[clantron]

Hello

I seem to be having some problems with creating this page I'm working on.
I kind of seem to understand where the problem is but before I start asking around for someobdy else to fix it I would like to understand the code and see if I can solve it myself.

The problem lies in this piece of code from a login script I downloaded to kickstart my website.

PHP Code:

if($database->addNewUser($subuser, md5($subpass), $subemail)){

            if(EMAIL_WELCOME){

               $mailer->sendWelcome($subuser,$subemail,$subpass);

            }

            return 0;  //New user added succesfully

         }else{

            return 2;  //Registration attempt failed

} 

From the above code I need to know why it would result a 2.
addNewUser basicly goes to a mysql INSERT INTO line that should work properly to my knowledge. All variables have the correct name.

I hope I make sense and somebody can help me understand this.
Greetings.

[Barnz1986]

Quote:

Originally Posted by clantron

Hello

I seem to be having some problems with creating this page I'm working on.
I kind of seem to understand where the problem is but before I start asking around for someobdy else to fix it I would like to understand the code and see if I can solve it myself.

The problem lies in this piece of code from a login script I downloaded to kickstart my website.

PHP Code:

if($database->addNewUser($subuser, md5($subpass), $subemail)){

            if(EMAIL_WELCOME){

               $mailer->sendWelcome($subuser,$subemail,$subpass);

            }

            return 0;  //New user added succesfully

         }else{

            return 2;  //Registration attempt failed

} 

From the above code I need to know why it would result a 2.
addNewUser basicly goes to a mysql INSERT INTO line that should work properly to my knowledge. All variables have the correct name.

I hope I make sense and somebody can help me understand this.
Greetings.

Probably to tell some other code further down, the result of that block of code.

[clantron]

yes I know that... the problem is
When it results in a 2 the whole registration fails without any notification why.
When it results in a 0 then it's succesful and it is completed.

I used Jpmaster77's php login script because I am not an expert and unaware how to make a relatively secure php login script. I found that it was ineffecient to have no password check so included that into the script. Everything works flawlessly, error check and everything. The only problem is that it fails without telling me why, like in common php/mysql errors. I traced the problem and came down to this point. I dont understand why it would return a 2 at this spot.

The script btw can be found at http://www.evolt.org/article/PHP_Log...ures/17/60384/ for those that need to know. It has code showing and everything. Just not my additions ofcourse.

[mab]

The

PHP Code:

$database->addNewUser($subuser, md5($subpass), $subemail) 

is returning a FALSE for the IF() test.

We would need to see the code for the addnewuser function in order to determine more, but some likely causes would be that -

1) There are already records with the same username or email address,
2) Some characters in the username, password, or email address are not permitted,
3) There are some minimum length restrictions on these,
4) The code itself is poorly written and the username, password, or email that you are trying is tripping it up,
5) The length of fields in the database are not appropriate for the data that is being entered,
6) And there could be a dozen more, depending on the code, PHP version, mysql version, web server software, operating system, use of built in mysql functions that change between versions, or any other assumption that could have been made when the code was written that is not present on your server...

Let us assume that the INSERT INTO query failed because a matching record already exists, a well written script should plainly report that that is the reason for the failure.

[clantron]

Thank you for your reply

Here's the function addNewUser:

PHP Code:

   function addNewUser($username, $password, $email){

      $time = time();

      /* If admin sign up, give admin user level */

      if(strcasecmp($username, ADMIN_NAME) == 0){

         $ulevel = ADMIN_LEVEL;

      }else{

         $ulevel = USER_LEVEL;

      }

      $joindate = date('M j, Y');

      $q = "INSERT INTO ".TBL_USERS." (username,PASSWORD,userid,userlevel,email,timestamp,join) VALUES ('$username', '$password', '0', $ulevel, '$email', $time, $joindate)";

      return mysql_query($q, $this->connection);

   } 

    /* joindate added by Clantron */ 

php 4.4.0
mysql 4.0.23

As for your comments I can rule out nrs 1 + 2 + 3 + 5
item 4 I cannot rule out because I didn't make it, however it seems like this script is used in a lot of websites I found out through google. (many didn't renamed the main.php's header)

The weird thing is that it did work before I placed in the password confirm. After I added that it doesn't work anymore. It does not cause any errors and works properly compared to the existing code.

I will add the Process register that preceeds the adduser story:

PHP Code:

   function procRegister(){

      global $session, $form;

      /* Convert username to all lowercase (by option) */

      if(ALL_LOWERCASE){

         $_POST['user'] = strtolower($_POST['user']);

      }

      /* Registration attempt */

      $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['pass2'], $_POST['email'], $_POST['email2'] );

      /* pass2 and email2 added by Clantron */



      /* Registration Successful */

      if($retval == 0){

         $_SESSION['reguname'] = $_POST['user'];

         $_SESSION['regsuccess'] = true;

         header("Location: ".$session->referrer);

      }

      /* Error found with form */

      else if($retval == 1){

         $_SESSION['value_array'] = $_POST;

         $_SESSION['error_array'] = $form->getErrorArray();

         header("Location: ".$session->referrer);

      }

      /* Registration attempt failed */

      else if($retval == 2){

         $_SESSION['reguname'] = $_POST['user'];

         $_SESSION['regsuccess'] = false;

         header("Location: ".$session->referrer);

      }

   } 

And to top it all off here is the complete Register function:

PHP Code:

     /* subpass2 and subemail2 added by Clantron */

   function register($subuser, $subpass, $subpass2, $subemail, $subemail2){

      global $database, $form, $mailer;  //The database, form and mailer object



      /* Username error checking */

      $field = "user";  //Use field name for username

      if(!$subuser || strlen($subuser = trim($subuser)) == 0){

         $form->setError($field, "* Username not entered");

      }

      else{

         /* Spruce up username, check length */

         $subuser = stripslashes($subuser);

         if(strlen($subuser) < 4){

            $form->setError($field, "* Username below 4 characters");

         }

         else if(strlen($subuser) > 12){

            $form->setError($field, "* Username above 12 characters");

         }

         /* Check if username is not alphanumeric */

         else if(!eregi("^([0-9a-z])+$", $subuser)){

            $form->setError($field, "* Username not alphanumeric");

         }

         /* Check if username is reserved */

         else if(strcasecmp($subuser, GUEST_NAME) == 0){

            $form->setError($field, "* Username reserved word");

         }

         /* Check if username is already in use */

         else if($database->usernameTaken($subuser)){

            $form->setError($field, "* Username already in use");

         }

         /* Check if username is banned */

         else if($database->usernameBanned($subuser)){

            $form->setError($field, "* Username banned");

         }

      }



      /* Password error checking */

      $field = "pass";  //Use field name for password

      $field2 = "pass2"; //confirm field added by Clantron

      if(!$subpass){

         $form->setError($field, "* Password not entered");

      }

      else{

         /* Spruce up password and check length*/

         $subpass = stripslashes($subpass);

         $subpass2 = stripslashes($subpass2); /* added by Clantron */

         if(strlen($subpass) < 4){

            $form->setError($field, "* Password too short");

         }

         /* Check if password is not alphanumeric */

         else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){

            $form->setError($field, "* Password not alphanumeric");

         }

         /* added by Clantron */

         else if($subpass != $subpass2){

                 $form->setError($field2, "* Passwords do not match");

         }

         /* end added by Clantron */

         /**

          * Note: I trimmed the password only after I checked the length

          * because if you fill the password field up with spaces

          * it looks like a lot more characters than 4, so it looks

          * kind of stupid to report "password too short".

          */

      }



      /* Email error checking */

      $field = "email";  //Use field name for email

      $field2 = "email2"; //confirm field added by clantron

      if(!$subemail || strlen($subemail = trim($subemail)) == 0){

         $form->setError($field, "* Email not entered");

      }

      else{

         /* Check if valid email address */

         $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"

                 ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"

                 ."\.([a-z]{2,}){1}$";

         if(!eregi($regex,$subemail)){

            $form->setError($field, "* Email invalid");

         }

         /* added by clantron */

         if ($subemail != $subemail2){

            $form->setError($field2, "* Emails do not match");

         }

         /* end added by clantron */

         $subemail = stripslashes($subemail);

      }



      /* Errors exist, have user correct them */

      if($form->num_errors > 0){

         return 1;  //Errors with form

      }

      /* No errors, add the new account to the */

      else{

         if($database->addNewUser($subuser, md5($subpass), $subemail)){

            if(EMAIL_WELCOME){

               $mailer->sendWelcome($subuser,$subemail,$subpass);

            }

            return 0;  //New user added succesfully

         }else{

            return 2;  //Registration attempt failed

         }

      }

   } 

The problem HAS to be within these scripts to my knowledge. I just have no clue where and what it could be. I've been hammering on this for 2 days now and can't see the problem.
Most likely I just read over it or simply dont see it :/
Thanks for any help on this guys.


EDIT:
I added notes to everything I changed from the original to help mark it down.. hopefully.

Also .. I can exclude double entries. I'm the only one using it atm since I'm finishing and testing before going public with it. Besides that it's setup to tell me if a username is already in use, same for email which I used different anyway.

[mab]

I was just browsing the author's code and he does check many of the things including if the username already exists. Basically the INSERT INTO query is returning a FALSE. To get more information about what is occurring, I would add the following echo... statement, right before the return 2; line in the code -

PHP Code:

echo mysql_error()."<br />"; // echo the last error somewhere on the screen

return 2;  //Registration attempt failed 

I did not follow through what you said about adding a check of the password, but usually what happens when you add to code written by someone else and it stops working it is because a variable name got reused and the value in a variable got changed from what the code assumed it contains.

P.S. I did just notice in the addnewuser function that the parameters in the query string are different from the author's original. This might be due to it just being posted here, but you might want to check -

What you posted (note the space in the timestamp is a result of being posted here) -

PHP Code:

$q = "INSERT INTO ".TBL_USERS." (username,PASSWORD,userid,userlevel,email,timestamp,join) VALUES ('$username', '$password', '0', $ulevel, '$email', $time, $joindate)"; 

Author's original -

PHP Code:

$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time)"; 

P.P.S. I notice the addition of the joindate, I assume that you have added this column to the table as this would cause an error in the INSERT INTO?

The time(); stamp function that is being used now contains complete information about year, month, day, hour, minute, second. There is no need to add a separate date item.

[clantron]

Thank you very very much .. now we got a lead on what's going on ...

Code:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'join) VALUES ('mb98', 'de5949721e6352f01dfef317c3e898a8', '0', 

Warning: Cannot modify header information - headers already sent by (output started at /home/drakestone/www/com/include/session.php:336) in /home/drakestone/www/com/process.php on line 117

now.. this doesn't really tell me anything tho...
*looks at process.php line 117 area*
hmm I dont know much about header usage here.

I'll post to show you incase you understand:
process.php lines 114 to 118:

PHP Code:

      else if($retval == 2){ //114

         $_SESSION['reguname'] = $_POST['user']; //115

         $_SESSION['regsuccess'] = false; //116

         header("Location: ".$session->referrer); //117

      } //118 

hmm line 336 mentioned is the echo tho... perhaps I look at the wrong part here...

*looks back at mysql error...*
error in syntax...
I ehm.. sorry to sound stupid but I learned php / mysql pretty much from scratch with not to much help so ... what does that mean?

ok some more info .. hopefully it helps..

near join it says... well join I added ... it's a varchar(50) and the data entered can't be more then 50 signs.
ok what's before that...
timestamp .. that's an original field an int(11)
entered is following command: $time = time();
Everything before that is all normal...


EDIT to your edit:
Yes I added the mysql fields for proper location and personal doublecheck.
it already failed before I did that and I added that to have everything come into the correct place.
EDIT2:
The spaces in timestamp happened when posting it here. No clue why. It's not there in my code atleast.

another edit lol:
Yea I added the joindate because I wish a joindate to be shown. The Time field is continuesly updated as it functions for a "last active".

[clantron]

You were right man ... thanks a friggin lot mab
I dont understand it tho. Both fields are different fields and different variables...
why do they conflict?

EDIT:
Reason why I didn't suspect that is because it already didn't work before I added that... now I've no clue what fixed the first problem... lol

I continued working and adding stuff because I was waiting for a reply by the creator, but after 2 days it got a bit much and I went here.
(where I'm helped a lot faster! thanks a bunch agian!)

EDIT(again )
to let you know what I did is following:
I dropped join from mysql and removed join from php.

[mab]

I added a P.P.S. to the above post. You might consider removing the changes for the joindate.

Ignore the 2nd line of the error message, it is simply do to the fact that you have caused the error message to be displayed on the web page. It will go away once the error is eliminated and the echo ... statement has been removed.

As to the 1st line, it is having a problem starting near the 'join

I suspect that the word join is a reserved keyword, but don't quote me on that unless you check 1st.

[clantron]

hmm I didn't think about that, but makes sense yes.
Thanks a lot mab, you saved me here hehe

yea I read your edits and edited my own post.. kinda got an edit-fest here

I will try agian tho with different name... just to check...
again thanks a lot

ok I tried it with fieldname of createdon
and variable named $usercreationdate
it failed again.. funky how they conflict...

EDIT
ok problem found...
I just dont get it...
the variable used in the mysql line.. I didn't have ' ' around it. That was it.
But why isn't it used with $time and $ulevel ....
you dont have to reply to this.. just personal wondering ...
I'm just happy to have solved the whole thing.

Again thanks a lot mab ... I'm sure I said it a lot already but still !!