Managing Users with PHP Sessions and MySQL

[rskuse]

Hi,

I have recently downloaded the accesscontrol.zip files put together by Kevin Yank (author of "Build your own database driven website using php and MySQL&quot

http://www.webmasterbase.com/article.php?aid=319&pid=0

I have loaded the files onto my web server and have run the signup script using ("localhost", "root", "&quot.

The script runs without producing any errors and brings up the form to fill in, however, no data is being passed to the datatbase and the same page is being displayed after I have hit the submit button, rather than saying "your registration has been successful" or whatever.

I have set the save.session_path in my php.ini file to a directory on my server and restarted IIS but still the same problem occurs.

Can anyone tell me where I am going wrong?

Thankyou in advance,

Rach

 

[admoore]

Unless I misunderstand your problem, it is likely to revolve around the failure to properly login to your MySQL server...

You wrote:

("localhost", "root", "&quot

You should insure that you give the MySQL root account a password and then specify it as the last argument, i.e.:

("localhost", "root", "sql_root_password&quot
HTH...

 

[danielhozac]

admoore,
The default root password is an empty one, so ("localhost", "root", "&quot is totally valid.
rskuse,
Is register_globals on? Does the scripts use globals? //Daniel

 

[rskuse]

Daniel,

Thanks for your reply. register_globals is on but the script does not use globals.

The following script is for registering a new user:

<?php // signup.php

include(&quot;common.php&quot;
include(&quot;db.php&quot;

if (!isset($submitok)):
// Display the user signup form
?>

<html>
<head><title>New User Registration</title></head>
<body>

<h3>New User Registration Form</h3>
<p><font color=orangered size=+1><TT><B>*</B></TT></font>
indicates a required field</p>
<form method=post action=&quot;<?=$PHP_SELF?>&quot;>
<table border=0 cellpadding=0 cellspacing=5>
<tr>
<td align=right>
<p>User ID</p>
</td>
<td>
<input name=newid type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr>
<td align=right>
<p>Full Name</p>
</td>
<td>
<input name=newname type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr>
<td align=right>
<p>E-Mail Address</p>
</td>
<td>
<input name=newemail type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr valign=top>
<td align=right>
<p>Other Notes</p>
</td>
<td>
<textarea wrap name=newnotes rows=5 cols=30></textarea>
</td>
</tr>
<tr>
<td align=right colspan=2>
<hr noshade color=black>
<input type=reset value=&quot;Reset Form&quot;>
<input type=submit name=&quot;submitok&quot; value=&quot; OK &quot;>
</td>
</tr>
</table>
</form>

</body>
</html>

<?php
else:
// Process signup submission
dbConnect('sessions');

if ($newid==&quot;&quot; or $newname==&quot;&quot; or $newemail==&quot;&quot {
error(&quot;One or more required fields were left blank.\\n&quot;.
&quot;Please fill them in and try again.&quot;
}

// Check for existing user with the new id
$sql = &quot;SELECT COUNT(*) FROM user WHERE userid = '$newid'&quot;;
$result = mysql_query($sql);
if (!$result) {
error(&quot;A database error occurred in processing your &quot;.
&quot;submission.\\nIf this error persists, please &quot;.
&quot;contact kevin@sitepoint.com.&quot;
}
if (mysql_result($result,0,0)>0) {
error(&quot;A user already exists with your chosen userid.\\n&quot;.
&quot;Please try another.&quot;
}

$newpass = substr(md5(time()),0,6);

$sql = &quot;INSERT INTO user SET
userid = '$newid',
password = PASSWORD('$newpass'),
fullname = '$newname',
email = '$newemail',
notes = '$newnotes'&quot;;
if (!mysql_query($sql))
error(&quot;A database error occurred in processing your &quot;.
&quot;submission.\\nIf this error persists, please &quot;.
&quot;contact kevin@sitepoint.com.&quot;

// Email the new password to the person.
$message = &quot;G'Day!

Your personal account for the Project Web Site
has been created! To log in, proceed to the
following address:

http://www.theproject.com/

Your personal login ID and password are as
follows:

userid: $newid
password: $newpass

You aren't stuck with this password! Your can
change it at any time after you have logged in.

If you have any problems, feel free to contact me at
<kevin@sitepoint.com>.

-Kevin Yank
Project Webmaster
&quot;;

mail($newemail,&quot;Your Password for the Project Website&quot;,
$message, &quot;From:Kevin Yank <kevin@sitepoint.com>&quot;

?>
<html>
<head><title> Registration Complete </title></head>
<body>
<p><strong>User registration successful!</strong></p>
<p>Your userid and password have been emailed to
<strong><?=$newemail?></strong>, the email address
you just provided in your registration form. To log in,
click <a href=&quot;index.php&quot;>here</a> to return to the login
page, and enter your new personal userid and password.</p>
</body>
</html>
<?php
endif;
?>

Where db.php includes my database settings.

If I add
$submitok = $_POST[&quot;submitok&quot;];
before if (!isset($submitok)): then the script returns the
error message but it does this regardless of whether I have
left fields blank or not.

Any ideas? (it's driving me crazy!!)

Thanks,

Rachel

 

[danielhozac]

That is because the script is using globals. It obviously isn't on, if the script doesn't work. //Daniel

 

[rskuse]

My mistake!!

I've just set register_globals to on and restarted the IIS and it's still not working.

Rachel