...
PDA

issues with host?

LearningCoder
07-10-2012, 10:13 PM
Hello, I have a site which allows user to register. It is working fine in WAMP and allows me to register many different usernames. When I upload it to my host, it is returning the error "Fill in all of the form.".

I think it must be hosting issue otherwise it wouldn't work in WAMP neither. The code fails at the if statement: if($user && $enc_pass && $email){ even though I have filled in all of the form.

<?php
session_start();

/*FUNCTION TO SANITIZE USER INPUT. RETURNS USER INPUT STRIPPED OF ANY SPECIAL CHARACTERS*/
function check_input($data) {
$illegalChars = array('!','@','#','$','%','^','&','*','(',')','+','=','-','[',']','.',';',',','/','{','}','|','"',':','<','>','?','~','£');
$data = str_replace($illegalChars,'',$data);
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data, ENT_QUOTES);
$data = mysql_real_escape_string($data);
return $data;
}

/*FUNCTION TO SEND EMAIL TO USER*/
function sendEmail($email, $user, $pass){

$code = rand(10000, 99999);

$to = $email;
$subject = "Welcome to the Deus Ex Demo Upload/Download Site";
$body = "Welcome, {$user}<br />";
$body .= "Username: {$user}<br />";
$body .= "Password: {$pass}<br />";
$body .= "Activation Code: {$code}";

if(mail($to, $subject, $body)){

}
else{
echo "<p>Message delivery failed...</p>";
}
}

$user = check_input($_POST['user']);
$pass = check_input($_POST['pass']);
$enc_pass = md5($pass);
$email = $_POST['email'];

if($user && $enc_pass && $email){

if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$_SESSION["email"] = "Email is not valid";
header("Location: index.php");
}
else{
// Connect to server and select database.
require("connectdb.php");

$query = mysql_query("SELECT * FROM $tblname WHERE username='{$user}' or email='{$email}'");
$count = mysql_num_rows($query);

if($count >= 1){
$_SESSION["emailinuse"] = "Email AND/OR Username already in use.";
header("Location: index.php");
}
else{
$qry = mysql_query("INSERT INTO members VALUES('', '{$user}', '{$enc_pass}', '{$email}')")or die("error");
sendEmail($email, $user, $pass);
$_SESSION["registered"] = "You have successfully registered. Please check your email for login details.<a href='index.php'>Click here</a> to
return to the homepage to login.";
header("Location: registered.php");
}
}


}
else{
$_SESSION["fill"] = "Please fill in all of the form.";
header("Location: index.php");
}

?>


Does anyone know what could be the issue?

Kind regards,

LC.
Keleth
07-10-2012, 10:31 PM
Have you echoed out the POST values and their sanitized counterparts? Are you using the same version of Apache and PHP as your host is using? If you remove check_input, does it work? Basic debugging steps.
LearningCoder
07-10-2012, 10:50 PM
I have echo'd the values out and they are working.

I have just checked my own WAMP PHP/MYSQL versions.

My version
php version: 5.3.1
apache version: 2.2.21

webhost version
php version: 5.2.17
apache version: It doesn't say, it just says 'Apache'.

Thanks for the reply,

Kind regards,

LC.
Keleth
07-10-2012, 11:23 PM
So just before the if, if you echo $user, it shows the correct value? All 3 do? None are blank? If so, I can't think of what could be wrong.
LearningCoder
07-11-2012, 10:52 AM
Ah, it seems to be returning errors regarding the check_input() function.

Something to do with $data = mysql_real_escape_string($data);

It is only printing out the email address, which is the only value to not go through the check_input() function.

Here is an image to show the exact error messages which can be found here:
http://www.abjava.host22.com/realescape.JPG

Do anyone know what the issue could be?

Kind regards,

LC.
Keleth
07-11-2012, 02:50 PM
Do you have a MySQL connection active at the time of the code? The error is pretty straight forward.
LearningCoder
07-11-2012, 10:41 PM
No not at the time of retrieving the data, the only time I connect is after checking that the email is valid. Here is my code to help explain it.


<?php
session_start();

/*FUNCTION TO SANITIZE USER INPUT. RETURNS USER INPUT STRIPPED OF ANY SPECIAL CHARACTERS*/
function check_input($data) {
$illegalChars = array('!','@','#','$','%','^','&','*','(',')','+','=','-','[',']','.',';',',','/','{','}','|','"',':','<','>','?','~','£');
$data = str_replace($illegalChars,'',$data);
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data, ENT_QUOTES);
$data = mysql_real_escape_string($data);
return $data;
}

/*FUNCTION TO SEND EMAIL TO USER*/
function sendEmail($email, $user, $pass){

$code = rand(10000, 99999);

$to = $email;
$subject = "Welcome to the Deus Ex Demo Upload/Download Site";
$body = "Welcome, {$user}<br />";
$body .= "Username: {$user}<br />";
$body .= "Password: {$pass}<br />";
$body .= "Activation Code: {$code}";

if(mail($to, $subject, $body)){

}
else{
echo "<p>Message delivery failed...</p>";
}
}

$user = check_input($_POST['user']);
$pass = check_input($_POST['pass']);
$enc_pass = md5($pass);
$email = $_POST['email'];

echo $user."<br />";
echo $pass."<br />";
echo $email."<br />";

if($user && $enc_pass && $email){

if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$_SESSION["email"] = "Email is not valid";
header("Location: index.php");
}
else{
// Connect to server and select database.
require("connectdb.php");

$query = mysql_query("SELECT * FROM $tblname WHERE username='{$user}' or email='{$email}'");
$count = mysql_num_rows($query);

if($count >= 1){
$_SESSION["emailinuse"] = "Email AND/OR Username already in use.";
//header("Location: index.php");
}
else{
$qry = mysql_query("INSERT INTO members VALUES('', '{$user}', '{$enc_pass}', '{$email}')")or die("error");
sendEmail($email, $user, $pass);
$_SESSION["registered"] = "You have successfully registered. Please check your email for login details.<a href='index.php'>Click here</a> to
return to the homepage to login.";
//header("Location: registered.php");
}
}


}
else{
$_SESSION["fill"] = "Please fill in all of the form.";
//header("Location: index.php");
}

?>


Do I need to be connected to the server to use mysql_real_escape_string();?

I have a file called connectdb.php:

<?php

$con = mysql_connect("localhost", "root", "");
if(!$con){
$_SESSION['server_error'] = "<span class='marginL'>Error: Could not connect to server.</span>";
header("Location: index.php");
}

$db = mysql_select_db("deus_ex");
if(!$db){
$_SESSION['db_error'] = "<span class='marginL'>Error: Could not connect to database.</span>";
header("Location: index.php");
}
?>


Kind regards,

LC.
LearningCoder
07-11-2012, 11:12 PM
Shame on me.

2nd parameter of mysql_real_escape_string is the connection...

Thanks for the guidance nonetheless!

Kind regards,

LC.
tangoforce
07-11-2012, 11:36 PM
You really should be using isset() on your $_POST variables to be sure they exist, not just passing them to your function and then assigning to variables like $user.

I'm surprised no one else has mentioned that seeing as its kind of crucial.. :eek:
LearningCoder
07-12-2012, 12:22 AM
Something like:

$user = $_POST['user'];
$pass = $_POST['pass'];
$email = $_POST['email'];

if(isset($user, $pass, $email)){
$user = check_input($user);
$pass = check_input($pass);
if($email, FILTER_VALIDATE_EMAIL){
//do something
}
else{
//do something else
}
}
else{
//do something else here
}


Is that somewhere near right?

Regards,

LC.

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum