SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    May 2004
    Location
    Australia
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    My simple register/deregister script

    Hi,
    I'm learning php from experience and small internet tutorials, and ive come to a bit of a halt. I want this script (below) to beable to register and deregister users that fill out forms on seperate pages. I think ive got the majority of first part (adding users) correct, but im kind of lost as i havnt found any tutorials that talk about deleting users.

    The two pages are register.php and deregister.php with form actions of "process.php?id=register" and "process.php?id=deregister" respectivly.

    I want the deregister part of the script to check if the user exists, and if so check the entered password, which if it is correct will delete the user from the db.

    This page (with the code) is process.php

    PHP Code:

    <?php
    $db_server
    ="localhost";
    $db_username="forrestj_admin";
    $db_password="";
    $db_name="forrestj_bxgmembers";

    if (
    $btnSubmit)
    {
        
    // This is where it processes the register.php form and adds the user
        
    if ($id=="register")
        {
            
    $db mysql_connect($db_server$db_username$db_password);
            
    mysql_select_db($db_name$db);
            
    $result mysql_query("SELECT * FROM attendies"$db);
            
    $idnum = (mysql_num_rows($result) + 1);
            if (
    $myrow mysql_fetch_array($result))
            {
                
    $tempuser $myrow["alias"];
                do
                {
                
    $tempuser $myrow["alias"];
                    if (
    $txtAlias == $tempuser)
                    {
            
    ?>
            
            <script language="javascript">
            alert('That alias already exists in our database.');
            location.href="register.php";
            </script>
            
            <?
                    
    }
                } while (
    $myrow mysql_fetch_array($result));
            }
            
    $db mysql_connect("localhost""forrestj_admin""");
            
    mysql_select_db("forrestj_bxgmembers"$db);
            
    $newpassword md5($txtPassword);
            
    $sql "INSERT INTO attendies (firstname,lastname,alias,password) VALUES ('$firstname','$lastname','$txtAlias','$txtPassword')";
            
    mysql_query($sql) or die(mysql_error());
            
    ?>
            
            <script language="javascript">
            alert('You have been added to our database. Thanks for your interest.');
            location.href="attendies.php";
            </script>
            <?
            
    echo "redirect failed";
        }
        
    // This is where it processes the deregister.php form and deletes the user
        
    if ($id="deregister")
        {
            
    $db mysql_connect($db_server$db_username$db_password);
            
    mysql_select_db($db_name$db);
            
    $result mysql_query("SELECT * FROM attendies"$db);
            
    $idnum = (mysql_num_rows($result) + 1);
            if (
    $myrow mysql_fetch_array($result))
            {
                
    $tempuser $myrow["alias"];
                do
                {
                
    $tempuser $myrow["alias"];
                    if (
    $txtAlias == $tempuser)
                    {
            
    //what to do if the alias enter exists
            
    $db mysql_connect("localhost""forrestj_admin""");
            
    mysql_select_db("forrestj_bxgmembers"$db);        
            
    $sql "DELETE FROM attendies WHERE password=$txtPassword";
              
    $result mysql_query($sql);
                    }
                } while (
    $myrow mysql_fetch_array($result));
            }
            else {
            
    ?>
            
            <script language="javascript">
            alert('That alias doesnt exist in our database.');
            location.href="deregister.php";
            </script>
            
            <?
            
    }
            
    ?>

            <script language="javascript">
            alert('You have been removed from our database.');
            location.href="attendies.php";
            </script>
            <?
            
    echo "redirect failed";
        }
    }
    ?>
    I know its messy, there are probably bugs and it hasnt been completed yet, but if anyone could help me out id be VERY greatfull.

    thanks

    -lobster d

  2. #2
    SitePoint Zealot
    Join Date
    Mar 2004
    Location
    New Jersey
    Posts
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Some quick notes:
    • I wouldn't fetch each row and check if the alias exists. Instead, specify a WHERE clause.

      PHP Code:
        $result mysql_query("SELECT 1 FROM attendies WHERE alias = '$txtAlias'");
        if (
      mysql_num_rows($result))
          print 
      "The alias already exists..";
        else {
          
      /* add the user to the database */
        

    • You don't need to connect to the database server and select the database to use for each query you make. You should only connect once.
    • Look up register_globals and possibly magic_quotes_gpc, as you may suffer from security problems based on the code you've shown.

  3. #3
    Non-Member coo_t2's Avatar
    Join Date
    Feb 2003
    Location
    Dog Street
    Posts
    1,819
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    I've modified your code to hopefully guide you in the right direction. This code is untested. Hopefully if someone sees something wrong with it, they will point it out.

    PHP Code:
       
       <?php
       
       
    // enable output buffering so headers will be sent first
       
    ob_start();
       
       
    $db_server="localhost";
       
    $db_username="forrestj_admin";
       
    $db_password="";
       
    $db_name="forrestj_bxgmembers";
       
       
       if (
    $_POST['btnSubmit'] )
       {
           
    $escpFirstname mysql_escape_string(trim($_POST['firstname']) );
           
    $escpLastname  mysql_escape_string(trim($_POST['lastname']) );
           
    $escpUsername  mysql_escape_string(trim($_POST['username']) );
           
    $escpPassword  mysql_escape_string(trim($_POST['password']) );
       
           
    // This is where it processes the register.php form and adds the user
           
    if ($id=="register")
           {
               
    $db mysql_connect($db_server$db_username$db_password);
               
    mysql_select_db($db_name$db);
             
    $result mysql_query("SELECT * FROM attendies WHERE username='$escpUusername'"$db);
       
               if (
    mysql_num_rows($result) > )
               {         
                   echo 
    'That alias already exists in our database.';
       
                 
    header("Location: http://www.yoursite.com/register.php");
       
                   
    // should always "exit;" after sending a header.
                   
    exit;
               }
               else
               {   
                   
    $md5password md5($escpPassword);
       
                 
    $sql "INSERT INTO attendies (firstname,lastname,alias,password) VALUES ('$escpFirstname','$escpLastname','$escpUusername','$md5password')";
                   
    mysql_query($sql) or die(mysql_error());
                   
                 echo 
    'You have been added to our database. Thanks for your interest.';
       
                 
    header("Location: http://www.yoursite.com/attendies.php");
                   
                   exit;
               }
           }
       
           
    // This is where it processes the deregister.php form and deletes the user
           
    if ($id=="deregister")
           {
               
    $md5password md5($escpPassword);
       
               
    $db mysql_connect($db_server$db_username$db_password);
               
    mysql_select_db($db_name$db);
             
    $result mysql_query("SELECT * FROM attendies WHERE username='$escpUusername' AND password='$md5password'"$db);
       
               if (
    mysql_num_rows($result) > )
               {         
                 
    $sql "DELETE FROM attendies WHERE username='$escpUsername'";
                   
                   if (
    $result mysql_query($sql) )
                   {   
                       echo 
    'You were removed successfully.';
                       
                  
    header("Location: http://www.yoursite.com/deregister.php");
       
                       exit;
                   }
                   else
                   {   echo 
    'Error removing user';
       
                  
    // may want to log your error to file and maybe do some other stuff 
                  // to help you figure out why this failed. This could be a bug that 
                       // happens often.
                       
                  
    header("Location: http://www.yoursite.com/wherever.php");
       
                       exit;
                   }
       
               }
               else 
               {   
                 echo 
    'That username/password combination doesnt exist in our database.';
       
                 
    header("Location: http://www.yoursite.com/deregister.php");
       
                   exit;
               }
           }
       }
       
       
    // flush buffered output
       
    ob_end_flush();
       
       
    ?>

    Edit:


    I've just sort of pretended that the values being sent through the form are firstname, lastname, username, and password. You can change these to match the names you are really using. It also looks like you are using 'alias' in the database as your username, you can change it accordingly. I just used the names I felt most comfortable with(the ones I'm used to using).




    --ed
    Last edited by coo_t2; May 29, 2004 at 13:13.

  4. #4
    SitePoint Zealot
    Join Date
    Mar 2004
    Location
    New Jersey
    Posts
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ed: mysql_escape() isn't a function. You're looking for mysql_escape_string().

  5. #5
    Non-Member coo_t2's Avatar
    Join Date
    Feb 2003
    Location
    Dog Street
    Posts
    1,819
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by plugged
    Ed: mysql_escape() isn't a function. You're looking for mysql_escape_string().
    Thanks, I edited it.

    --ed

  6. #6
    SitePoint Member
    Join Date
    May 2004
    Location
    Australia
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks very much for the quick responses,

    However, im now experiencing some errors of which i don't understand the source.

    When trying to register i receive this error:

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/forrestj/public_html/process.php on line 26
    No Database Selected

    When trying to deregister (a existing or non existing user) i get this error:

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/forrestj/public_html/process.php on line 59
    That username/password combination doesnt exist on the attendie list.

    The only modifications to the code above have been to make it compatible with my database/website, but if need be i can re-post the script.

    Thanks again,

    Lobster


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •