|
|
as the title mentions , i need help in a simple php register script based on flat file
it ought to enter the data in data.html but it instead writes a bunch of zeros
here is the code (register/index.php) | Code: | <html>
<head>
<title>form</title>
<!--
<script type="text/javascript">
shortcut("enter",function() {
document.form1.submit();
});
</script>
-->
</head>
<body>
<form name="form1" action="index.php"method="POST">
<legend>username:<input type="text" name="name"></legend>
password:<input type="password" name="pass">
<legend><input type="submit" name="submit" value="Register"></legend>
</fieldset>
</form>
</body>
</html>
<?php
$data = "data.html" ;
$tile = $_POST['name'] ;
$pass = $_POST['pass'] ;
$content = $tile | $pass;
$fp = fopen($data, 'a') ;
if (empty($tile) === False) {
die();
} else {
fwrite($fp , $content ) ;
}
fclose($fp);
?> |
and the content in data.html
You are make few mistakes. First you cannot write php like javascript. You need dot and quotes for creating one string.
| Code: | $content = $tile | $pass; // bad
$content = $tile . "|" . $pass . "\n"; // good and you can use single quotest, too |
Second mistake is
| Code: | | if (empty($tile) === False) |
Function empty is enough you don't need False.
Third mistake, you are forgot new line if you think to put more then one user in html (in my solution txt file) Code is below. 
Sonam
| Code: | <html>
<head>
<title>form</title>
<!--
<script type="text/javascript">
shortcut("enter",function() {
document.form1.submit();
});
</script>
-->
</head>
<body>
<form name="form1" action="proba.php"method="POST">
<legend>username:<input type="text" name="name"></legend>
password:<input type="password" name="pass">
<legend><input type="submit" name="submit" value="Register"></legend>
</fieldset>
</form>
</body>
</html>
<?php
print_r($_POST);
$data = "data.txt" ;
$tile = $_POST['name'] ;
$pass = $_POST['pass'] ;
$content = $tile . "|" . $pass . "\n";
if(empty($tile)) {
die("Sorry!");
exit;
} else {
$newFile = fopen($data, "a");
fwrite($newFile, $content);
fclose($newFile);
}
?> |
lol, just typed up my solution went to reply and i saw it had already been taken care of. the above covers all the mistakes i found aswell.
thanks a lot sonam for solving this problem , i did not see any error when it was parsed normally on the server moderators may close this thread as the problem as been solved (well , almost if not fully)
Hi mahirharoon,
I am also suprised when I try your script and didn't get any error, just zeroes. But for your future php programing it is good to put this two lines on the top of scritp. This will display all errors.
| Code: | error_reporting(E_ALL);
ini_set("display_errors", "1"); |
On the end, I must to say, your script is not good for registration. It is too simple and anyone can break it. It is good for learning, but not for real use.
Sonam
On my site I Use script from php tutorial. But it is not complete. The last part relates on sites specificity
| Code: | <?php
function showheader ($title) {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE> <?php echo $title ?> </TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF">
<CENTER>
<?php
}
function showfooter () {
?>
</CENTER>
</BODY>
</HTML>
<?php
}
mysql_connect("localhost", "username", "password");
mysql_select_db("users");
if ($Password == $Password2) {
$user = mysql_query("SELECT * FROM personalize WHERE (Name='$Name')");
if (mysql_num_rows($user) > 0) {
showheader("User Name Taken !");
?>
We are sorry to inform you that the User Name <B><?php echo $Name ?></B> Is already Taken.
<?php
showfooter();
}
else {
$user = mysql_query("INSERT INTO personalize VALUES ('$Name','$Password','$News1','$News2','$Weather')");
setcookie("site_user", $Name, time() + 31536000, "/");
setcookie("site_pass", $Password, time() + 31536000, "/");
showheader("Registration Success!");
?>
You have registered.<BR>
User Name: <?php echo $Name ?>
<BR>
Password: <?php echo $Password ?>
<?php
showfooter();
}
}
else {
showheader("Registration Error!");
?>
Your Two Passwords Did Not Match
<?php
showfooter();
}
?> |
| Albio wrote: | On my site I Use script from php tutorial. But it is not complete. The last part relates on sites specificity
| Code: | <?php
function showheader ($title) {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE> <?php echo $title ?> </TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF">
<CENTER>
<?php
}
function showfooter () {
?>
</CENTER>
</BODY>
</HTML>
<?php
}
mysql_connect("localhost", "username", "password");
mysql_select_db("users");
if ($Password == $Password2) {
$user = mysql_query("SELECT * FROM personalize WHERE (Name='$Name')");
if (mysql_num_rows($user) > 0) {
showheader("User Name Taken !");
?>
We are sorry to inform you that the User Name <B><?php echo $Name ?></B> Is already Taken.
<?php
showfooter();
}
else {
$user = mysql_query("INSERT INTO personalize VALUES ('$Name','$Password','$News1','$News2','$Weather')");
setcookie("site_user", $Name, time() + 31536000, "/");
setcookie("site_pass", $Password, time() + 31536000, "/");
showheader("Registration Success!");
?>
You have registered.<BR>
User Name: <?php echo $Name ?>
<BR>
Password: <?php echo $Password ?>
<?php
showfooter();
}
}
else {
showheader("Registration Error!");
?>
Your Two Passwords Did Not Match
<?php
showfooter();
}
?> |
|
god that is horrible, lol. the lists of things wrong are extensive. are you really going to use this script? if you are you should make a new thread asking for help as you seem to just be using other peoples scripts which are really outdated and poorly coded/layed out.
are you writing that from scratch, or have you pinched bit and bobs from online scripts?
| Nemesis234 wrote: | | god that is horrible, lol. the lists of things wrong are extensive. are you really going to use this script? if you are you should make a new thread asking for help as you seem to just be using other peoples scripts which are really outdated and poorly coded/layed out. |
Seconded. I died a little inside when I saw that script. The fact that it's using HTML 3.2 should have been a clue.
Folks, code copied from tutorials is generally NOT for production use. Avoid using any of it. In a real website environment:
- NEVER store passwords in plain text or using reversible encryption, anywhere. Use instead a destructive algorithm such as SHA1.
- Always separate content from presentation. Ideally, keep the controller and the view layer in separate files.
- Always use validators and sanitize input. With the script given, I could cause problems if I entered a name like this:
'); DROP TABLE personalize;--
| Fire Boar wrote: | | Nemesis234 wrote: | | god that is horrible, lol. the lists of things wrong are extensive. are you really going to use this script? if you are you should make a new thread asking for help as you seem to just be using other peoples scripts which are really outdated and poorly coded/layed out. |
Seconded. I died a little inside when I saw that script. The fact that it's using HTML 3.2 should have been a clue.
Folks, code copied from tutorials is generally NOT for production use. Avoid using any of it. In a real website environment:
- NEVER store passwords in plain text or using reversible encryption, anywhere. Use instead a destructive algorithm such as SHA1.
- Always separate content from presentation. Ideally, keep the controller and the view layer in separate files.
- Always use validators and sanitize input. With the script given, I could cause problems if I entered a name like this:
'); DROP TABLE personalize;-- |
I agree. And in addition, it seems like the script bases itself on register_globals being turned on, which itself is a huge security leak. Right?
All the variables being inserted into the database should first be set to empty values, and then be pulled out from $_POST, $_GET or $_REQUEST variables. Using the current configuration is like asking to have hackers exploiting your security vulnerabilities.
|
