NiftyHost Forums (Archive)

NiftyHost Forums (Archive) > Technology > Coding > Help with a PHP Register script!
Full Version: Help with a PHP Register script!
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

Cameron

07-07-2010, 08:56 AM
Hey guys, looking for a little help with a PHP script of mine.

Here's the code: http://niftyhost.pastebin.com/mDHdrqxg

When I visit the URL I get this error:

Parse error: syntax error, unexpected $end in /home/cameron/public_html/beta/register.php on line 97

The page handles both the registration and the HTML doc. Can't seem to figure out why this is happening, I tried a bunch of different things but nothing worked.

Zach

07-07-2010, 09:38 AM
You put {} at the end not }}.

Cameron

07-07-2010, 09:44 AM
I tried that too, nothing works
Still that 'Unexpected $end' .
Okay, I was able to clear the errors. But now the page only displays the header and not the table I had to organize the inputs. D:

RichardGv

07-07-2010, 10:14 AM
The reason that the form don't appear is so... Minor.
Line 78:
Code:
<input type='password' name='password' value='>
Pay attention that you forgot a single-quote after "value". I think that's the reason why it did not work on my Firefox.

Also, tidy format and clean indentations are important programming habits because they can save much time when debugging parsing errors, and accelerate the process of reading codes.

strip_tags does nothing to SQL injection, so you need to be a bit careful and make sure magic_quotes_gpc are enabled. Or you are probably going to have great fun:
[Image: exploits_of_a_mom.png]
(A comic about SQL Injection, from xkcd.com)

Your script lacks proper isset() / empty() tests to input variable, and that's going to cause a huge amount of annoying PHP warnings (Notice: Undefined index: XXX).

Give me a minute. I'm writing a refined version. I will update this post soon.
A refined version I wrote:
(Attention: I don't know that much about PHP and I cannot guarantee anything about this version.)
PHP Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us" xml:lang="en-us">

<head>
    <title>Registration</title>
    
    <meta http-equiv="content-type" content="application/xhtml+xml; charset=utf-8" />
    <meta name="robots" content="noindex, nofollow" />
</head>

<body>
<?php
define('FULLNAME_MAX'25);
define('FULLNAME_MIN'3);
define('USERNAME_MAX'25);
define('USERNAME_MIN'3);
define('PASSWORD_MAX'25);
define('PASSWORD_MIN'6);

if(empty($_POST['submit'])
        || empty($_POST['fullname'])
        || empty($_POST['username'])
        || empty($_POST['password'])
        || empty($_POST['repeatpwd'])
        || !($fullname trim($_POST['fullname']))
        || !($username trim($_POST['username']))
        || !($password trim($_POST['password']))
        || !($repeatpwd trim($_POST['repeatpwd']))
        || $password != $repeatpwd
        || strlen($fullname) >= FULLNAME_MAX
        || strlen($fullname) <= FULLNAME_MIN
        || strlen($username) >= USERNAME_MAX
        || strlen($username) <= USERNAME_MIN
        || strlen($password) >= PASSWORD_MAX
        || strlen($password) <= PASSWORD_MIN
        ) {
?>
    <h2>Registration</h2>
    <form action='register.php' method='POST'>
        <table>
            <tr>
                <td>Full Name:</td>
                <td>
                    <input type='text' name='fullname' value='' />
                </td>
            </tr>
            <tr>
                <td>Username:</td>
                <td>
                    <input type='text' name='username' value='' />
                </td>
            </tr>
            <tr>
                <td>Password:</td>
                <td>
                    <input type='password' name='password' value='' />
                </td>
            </tr>
            <tr>
                <td>Repeat Password:</td>
                <td>
                    <input type='password' name='repeatpwd' />
                </td>
            </tr>
        </table>
        <p><input type='submit' name='submit' value='Register' /></p>
    </form>
<?php
}
else {
    if(!get_magic_quotes_gpc()) {
        $username addslashes(strip_tags($username));
        $fullname addslashes(strip_tags($fullname));
    }
    $date date ("Y-m-d");
    $password md5($password);
    
    $connect mysqli_connect ("localhost","cameron_cameron","MYPASSHERE"'cameron_user');
    if(mysqli_connect_errno()) {
        // Connection error handling
    }
    $result mysqli_query ($db,
    "INSERT INTO users VALUES ('','$fullname','$username','$password','$date')"
    );
    echo "<p>Congrats! You've been registered! You may now <a href='index.php'>login</a></p>";
}

?>
</body>

</html> 

Cameron

07-07-2010, 01:46 PM
I use MySQL not MySQLi. Dunno if there the same thing or not O.o

RichardGv

07-07-2010, 01:50 PM
(07-07-2010, 01:46 PM)Cameron Wrote: [ -> ]I use MySQL not MySQLi. Dunno if there the same thing or not O.o

Duh, please ask Wikipedia if you don't know.
https://secure.wikimedia.org/wikipedia/en/wiki/MySQLi
MySQLi is an improved version of MySQL PHP interface. It allows users to access the newly introduced functionalities since MySQL 4.1. It should work on most servers. I'm not sure about the differences, but they should be mostly the same. MySQLi is currently recommended by PHP developers, and the old MySQL PHP extension will no longer be supported in the future.
http://www.php.net/manual/en/book.mysqli.php
http://forge.mysql.com/wiki/Converting_to_MySQLi

Cameron

07-07-2010, 03:47 PM
Anyway your code was bust, got some syntax errors. I moved on to a different script I recieved from a friend. Thanks for the help though!

RichardGv

07-07-2010, 08:12 PM
(07-07-2010, 03:47 PM)Cameron Wrote: [ -> ]Anyway your code was bust, got some syntax errors. I moved on to a different script I recieved from a friend. Thanks for the help though!

Sorry, somehow I added an extra "(". The error has been corrected.
PHP Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us" xml:lang="en-us">

<head>
    <title>Registration</title>
    
    <meta http-equiv="content-type" content="application/xhtml+xml; charset=utf-8" />
    <meta name="robots" content="noindex, nofollow" />
</head>

<body>
<?php
define('FULLNAME_MAX'25);
define('FULLNAME_MIN'3);
define('USERNAME_MAX'25);
define('USERNAME_MIN'3);
define('PASSWORD_MAX'25);
define('PASSWORD_MIN'6);

if(empty($_POST['submit'])
        || empty($_POST['fullname'])
        || empty($_POST['username'])
        || empty($_POST['password'])
        || empty($_POST['repeatpwd'])
        || !($fullname trim($_POST['fullname']))
        || !($username trim($_POST['username']))
        || !($password trim($_POST['password']))
        || !($repeatpwd trim($_POST['repeatpwd']))
        || $password != $repeatpwd
        || strlen($fullname) >= FULLNAME_MAX
        || strlen($fullname) <= FULLNAME_MIN
        || strlen($username) >= USERNAME_MAX
        || strlen($username) <= USERNAME_MIN
        || strlen($password) >= PASSWORD_MAX
        || strlen($password) <= PASSWORD_MIN
        ) {
?>
    <h2>Registration</h2>
    <form action='register.php' method='POST'>
        <table>
            <tr>
                <td>Full Name:</td>
                <td>
                    <input type='text' name='fullname' value='' />
                </td>
            </tr>
            <tr>
                <td>Username:</td>
                <td>
                    <input type='text' name='username' value='' />
                </td>
            </tr>
            <tr>
                <td>Password:</td>
                <td>
                    <input type='password' name='password' value='' />
                </td>
            </tr>
            <tr>
                <td>Repeat Password:</td>
                <td>
                    <input type='password' name='repeatpwd' />
                </td>
            </tr>
        </table>
        <p><input type='submit' name='submit' value='Register' /></p>
    </form>
<?php
}
else {
    if(!get_magic_quotes_gpc()) {
        $username addslashes(strip_tags($username));
        $fullname addslashes(strip_tags($fullname));
    }
    $date date ("Y-m-d");
    $password md5($password);
    
    $connect mysqli_connect ("localhost","cameron_cameron","MYPASSHERE"'cameron_user');
    if(mysqli_connect_errno()) {
        // Connection error handling
    }
    $result mysqli_query ($db,
    "INSERT INTO users VALUES ('','$fullname','$username','$password','$date')"
    );
    echo "<p>Congrats! You've been registered! You may now <a href='index.php'>login</a></p>";
}

?>
</body>

</html> 
It's absolutely a problem that you can fix easily, though, that every person knowing a bit about PHP can fix easily.

Matt

07-07-2010, 11:00 PM
Richard, I love your little PHP comic there ;)

Cameron

07-10-2010, 02:11 PM
Sorry I am like a week into PHP and was just looking for a little support.
Pages: 1 2
NiftyHost Forums (Archive) > Technology > Coding > Help with a PHP Register script!