Please help -myphpadmin

tigra123

New Member
Messages
19
Reaction score
0
Points
0
Hi There,

I have recently moved an old dynamic website to x10hosting. Created all the tables again in myphpadmin. Problem is that I cant get members to join/register on my website nor can I log into my website even though I have added my record details to table.
No errors are reported.
The register/join page on web site simply reloads itself after form has been filled in for new member to join.
What is going wrong ?- do I not have permissions ?or is it more likely a PHP coding problem. Any help appreciated!!
 

Submariner

New Member
Messages
44
Reaction score
1
Points
0
More information is needed, like the PHP you are using to process the page and maybe a link to the site itself...
 

taha116

Member
Messages
505
Reaction score
0
Points
16
Ok firstly make sure you corrected all your config files like database username may have been "taha_admin" now it might be "tigra123_admin"

make sure that you import the database by creating a table with the same name and going to your original phpmyadmin page and pressing export.. press go and copy all the code it gives you and run it in the "SQL" section of your database that you created.

Basicly correct your settings for stuff like database paths passwrods etc.. whatever else changed besides hosts is important
 

tigra123

New Member
Messages
19
Reaction score
0
Points
0
still no joy. All path names correct and user names correct.
Could it be that all the SQL quieries are in the php files that are in the CP? I havnt done any quieries directly in myphpadmin? forgive me but Iam not an expert at this!
 

trev

Member
Prime Account
Messages
670
Reaction score
0
Points
16
Are the PHP files running with the correct CHMod 755?
 

trev

Member
Prime Account
Messages
670
Reaction score
0
Points
16
Its the permissions on the files, either using an FTP client or using the file manager you need to edit the permissions of any file that needs to be executed.
 

tigra123

New Member
Messages
19
Reaction score
0
Points
0
I have changed the permissions and it still doesnt work:dunno:
Edit:
here is the code for authorising a user to login. Since my details are entered into table row, I should be able to login from the website right?

<?php
include_once("config.php");

//Check for required fields from the form
if ((!$_POST) || (!$_POST[password]))
{
header("Location: ../login.php");
exit;
}
//Connect to server
$conn = mysql_connect("localhost","$username","$password") or die(mysql_error());
//Select database
mysql_select_db("$database",$conn) or die(mysql_error());
//Create the query
$sql = "
select * from members
where
email = '$_POST[email]' AND password = password('$_POST[password]') AND status = '1'";
//Issue query
$result = mysql_query($sql,$conn) or die(mysql_error());
//Check the number of return rows
if (mysql_num_rows($result) == 1)
{
session_start();
$_SESSION[auth] = "1";
$_SESSION[id] = mysql_result($result, 0, 'id');
$_SESSION[fname] = mysql_result($result, 0, 'f_name');
$_SESSION[sname] = mysql_result($result, 0, 'l_name');
$_SESSION[user_email] = mysql_result($result, 0, 'email');
header("Location: ../index.php");
}
else
{
header("Location: ../login_error.php");
}

?>

many thanks for looking
 
Last edited:

zapzack

New Member
Messages
606
Reaction score
19
Points
0
Heh.. This one's simple..

Code:
<?php 
include_once("config.php");

//Check for required fields from the form
if ((!$_POST[email]) || (!$_POST[password]))
{
header("Location: ../login.php");
exit;
}
//Connect to server
$conn = mysql_connect("localhost", $username, $password) or die(mysql_error());
//Select database
mysql_select_db($database,$conn) or die(mysql_error());
//Create the query
$sql = "
select * from members
where
email = '$_POST[email]' AND password = password('$_POST[password]') AND status = '1'";
//Issue query
$result = mysql_query($sql,$conn) or die(mysql_error());
//Check the number of return rows
if (mysql_num_rows($result) == 1)
{
session_start();
$_SESSION[auth] = "1";
$_SESSION[id] = mysql_result($result, 0, 'id');
$_SESSION[fname] = mysql_result($result, 0, 'f_name');
$_SESSION[sname] = mysql_result($result, 0, 'l_name');
$_SESSION[user_email] = mysql_result($result, 0, 'email');
header("Location: ../index.php");
}
else
{
header("Location: ../login_error.php");
}

?>

No quotes around variables.. try it now.. And if there are any errors, post them..
 

tigra123

New Member
Messages
19
Reaction score
0
Points
0
hi thanks i did as you suggested and got the error after trying to join at the website

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/tigra/public_html/bin/register.php on line 82


here is register.php, i have highlighted line 82!


<?php
include_once("config.php");
//Haven't seen the form so display it!
if ($_POST[opp] != "register.php")
{
include_once("register_form.php");
}
//Have already seen the form
else
{
//Inlclude the form validator script
include ("FormValidator.class.inc");
$checkform = new FormValidator();

//Get the contents of the form variables
$f_name = $_POST[f_name];
$s_name = $_POST[s_name];
$email = $_POST;
$b_date = $_POST[day].$_POST[month].$_POST[year];
$password1 = $_POST[password1];
$password2 = $_POST[password2];

//Check to see if email address is already registered

//open a connection to the database
$conn = mysql_connect("localhost",$username, $password) or die(mysql_error());

//Select database
mysql_select_db("$database",$conn) or die(mysql_error());

//Create the query
$sql = "select * from members
where
email = '$_POST[email]';";
//Issue query
$result = mysql_query($sql,$conn) or die(mysql_error());
//Check the number of return rows
if (mysql_num_rows($result) > 0)
{
$checkform->AddErrorMsg("Email","Email address already registered");
}

//Close connection
mysql_close($conn);

//Validate the form data
$checkform->isEmpty("f_name","Please enter a forename");
$checkform->isEmpty("s_name","Please enter a surname");
$checkform->isEmailAddress("email","Please enter a valid email address");
$checkform->isValidDate("b_date","Please enter a valid date",$_POST[day],$_POST[month],$_POST[year]);
$checkform->isOver16("b_date","You must 16 years old to use this service!!",$_POST[day],$_POST[month],$_POST[year]);
$checkform->isValidPassword("password1","password2","The passwords you entered do not match","Your password must be a minimum of 5 characters!!");

//Check the terms & Conditions have been read
if ($_POST[terms] != "yes")
{
$checkform->AddErrorMsg("terms","Please verify you have read our Terms & Conditions");
}

//Check to see if any errors have occured
if ($checkform->isError())
{
$errorlist = $checkform->getErrorList();
foreach ($errorlist as $error)
{
echo "*".$error['msg']."<br>";
}
include_once("register_form.php");
}

//Add to database
else
{
//open a connection to the database
$conn = mysql_connect("localhost",$username,$password) or die(mysql_error());

//Select database
:eek4:[B]mysql_select_db("$database",$conn) or die(mysql_error());[/B]

//Prepare the insert statement
$b_date = $_POST[year]."-".$_POST[month]."-".$_POST[day];
$add_member = "insert into members values('','$_POST[f_name]','$_POST[s_name]','$b_date','$_POST[email]',password('$_POST[password1]'),'10',CURRENT_DATE(),'$_POST[edtype]','0','$_POST[inform]','$_POST[us]')";

//Insert the job into the table
mysql_query($add_member, $conn) or die(mysql_error());

//Get variables for activation
$sql = "SELECT * FROM members WHERE id = LAST_INSERT_ID()";
$result = mysql_query($sql, $conn) or die(mysql_error());
$password = mysql_result($result, 0, 'password');

//Close connection
mysql_close($conn);

include_once("messages/message_activation.php");

echo "Your membership information has been mailed to your email address. Please check it and follow the directions<BR><p>";
echo "You <B>MUST</B> click on the link provided in the email you have been sent to activate your account <BR></p><p>";
echo "<B>Note:</B> If you have not received an email from us please contact us or try looking in another <B>folder</B> in your email account.<BR></p>";
}
};

?>


many thanks
 

zapzack

New Member
Messages
606
Reaction score
19
Points
0
So the login page works? Good.. Also.. Can you please use code tags around the code.. Thanks..

Now try this:

Code:
<?php 
include_once("config.php");
//Haven't seen the form so display it!
if ($_POST["opp"] != "register.php") 
{
 include_once("register_form.php");
}
//Have already seen the form
else 
{
 //Inlclude the form validator script
 include ("FormValidator.class.inc"); 
 $checkform = new FormValidator();
 
 //Get the contents of the form variables
 $f_name = $_POST["f_name"];
 $s_name = $_POST["s_name"];
 $email = $_POST["email"];
 $b_date = $_POST["day"].$_POST["month"].$_POST["year"];
 $password1 = $_POST["password1"];
 $password2 = $_POST["password2"];
 
 //Check to see if email address is already registered
  
  //open a connection to the database
   $conn = mysql_connect("localhost",$username, $password) or die(mysql_error());
  
  //Select database
  mysql_select_db($database,$conn) or die(mysql_error());
  
  //Create the query
  $sql = "select * from members
    where
    email = '".$_POST['email']."'";
  //Issue query
  $result = mysql_query($sql,$conn) or die(mysql_error());
  //Check the number of return rows
  if (mysql_num_rows($result) > 0)
  {
   $checkform->AddErrorMsg("Email","Email address already registered");
  }
  
  //Close connection
  mysql_close($conn); 
 
 //Validate the form data
 $checkform->isEmpty("f_name","Please enter a forename");
 $checkform->isEmpty("s_name","Please enter a surname");
 $checkform->isEmailAddress("email","Please enter a valid email address");
 $checkform->isValidDate("b_date","Please enter a valid date",$_POST["day"],$_POST["month"],$_POST["year"]);
    $checkform->isOver16("b_date","You must 16 years old to use this service!!",$_POST["day"],$_POST["month"],$_POST["year"]);
 $checkform->isValidPassword("password1","password2","The passwords you entered do not match","Your password must be a minimum of 5 characters!!");
 
 //Check the terms & Conditions have been read
 if ($_POST["terms"] != "yes")
 {
  $checkform->AddErrorMsg("terms","Please verify you have read our Terms & Conditions");
 }
 
 //Check to see if any errors have occured
 if ($checkform->isError())
 {
  $errorlist = $checkform->getErrorList();
  foreach ($errorlist as $error)
  {
   echo "*".$error['msg']."<br>";
  }
  include_once("register_form.php");
 }
 
 //Add to database
 else
 {
  //open a connection to the database
   $conn = mysql_connect("localhost",$username,$password) or die(mysql_error());
  
  //Select database
   mysql_select_db($database, $conn) or die(mysql_error());
  
  //Prepare the insert statement
   $b_date = $_POST["year"]."-".$_POST["month"]."-".$_POST["day"];
  $add_member = "insert into members values({$_POST["f_name"]},{$_POST["s_name"]},{$b_date},{$_POST["email"]},{password($_POST["password1"])},'10',{CURRENT_DATE()},{$_POST["edtype"]},'0',{$_POST["inform"]},{$_POST["us"]})";
 
  //Insert the job into the table
   mysql_query($add_member, $conn) or die(mysql_error());
  
  //Get variables for activation
  $sql = "SELECT * FROM members WHERE id = LAST_INSERT_ID()";
  $result = mysql_query($sql, $conn) or die(mysql_error());
  $password = mysql_result($result, 0, 'password');
  
  //Close connection
  mysql_close($conn); 
  
  include_once("messages/message_activation.php");
  
  echo "Your membership information has been mailed to your email address. Please check it and follow the directions<BR><p>";
  echo "You <B>MUST</B> click on the link provided in the email you have been sent to activate your account <BR></p><p>";
  echo "<B>Note:</B> If you have not received an email from us please contact us or try looking in another <B>folder</B> in your email account.<BR></p>";
 }
};

?>
 
Last edited:

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
No quotes around variables.. try it now.. And if there are any errors, post them..
Variables don't need to be quoted. Only string literal array indices outside of strings and within complex syntax should be quoted, because, well, they're strings:
PHP:
$_POST['email'];
"$_POST[email]";
"{$_POST['email']}";

$key = 'email';
$_POST[$key];
"${_POST[$key]}";
"{$_POST[$key]}";

@OP: when posting code samples, use whichever of the
HTML:
, [php] or [code] tags is most appropriate. They will separate the code from the post and preserve formatting. [php] and [html] will also colorize the code, which can reveal typos.

Your script is open to [URL="http://www.php.net/manual/en/security.database.sql-injection.php"]SQL injection[/URL]. Use the [URL="http://php.net/mysqli"]mysqli[/URL] or (better yet) the [URL="http://php.net/PDO"]PDO[/URL] driver (The MySQL driver is outdated) and [URL="http://www.php.net/pdo.prepared-statements"]prepared statements[/URL].

What's the name of the page you end up at when you submit the form?

Log the query and post it here. Checking in phpMyAdmin, are new users added?

Connecting to the DB is somewhat expensive. Check whether the e-mail address is last after verifying the other, close the connection in the [FONT="Courier New"]$checkform->isError()[/FONT] block and leave it open if there are no errors. That way, you only need to connect once and don't need to leave the connection open for the potentially expensive form validation.

From the MySQL manual section on [URL="http://dev.mysql.com/doc/refman/5.0/en/information-functions.html#function_last-insert-id"]LAST_INSERT_ID()[/URL]:
[quote]The value of LAST_INSERT_ID() is not changed if you set the AUTO_INCREMENT column of a row to a non-“magic” value (that is, a value that is not NULL and not 0).[/quote]
Change your insert to use NULL rather than '' for the first field, which I'm assuming is an auto-incremented primary key. '' might work on some versions of MySQL server, but it might not on others. You should also explicitly list the columns in the INSERT statement, in case you ever need to change the order of the columns in the table or insert a new column.
 

tigra123

New Member
Messages
19
Reaction score
0
Points
0
In reply to zapzack-----with your suggestion of new code I get:

Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in ........register.php on line 82

Also the login page still doesnt work. Thanks anyway.
Edit:
Mission:-----

What's the name of the page you end up at when you submit the form?

The name of the page is register.php -the form just reloads itself after submitting it.
Checking in phpMyAdmin, are new users added?

No new users are added to my tables in phpmyadmin. (even though ive tried joining them over 30 times!!! lol:lol:


Quote:
The value of LAST_INSERT_ID() is not changed if you set the AUTO_INCREMENT column of a row to a non-“magic” value (that is, a value that is not NULL and not 0).
I have change my insert to use NULL rather than '' for the first field, and yes it is an auto-incremented primary key.



Still no joy - really appreciate help but getting v frustrated - especially as with my original script the server is not returning any errors! just cant get users to join and become members!!
 
Last edited:

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
In reply to zapzack-----with your suggestion of new code I get:

Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in ........register.php on line 82
The string indices in line 82 use double quotes, as does the string they're embedded in. This ends the string early. Change the double quotes surrounding the indices to single quotes.

Also the login page still doesnt work. Thanks anyway.
Which page do you end up at, login.php, login_error.php or index.php? It's still not clear what behavior you're observing. What are the URLs for the live pages?

The name of the page is register.php -the form just reloads itself after submitting it.
Then check that opp in the form is set to "register.php", since it sounds like that's the branch the script follows.

I don't think anyone has suggested checking that the DB user has appropriate access to the database. Check the DB user's access permissions (stored in $username) in cPanel by going to the "MySQL" page, then adding the user to the DB (if the user has already been added, this will let you edit the permissions). Also try printing one of the queries and running it in phpMyAdmin. If it runs from phpMyAdmin but not the script, it's probably an issue with the DB user's permissions.
 

zapzack

New Member
Messages
606
Reaction score
19
Points
0
Oops.. didn't realize that on line 82.. heh..

Replace line 82 with

Code:
  $add_member = "insert into members values({$_POST['f_name']},{$_POST['s_name']},{$b_date},{$_POST['email']},{password($_POST['password1'])},'10',{CURRENT_DATE()},{$_POST['edtype']},'0',{$_POST['inform']},{$_POST['us']})";
 
Last edited:

tigra123

New Member
Messages
19
Reaction score
0
Points
0
hi, sorted the string stuff out thankyou

mission you said


Which page do you end up at, login.php, login_error.php or index.php? It's still not clear what behavior you're observing. What are the URLs for the live pages?

I am ending up with register.php still. page just relaods itself doesnt do anything.

My latest problem is now:
Column count doesn't match value count at row 1

Then check that opp in the form is set to "register.php", since it sounds like that's the branch the script follows.

opp is set to register.php


I don't think anyone has suggested checking that the DB user has appropriate access to the database. Check the DB user's access permissions (stored in $username) in cPanel by going to the "MySQL" page, then adding the user to the DB (if the user has already been added, this will let you edit the permissions). Also try printing one of the queries and running it in phpMyAdmin. If it runs from phpMyAdmin but not the script, it's probably an issue with the DB user's permissions.


permissions are fine.

whoops -still no joy,

thanks to all

__________________
 

zapzack

New Member
Messages
606
Reaction score
19
Points
0
Can you try this:

PHP:
<?php 
include_once("config.php");
//Haven't seen the form so display it!
if ($_POST["opp"] !== "register.php") 
{
 include_once("register_form.php");
}
//Have already seen the form
else 
{
 //Inlclude the form validator script
 include ("FormValidator.class.inc"); 
 $checkform = new FormValidator();
 
 //Get the contents of the form variables
 $f_name = $_POST["f_name"];
 $s_name = $_POST["s_name"];
 $email = $_POST["email"];
 $b_date = $_POST["day"].$_POST["month"].$_POST["year"];
 $password1 = $_POST["password1"];
 $password2 = $_POST["password2"];
 
 //Check to see if email address is already registered
  
  //open a connection to the database
   $conn = mysql_connect("localhost",$username, $password) or die(mysql_error());
  
  //Select database
  mysql_select_db($database,$conn) or die(mysql_error());
  
  //Create the query
  $sql = "select * from members
    where
    email = '".$_POST['email']."'";
  //Issue query
  $result = mysql_query($sql,$conn) or die(mysql_error());
  //Check the number of return rows
  if (mysql_num_rows($result) > 0)
  {
   $checkform->AddErrorMsg("Email","Email address already registered");
  }
  
  //Close connection
  mysql_close($conn); 
 
 //Validate the form data
 $checkform->isEmpty("f_name","Please enter a forename");
 $checkform->isEmpty("s_name","Please enter a surname");
 $checkform->isEmailAddress("email","Please enter a valid email address");
 $checkform->isValidDate("b_date","Please enter a valid date",$_POST["day"],$_POST["month"],$_POST["year"]);
    $checkform->isOver16("b_date","You must 16 years old to use this service!!",$_POST["day"],$_POST["month"],$_POST["year"]);
 $checkform->isValidPassword("password1","password2","The passwords you entered do not match","Your password must be a minimum of 5 characters!!");
 
 //Check the terms & Conditions have been read
 if ($_POST["terms"] != "yes")
 {
  $checkform->AddErrorMsg("terms","Please verify you have read our Terms & Conditions");
 }
 
 //Check to see if any errors have occured
 if ($checkform->isError())
 {
  $errorlist = $checkform->getErrorList();
  foreach ($errorlist as $error)
  {
   echo "*".$error['msg']."<br>";
  }
  include_once("register_form.php");
 }
 
 //Add to database
 else
 {
  //open a connection to the database
   $conn = mysql_connect("localhost",$username,$password) or die(mysql_error());
  
  //Select database
   mysql_select_db($database, $conn) or die(mysql_error());
  
  //Prepare the insert statement
   $b_date = $_POST["year"]."-".$_POST["month"]."-".$_POST["day"];
   $add_member = "insert into members values({$_POST['f_name']},{$_POST['s_name']},{$b_date},{$_POST['email']},{password($_POST['password1'])},'10',{CURRENT_DATE()},{$_POST['edtype']},'0',{$_POST['inform']},{$_POST['us']})";
 
  //Insert the job into the table
   mysql_query($add_member, $conn) or die(mysql_error());
  
  //Get variables for activation
  $sql = "SELECT * FROM members WHERE id = LAST_INSERT_ID()";
  $result = mysql_query($sql, $conn) or die(mysql_error());
  $password = mysql_result($result, 0, 'password');
  
  //Close connection
  mysql_close($conn); 
  
  include_once("messages/message_activation.php");
  
  echo "Your membership information has been mailed to your email address. Please check it and follow the directions<BR><p>";
  echo "You <B>MUST</B> click on the link provided in the email you have been sent to activate your account <BR></p><p>";
  echo "<B>Note:</B> If you have not received an email from us please contact us or try looking in another <B>folder</B> in your email account.<BR></p>";
 }
};

?>

Edit:
And can you tell us all the fields under the members table so we can fix "Column count doesn't match value count at row 1"
 
Last edited:

tigra123

New Member
Messages
19
Reaction score
0
Points
0
zapzack did as you suggested and got:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in bin/register.php on line 82

my table fields are:

id int not null primary key auto_increment,
f_name varchar(50),
l_name varchar(50),
d_dob date,
email varchar(50),
password varchar(50),
c_count int,
a_date date,
edtype enum ('other','university','college','school'),
status enum ('1','0')
cheers
 

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
Also the login page still doesnt work. Thanks anyway.
Which page do you end up at, login.php, login_error.php or index.php? It's still not clear what behavior you're observing. What are the URLs for the live pages?
I am ending up with register.php still. page just relaods itself doesnt do anything.
So login.php leads to register.php?
My latest problem is now:
Column count doesn't match value count at row 1
For an INSERT statement, this means the number of columns in the table or columns clause doesn't match the number of columns in the VALUES clause. Whenever you have an error message, google it. You have two extra values in your INSERT statement: $_POST['inform'] and $_POST['us'].

You also have the SQL PASSWORD and CURRENT_DATE functions escaped by PHP's complex syntax (the curly brackets). This is wrong for two reasons: first, complex syntax only works if the first character after the open bracket ("{") is a "$". Second, these are SQL functions, not PHP functions, so you don't want PHP to attempt to process them.

The script is still open to SQL injection. Integrate something like the following:

PHP:
$db = new PDO("mysql:host=localhost;dbname=$dbName", $dbUser, $dbPassword);
...
$fields = array(
    'f_name' => PDO::PARAM_STR, 
    's_name' => PDO::PARAM_STR, 
    'd_dob' => PDO::PARAM_STR, 
    'email' => PDO::PARAM_STR, 
    'password1' => PDO::PARAM_STR,
    'edtype' => PDO::PARAM_STR
);
...
$_POST['d_dob'] = "$_POST[year]-$_POST[month]-$_POST[day]";
$add_member = $db->prepare("insert into members (f_name, l_name, d_dob, email, password, c_count, a_date,edtype,status) values(:f_name,:s_name, :d_dob,:email,password(:password1),10,CURRENT_DATE(),:edtype,0)"); 
foreach ($fields as $field => $type) {
    $add_member->bindValue(":$field", $_POST[$field], $type);
}
$add_member->execute();

Edit: Typos fixed. A modern solution would abstract the above away into a data abstraction layer, so no DB details would be visible in registration.php. You would write a member class with a factory member to create a new member, which would handle input validation and insertion and throw exceptions on errors. registration.php would handle the exceptions and print error messages. That way, the SQL statements aren't scattered over a half dozen scripts that would require rewriting if you changed the data model.

Edit2: The most recently posted register.php worked for me on my development server, once the insert statement was corrected. When you print the error list, use an HTML list (<ul> or <ol>) rather than "*" and <br>.

Still waiting on links to live pages.
 
Last edited:
Top