Adding users

[ASLICEOFPIE]

Ok, so, I am writing a script to add users to my database. All you do is input the new username and the new password. Here is the code for the form.

PHP Code:

<h2>Add A User</h2>
<?php

$add = $_GET['add'];

if ($add == "false") {
    echo("<div class=\"failure\">All fields are required</div>");
} 

if ($add == "true") {
    echo("<div class=\"success\">User has been added</div>");
}

$form = "<br /><form method=\"post\" action=\"add.php\">
Username: <input type=\"text\" name=\"user2\" />
<br /><br />Password: <input type=\"password\" name=\"passwd\" />
<br /><br />
<input type=\"submit\" name=\"submit\" value=\"Add User\"/>
</form>";

echo $form; 

?>

Here is the code for add.php.

PHP Code:

<?php

$user2 = mysql_escape_string($_POST['user2']);
$passwd = md5($_POST['passwd']);

include("config.php");

mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

if ($user2 == "" && $passwd == "") {
    header("Location:admin_users.php?add=false");
} elseif ($user2 == "") {
    header("Location:admin_users.php?add=false");
} elseif ($passwd == "") {
    header("Location:admin_users.php?add=false");
} else {
    $query = mysql_query("insert into '$dbtable' values(0, '$user2', '$passwd')");
    $row = mysql_fetch_array($query);

    header("Location:admin_users.php?add=true");
}

exit;
die;

?>

Here is the code for config.php.

PHP Code:

<?php

$dbhost = 'localhost';
$dbuser = 'demiur_helpdesk';
$dbpass = 'me1234';
$dbtable = 'helpdesk';
$db = 'demiur_helpdesk';

?>

Here is the error I get.

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/demiur/public_html/demo/helpdesk/add.php on line 19

Warning: Cannot modify header information - headers already sent by (output started at /home/demiur/public_html/demo/helpdesk/add.php:19) in /home/demiur/public_html/demo/helpdesk/add.php on line 21

Any ideas as to why this is happening? Thanks in advance.

[atomicnuke]

Shouldn't the query look more like this?

PHP Code:

$query = "INSERT INTO helpdesk (id, username, password) VALUES ('$id', '$username', '$password')"; 


I think you are getting the mysql_fetch_array error becuase the query isn't valid.

[Fenrir2]

INSERT won't return a dataset.

Remove this line:
$row = mysql_fetch_array($query);

[atomicnuke]

Yeah, didn't even think of that, I was just looking at the insert statement, which doesn't look valid to me. Yeah, mysql_fetch_array would work if the query was of the select type:

PHP Code:

$query = "SELECT username FROM users WHERE id='$id'"; 


[ASLICEOFPIE]

Well, I removed the bit of code you told me to, and now it refreshes to user added sucessfully, but the user doesnt add. Here is the new add.php code, everything else is still the same.

PHP Code:

<?php

$user2 = mysql_escape_string($_POST['user2']);
$passwd = md5($_POST['passwd']);

include("config.php");

mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

if ($user2 == "" && $passwd == "") {
    header("Location:admin_users.php?add=false");
} elseif ($user2 == "") {
    header("Location:admin_users.php?add=false");
} elseif ($passwd == "") {
    header("Location:admin_users.php?add=false");
} else {
    $query = mysql_query("insert into '$dbtable' values(0, '$user2', '$passwd')");

    header("Location:admin_users.php?add=true");
}

exit;
die;

?>

How do you think I can make the query work? Also, it always refreshes to admin_users.php?add=true regardless of how many fields are filled in. What should I do?

[atomicnuke]

I'm still new, but that query doesn't look right. Add this real quick to see if the query is being run okay:

PHP Code:

$query = mysql_query("insert into '$dbtable' values(0, '$user2', '$passwd')");
$result = @mysql_query($query) or die(mysql_error());
   if($result) {
    header("Location:admin_users.php?add=true"); 
} else {
echo "Invalid Query";
} 


This will atleast tell you if your query is running right.

I think it should be along the lines of what I posted above:

PHP Code:

$query = "INSERT INTO helpdesk (id, username, password) VALUES ('$id', '$username', '$password')"; 


[ASLICEOFPIE]

Well, it adds properly, but the verification is still wrong. even if you input no fields, it adds. New add.php code.

PHP Code:

<?php

$user2 = mysql_escape_string($_POST['user2']);
$passwd = md5($_POST['passwd']);

include("config.php");

mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

if ($user2 == "" && $passwd == "") {
    header("Location:admin_users.php?add=false");
} elseif ($user2 == "") {
    header("Location:admin_users.php?add=false");
} elseif ($passwd == "") {
    header("Location:admin_users.php?add=false");
} else {
     $query = "INSERT INTO helpdesk (id, users, pass) VALUES (0, '$user2', '$passwd')"; 
    $result = @mysql_query($query) or die(mysql_error());
    if($result) {
    header("Location:admin_users.php?add=true");
    } else {
    header("Location:admin_users.php?add=false");
}
}

exit;
die;

?>

Any ideas as to how to fix the validation?

[atomicnuke]

O, ok, try something like this:

PHP Code:

$username = $_POST['user2'];
$password = $_POST['passwd'];

if(isset($username)) {
 $u = $username;
} else {
$u = FALSE;
}

if(isset($password)) {
$p = $password;
} else {
$p = FALSE;
}

if($u && $p) {
// Your query stuff here
header("Location:admin_users.php?add=true");
exit();
} else {
header("Location:admin_users.php?add=false");
exit();
} 


[ASLICEOFPIE]

New add.php code.

PHP Code:

<?php 

$user2 = mysql_escape_string($_POST['user2']);
$passwd = md5($_POST['passwd']);

include("config.php");

mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

if(isset($user2)) {
$u = $user2;
} else {
$u = FALSE;
}

if(isset($password)) {
$p = $passwd;
} else {
$p = FALSE;
}

if($u && $p) {
    $query = "INSERT INTO helpdesk (id, users, pass) VALUES (0, '$user2', '$passwd')"; 
    $result = @mysql_query($query) or die(mysql_error());
    if($result) { header("Location:admin_users.php?add=true"); }
} else {
header("Location:admin_users.php?add=false");
}

exit;
die;

?>

Now it ONLY goes to admin_users.php?add=false. Why?

[atomicnuke]

looks like you didn't change $password to $passwd

[ASLICEOFPIE]

Hmm. So I fixed that, but now it adds the user no matter how many fields are open.

[atomicnuke]

what fields, I thought there were only two?

[ASLICEOFPIE]

There are only two. If one is blank, it still adds the user. If both are blank, it still adds the user.

[atomicnuke]

Here run this script by itslef to get an understanding.

PHP Code:

<?php

if(isset($_POST['submit']) && $_POST['submit'] == "Login")
{
$message = FALSE;
$password = trim($_POST['password']);
$username = trim($_POST['uname']);
    
   
if($password){
$p = $password;
} else {
$p = FALSE;
$message .= "Enter a password<br>";
}

if($username) {
$u = $username;
} else {
$u=FALSE;
$message .= "Enter a username<br>";
}


if($p && $u)
{
echo "Everything Entered";
}

}

echo $message;
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Username: <input type="text" name="uname"><br>
Password: <input type="password" name="password"><br>
<input type="submit" name="submit" value="Login">
</form>

[ASLICEOFPIE]

Dude! Not what I am asking! The form validation which you gave me does not work. That script you told me to run also does not validate properly. Could anyone please help me fix the validation for add.php so that it doesn't add the user if the fields arent input properly.

PHP Code:

<?php 

$user2 = mysql_escape_string($_POST['user2']);
$passwd = md5($_POST['passwd']);

include("config.php");

mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

if(isset($user2) && isset($passwd)) {
    $query = "INSERT INTO helpdesk (id, users, pass) VALUES (0, '$user2', '$passwd')"; 
    $result = mysql_query($query) or die(mysql_error());
    if($result) { header("Location:admin_users.php?add=true"); }
} else {
header("Location:admin_users.php?add=false");
}

exit;
die;

?>

[atomicnuke]

Actually it does work, same code here all you really need to do is change the everything entered to do the query and header line of code. So it won't run the query unless both fields are entered.

[ASLICEOFPIE]

Ok, but I do not want to rewrite my entire add.php. There HAS to be a way to just modify my current code.

[atomicnuke]

Sorry, for not being able to help, but one last thing. try taking out the md5 part real quick, i think it is hashing the blank of inputting no password, which in return sets password.

[ASLICEOFPIE]

Nope. Doesn't work.

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''helpdesk' (id, users, pass) VALUES (0, 'sdfsdf', '')' at line

It just messes with my query. It needs to be md5 so that the password goes in encrypted.

[atomicnuke]

You can always md5 in the query, well sorry I wasn't of any help, guess I'm still new myself.