Tilted Forum Project Discussion Community - View Single Post - PHP form submission

d*d · 05-09-2005, 12:20 AM

yeah they are POST'ed, I've not used $_REQUEST before but will checkit out, I'll find out what version of php they are using, I would just use phpinfo(), but it'd take three days for them to check and ok that

Heres the source coding, perhaps someone can spot the problem?

<?php
include ('./includes/header_secure.php');

if (isset($_POST['submit'])) { // Handle the form.

require_once ('./mysql_connect.php'); // Connect to the db.

// Check for a first name.
if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['first_name'])))) {
$fn = escape_data($_POST['first_name']);
} else {
$fn = FALSE;
echo '<p class= "warning">Please enter your first name</p>';
}

// Check for a last name.
if (eregi ("^[[:alpha:].' -]{2,30}$", stripslashes(trim($_POST['last_name'])))) {
$ln = escape_data($_POST['last_name']);
} else {
$ln = FALSE;
echo '<p class= "warning">Please enter your last name</p>';
}

// Check for an email address.
if (eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$", stripslashes(trim($_POST['email'])))) {
$e = escape_data($_POST['email']);
} else {
$e = FALSE;
echo '<p class= "warning">Please enter a valid email address</p>';
}

// Check for a username.
if (eregi ("^[[:alnum:]_]{4,20}$", stripslashes(trim($_POST['username'])))) {
$u = escape_data($_POST['username']);
} else {
$u = FALSE;
echo '<p class= "warning">Please enter a valid username!</p>';
}

// Check for a password and match against the confirmed password.
if (eregi ("^[[:alnum:]]{4,20}$", stripslashes(trim($_POST['password1'])))) {
if ($_POST['password1'] == $_POST['password2']) {
$p = escape_data($_POST['password1']);
} else {
$p = FALSE;
echo '<p class= "warning">Your password did not match the confirmed password!</p>';
}
} else {
$p = FALSE;
echo '<p class= "warning">Please enter a valid password!</p>';
}
// Check for an std code.
if (empty($_POST['std'])) {
$std = FALSE;
$message .= '<p class= "warning">Please enter your std code</p>';
} else {
//
if (!eregi ("^[[:digit:]]+$", stripslashes(trim($_POST['std'])))) {
$std = FALSE;
$message .= '<p class= "warning">Please enter a valid std code.</p>';
} else {
$std = escape_data($_POST['std']);
}
//

}

// Check for an phone number.
if (empty($_POST['phone'])) {
$pn = FALSE;
$message .= '<p class= "warning">You forgot to enter your phone number</p>';
} else {
//
if (!eregi ("^[[:digit:]]+$", stripslashes(trim($_POST['phone'])))) {
$pn = FALSE;
$message .= '<p class= "warning">Please enter a valid phone number.</p>';
} else {
$pn = escape_data($_POST['phone']);
$pn = $std . $pn;
}
//
}
if ($fn && $ln && $e && $u && $p && $pn && $std) { // If everything's OK.

// Make sure the username is available.
$query = "SELECT customer_id FROM customer WHERE username='$u'";
$result = @mysql_query ($query);

if (mysql_num_rows($result) == 0) { // Available.

// Add the user.
$query = "INSERT INTO customer (username, password, first_name, last_name, email, phone, registration_date) VALUES ('$u', '$p', '$fn', '$ln', '$e', $pn, NOW() )";
$result = @mysql_query ($query); // Run the query.

if ($result) { // If it ran OK.

// Send an email, if desired.
$body = "Thank you '{$_POST['first_name']}' for registering with EA-Integration,\n\nYour username is '{$_POST['username']}'\n
your password is '{$_POST['password1']}'\n

info@xxx.com\n";
mail ($_POST['email'], 'Thank you for registering',$body, 'FROM: info@xxx.com');

echo "<div id=\"left\"><p class = \"bttnstyle1\">Thank you for registering {$_POST['first_name']}</p>\n
<p class=\"copy\">click <a href=\"checkout.php?name=$u&pass=$p\"> here </a> to return</p></div>";
include ('./includes/footer_secure.php'); // Include the HTML footer.
exit();

} else { // If it did not run OK.
// Send a message to the error log, if desired.
echo '<p class = "warning"> You could not be registered due to a system error. We apologize for any inconvenience.</p>';
}

} else { // The username is not available.
echo '<p class = "warning">That username is already taken.</p>';
}

mysql_close(); // Close the database connection.

} else { // If one of the data tests failed.
echo '<p class = "warning">Please try again.</p>';
}

} // End of the main Submit conditional.
?>
<div id="whole">
<p class="heading">Register</p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table cellpadding="0" cellspacing="10" width="750">

<tr><td><p class="bttnstyle1">First Name: </p></td><td><input type="text" name="first_name" size="15" maxlength="15" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /></td></tr>

<tr><td><p class="bttnstyle1">Last Name: </p></td><td><input type="text" name="last_name" size="30" maxlength="30" value="<?php if (isset($_POST['last_name'])) echo (stripslashes($_POST['last_name'])); ?>" /></td></tr>

<tr><td><p class="bttnstyle1">Email Address: </p></td><td><input type="text" name="email" size="40" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></td></tr>

<tr><td><p class="bttnstyle1">Phone Number: </p></td><td><input type="text" name="std" size="5" maxlength="5" value="<?php if (isset($_POST['std'])) echo $_POST['std']; ?>" /> <input type="text" name="phone" size="10" maxlength="10" value="<?php if (isset($_POST['phone'])) echo $_POST['phone']; ?>" /></td></tr>

<tr><td><p class="bttnstyle1">User Name: </p></td><td><input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /> <span class="copy">Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</span></td></tr>

<tr><td><p class="bttnstyle1">Password: </p></td><td><input type="password" name="password1" size="20" maxlength="20" /> <span class="copy">Use only letters and numbers. Must be between 4 and 20 characters long.</span></td></tr>

<tr><td><p class="bttnstyle1">Confirm Password: </p></td><td><input type="password" name="password2" size="20" maxlength="20" /></td></tr>
<tr><td colspan="2" width="750"><p align="center"><input type="submit" name="submit" value="Register" /></p></td></tr>
</table>
</form></div>

<?php
include ('./includes/footer_secure.php'); // Include the HTML footer.
?>

05-09-2005, 12:20 AM	#5 (permalink)
d*d Addict	yeah they are POST'ed, I've not used $_REQUEST before but will checkit out, I'll find out what version of php they are using, I would just use phpinfo(), but it'd take three days for them to check and ok that Heres the source coding, perhaps someone can spot the problem? <?php include ('./includes/header_secure.php'); if (isset($_POST['submit'])) { // Handle the form. require_once ('./mysql_connect.php'); // Connect to the db. // Check for a first name. if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['first_name'])))) { $fn = escape_data($_POST['first_name']); } else { $fn = FALSE; echo '<p class= "warning">Please enter your first name</p>'; } // Check for a last name. if (eregi ("^[[:alpha:].' -]{2,30}$", stripslashes(trim($_POST['last_name'])))) { $ln = escape_data($_POST['last_name']); } else { $ln = FALSE; echo '<p class= "warning">Please enter your last name</p>'; } // Check for an email address. if (eregi ("^[[:alnum:]][a-z0-9_.-]@[a-z0-9.-]+\.[a-z]{2,4}$", stripslashes(trim($_POST['email'])))) { $e = escape_data($_POST['email']); } else { $e = FALSE; echo '<p class= "warning">Please enter a valid email address</p>'; } // Check for a username. if (eregi ("^[[:alnum:]_]{4,20}$", stripslashes(trim($_POST['username'])))) { $u = escape_data($_POST['username']); } else { $u = FALSE; echo '<p class= "warning">Please enter a valid username!</p>'; } // Check for a password and match against the confirmed password. if (eregi ("^[[:alnum:]]{4,20}$", stripslashes(trim($_POST['password1'])))) { if ($_POST['password1'] == $_POST['password2']) { $p = escape_data($_POST['password1']); } else { $p = FALSE; echo '<p class= "warning">Your password did not match the confirmed password!</p>'; } } else { $p = FALSE; echo '<p class= "warning">Please enter a valid password!</p>'; } // Check for an std code. if (empty($_POST['std'])) { $std = FALSE; $message .= '<p class= "warning">Please enter your std code</p>'; } else { // if (!eregi ("^[[:digit:]]+$", stripslashes(trim($_POST['std'])))) { $std = FALSE; $message .= '<p class= "warning">Please enter a valid std code.</p>'; } else { $std = escape_data($_POST['std']); } // } // Check for an phone number. if (empty($_POST['phone'])) { $pn = FALSE; $message .= '<p class= "warning">You forgot to enter your phone number</p>'; } else { // if (!eregi ("^[[:digit:]]+$", stripslashes(trim($_POST['phone'])))) { $pn = FALSE; $message .= '<p class= "warning">Please enter a valid phone number.</p>'; } else { $pn = escape_data($_POST['phone']); $pn = $std . $pn; } // } if ($fn && $ln && $e && $u && $p && $pn && $std) { // If everything's OK. // Make sure the username is available. $query = "SELECT customer_id FROM customer WHERE username='$u'"; $result = @mysql_query ($query); if (mysql_num_rows($result) == 0) { // Available. // Add the user. $query = "INSERT INTO customer (username, password, first_name, last_name, email, phone, registration_date) VALUES ('$u', '$p', '$fn', '$ln', '$e', $pn, NOW() )"; $result = @mysql_query ($query); // Run the query. if ($result) { // If it ran OK. // Send an email, if desired. $body = "Thank you '{$_POST['first_name']}' for registering with EA-Integration,\n\nYour username is '{$_POST['username']}'\n your password is '{$_POST['password1']}'\n info@xxx.com\n"; mail ($_POST['email'], 'Thank you for registering',$body, 'FROM: info@xxx.com'); echo "<div id=\"left\"><p class = \"bttnstyle1\">Thank you for registering {$_POST['first_name']}</p>\n <p class=\"copy\">click <a href=\"checkout.php?name=$u&pass=$p\"> here </a> to return</p></div>"; include ('./includes/footer_secure.php'); // Include the HTML footer. exit(); } else { // If it did not run OK. // Send a message to the error log, if desired. echo '<p class = "warning"> You could not be registered due to a system error. We apologize for any inconvenience.</p>'; } } else { // The username is not available. echo '<p class = "warning">That username is already taken.</p>'; } mysql_close(); // Close the database connection. } else { // If one of the data tests failed. echo '<p class = "warning">Please try again.</p>'; } } // End of the main Submit conditional. ?> <div id="whole"> <p class="heading">Register</p> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table cellpadding="0" cellspacing="10" width="750"> <tr><td><p class="bttnstyle1">First Name: </p></td><td><input type="text" name="first_name" size="15" maxlength="15" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /></td></tr> <tr><td><p class="bttnstyle1">Last Name: </p></td><td><input type="text" name="last_name" size="30" maxlength="30" value="<?php if (isset($_POST['last_name'])) echo (stripslashes($_POST['last_name'])); ?>" /></td></tr> <tr><td><p class="bttnstyle1">Email Address: </p></td><td><input type="text" name="email" size="40" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></td></tr> <tr><td><p class="bttnstyle1">Phone Number: </p></td><td><input type="text" name="std" size="5" maxlength="5" value="<?php if (isset($_POST['std'])) echo $_POST['std']; ?>" /> <input type="text" name="phone" size="10" maxlength="10" value="<?php if (isset($_POST['phone'])) echo $_POST['phone']; ?>" /></td></tr> <tr><td><p class="bttnstyle1">User Name: </p></td><td><input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /> <span class="copy">Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</span></td></tr> <tr><td><p class="bttnstyle1">Password: </p></td><td><input type="password" name="password1" size="20" maxlength="20" /> <span class="copy">Use only letters and numbers. Must be between 4 and 20 characters long.</span></td></tr> <tr><td><p class="bttnstyle1">Confirm Password: </p></td><td><input type="password" name="password2" size="20" maxlength="20" /></td></tr> <tr><td colspan="2" width="750"><p align="center"><input type="submit" name="submit" value="Register" /></p></td></tr> </table> </form></div><!-- End of Form --> <?php include ('./includes/footer_secure.php'); // Include the HTML footer. ?> Last edited by dd; 05-09-2005 at 02:52 AM..