close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

 
WebAssist ForumsData BridgeSecurityAssist › Issues with registration page...
Sign in to rate this thread
rating

Issues with registration page...

Thread began 3/11/2010 7:53 am by fdotmedia | Last modified 3/11/2010 3:21 pm by Jason Byrnes | 1859 views | 7 replies |

3/11/2010 7:53 am  |  #1 fdotmedia

Issues with registration page...

I want to, in our register page, have an email address, password and set organizations and exclude people from registering if they DO NOT have a correct organization or 'orgcode'...

I have done it two different ways:

~ register2.php - lets anyone register with any value in the 'orgcode' input field
~ register1.php - denies everyone regardless whether the 'orgcode' is correct

I'm kinda at my wits end... Can someone help please???

Thanks,
Ted

Attached Files
registers.zip
Sign in to reply to this post

3/11/2010 11:21 am  |  #2 Jason ByrnesWebAssist

your on the right track with register1.php, using server validation to validate the number of rows in the orgcode recordset.

the problem is the code order.

The Validation occurs at lines 4 - 18, but the recordset is not created until lines 98 - 102.


delete the code at line 98 - 102:

php:
mysql_select_db($database_Users, $Users);

$query_orgcode = "SELECT * FROM orgcode";

$orgcode = mysql_query($query_orgcode, $Users) or die(mysql_error());

$row_orgcode = mysql_fetch_assoc($orgcode);

$totalRows_orgcode = mysql_num_rows($orgcode);




and lines 19 - 50:

php:
<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue$theType$theDefinedValue ""$theNotDefinedValue ""
{

  if (PHP_VERSION 6) {

    $theValue get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }



  $theValue function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);



  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" $theValue "'" "NULL";

      break;    

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" $theValue "'" "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

?>




then insert the following code at line 4:

php:
<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue$theType$theDefinedValue ""$theNotDefinedValue ""
{

  if (PHP_VERSION 6) {

    $theValue get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }



  $theValue function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);



  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" $theValue "'" "NULL";

      break;    

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" $theValue "'" "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}



mysql_select_db($database_Users$Users);

$query_orgcode "SELECT * FROM orgcode";

$orgcode mysql_query($query_orgcode$Users) or die(mysql_error());

$row_orgcode mysql_fetch_assoc($orgcode);

$totalRows_orgcode mysql_num_rows($orgcode);

?>
Sign in to reply to this post

3/11/2010 11:56 am  |  #3 fdotmedia

No matter what combination of username, password and orgcode I put in - even if it's an existing user, which is supposed to redirect to duplicate.php, it only goes to access-denied.php...

Below is the code on the page...

<?php require_once('../Connections/Users.php'); ?>
<?php require_once("../WA_ValidationToolkit/WAVT_Scripts_PHP.php"); ?>
<?php require_once("../WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php"); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

mysql_select_db($database_Users, $Users);
$query_orgcode = "SELECT * FROM orgcode";
$orgcode = mysql_query($query_orgcode, $Users) or die(mysql_error());
$row_orgcode = mysql_fetch_assoc($orgcode);
$totalRows_orgcode = mysql_num_rows($orgcode);
?> 
<?php 
if ((((isset($_POST["Register"]))?$_POST["Register"]:"") != ""))  {
  $WAFV_Redirect = "access-denied.php";
  $_SESSION['WAVT_register1_Errors'] = "";
  if ($WAFV_Redirect == "")  {
    $WAFV_Redirect = $_SERVER["PHP_SELF"];
  }
  $WAFV_Errors = "";
  $WAFV_Errors .= WAValidateNM($totalRows_orgcode . "",-1,0,"",",.",true,1);

  if ($WAFV_Errors != "")  {
    PostResult($WAFV_Redirect,$WAFV_Errors,"register1");
  }
}
?>
<?php
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
  $MM_dupKeyRedirect="duplicate.php";
  $loginUsername = $_POST['emailaddress'];
  $LoginRS__query = sprintf("SELECT emailaddress FROM users WHERE emailaddress=%s", GetSQLValueString($loginUsername, "text"));
  mysql_select_db($database_Users, $Users);
  $LoginRS=mysql_query($LoginRS__query, $Users) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);

  //if there is a row in the database, the username was found - can not add the requested username
  if($loginFoundUser){
    $MM_qsChar = "?";
    //append the username to the redirect page
    if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
    $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
    header ("Location: $MM_dupKeyRedirect");
    exit;
  }
}
?>
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
?>
<?php
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "WAATKRegistrationForm")) {
  $insertSQL = sprintf("INSERT INTO users (emailaddress, password, orgcode, receiveEmails) VALUES (%s, %s, %s, %s)",
                       GetSQLValueString($_POST['emailaddress'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['orgcode'], "text"),
                       GetSQLValueString($_POST['receiveEmails'], "text"));

  mysql_select_db($database_Users, $Users);
  $Result1 = mysql_query($insertSQL, $Users) or die(mysql_error());

  $insertGoTo = "login.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}
?>
Sign in to reply to this post

3/11/2010 12:02 pm  |  #4 Jason ByrnesWebAssist

edit the org code recordset to filter the orgcode column on the org code form element.

Sign in to reply to this post

3/11/2010 2:54 pm  |  #5 fdotmedia

I changed this...

$query_orgcode = "SELECT * FROM orgcode";



to this...

$query_orgcode = sprintf("SELECT * FROM orgcode WHERE orgcode = %s", GetSQLValueString($colname_orgcode, "text"));



And it allows anyone to register...

Sign in to reply to this post

3/11/2010 2:58 pm  |  #6 Jason ByrnesWebAssist

please posta copy of the page so I can see the entire code in context.

Sign in to reply to this post

3/11/2010 3:00 pm  |  #7 fdotmedia

Thanks Jason

<?php require_once('../Connections/Users.php'); ?>
<?php require_once("../WA_ValidationToolkit/WAVT_Scripts_PHP.php"); ?>
<?php require_once("../WA_ValidationToolkit/WAVT_ValidatedForm_PHP.php"); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

mysql_select_db($database_Users, $Users);
$query_orgcode = "SELECT * FROM orgcode";
$orgcode = mysql_query($query_orgcode, $Users) or die(mysql_error());
$row_orgcode = mysql_fetch_assoc($orgcode);
$totalRows_orgcode = mysql_num_rows($orgcode);
?> 
<?php 
if ((((isset($_POST["Register"]))?$_POST["Register"]:"") != ""))  {
  $WAFV_Redirect = "access-denied.php";
  $_SESSION['WAVT_register1_Errors'] = "";
  if ($WAFV_Redirect == "")  {
    $WAFV_Redirect = $_SERVER["PHP_SELF"];
  }
  $WAFV_Errors = "";
  $WAFV_Errors .= WAValidateNM($totalRows_orgcode . "",-1,0,"",",.",true,1);

  if ($WAFV_Errors != "")  {
    PostResult($WAFV_Redirect,$WAFV_Errors,"register1");
  }
}
?>
<?php
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
  $MM_dupKeyRedirect="duplicate.php";
  $loginUsername = $_POST['emailaddress'];
  $LoginRS__query = sprintf("SELECT emailaddress FROM users WHERE emailaddress=%s", GetSQLValueString($loginUsername, "text"));
  mysql_select_db($database_Users, $Users);
  $LoginRS=mysql_query($LoginRS__query, $Users) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);

  //if there is a row in the database, the username was found - can not add the requested username
  if($loginFoundUser){
    $MM_qsChar = "?";
    //append the username to the redirect page
    if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
    $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
    header ("Location: $MM_dupKeyRedirect");
    exit;
  }
}
?>
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
?>
<?php
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "WAATKRegistrationForm")) {
  $insertSQL = sprintf("INSERT INTO users (emailaddress, password, orgcode, receiveEmails) VALUES (%s, %s, %s, %s)",
                       GetSQLValueString($_POST['emailaddress'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['orgcode'], "text"),
                       GetSQLValueString($_POST['receiveEmails'], "text"));

  mysql_select_db($database_Users, $Users);
  $Result1 = mysql_query($insertSQL, $Users) or die(mysql_error());

  $insertGoTo = "login.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=UTF-8" />

<title>My Personal Health Journal .:. Please Register!</title>

<meta name="keywords" content="employee health, employees, employees health, wellness, wellness education, healthy Quarters, HealthyQuarters, healthyquarters.net, my personal health journal" />
<meta name="description" content="Healthy employees make healthy companies and the difficulty is getting and keeping a workforce healthy and motivated. That's where My Personal Health Journal comes in." />

<link rel="stylesheet" type="text/css" media="screen, print, projection"  href="../login.css"></link>
<script src="../SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>
<script src="../SpryAssets/SpryValidationPassword.js" type="text/javascript"></script>

<link href="../SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
<link href="../SpryAssets/SpryValidationPassword.css" rel="stylesheet" type="text/css" />

</head>
<body>
<table align="center" width="820" height="675" background="../images/clogin.jpg" cellpadding="0" cellspacing="0">
	<tr>
    	<td width="80"><img src="../images/spacer.gif" width="80" height="350" /></td>
    	<td height="350" width="360"><img src="../images/spacer.gif" width="360" height="350" /></td>
        <td width="380"><img src="../images/spacer.gif" width="380" height="350" /></td>
   	</tr>
    <tr>
    	<td width="80" valign="top"><img src="../images/spacer.gif" width="80" height="320" /></td>
    	<td valign="top" width="360" height="320">
        	<h2>Corporate Registration</h2>
<form action="<?php echo $editFormAction; ?>" method="post" name="WAATKRegistrationForm" id="WAATKRegistrationForm">
	<table width="100%" border="0" align="left" cellpadding="6" cellspacing="0">
  		<tr>
    		<td align="right" class="login-sm" width="26%">Email Address:</td>
    		<td><span id="req-email">
            <input type="text" name="emailaddress" id="emailaddress" value="" size="15" />
            <span class="textfieldRequiredMsg">Required.</span><span class="textfieldInvalidFormatMsg">Email Address.</span></span></td>
  		</tr>
  		<tr>
    		<td align="right" class="login-sm">Password:</td>
    		<td><span id="req-pass">
    		  <input type="password" name="password" id="password" value="" size="15" />
   		    <span class="passwordRequiredMsg">Required.</span></span></td>
  		</tr>
  		<tr>
    		<td align="right" class="login-sm">OrgCode:</td>
    		<td><span id="req-orgcode">
    		  <input type="text" name="orgcode" id="orgcode" value="" size="15" />
   		    <span class="textfieldRequiredMsg">Required.</span></span></td>
  		</tr>
        <tr>
       	  <td align="right" class="login-sm">SPAM:</td>
          <td style="font-size:10px">1 + 1 =<span id="req-math">
          <input type="text" name="math" class="" id="math" size="5" />
          <span class="textfieldRequiredMsg">Try the number 2.</span><span class="textfieldInvalidFormatMsg">Wrong answer.</span></span></td>
        </tr>
  		<tr>
    		<td colspan="2" align="center">
                <input type="Submit" name="Register" id="Register" value="Register"><br /> <span class="login-sm"><a href="email-pw.php">forgot your password?</a> | <a href="index.php">login</a> | <a href="contact-us.php">contact us</a></span>
                <input type="hidden" name="receiveEmails" id="receiveEmails" value="" >
      			<input type="hidden" name="MM_insert" value="WAATKRegistrationForm">
          	</td>
  		</tr>
	</table>
</form>
</td>
        <td width="380" height="320"><img src="../images/spacer.gif" width="380" height="320" /></td>
    </tr>
</table>
<script type="text/javascript">
<!--
var sprytextfield1 = new Spry.Widget.ValidationTextField("req-math", "custom", {validateOn:["blur"], pattern:"2"});
var sprytextfield2 = new Spry.Widget.ValidationTextField("req-email", "email", {validateOn:["blur"]});
var sprypassword1 = new Spry.Widget.ValidationPassword("req-pass", {validateOn:["blur"]});
var sprytextfield3 = new Spry.Widget.ValidationTextField("req-orgcode", "none", {validateOn:["blur"]});
//-->
</script>
</body>
</html>
<?php
mysql_free_result($orgcode);
?>
Sign in to reply to this post

3/11/2010 3:21 pm  |  #8 Jason ByrnesWebAssist

this code has a basic unfiltered query:
$query_orgcode = "SELECT * FROM orgcode";


you ned to change it to filter the orgcode column on the posted orgcode form element.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Everything else!

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

go to page top
Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...