I used the code of the following website for giving my website the add user functionality. I used it before and it worked well. however now i have changed it and have modified it to my needs. however it doesnt seem to work. the error message i get is "please enter form correctly" which is the message i have set in case the various fields have not been sent (please refer to code pasted below). I thought it might be something that i may have messed up , so i tried the code of the website and it doesnt work . is it cause of the wamp server settings? or is it cz
- i am checking if only the username and password along with the session form token are being?
- after checking for only the above fields, i am adding much more information to the database - name, emailid etc
- my database table has more columns than the number of values i am passing.
Since i am new to php authorization anf validation i cant think of anything that i can to debug. Any help will b really appreciated. I am posting my html form,and php code below. My sql table looks has the following colums : userid ,firstname, lastname, username,password, emailid, teamname, money, total, points
html form -
<?php
/*** begin our session ***/
session_start();
/*** set a form token ***/
$form_token = md5( uniqid('auth', true) );
/*** set the session form token ***/
$_SESSION['form_token'] = $form_token;
?>
<form class="form-inline" method="post" action="useradd.php" name="login_form">
<p><input type="text" class="span2" name="firstname" id="firstname" placeholder="First Name"></p>
<p><input type="text" class="span2" name="lastname" id="Last Name" placeholder="Last Name"></p>
<p><input type="text" class="span2" name="username" id="username" placeholder="Username"></p>
<p class="help-block" style="font-size:12px"> Username should be between 4-20 characters long.</p>
<p><input type="Password" class="span2" name="Password" placeholder="Password"></p>
<p class="help-block" style="font-size:12px"> Password must be between 4-20 characters long. Must be alpha-numeric</p>
<p><input type="Password" class="span2" name="Password" placeholder="Re-Enter Password"></p>
<p><input type="text" class="span4" name="emailid" id="emailid" placeholder="Emaid ID - example@example.com"></p>
<p><input type="text" class="span2" name="teamname" id="teamname" placeholder="Team name"></p>
<p class="help-block" style="font-size:12px"> Select your Unique team name.</p>
<p>
<select class="selectpicker">
<option>The name of the city where you were born</option>
<option>The name of your first pet</option>
<option>What is your mother's maiden name</option>
</select>
</p>
<p><input type="text" class="span2" name="secretanswer" id="secretanswer" placeholder="Secret Answer"></p>
<p>
<input type="hidden" name="form_token" value="<?php echo $form_token; ?>" /><br />
<p><button type="submit" class="btn btn-primary">Register</button></p>
</form>
php code - file named - useradd.php
<?php
/*** begin our session ***/
session_start();
/*** first check that both the username, password, form token etc have been sent ***/
if(!isset( $_POST['username'], $_POST['password'], $_POST['form_token']))
{
$message = 'work for the love of god';
}
/*** check the form token is valid ***/
elseif( $_POST['form_token'] != $_SESSION['form_token'])
{
$message = 'Invalid form submission';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['username']) > 20 || strlen($_POST['username']) < 4)
{
$message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['password']) > 20 || strlen($_POST['password']) < 4)
{
$message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
/*** if there is no match ***/
$message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
/*** if there is no match ***/
$message = "Password must be alpha numeric";
}
else
{
/*** if we are here the data is valid and we can insert it into database ***/
$firstname = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);
$lastname = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING);
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
$emailid = filter_var($_POST['emailid'], FILTER_SANITIZE_STRING);
$teamname = filter_var($_POST['teamname'], FILTER_SANITIZE_STRING);
$secret_question = filter_var($_POST['secret_question'], FILTER_SANITIZE_STRING);
$secret_answer = filter_var($_POST['secret_answer'], FILTER_SANITIZE_STRING);
/*** now we can encrypt the password ***/
$password = sha1( $password );
/*** connect to database ***/
/*** mysql hostname ***/
$mysql_hostname = 'localhost';
/*** mysql username ***/
$mysql_username = 'root';
/*** mysql password ***/
$mysql_password = 'imagination';
/*** database name ***/
$mysql_dbname = 'adb project';
try
{
$dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
/*** $message = a message saying we have connected ***/
/*** set the error mode to excptions ***/
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/*** prepare the insert ***/
$stmt = $dbh->prepare("INSERT INTO users (firstname,lastname,username,password,emailid,teamname, secret_question,secret_answer ) VALUES (:firstname,:lastname,:username,:password, :emailid,:teamname,:secret_question,:secret_answer)");
/*** bind the parameters ***/
$stmt->bindParam(':firstname', $firstname, PDO::PARAM_STR);
$stmt->bindParam(':lastname', $lastname, PDO::PARAM_STR);
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);
$stmt->bindParam(':emailid', $emailid, PDO::PARAM_STR);
$stmt->bindParam(':teamname', $teamname, PDO::PARAM_STR);
$stmt->bindParam(':secret_question', $secret_question, PDO::PARAM_STR);
$stmt->bindParam(':secret_answer', $secret_answer, PDO::PARAM_STR);
/*** execute the prepared statement ***/
$stmt->execute();
/*** unset the form token session variable ***/
unset( $_SESSION['form_token'] );
/*** if all is done, say thanks ***/
$message = 'New user added';
}
catch(Exception $e)
{
/*** check if the username already exists ***/
if( $e->getCode() == 23000)
{
$message = 'Username already exists';
}
else
{
/*** if we are here, something has gone wrong with the database ***/
$message = 'We are unable to process your request. Please try again later"';
}
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<p><?php echo $message; ?>
</body>
</html>
