2 errrors when i reg on my own script - Page 2

Chris-2k · 10-10-2012, 11:04 PM

That foreach() displays my email and suchback to me, that works as expected... ^^^ that above is my user funcs.........

here's my login.php:

Code:

<?php
require_once $_SERVER['DOCUMENT_ROOT'].'/includes/init.php'; // main config file

if(loggedin()) {
	$user_data = user_data('name','rank','reg_date','flag');
?>

<span style="float:left; padding-left: 20px; padding-top: 11px; font-size: 12px;">
	<strong>Welcome,</strong> <?php echo $user_data['name']; ?>
</span>

<span style="float:left; padding-left: 10px; padding-top: 12px; font-size: 12px;">
	<img src="<?php echo URL_THEME.'images/flags/'.$user_data['flag'].'.png'; ?>" />
</span>

<span style="float:left; padding-left: 10px; padding-top: 13px; font-size: 12px;">
	<img src="<?php echo URL_THEME.'images/date.png'; ?>" title="<?php echo $user_data['reg_date']; ?>" />
</span>

<span style="float:left; margin-left: 10px; margin-top: 11px;" class="<?php echo 'label group-'.$user_data['rank']; ?>">
	<?php echo $user_data['rank']; ?>
</span>
    
<div id="loginForm">
    <div class="dropdown">
        <ul>
			<li>
            	<a href="#" class="dropdown_btn">Action <span class="toggle"></span></a>
                <ul>
                	<li><a href="account.html">My Account</a></li>
                    <li><a href="create-album.html">Create Album</a></li>
                    <li><a href="albums.html">View Albums</a></li>
                    <li><a href="index.php">Upload Image</a></li>
                    <li class="divider"></li>
                    <li><a href="logout.html">Log out?</a></li>
				</ul>
			</li>
	    </ul>
    </div>
</div>
<?php
} else {
?>

<form id="loginForm" method="post" action="index.php">
	<span style="margin-right:110px;">Click <a href="register.html">here to register</a> a new account, or use the following login form:</span>
	<input type="email" id="username" name="email" placeholder="email@live.co.uk" /> 
	<input type="password" id="password" name="password" placeholder="password" />
	<input type="submit" value="Login" />
</form>

<?php
}

if(isset($_POST['email']) &&  isset($_POST['password']))
{
	//get form data
	$login_email = addslashes(strip_tags($_POST['email']));
	$login_pass = addslashes(strip_tags($_POST['password']));
	
	$errors = array();
	 
	if(empty($login_email) && empty($login_pass))
	{
		$errors[] = 'Email and Password are required.';
	}
	else
	{
		$login = login_check($login_email, $login_pass);
		
		if($login === false)
		{
			$errors[] = 'Credentials not found.';
		}
		
	}
	
		if(!empty($errors))
		{
			foreach($errors as $error) {
				echo $error.'<br />';
			}
		}
		else
		{
			$_SESSION['user_id'] = $login;
			header('Location: index.php');
			echo 'Logging in....';
		}

}
?>

and register.php:

Code:

<?php
include $_SERVER['DOCUMENT_ROOT'].'/'.'includes/init.php';

include_themeHeader();
include_themeLogin();
?>

<div class="clearfix"></div>

<?php
include PATH_THEME .'navigation.php';
?>    

<div class="clearfix"></div>

<?php
    if ($_POST['register']) {
		
		$reg_email = addslashes(strip_tags($_POST['email']));
		$reg_name = addslashes(strip_tags($_POST['name']));
		$reg_pass = addslashes(strip_tags($_POST['password']));
		$confirm_password = addslashes(strip_tags($_POST['confirm_password']));
		
		$errors = array();
		
		if ($reg_email && $reg_name && $reg_pass) 
		{
			if(user_exists($reg_email) == true) 
			{ 
				$errors[] = '<div class="errors">Email has already been registered.</div>'; 
			}
			
			if(strlen($reg_name) > 32) 
			{ 
				$errors[] = '<div class="errors">Username too long.'; 
			}
			
			if(strlen($reg_pass)<6 && strlen($confirm_password)<6) 
			{ 
				$errors[] = '<div class="errors">Password must be 6 characters or more.'; 
			}
			else
			{
				$captcha_answers = array(
					'setone' =>
					'3CBAJ', 'BXXSH', 'C4YY8', 'T3SBB', 'R9W3A', 'HNXMJ', '6VUPE', 'PCYBT', '59ESB', '5D5YU', 
					'PB5TT', 'ECSNM', 'DDB65', 'MCT46', 'JDK3D', 'E9M4S', 'JVNR9', 'VNP4N', 'MJSPE', 'SJ43B', 'KYDNA'
				);
				
				if(!$_POST['captcha'] == in_array($captcha_answers['setone']))
				{
					$errors[] = '<div class="errors">Security captcha answer isn\'t correct.'; 
				}
				elseif($reg_pass == !$confirm_password)
				{
					$errors[] = '<div class="errors">Passwords must match.</div>';
				}
			}
		}
		else 
		{ 
			$errors[] = "All fields are required."; 
		}
		
		if(!empty($errors))
		{
			foreach($errors as $error) {
				echo $error.'<br />';
			}
		}
		else
		{
			add_user($reg_email, $reg_name, $reg_pass);
			echo '<div class="success">Successfull Registration!</div>';
			$_SESSION['user_id'] = $reg;
			
		}
	}
?>

<div class='registrationForm'>
    <form action='' method='POST' />
        <legend>Fields with a <strong>*</strong> are required!</legend>
        <div class="controlGroup">
            <label class="reg_label" for="emailI">Email*: </label>
            <div class="control"><input type='email' name='email'i / id='emailI' /></div>
        </div>
        <div class="clearfix"></div>
        <div class="controlGroup">
            <label class="reg_label" for="nameI">Name*: </label>
            <div class="control"><input type='text' name='name' id="nameI" /></div>
        </div>
        <div class="clearfix"></div>
        <div class="controlGroup">
            <label class="reg_label" for="passI">Choose password*: </label>
            <div class="control"><input type='password' name='password' id="passI" /></div>
        </div>
        <div class="clearfix"></div>
        <div class="controlGroup">
            <label class="reg_label" for="cpassI">Confirm password*: </label>
            <div class="control"><input type='password' name='confirm_password' id="cpassI" /></div>
        </div>
        <div class="clearfix"></div>
        <div class="controlGroup">
        	<label class="reg_label" for="paymentsI">Payments: </label>
        	<div class="control"><input type='password' name='oayments' id="paymentsI" /></div>
        </div>
        <div class="clearfix"></div>
        <legend>Security Check</legend>
        <div class="controlGroup">
        	<label class="reg_label" for="captcha">Solve the captcha code: </label>
        	<div class="control">
				<img src="<?php echo URL_THEME.'images/CaptchaCodes/CaptchaIMG_'.mt_rand(0,20).'.jpg'; ?>" style="margin-bottom:5px;" id="captcha" title="Captcha Code!" />
                <a href="#" onclick="changeCap()" id="refresh" title="Change the CAPTCHA code!"><img src="<?php echo URL_THEME.'images/CaptchaCodes/RefreshCaptcha.png'; ?>"></a>
<script>
function changeCap() {
    var num=Math.floor(Math.random()*21)
    document.getElementById("captcha").src = document.getElementById("captcha").src.replace(/[0-9]+/,num);
}
</script>
<br />
       			<input type="text" name="captcha" size="10" />
			</div>
		</div>
        <div class="clearfix"></div>
        <input type='submit' name='register' id="reg_btn" value='Register'>
    </form>
</div>
<div class="clearfix"></div>

<?php
include_themeFooter();
?>

Fou-Lu · 10-10-2012, 11:20 PM

Why are you addslashing these:

PHP Code:


			
        $reg_email = addslashes(strip_tags($_POST['email']));
        $reg_name = addslashes(strip_tags($_POST['name']));
        $reg_pass = addslashes(strip_tags($_POST['password']));

You should be issuing a stripslashes if magic_quotes_gpc is enabled. Addslashes and mysql_real_escape_string are not compatible together and should therefore never be used together.

PHP Code:


			
            $_SESSION['user_id'] = $reg;

Where have you created $reg?

Chris-2k · 10-11-2012, 12:00 AM

The session is created in register.php?

Fou-Lu · 10-11-2012, 12:52 AM

I assume that session is created in the init.php since its not done in either of these two scripts.
Doesn't answer the question of where $reg is created. It's not in register.php, but you are assigning it to $_SESSION['user_id']. Since it's null, the isset check won't pass either.

I made the assumption that you actually attempted to call your login_check function manually to verify it is returning false. This looks a lot more to me that loggedin is returning false.

Fix the problem with the $_SESSION['user_id'] = $reg; by assigning $reg to something, and then see what it does.

You have other errors here too, like the confirmation password check will never enter that if branch. But that isn't relevant to the current issue.

Chris-2k · 10-11-2012, 09:04 PM

I know some things wont work as these funcs was put together quickly, no tutorial was used for these, i just did what i know and did plan to fix................

Yes sorry, the session is created in init.php

you've lost me here: "
Fix the problem with the $_SESSION['user_id'] = $reg; by assigning $reg to something, and then see what it does.", this $_SESSION['user_id'] = $reg; - is created in register.php?

Fou-Lu · 10-11-2012, 09:51 PM

Yes that line is in register.php, but I mean that $reg hasn't been assigned to anything. If you enable your error reporting:

Code:

ini_set('display_errors', 1);
error_reporting(E_ALL);

You should trigger the error:

Code:

Notice: Undefined variable: $reg in xx/register.php on line ?

Therefore assigning $_SESSION['user_id'] to null. Null will not pass an isset check, so the loggedin will return false.

Chris-2k · 10-11-2012, 10:02 PM

Ah ok, i get ya, can i do

PHP Code:


			
            $reg = add_user($reg_email, $reg_name, $reg_pass);
            $_SESSION['user_id'] = $reg;

Fou-Lu · 10-11-2012, 10:05 PM

It looks to me that you can do that. Or even just assign $_SESSION['user_id'] directly to the add_user function. It should return the surrogate key created for this record.

Chris-2k · 10-11-2012, 10:17 PM

Done that but still get "Credits not found"?

Chris-2k · 10-11-2012, 10:35 PM

sorry it is, was just cached.......

Now 1 last prob:

Warning: in_array() expects at least 2 parameters, 1 given in /home/sonicimg/public_html/content/themes/MrOSX/pages/register.php on line 48
Security captcha answer isn't correct.

can u help fix that?

Fou-Lu · 10-11-2012, 11:37 PM

That is here: if(!$_POST['captcha'] == in_array($captcha_answers['setone'])). in_array requires a search criteria as well as the hashtable to lookup out of. That should be if (!in_array($_POST['captcha'], $captcha_answers['setone'])).

Chris-2k · 10-12-2012, 12:37 AM

done that, now i get:
Warning: in_array() expects parameter 2 to be array, string given

Fou-Lu · 10-12-2012, 02:11 AM

Ah yes I see. That array is only a single dimension; setOne only refers to a single item within it. Either the in_array should be looking at $catcha_answers as its array, or $captcha_answers['setone'] needs to be converted to an array.

Chris-2k · 10-12-2012, 02:57 PM

Thanks Very Much, it's all working now!!!!!!!!!!