karlosio
12-11-2008, 04:34 AM
Hi I've set up a basic registration script (testform.php) through the help of reading this post http://codingforums.com/showthread.php?t=132330 Thanks, it really helped me out a lot reading that :)
I've modified it slightly, and due to javascript form validation being used first on the form, I decided to try including another page in the script (success.php) to show when the form is successfully submitted (to stop the javascript errors appearing).
However just for security, I dont want users to enter success.php into the browser directly, so I tried to set up a header to go back to the testform if the $username variable is not set. But the header doesnt seem to work, even though I've put it at the top of the success.php file. I get this error:
Warning: Cannot modify header information - headers already sent by (output started at C:\Program Files\xampp\htdocs\sites\mysite\jscourse\success.php:1) in C:\Program Files\xampp\htdocs\sites\mysite\jscourse\success.php on line 3
Heres the code for the pages, starting with testform.php
<?php
$server = 'localhost';
$user = 'root';
$pw = '';
$db = 'test';
$conn = @mysql_connect($server,$user,$pw) or die('CONNECTION ERROR: '.mysql_error());
@mysql_select_db($db,$conn) or die('DATABASE ERROR: '.mysql_error());
function usernameTaken($username,&$conn)
{
if(get_magic_quotes_gpc())
{
$username = stripslashes($username);
}
$username = mysql_real_escape_string($username);
$q = "SELECT username FROM testtable WHERE username = '$username'";
$result = mysql_query($q,$conn);
return (mysql_num_rows($result) > 0);
}
$error_stat = 0;
$message = '';
if(isset($_POST['submit']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$country = $_POST['country'];
// basic error checking - will update honest :)
if(empty($username)) {
$error_stat = 1;
$message = "<p>Username field must not be empty</p>";
}
if(usernameTaken($username,$conn))
{
$error_stat = 1;
$message = "<p>Username is already taken, please choose another one</p>";
}
// run query if no errors occur ($error_stat == 0)
if($error_stat == 0)
{
$md5password = md5($password);
mysql_query("INSERT INTO testtable (username, password, email, countryId, date) VALUES ('$username','$md5password','$email', $country, now())");
include('success.php');
/*
ORIGINAL FROM POST MENTIONED
echo "<h2>Registration successfull!</h2>";
echo "<p>Congratulations <strong>$username</strong>, Your account has not been created with the following details:</p>";
echo "<p>Username: $username</p>";
echo "<p>Password: $password</p>";
echo "<p>Email: $email</p>";
echo "<p>You may now login.</p>";
*/
}
}
// then only display the page if the form hasnt been submitted yet or if error_stat == 1
if(!isset($_POST['submit']) || $error_stat == 1)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Test Registration</title>
<style type="text/css">
* {
font-family: "Century Gothic", Arial, Tahoma, sans-serif;
font-size: 12px;
}
#error p
{
color: red;
font-weight: bold;
}
</style>
<script type="text/javascript" src="validate.js"></script>
</head>
<body>
<!-- Javascript validation errors or the PHP errors go in the div below :) -->
<div id="error"><?=$message?></div>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>" id="form1" onsubmit="return validate();">
<table border="0" cellpadding="5" cellspacing="0">
<tr>
<td><label for="username">Username:</label></td>
<td><input type="text" name="username" id="username" size="32" value="<?php echo $username;?>" /></td>
</tr>
<tr>
<td><label for="password">Password:</label></td>
<td><input type="password" name="password" id="password" size="32" value="" /></td>
</tr>
<tr>
<td><label for="email">Email:</label></td>
<td><input type="text" name="email" id="email" size="32" value="<?php echo $email;?>" /></td>
</tr>
<tr>
<td><label for="country">From:</label></td>
<td>
<select name="country" id="country">
<option value="">Choose...</option>
<option value="1">England</option>
<option value="2">Scotland</option>
<option value="3">Wales</option>
<option value="4">N Ireland</option>
</select>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" id="submit" value="Register" /></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
?>
and the problem success.php
<?php
// this DOESNT WORK :(
if(!$username){
header('Location: testform.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Success!</title>
<style type="text/css">
* {
font-family: "Century Gothic", Arial, Tahoma, sans-serif;
font-size: 12px;
}
#error p
{
color: red;
font-weight: bold;
}
</style>
</head>
<body>
<h2>Registration successfull!</h2>
<p>Congratulations <strong><?php echo $username;?></strong>, Your account has not been created with the following details:</p>
<p>Username: <?php echo $username;?></p>
<p>Password: <?php echo $password;?></p>
<p>Email: <?php echo $email;?></p>
<p>You may now login.</p>
</body>
</html>
just one other thing, is there anyway I can set up the select form field in testform.php to let PHP remember what was selected (like what I've got for the values for the username, email fields), at the moment if I try to enter a username that is already taken it doesnt remember what ive selected in that menu, im not sure what I need to do here. :( It will be turned into a select menu from a table in the mysql database showing country names instead of the static ones at the moment.
I've modified it slightly, and due to javascript form validation being used first on the form, I decided to try including another page in the script (success.php) to show when the form is successfully submitted (to stop the javascript errors appearing).
However just for security, I dont want users to enter success.php into the browser directly, so I tried to set up a header to go back to the testform if the $username variable is not set. But the header doesnt seem to work, even though I've put it at the top of the success.php file. I get this error:
Warning: Cannot modify header information - headers already sent by (output started at C:\Program Files\xampp\htdocs\sites\mysite\jscourse\success.php:1) in C:\Program Files\xampp\htdocs\sites\mysite\jscourse\success.php on line 3
Heres the code for the pages, starting with testform.php
<?php
$server = 'localhost';
$user = 'root';
$pw = '';
$db = 'test';
$conn = @mysql_connect($server,$user,$pw) or die('CONNECTION ERROR: '.mysql_error());
@mysql_select_db($db,$conn) or die('DATABASE ERROR: '.mysql_error());
function usernameTaken($username,&$conn)
{
if(get_magic_quotes_gpc())
{
$username = stripslashes($username);
}
$username = mysql_real_escape_string($username);
$q = "SELECT username FROM testtable WHERE username = '$username'";
$result = mysql_query($q,$conn);
return (mysql_num_rows($result) > 0);
}
$error_stat = 0;
$message = '';
if(isset($_POST['submit']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$country = $_POST['country'];
// basic error checking - will update honest :)
if(empty($username)) {
$error_stat = 1;
$message = "<p>Username field must not be empty</p>";
}
if(usernameTaken($username,$conn))
{
$error_stat = 1;
$message = "<p>Username is already taken, please choose another one</p>";
}
// run query if no errors occur ($error_stat == 0)
if($error_stat == 0)
{
$md5password = md5($password);
mysql_query("INSERT INTO testtable (username, password, email, countryId, date) VALUES ('$username','$md5password','$email', $country, now())");
include('success.php');
/*
ORIGINAL FROM POST MENTIONED
echo "<h2>Registration successfull!</h2>";
echo "<p>Congratulations <strong>$username</strong>, Your account has not been created with the following details:</p>";
echo "<p>Username: $username</p>";
echo "<p>Password: $password</p>";
echo "<p>Email: $email</p>";
echo "<p>You may now login.</p>";
*/
}
}
// then only display the page if the form hasnt been submitted yet or if error_stat == 1
if(!isset($_POST['submit']) || $error_stat == 1)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Test Registration</title>
<style type="text/css">
* {
font-family: "Century Gothic", Arial, Tahoma, sans-serif;
font-size: 12px;
}
#error p
{
color: red;
font-weight: bold;
}
</style>
<script type="text/javascript" src="validate.js"></script>
</head>
<body>
<!-- Javascript validation errors or the PHP errors go in the div below :) -->
<div id="error"><?=$message?></div>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>" id="form1" onsubmit="return validate();">
<table border="0" cellpadding="5" cellspacing="0">
<tr>
<td><label for="username">Username:</label></td>
<td><input type="text" name="username" id="username" size="32" value="<?php echo $username;?>" /></td>
</tr>
<tr>
<td><label for="password">Password:</label></td>
<td><input type="password" name="password" id="password" size="32" value="" /></td>
</tr>
<tr>
<td><label for="email">Email:</label></td>
<td><input type="text" name="email" id="email" size="32" value="<?php echo $email;?>" /></td>
</tr>
<tr>
<td><label for="country">From:</label></td>
<td>
<select name="country" id="country">
<option value="">Choose...</option>
<option value="1">England</option>
<option value="2">Scotland</option>
<option value="3">Wales</option>
<option value="4">N Ireland</option>
</select>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" id="submit" value="Register" /></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
?>
and the problem success.php
<?php
// this DOESNT WORK :(
if(!$username){
header('Location: testform.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Success!</title>
<style type="text/css">
* {
font-family: "Century Gothic", Arial, Tahoma, sans-serif;
font-size: 12px;
}
#error p
{
color: red;
font-weight: bold;
}
</style>
</head>
<body>
<h2>Registration successfull!</h2>
<p>Congratulations <strong><?php echo $username;?></strong>, Your account has not been created with the following details:</p>
<p>Username: <?php echo $username;?></p>
<p>Password: <?php echo $password;?></p>
<p>Email: <?php echo $email;?></p>
<p>You may now login.</p>
</body>
</html>
just one other thing, is there anyway I can set up the select form field in testform.php to let PHP remember what was selected (like what I've got for the values for the username, email fields), at the moment if I try to enter a username that is already taken it doesnt remember what ive selected in that menu, im not sure what I need to do here. :( It will be turned into a select menu from a table in the mysql database showing country names instead of the static ones at the moment.