Registration page

Please can someone help me with this:

<?php 
		# This is for the registration page
		
		//$page_title = 'Welcome to ADesigns: Registration';
		
		include ('includes/header.html');
		
		// Check if the form has been submitted:

		if (isset($_POST['submitted'])) 
		{
			$errors = array(); // Initialize an error array.
	
			// Check for a first name:
			
			if (empty($_POST['fname'])) 
			{
				$errors[] = 'You forgot to enter your first name.';
			} 
			else 
			{
				$fn = trim($_POST['fname']);
			}
	
			// Check for a last name:
			if (empty($_POST['lname'])) 
			{
				$errors[] = 'You forgot to enter your last name.';
			} 
			else 
			{
				$ln = trim($_POST['lname']);
			}
	
			// Check for an email address:
			if (empty($_POST['email'])) 
			{
				$errors[] = 'You forgot to enter your email address.';
			} 
			else 
			{
				$e = trim($_POST['email']);
			}
	
			// Check for a category:
			if(isset($_REQUEST['category'])
			{
				$category = $_REQUEST['category'];
				
				if ($category = 'M') 
				{
					$category = trim($_POST['Men'];
				} 
				else if ($category = 'W')
				{
					$category = trim($_POST['Women'];
				}
				else if ($category = 'K')
				{
					$category = trim($_POST['Kids'];
				}
				else if ($category = 'U')
				{
					$category = trim($_POST['Unisex'];
				}
				else if ($category = 'A')
				{
					$category = trim($_POST['Accessories'];
				}
				else if ($category = 'S')
				{
					$category = trim($_POST['Shoes'];
				}
				else if ($category = '')
				{
					$errors[] = "You forgot to select a category.";
				}
			}
			
			else
			{
				$errors[] = "You forgot to select a category.";
			}
				
			
			// Check for  membership type:
			
			if (isset($_POST['membership'])) 
			{
				$membership = $_POST['membership'];
				
				if ($membership = 'designer')
				{
					$membership = trim($_POST['membership']);
				}
				else if ($membership = 'visitor')
				{
					$membership = trim($_POST['membership']);
				}
			} 
			else 
			{
				$errors[] = "You forgot to select a membership.";
			}
			
			
			// Check for a loaction:
			if (empty($_POST['location'])) 
			{
				$errors[] = 'You forgot to enter your location.';
			} 
			else 
			{
				$l = trim($_POST['location']);
			}
			
			
			
	
			// Check for an username:
			if (empty($_POST['username'])) 
			{
				$errors[] = 'You forgot to enter your username.';
			} 
			else 
			{
				$u = trim($_POST['username']);
			}
			
			// Check for a password and match against the confirmed password:
	
			if (!empty($_POST['pass1'])) 
			{
				if ($_POST['pass1'] != $_POST['pass2']) 
				{
					$errors[] = 'Your password did not match the confirmed password.';
				} 
				else 
				{
					$p = trim($_POST['pass1']);
				}
			} 
			else 
			{
				$errors[] = 'You forgot to enter your password.';
			}
	
			if (empty($errors)) 
			{ 
				// If everything's OK.
				// Register the user in the database...
		
				require_once ('dbc.php'); 	// Connect to the db.
		
				// Make the query:
				// $q - stands for $query
				// $r - stands for $result
				$q = "INSERT INTO user (fname, lname, email, category, membership, loaction, username, password reg_date ) VALUES ('$fn', '$ln', '$e', '$category', '$membership', '$l', '$u', SHA1('$p'),  NOW() )";		
				$r = @mysql_query ($q); // Run the query.
		
				if ($r) 
				{ 
					// If it ran OK.
					// Print a message:
			
					echo '<h1>Thank you!</h1>
					<p>You are now registered. Please  <a href="login.php">login</a></p>';	
				} 
				else 
				{ 
					// If it did not run OK.
					// Public message:
			
					echo '<h1>System Error</h1>
					<p class="error">You could not be registered due to a system error. We apologize for any inconvenience.</p>'; 
			
					// Debugging message:
					echo '<p>' . mysql_error($dbc) . '<br /><br />Query: ' . $q . '</p>';
				
				} // End of if ($r) IF.
		
				mysql_close($dbc); // Close the database connection.
		
				// Include the footer and quit the script:
				include ('includes/footer.html'); 
				exit();
		
			} 
			else 
			{ 
				// Report the errors.
	
				echo '<h1>Error!</h1>
				<p class="error">The following error(s) occurred:<br />';
				foreach ($errors as $msg) 
				{ 
					// Print each error.
					echo " - $msg<br />\
";
				}
		
				echo '</p><p>Please try again.</p><p><br /></p>';
		
			} // End of if (empty($errors)) IF.


		} // End of the main Submit conditional.
?>

	
<?php
		include('includes/footer.html');	
?>

The above is called register.php to register users into account

Now I will send the register.html file

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Welcome to ADesigns: Home</title>
    <link href="css/main.css" rel="stylesheet" type="text/css" />
</head>

<body>

<table id="outerTable">
	<tr><td id="logo">
		<div>
			<img src="./images/logo.png" width="150"  height="55"  alt="company_logo" />
		</div>
	</td></tr>
	<tr><td id ="nav">
		<div>
			<a href="home.html">Home</a> |  
			<a href="designers.html">Participate</a> |
			<a href="aboutUs.html">About ADesigns</a> |
			<a href="contact.php">Contact Us</a>
		</div>
	</td></tr>
	<tr><td id="banner"> <! -- page banner image -->
		<img src="images/home.jpg" width="770" height="" alt="welcome to ADesigns">
	</td></tr>
	<tr><td>
		<table id="contentTable">
			<tr>
				<td id="topLeft">
					<br />
					<div id="welcomeBox">
						<h1>Advertisments</h1>
						<p>This section covers adverts from other companies</p>
					</div> <! -- mainContent -->
				</td>
				<td id="topRight">
					<br />
					<div id="loginRegBox">
					<h1>Register</h1>
					<form method="post" action="register.php">
					
						<fieldset>
							<legend>Personal Information</legend>
							<div>
								<label for="fname">Firstname:</label>
								<input type="text" name="fname" id="fname" class="txt" />
							</div>
							<div>
								<label for="lname">Lastname:</label>
								<input type="text" name="lname" id="lname" class="txt" />
							</div>
							<div>
								<label for="email">Email:</label>
								<input type="text" name="email" id="email" class="txt" />
							</div>
						</fieldset>
						
						<fieldset>
							<legend>Account Informaion</legend>
							<div>
								<label for="category">Category:</label>
								<select name="category">
									<option value="">Please select a category</option>
									<option value="M">Men</option>
									<option value="W">Women</option>
									<option value="K">Kids</option>
									<option value="U">Unisex</option>
									<option value="A">Accessories</option>
									<option value="S">Shoes</option>
								</select>
							</div>
							<div>
								<label for="membership">What is your Membership Level?</label>
								<input type="radio" name="membership" id="designer" value="designer" />Designer
								<input type="radio" name="membership" id="visitor" value="visitor" />Visitor
							</div>
							<div>
								<label for="location">Location:</label>
								<input type="text" name="location" id="location" class="txt" />
							</div>
						</fieldset>
						<fieldset>
							<legend>Login Details</legend>
							<div>
								<label for="username">Username:</label>
								<input type="text" name="username" id="username" class="txt" />
							</div>
							<div>
								<label for="password">Password:</label>
								<input type="password" name="pass1" id="password" class="txt" />
							</div>
							<div>
								<label for="confirmPassword">Confirm Password:</label>
								<input type="password" name="pass2" id="confirmPassword" class="txt" />
							</div>
						</fieldset>
							<div>
								<input type="submit" name="btnSubmit" id="btnSubmit" value="Submit" />
							</div>	
					</form>
					</div> <! -- mainContentRight -->
			</tr>
			
		</table>
	</td></tr>
	<tr><td  id="footer"><div id="footerLastRow"><p>&copy; ADesigns  &nbsp;&nbsp; <a href="#">Privacy Policy</a> | <a href="#">Terms and Conditions</a></p></div></td></tr>
</table>



</body>
</html>

I want to validate the details in register.html using register.php but when I run the file, I get the following error:

Parse error: syntax error, unexpected ‘{’ in /Library/WebServer/Documents/myQmProj/register.php on line 47

My question is to know if my register.php is even right. Please help me out.
Thanks.

Check the line before, where the if statement is. Count the parenthesis.

I have counted them. You do know think the check I made for the select box is right?

Thanks.

Type error:
I tried to say “do you think the check for the select box is right?”

thanks

And did you notice that there are two opening parenthesis, but only one closing parenthesis?


// Check for a category:
if(isset($_REQUEST['category'])
{

We’ll get to that later.

OOOOOooooooooooo I did not see that at all… Thanks but is the validation of the select box ok?

You have a similar parenthesis problem with the trim statements in the validatation

Yeah I noticed that will I was correcting the one you identified for me. Having sorted all that, I ran my register.html script again but then I got another error message from the register.php file where I have a call to a file header.html i.e:

include(includes/header.html);

for some reason I get this error:

Parse error: syntax error, unexpected T_STRING in /Library/WebServer/Documents/myQmProj/includes/header.html on line 1

When I take it out, the error goes but only the footer shows and then no message to let users know if registration was successful. Just to confirm I checked my user table to see if it registered the user but it was empty:

This is the header.html file:
<?xml version=“1.0” encoding=“utf-8”?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=“http://www.w3.org/1999/xhtml”>

<head>
<meta http-equiv=“Content-Type” content=“text/html; charset=utf-8” />
<title>Welcome to ADesigns: Home</title>
<link href=“css/main.css” rel=“stylesheet” type=“text/css” />
</head>

<body>

<table id=“outerTable”>
<tr><td id=“logo”>
<div>
<img src=“./images/logo.png” width=“150” height=“55” alt=“company_logo” />
</div>
</td></tr>
<tr><td id =“nav”>
<div>
<a href=“home.html”>Home</a> |
<a href=“designers.html”>Participate</a> |
<a href=“aboutUs.html”>About ADesigns</a> |
<a href=“contact.html”>Contact Us</a>
</div>
</td></tr>
<tr><td id=“banner”> <! – page banner image –>
<img src=“images/home.jpg” width=“770” height=“” alt=“welcome to ADesigns”>
</td></tr>
<tr><td>
<table id=“contentTable”>
<tr>
<td id=“topLeft”>
<div id=“welcomeBox”>
<h3>Welcome!!</h3>
<p>This is a final year project of mine that enables young aspiring designers of
any cateegory: cloths, bags, mens wear, womens wear and a host of other types.
You are free to look aroud and comment on designs but should you need more information, you have to register but
not to worry. It is free!!</p>
<p><a href=“enter.html”>Enter/Browse</a></p>
</div> <! – mainContent –>
</td>
<td id=“topRight”>
<div id=“loginRegBox”>
<h3>Join Us</h3>
<p>If you are thinking of showing your designs or connecting with like minded designers,
this is where you should be. Our site hosts a range of youngy asipring designers seeking
to show thier work wide audience. So please what are you waiting for join us now</p>
<p><a href=“login.html”>Login</a> | <a href=“register.html”>Register</a></p>

				&lt;/div&gt; &lt;! -- mainContentRight --&gt;
		&lt;/tr&gt;
		&lt;tr&gt;&lt;br /&gt;&lt;/tr&gt;&lt;tr&gt;&lt;br /&gt;&lt;/tr&gt;
		&lt;tr&gt;
			&lt;td id="bottomLeft"&gt;
				&lt;div id="newDesigners"&gt;
					&lt;br /&gt;
					&lt;h3&gt;New Designers&lt;/h3&gt;
					&lt;p&gt;This will show designers that are just registered into the DB.&lt;/p&gt;
					&lt;ul&gt;
						&lt;li&gt;&lt;a href=""&gt;Designer A&lt;/a&gt;&lt;/li&gt;
						&lt;li&gt;&lt;a href=""&gt;Designer B&lt;/a&gt;&lt;/li&gt;
						&lt;li&gt;&lt;a href=""&gt;Designer C&lt;/a&gt;&lt;/li&gt;
						&lt;li&gt;&lt;a href=""&gt;Designer D&lt;/a&gt;&lt;/li&gt;
						&lt;li&gt;&lt;a href=""&gt;Designer E&lt;/a&gt;&lt;/li&gt;
						&lt;li&gt;&lt;a href=""&gt;Designer F&lt;/a&gt;&lt;/li&gt;
					&lt;/ul&gt;
				&lt;/div&gt; &lt;! -- mainContentBottom --&gt;
			&lt;/td&gt;
			&lt;td id="bottomRight"&gt;
				&lt;div id="weeksDesigners"&gt;
					&lt;br /&gt;
					&lt;h3&gt;Designers of the Week&lt;/h3&gt;
					&lt;p&gt;This should show a list of all designers for the week. Preferably, those that 
					have registered for that week.&lt;/p&gt;
				&lt;/div&gt; &lt;! -- mainContentBottomRight --&gt;
		&lt;/tr&gt;
	&lt;/table&gt;
&lt;/td&gt;&lt;/tr&gt;

</table>

<div id=“footerLastRow”><p>© ADesigns    <a href=“#”>Privacy Policy</a> | <a href=“#”>Terms and Conditions</a></p></div>

</body>
</html>

So now you need to ensure that the user is being correctly registered before carrying on.

Welcome to debugging.

Ensure that the code is getting through the error checks.
Ensure that the database connection code is correct.
Ensure that the SQL statement is being correctly generated.
Ensure that the database is being correctly updated.

Thanks. I have only one question. Is it possible to validate a drop down box/select box using php because I have searched the web and have not seen any example the most I have seen it populating the drop box. That being said am I right to use the following code to validate my drop down box in register.html?

code: register.php snippet

		// Check for a category:
		if(isset($_REQUEST['category']))
		{
			$category = $_REQUEST['category'];
			
			if ($category = '')
			{
				$errors[] = "You forgot to select a category.";
			}
			
			else if ($category = 'M') 
			{
				$category = trim($_POST['Men']);
			} 
			else if ($category = 'W')
			{
				$category = trim($_POST['Women']);
			}
			else if ($category = 'K')
			{
				$category = trim($_POST['Kids']);
			}
			else if ($category = 'U')
			{
				$category = trim($_POST['Unisex']);
			}
			else if ($category = 'A')
			{
				$category = trim($_POST['Accessories']);
			}
			else if ($category = 'S')
			{
				$category = trim($_POST['Shoes']);
			}
			
		}
		
		else
		{
			$errors[] = "You forgot to select a category.";
		}

snippet: register.html:

<select name=“category”>
<option value=“”>Please select a category</option>
<option value=“M”>Men</option>
<option value=“W”>Women</option>
<option value=“K”>Kids</option>
<option value=“U”>Unisex</option>
<option value=“A”>Accessories</option>
<option value=“S”>Shoes</option>
</select>

Unless you have form fields being posted called Accessories or Shoes then I would say no.

What is the category name that you want to add to the database? If it’s the full name that you want added to the database, then it’s futile to use just the single-letter characters. Go with the proper category name instead.


<option value="Men">Men</option>
...

On the server-side, check if the value is in an array of white-listed values.


$categoryValues = array('Men', 'Women', 'Kids', 'Unisex', 'Accessories', 'Shoes');

$category = '';
if (in_array($_POST['category'], $categoryValues)) {
    $category = $_POST['category'];
}

$categoryValues = array(‘Men’, ‘Women’, ‘Kids’, ‘Unisex’, ‘Accessories’, ‘Shoes’);

$category = ‘’";
if (in_array($_POST[‘category’], $categoryValues)) {
$category = $_POST[‘category’];
}

From the code above are you saying that in_array($_POST[‘category’], $categoryValues) compares $_POST[‘category’] with $categoryValues and if it is true creates the variable $category and stores this value $_POST[‘category’]?

In short the full version will then look like this:

//stors all possible values:

$categoryValues = array(‘Men’, ‘Women’, ‘Kids’, ‘Unisex’, ‘Accessories’, ‘Shoes’);

$category = ‘’"; //start empty

//do the check here:

if(isset($_REQUEST[‘category’]))
{
if (in_array($_POST[‘category’], $categoryValues)) {
$category = trim($_POST[‘category’] );
}

     else{
             $errors[] = "You forgot to select a category.";
     }

}

//somewhere later the query to insert into the mysql table

require_once (‘mysql_connect.php’); // Connect to the db.

// $q - stands for $query
// $r - stands for $result
$q = “INSERT INTO user (fname, lname, email, category, membership, loaction, username, password reg_date ) VALUES (‘$fn’, ‘$ln’, ‘$e’, ‘$category’, ‘$membership’, ‘$l’, ‘$u’, SHA1(‘$p’), NOW() )”;
$r = @mysql_query ($q); // Run the query.

Is this right please?

I’m pretty sure that loaction should be location, and I’m uneasy about the the naked values in the sql statement.

The following helps to protect your database from many security issues.


$q = sprintf(
    'INSERT INTO user (fname, lname, email, category, membership, location, username, password reg_date ) VALUES ("%s", "%s", "%s", "%s", "%s", "%s", "%s", SHA1("%s"), NOW() )',
    mysql_real_escape_string($fn),
    mysql_real_escape_string($ln),
    mysql_real_escape_string($e),
    mysql_real_escape_string($category),
    mysql_real_escape_string($membership),
    mysql_real_escape_string($l),
    mysql_real_escape_string($u),
    mysql_real_escape_string($p)
);

If any of them are supposed to be integers, you can use %d instead of “%s” and use intval instead of mysql_real_escape_string

Thanks, so for every insert query into the database I have to use the above you just gave. Sorry for the late reply. Also thanks for the location thing. could not believe that I did not see that :slight_smile:

Is it now safe to say all should be fine once the corrections you made have been implemented?

Thanks a lot

As they say, the proof is in the pudding.

If you wish to go further with the security side of things, this html_entities thread goes through all the security needs, from dealing with magic quotes, to escaping inputs, to sanitising outputs.