option>
<option value="MN" >MN</option>
<option value="MO" >MO</option>
<option value="MT" >MT</option>
<option value="MS" >MS</option>
<option value="NC" >NC</option>
<option value="ND" >ND</option>
<option value="NE" >NE</option>
<option value="NH" >NH</option>
<option value="NJ" >NJ</option>
<option value="NM" >NM</option>
<option value="NV" >NV</option>
<option value="NY" >NY</option>
<option value="OH" >OH</option>
<option value="OK" >OK</option>
<option value="OR" >OR</option>
<option value="PA" >PA</option>
<option value="PR" >PR</option>
<option value="RI" >RI</option>
<option value="SC" >SC</option>
<option value="SD" >SD</option>
<option value="TN" >TN</option>
<option value="TX" >TX</option>
<option value="UT" >UT</option>
<option value="VA" >VA</option>
<option value="VI" >VI</option>
<option value="VT" >VT</option>
<option value="WA" >WA</option>
<option value="WI" >WI</option>
<option value="WV" >WV</option>
<option value="WY" >WY</option>
</select>

<input type="text" id="zip" style="position:absolute;left:249px;top:296px;width:258px;font-family:Arial;font-size:13px;z-index:12" size="43" name="zip" value="">
<input type="text" id="ownername" style="position:absolute;left:249px;top:335px;width:258px;font-family:Arial;font-size:13px;z-index:13" size="43" name="ownername" value="">
<input type="radio" id="ad3" name="ad3" value="public"  style="position:absolute;left:649px;top:335px;font-family:Arial;font-size:13px;z-index:5">
<input name="ad3" type="radio" id="ad3"  style="position:absolute;left:739px;top:335px;font-family:Arial;font-size:13px;z-index:5" value="npublic" checked>


<input type="text" name="phone1" size="1" id="phone1" style="position:absolute;left:249px;top:366px;width:183px;font-family:Arial;font-size:13px;z-index:14" value="">
<input type="radio" id="ad4" name="ad4" value="public"  style="position:absolute;left:649px;top:366px;font-family:Arial;font-size:13px;z-index:5">
<input name="ad4" type="radio" id="ad4"  style="position:absolute;left:739px;top:366px;font-family:Arial;font-size:13px;z-index:5" value="npublic" checked>



<input type="text" name="contactname1" size="1" id="contactname1" style="position:absolute;left:249px;top:402px;width:183px;font-family:Arial;font-size:13px;z-index:15" value="">
<input type="radio" id="ad5" name="ad5" value="public"  style="position:absolute;left:649px;top:402px;font-family:Arial;font-size:13px;z-index:5">
<input name="ad5" type="radio" id="ad5"  style="position:absolute;left:739px;top:402px;font-family:Arial;font-size:13px;z-index:5" value="npublic" checked>


<input type="text" name="phone2" size="1" id="phone2" style="position:absolute;left:249px;top:435px;width:183px;font-family:Arial;font-size:13px;z-index:16" value="">
<input type="radio" id="ad6" name="ad6" value="public"  style="position:absolute;left:649px;top:435px;font-family:Arial;font-size:13px;z-index:5">
<input name="ad6" type="radio" id="ad6"  style="position:absolute;left:739px;top:435px;font-family:Arial;font-size:13px;z-index:5" value="npublic" checked>


<input type="text" name="contactname2" size="1" id="contactname2" style="position:absolute;left:249px;top:471px;width:183px;font-family:Arial;font-size:13px;z-index:17" value="">
<input type="radio" id="ad7" name="ad7" value="public"  style="position:absolute;left:649px;top:471px;font-family:Arial;font-size:13px;z-index:5">
<input name="ad7" type="radio" id="ad7"  style="position:absolute;left:739px;top:471px;font-family:Arial;font-size:13px;z-index:5" value="npublic" checked>



<select name="ismembershipreq" size="1" id="ismembershipreq" style="position:absolute;left:249px;top:578px;width:52px;font-family:Arial;font-size:13px;z-index:18">
<option value="1" >yes</option>
<option value="2" >no</option>
</select>

<input type="text" id="url" style="position:absolute;left:249px;top:507px;width:258px;font-family:Arial;font-size:13px;z-index:19" size="43" name="url" value="">
<input type="radio" id="ad8" name="ad8" value="public"  style="position:absolute;left:649px;top:507px;font-family:Arial;font-size:13px;z-index:5">
<input name="ad8" type="radio" id="ad8"  style="position:absolute;left:739px;top:507px;font-family:Arial;font-size:13px;z-index:5" value="npublic" checked>


<input type="text" id="url2" style="position:absolute;left:249px;top:542px;width:258px;font-family:Arial;font-size:13px;z-index:20" size="43" name="url2" value="">
<select name="byob" size="1" id="byob" style="position:absolute;left:249px;top:609px;width:52px;font-family:Arial;font-size:13px;z-index:21">
<option value="1" >yes</option>
<option value="2" >no</option>
</select>

<select name="sex" size="1" id="sex" style="position:absolute;left:248px;top:643px;width:127px;font-family:Arial;font-size:13px;z-index:22">
<option value="1" >On Premise </option>
<option value="2" >Off Premise </option>
</select>

<select name="dresscode" size="1" id="dresscode" style="position:absolute;left:248px;top:679px;width:127px;font-family:Arial;font-size:13px;z-index:23">
<option >Formal</option>
<option >Semi Formal</option>
<option >Informal</option>
<option >Smart Casual</option>
<option >Leisure Attire</option>
</select>

<input type="text" id="username" style="position:absolute;left:248px;top:719px;width:168px;font-family:Arial;font-size:13px;z-index:24" size="28" name="username" value="">

<select name="rss" size="1" id="rss" style="position:absolute;left:249px;top:845px;width:52px;font-family:Arial;font-size:13px;z-index:27">
<option >yes</option>
<option >no</option>
</select>

 
<input  style="position:absolute;left:337px;top:953px;width:180px;height:30px;z-index:2" type="submit" name="subclub" id="subclub" value="REGISTER" >
 

</form>

<form method="POST" action="#">
<input type="file" id="FileUpload1" style="position:absolute;left:250px;top:899px;width:82px;height:23px;z-index:28" size="0" name="FileUpload1">
</form>

<div id="wb_RollOver1" style="position:absolute;left:337px;top:987px;width:180px;height:30px;z-index:31" align="left">
<script language="JavaScript" type="text/javascript">
<!--
RollOver1 = new Image();
RollOver1.src = "images/p_back321.gif";
//-->
</script>

<a href="clubs&groupssearch.php"><img src="images/p_back31.gif" id="RollOver1" width="180" height="30" alt="" border="0" onMouseOver="this.src='images/p_back321.gif'" onMouseOut="this.src='images/p_back31.gif'"></a></div>
</div>



</body>
</html>
php for processing

Code: [Select]

<?php
ini_set('display_errors', '1');
error_reporting(E_ALL);

$hostname_ASA = "1";
$database_ASA = "2";
$username_ASA = "3";
$password_ASA = "4";
$ASA = mysql_connect($hostname_ASA, $username_ASA, $password_ASA) or trigger_error(mysql_error(),E_USER_ERROR); 

if($ASA==false){
    echo "failed to connect to database";
    exit();
}

mysql_select_db("database_ASA", $ASA);

$clubgroupname = $_POST["clubgroupname"];
$type = $_POST["type"];
$address1 = $_POST["address1"];
$address2 = $_POST["address2"];
$city = $_POST["city"];
$state = $_POST["state"];
$zip = $_POST["zip"];
$ownername = $_POST["ownername"];
$phone1 = $_POST["phone1"];
$contactname1 = $_POST["contactname1"];
$phone2 = $_POST["phone2"];
$contactname2 = $_POST["contactname2"];
$url = $_POST["url"];
$url2 = $_POST["url2"];
$ismembershipreq = $_POST["ismembershipreq"];
$byob = $_POST["byob"];
$sex = $_POST["sex"];
$dresscode = $_POST["dresscode"];
$username = $_POST["username"];
$rss = $_POST["rss"];
//$banner = $_POST["banner"];



mysql_query("INSERT INTO asa_registered_clubs (clubgroupname, type, address1, address2, city, state, zip, ownername, phone1, contactname1, phone2, contactname2, url, url2, ismembershipreq, byob, sex, dresscode, username, rss, banner) VALUES ('$clubgroupname&#8217;, &#8216;$type&#8217;, '$address1', '$address2', '$city', '$state', '$zip', '$ownername', '$phone1', '$contactname1', '$phone2', '$contactname2', '$url', '$url2', '$ismembershipreq', '$byob', '$sex', '$dresscode', '$username', '$rss', '$banner')");


mysql_close($ASA);
?>

[Steve]

GOT IT.

I took

mysql_select_db("$database_ASA" , $ASA);

and made it

mysql_select_db("$database_ASA", $ASA) or die(mysql_error());

Got a refusal error. Now its working as

mysql_select_db("$database_ASA") or die(mysql_error());

Always something stupid.

[Steve]

Here is the code i came up with for validating input and checking for dubplicates. Neither seem to be working. What i mean is no data is going into the DB, and im getting an error on the dup check telling me that email and username are not valid....

This is my first shot at dupes and validation, so im positive i did something wrong. This was the stuff i wanted input on originally. Also note im using basic MD5 thats only because i already knew how and for getting things working i used it. It will be expanded and changed with SHA1 as suggested.

Code: [Select]

<?php

//Check for errors for testing purposes. Will remove later.
ini_set('display_errors', '1');
error_reporting(E_ALL);

//Connect to server
include('Connections/establish_dbconn.php');

//Select DB to work with
mysql_select_db("$database_ASA") or die(mysql_error());

//Read in values of the form, and confirm they are of correct type/content
$clubgroupname = $_POST["clubgroupname"];
$clubgroupname = filter_var($clubgroupname, FILTER_SANITIZE_STRING);
$type = $_POST["type"];
$address1 = $_POST["address1"];
$address1 = filter_var($address1, FILTER_SANITIZE_STRING);
$address2 = $_POST["address2"];
$address2 = filter_var($address2, FILTER_SANITIZE_STRING);
$city = $_POST["city"];
$city = filter_var($city, FILTER_SANITIZE_STRING);
$state = $_POST["state"];
$zip = $_POST["zip"];
$zip = filter_var($zip, FILTER_VALIDATE_INT);
$ownername = $_POST["ownername"];
$ownername = filter_var($ownername, FILTER_SANITIZE_STRING);
$phone1 = $_POST["phone1"];
$phone1 = filter_var($phone1, FILTER_VALIDATE_INT);
$contactname1 = $_POST["contactname1"];
$contactname1 = filter_var($contactname1, FILTER_SANITIZE_STRING);
$phone2 = $_POST["phone2"];
$phone2 = filter_var($phone2, FILTER_VALIDATE_INT);
$contactname2 = $_POST["contactname2"];
$contactname2 = filter_var($contactname2, FILTER_SANITIZE_STRING);

$url = $_POST["url"];

if(filter_var($url, FILTER_VALIDATE_URL) === FALSE)
        {
        $url = "";
        }
else
        {
        return $url;
        }

$email = $_POST["email"];

if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE)
        {
     $email = "";
        }
else
        {
     return $email;
        }
    
$ismembershipreq = $_POST["ismembershipreq"];
$byob = $_POST["byob"];
$sex = $_POST["sex"];
$dresscode = $_POST["dresscode"];
$username = $_POST["username"];
$username = filter_var($username, FILTER_SANITIZE_STRING);
$rss = $_POST["rss"];
//$banner = $_POST["banner"];


//Here we will check the supplied email and username against
//the database to make sure they arent already in use
$request = "SELECT * FROM test_clubs";
$db_result = mysql_query($request);
$article = mysql_fetch_object($db_result);

$num_rows = mysql_num_rows($db_result);
$row_count = 0;

while ($row_count < $num_rows) { 
   $article = mysql_fetch_object($db_result); 
   $row_count++;   
       if ($article->email == $email) { 
        displayError("The email you provided is already registered to an account.");
            exit(); }
              else if ($article->username == $username) {      
            displayError("The username you requested is already taken.");
            exit(); }
}

//Automatically generate the password
$length = 8;
$password = "";
$possible = "0123456789bcdfghjkmnpqrstvwxyz"; 
    
$i = 0; 
while ($i < $length) { 
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
if (!strstr($password, $char)) { 
       $password .= $char;
       $i++; 
}
}

//Send the user their login name and password (plaintext)
$from = "Webmaster@asaandyou.com";
$to = "$email";
$subject = "ASA Account Information";
$body = "Thank you for joining the ASA. Your username is $username and your account password is $password. Please save this email in your records.";
mail($to, $subject, $body, "From: $from");

//Here we secure the password using MD5 before inserting
//to the database. We will change this to SHA1 and use
//salting for final version
$password = md5($password);

//Insert data into the database
mysql_query("
INSERT INTO test_clubs 
(clubgroupname, type, address1, address2, city, 
 state, zip, ownername, phone1, contactname1, 
 phone2, contactname2, url, email, ismembershipreq, 
 byob, sex, dresscode, username, password, rss) 
VALUES   ('$clubgroupname', '$type', '$address1', 
  '$address2', '$city', '$state', '$zip', '$ownername', 
  '$phone1', '$contactname1', '$phone2', '$contactname2', 
  '$url', '$email', '$ismembershipreq', '$byob', '$sex', 
  '$dresscode', '$username', '$password', '$rss')");

//Terminate server connection
mysql_close($ASA);

//Redirect user back to form
header( 'Location: group_registration.php') ;
?>




[Steve]

Also i did no validation on the drop boxes because i couldnt see any reason too. If anyone can see a reason too, please tell me im learning here.

[Mike]

Validate EVERYTHING.  I can easily write scripts to submit all kinds of junk regardless of what the form element was.

[Steve]

Ok. So am i doing that properly though? It was working fine before i added the val checks, then nothing was submitting dispite no errors. Then i added the dup check because i already had the code now i have two things to fix.

[Steve]

God dammit im an idiot. I always do dumb obvious shit like this.

Fixed it.

[Steve]

Screw making a new topic, ill put this here. I finished the groups registration, and now im doing the members. I used the same exact code and just modified the variables and db info to match. everything works fine, except the duplicate email/username filter isnt working. It works on the other one.

I used phpmyadmin to set the 'email' and 'username' fields as primary, just like in the other table, and used the following code:

Code: [Select]

//Insert data into the database
$query=     "
INSERT INTO test_members
(firstname, lastname, p_firstname, p_lastname, address, city,
state, zip, country, phone, email, security_question, security_answer,
membercard, username, password)
VALUES   ('$firstname', '$lastname', '$p_firstname', '$p_lastname', '$address',
  '$city', '$state', '$zip', '$country', '$phone', '$email', '$security_question',
  '$security_answer', '$membercard', '$username', '$password')";
 
$is_success = mysql_query($query);

//If the query fails for a dupe email
//redirect to form and notify. Message
//handled in target file
if (!$is_success) {
header( 'Location: group_registration.php'); }

//Terminate server connection
mysql_close($ASA);

//Redirect user to thank you notice
header( 'Location: memberreg_thankyou.php') ;

It's adding the entry to the database and redirecting to the last header entry meaning its not catching the fail, or its not failing and it should be. And the weird part is it will submit a duplicate entry, BUT if i try it a third time it doesnt use the fail condition but it doesnt enter it to the db either.....Any ideas?

[Steve]

No because its minor shit. im more then halfway done the whole project i just keep running into dumb crap like this. identical fucking code one works one doesnt i dont get it. If i had no idea how any of this worked or something then yea i would. And for the most part it seems i post and then mike either gets me on the right angle or i figure it out but this one i just dont understand so figured it wouldnt hurt to ask,

besides im not asking them to write code or anything like a do my homework situation, just looking for insight and a nudge as to why im an idiot so i can fix it.

[Steve]

No, im anti profit loss. The more people working on my work the less i profit.

[Steve]

Sure ethic. people hire other people to do things for xxx amount of dollars. that xxx minus cost = profit. the lower cost, the better. employees = cost.

In all seriousness its something im going to have to consider in a month or two if this keeps up because my workload is becoming one i cant handle on my own. If jen was here handling the customer service end of things i could, but im on the phone constantly, emails constantly, websites, hardware repairs, meetings with potential clients, etc. Adds up

[Perspective]

btw: if you're inserting data in the same order that the columns were declared you don't need to list the column names.

[Steve]

I didnt know that, thnx man

[Mike]

btw: if you're inserting data in the same order that the columns were declared you don't need to list the column names.

I list them just so I never have to worry about the exact structure of the table.