Hi, I'm making my new website in php on my home server and have come to some problems with creating a new user account. Can anyone help me find any problems with any of my code? I would really appreciate it. Thanks in advance Create user form: PHP: <html> <head> <link rel="stylesheet" type="text/css" href="style.css" media="screen" /> </head> <body> <div id="container"> <h1>Create a new account</h1> <p id="options"> <form action="newusercreate.php" method="post"> <p><label for="userName">*Username</label><input type="text" name="userName" value="" /></p> <p><label for="passWord">*Password</label><input type="password" name="passWord" value="" /></p> <p><label for="passWord">*Confirm Password</label><input type="password" name="passWord2" value="" /></p> <p><label for="firstName">*First name</label><input type="text" name="firstName" value="" /></p> <p><label for="lastName">*Last name</label><input type="text" name="lastName" value="" /></p> <p><label for="Male">Male</label><input type="radio" name="gender" value="Male" /></p> <p><label for="Female">Female</label><input type="radio" name="gender" value="Female" /></p> <p><label for="eMail1">*E-mail</label><input type="text" name="eMail1" value="" /> <p><label for="eMail1">*Confirm E-mail</label><input type="text" name="eMail2" value="" /></p> <p><label for="number">Number</label><input type="text" name="number" value="" /></p> <p><label for="address1">Address line 1</label><input type="text" name="address1" value="" /></p> <p><label for="address2">Address line 2</label><input type="text" name="address2" value="" /></p> <p><label for="townName">Town Name</label><input type="text" name="townName" value="" /></p> <p><label for="county">County</label><input type="text" name="county" value="" /></p> <p><label for="country">Country</label><input type="text" name="country" value="United Kingdom" readonly="readonly" /></p> <p><label for="postCode">Postcode</label><input type="text" name="postCode" value="" /></p> <p><label for="">Group</label><select name="cars"> <option value="WGSB">WGSB</option> <option value="WGSG">WGSG</option> <option value="Other" >Other</option> <option value="" selected="selected">None</option> </select></p> <input class="submit" type="submit" name="submit" value="Sign Up!" /> </form> (*) means a required field. Gender is also required Do not use any characters such as hyphens, slashes or any character taht is not a number or a letter. </p> </div> </body> </html> Create user script: PHP: <?php if($_POST['submit']) { require 'connection.php'; $username = mysql_real_escape_string(strtolower($_POST['userName'])); $password = crypt($_POST['passWord'], 'i9'); $password2 = crypt($_POST['passWord2'], 'i9'); $firstname = mysql_real_escape_string($_POST['firstName']); $lastname = mysql_real_escape_string($_POST['lastName']); $gender = mysql_real_escape_string($_POST['gender']); $email = mysql_real_escape_string($_POST['eMail1']); $email2 = mysql_real_escape_string($_POST['eMail2']); $number = mysql_real_escape_string($_POST['number']); $address1 = mysql_real_escape_string($_POST['address1']); $address2 = mysql_real_escape_string($_POST['address2']); $townname = mysql_real_escape_string($_POST['townName']); $county = mysql_real_escape_string($_POST['county']); $country = mysql_real_escape_string($_POST['country']); $postcode = mysql_real_escape_string($_POST['postCode']); $group = mysql_real_escape_string($_POST['group']); $authcode = rand(1, 9) . rand(1, 9) . rand(1, 9) . rand(1, 9) . rand(1, 9) . rand(1, 9) . rand(1, 9) . rand(1, 9); $error = '0'; while($error == 0){ //Check if feilds are empty if($username == "") { $error = '1'; } if($password == "") { $error = '2'; } if($firstname == "") { $error = '3'; } if($lastname == "") { $error = '4'; } if($gender == "") { $error = '5'; } if($email == "") { $error = '6'; } //Check for valid email and password if($email != $email2) { $error = '7'; } if($password != $password2) { $error = '8'; } else { mysql_query("INSERT INTO blog_users (`id`, `username`, `password`, `firstname`, `lastname`, `gender`, `email`, `number`, `address1`, `address2`, `townname`, `county`, `country`, `postcode`, `group`, `authcode`, `status`) VALUES(NULL,'$username','$password','$firstname','$lastname', '$gender', '$email','$number','$address1','$address2','$townname','$county','$country','$postcode','$group','$authcode','1')") or die(mysql_error(header('Location: createnewuser.php'))); mysql_query("CREATE TABLE `bloguser_$username` (`id` INT(20) NOT NULL AUTO_INCREMENT PRIMARY KEY, `title` VARCHAR(20) NOT NULL, `mainbody` VARCHAR(1000) NOT NULL, INDEX (`title`)) ENGINE = MyISAM;"); mysql_query("CREATE TABLE `blogsub_$username` (`id` INT(20) NOT NULL AUTO_INCREMENT PRIMARY KEY, `name` VARCHAR(20) NOT NULL, INDEX (`title`)) ENGINE = MyISAM;"); mkdir("blog/$username", 0744); //Create User settings $file = "user.php"; $handle = fopen("blog/$username/$file", "w"); $data = '<?php $userid = "' . $username . '"; $css = "style.css"; $postno = "10"; $tag = ""; $capital = "1"; $customtitle = "0"; $tagline = "0"; $allowedtags = "<h1><h2><h3><p><a><img>"; ?>'; fwrite($handle, $data); fclose($handle); //Create index page $source = "userindex.php"; $destination = "blog/$username/index.php"; copy($source, $destination); //Create login code page $source1 = "log.php"; $destination1 = "blog/$username/log.php"; copy($source1, $destination1); //Create login page $source2 = "login.php"; $destination2 = "blog/$username/login.php"; copy($source2, $destination2); //Create new post page $source3 = "newpost.php"; $destination3 = "blog/$username/newpost.php"; copy($source3, $destination3); include 'email.php'; header("Location: blog/$username/index.php"); } } }?> P.S. The scripts aren't nearly finished but I cant move on without getting this working.
Ahh I just figured something out. I had accidentally put in a wrong name on the second table creation in the script. (See: `Title`) I just need a working php email script now to interface with my gmail account
Don't really know much about php but the section where your checking that no fields are blank seems very inefficient (lots of if's) from a programming pov. Why not feed those fields into an array then cycle through using a for....next loop, or whatever php's equivalent is. Sent from my HTC Desire using Tapatalk
1. You aren't doing proper input validation (should be using filter_input) 2. Each user has there own two tables... really? 3. You should trim the inputs, that would prevent " " from not been blank. 4. Why are you inserting a id then setting it to null? That would be the unique identifier that each user needs. 5. For each user there is a directory for that user... really? 6. Despite having a id field in the data base, you are using there username as there unique identifier?
Just a note on your label tags. Firstly well done. I test this stuff from an accessibility point of view for blind users for a living and most people dont bother with them. However the usage is incorrect, should be: Code: <label for="field_id">Label Text</label><input type="text" name="email1" id="field_id" value="" /> The for= should match the id of the input field.
I've just had a quick look at filter_input but i can't figure out how i should use this for my fields... can you give me an example? Every user will need 2 tables yes. I'm going to add a subscription feature to my site so that the user can easily access the blogs that they like. Yes there is a directory for each user it allows me to easily provide them with a place to hold their setting profile their blog. And finally the username is unique because it allows me to only allow one one instance of that username. And its easier to work with. Oh and I've implemented your suggestion now
I really enjoyed reading this post, Thanks for searing. I am making a new website. But i don't know how it possible. Please anyone help me to make this website. I am try but help me now. Thanks...........
