PHP assistance

[laszlo]

Okay, this is really weird for me to be asking for assistance when it comes to coding, but alas I actually need some help please.

I am currently working with some scripts of mine and all of a sudden they stop working for no reason what-so-ever. No forms will submit to the database at all and its really starting to tick me off to be honest.

Here is the coding for my registration and you will see what I mean.

<?

include "functions.php";

if ($action == "signup") {

    # RESERVED ARRAY
    $reserved = array("nabakza","webmaster","hiddenbeauxbatons","rpgteam","support","rpg","anonymous",
    "staff","staffs","info","request","question","faq","admin","thestaff","staffs",
    "hogwarts","store","hexstaff","hexstaffs","harry","harrypotter","hermione");
    $user = trim($user);
    $email = trim($email);
    $password = rand(100000000,999999999);
    $encrypt = iencrypt($password);

    # VALIDATION : $user
    if ($user == "") $error[1] = "Your username is required.";
    elseif (strlen($user) > 20 || strlen($user) < 3) $error[1] = "Your username must be within 3 to 20 characters.";
    elseif (eregi_replace("[A-Za-z0-9_]","",$user) != "") $error[1] = "Your username contains invalid characters.";
    elseif (mysql_count("users WHERE username='$user'")) $error[1] = "Username '$user' is taken by other user. Please choose another. Thanks.";
    elseif (in_array(strtolower($user),$reserved)) $error[1] = "Sorry, this username is reserved. Please choose another. Thanks.";

    if (!$agree) $error[100] = "You must agree to the terms and conditions to sign up here.";

    # VALIDATION : $email
    if ($email == "") $error[3] = "Your email is required.";
    elseif (eregi("^([a-z]|[0-9]|\.|-|_)+@([a-z]|[0-9]|\.|-|_)+\.([a-z]|[0-9]){2,3}$",$email)
    and !eregi("(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)",$email)  ) {} else $error[3] = "Email address is invalid.";

    if (is_array($error)) {
        foreach ($error as $each) $message .= "$each<br>";
        message("Sign Up",$message,1);
    } else {
        mysql_query("INSERT INTO users SET username='$user',password='$encrypt',email='$email',lastlogin='$time',started='$time'");
                     
        sendmail($email,"Welcome to Hidden Beauxbatons !!!","Hiya $firstname,

Welcome to Hidden Beauxbatons. The best Harry Potter role playing site on the internet.

Your account details are as follows :

Username : $user
Password : $password

Have fun !

Best wishes,

Hidden Beauxbatons Team");

        header("location:/signup.php?action=done");
        exit;
    }
}

if ($action == "done") {

include "header.php";

?>

<font size=2>
<b>Hidden Beauxbatons - Sign Up</b><p>



<style type="text/css">

.textfield { font-family: Verdana; font-size: 10px; color: black; border: 1px #FFCC00 solid; background-color: white;}

</style>

<table border=0 cellpadding=0 cellspacing=1>
<tr><td>

<table border=0 cellpadding=2 cellspacing=1 width=450>
<tr bgcolor>
<td>

<font size=2><br>
Your account has been created.<br>
An email has been sent which contains your login information.<br>
You should receive it within 5 minutes.<br>
Login on the right navigation bar enter your account.<br>
<b>- Hidden Beauxbatons</b><p>
</font>

</td>
</tr>
</table>

</td></tr>
</table>

<?

include "footer.php";
exit;

}

include "header.php";

?>

<font size=2>
<b>Hidden Beauxbatons - Sign Up</b><p>

<font size=1>
* Please read the terms and conditions before signing up. Thanks ^_^ !<p>

</font>

<form action="signup.php" method="post">
<input type=hidden name=action value="signup">
<table border=0 cellpadding=0 cellspacing=1>
<tr><td>
<table border=0 cellpadding=2 cellspacing=1 width=450>
<tr
<td colspan=3><font size=2><b>Account Information</b></font></td>
</tr>
<tr>
<td colspan=3>&nbsp;</td>
</tr>
<tr>
<td width=100><font size=2>Username :</font></td>
<td width=200><input name=user size=20 maxlength=20 style="width:160px;" class="textfield"></td>
<td width=150>A-Z,a-z,0-9_<br>3-20 characters</td>
</tr>
<tr>
<td width=100><font size=2>Email :</font></td>
<td width=200><input name=email size=20 maxlength=50 style="width:160px;" class="textfield"></td>
<td width=150> </td>
</tr>
<tr>
<td width=100> </td>
<td colspan=2>Please enter a valid email address. If you don't have an email address, you
can sign up for one at <a href="http://mail.yahoo.com" target=_blank>Yahoo</a> or <a href="http://www.hotmail.com" target=_blank>Hotmail</a>. We will send the password to your email address above.</td>
</tr>

<tr>
<td colspan=3>&nbsp;</td>
</tr>

<tr>
<td>&nbsp;</td><td colspan=2><input type=checkbox name=agree> I agree to the <a href="terms.phtml">terms and conditions</a></td>
</tr>
<tr>
<td colspan=3 align=center><input type=submit value=" Submit " class="textfield"> <input type=reset value=" Reset " class="textfield"></td>
</tr>
</table>

</td></tr>
</table>
</form>

<?

include "footer.php";

?>

if anyone could help me at all please it would be greatful .

 

[ferrari_chris]

Um, it's kind of hard to tell much from that code.

Is your connection information included somewhere? In functions.php I'd imagine.

Are you getting any errors?

 

[GilesGuthrie]

Yes, without errors it's hard to diagnose. I note that you're assuming that REGISTER_GLOBALS is set to on, as you're referencing what I assume to be form variables directly, rather than using the superglobal $_POST[]. If your host has disabled register_globals, that will quite effectively bork your code.

I like to put this in:

<?php

if($debug)
{
	?><p><table cellpadding="2" cellspacing="0" id="viewoutput">
	<th>Key</th><th>Value</th>
<?php
	// List the keys and values sent to the form
	while(list($key, $value) = each($_POST))
	{
	?>		<tr><td><?php echo $key; ?></td><td><?php echo $value; ?></td></tr>
<?php
	}
	?></table></p>
	<?php
}
?>

$debug is set in my startup file to put the site in debug mode. But what this does is fire out the contents of the $_POST array, so you can see what's been passed to your form handler. Particularly useful if you have checkboxes on your form.

 

[laszlo]

Cheers fellas and it looks like my host has actually disabled the register_global's .. hmm, is there a way of turning them on myself?

 

[ferrari_chris]

Cheers fellas and it looks like my host has actually disabled the register_global's .. hmm, is there a way of turning them on myself?

If you can get into the PHP setup file on the server, I imagine that's were the flag is. PHP.ini or something like that? You may not be able to get to it though, depending on your host.

*EDIT* - Yes, it is: http://en.wikibooks.org/wiki/ProgrammingHP:Register_Globals

It says in that link it's been off by default since PHP4.2.0. Maybe your host just upgraded their PHP?

 

[laszlo]

yup looks like the host has upgraded *sigh*

however I've made my own php.ini file on the shared hosting I'm on and it seems to be working perfectly at last. THANK GOD.. cheers for the help

 

[GilesGuthrie]

You really need to be careful about it though. I just pulled all of the implied globals out of my PHP code as it can cause huge consequences for form spoofing, mainly because with the globals registered, there's no difference between a GET and a POST. I think you should consider using the superglobals, even if you just put a header section at the top of your file registering your variables manually.