Impossible Error ! No Way ? Mysql

[MrTouz]

Hi again !

I am ready to take the gun in the closet and shoot myself (very bad) i will try to be simple.

I have my register script working perfectly. Username, Pass, Email,... 5 fields 3 visible from the site. The registering works, the view data from site works... its all perfect.
So i take it to the next step and add couple more fields to my database so the user profile looks more full with some personal data. So i add around 15 different new fields and modify my php to show the new fields on my script from the database... from the MySQL control panel i add some info into my fields to test it out (no edit or update script at the moment) and i save everything... go to my site and it works perfectly... new data is set.

Problem... i can not register to my site anymore ! For 3 fuckin hours i tried to find the error and i found it when i deleted my whole database and sent the query (with the 5 fields again) so now i can register... BUT if i have more than 5 fields... the registering does not work.

___

Ok i thought about something... i did not write the script... i believe it is made so it has to add FULL data into the FULL database or it wont register... problem is.. i don't want them to put all DATA while registering... takes fuckin hours !!!

So i think i need to find a portion of script that allows registration ONLY if i enter all 15 different data ? What does it look like ? is it an other error ? i have the script... but i dunno what to post... its freakin long :/

Thanks !!!

Can this shit be the error ? or the thing that makes me not able to register ?

CODE

class Form
{
var $values = array(); //Holds submitted form field values
var $errors = array(); //Holds submitted form error messages
var $num_errors; //The number of errors in submitted form

/* Class constructor */
function Form(){
/**
* Get form value and error arrays, used when there
* is an error with a user-submitted form.
*/
if(isset($_SESSION['value_array']) && isset($_SESSION['error_array'])){
$this->values = $_SESSION['value_array'];
$this->errors = $_SESSION['error_array'];
$this->num_errors = count($this->errors);

unset($_SESSION['value_array']);
unset($_SESSION['error_array']);
}
else{
$this->num_errors = 0;
}
}

/**
* setValue - Records the value typed into the given
* form field by the user.
*/
function setValue($field, $value){
$this->values[$field] = $value;
}

/**
* setError - Records new form error given the form
* field name and the error message attached to it.
*/
function setError($field, $errmsg){
$this->errors[$field] = $errmsg;
$this->num_errors = count($this->errors);
}

/**
* value - Returns the value attached to the given
* field, if none exists, the empty string is returned.
*/
function value($field){
if(array_key_exists($field,$this->values)){
return htmlspecialchars(stripslashes($this->values[$field]));
}else{
return "";
}
}

/**
* error - Returns the error message attached to the
* given field, if none exists, the empty string is returned.
*/
function error($field){
if(array_key_exists($field,$this->errors)){
return "<font size=\"2\" color=\"#ff0000\">".$this->errors[$field]."</font>";
}else{
return "";
}
}

/* getErrorArray - Returns the array of error messages */
function getErrorArray(){
return $this->errors;
}
};

[swordz]

Post the mysql_query line that tries to add the new user to the database. As that's where I suspect the error is.

swordz

[MrTouz]

Step by step : You put data into the form :

CODE

<?
/**
* The user is already logged in, not allowed to register.
*/
if($session->logged_in){
echo "<h1>Inscrit !</h1>";
echo "<p>Desoler <b>$session->username</b>, tu es deja inscrit sur On C Vu. "
."<a href=\"index.php?id=main\">Acceuil</a>.</p>";
}
/**
* The user has submitted the registration form and the
* results have been processed.
*/
else if(isset($_SESSION['regsuccess'])){
/* Registration was successful */
if($_SESSION['regsuccess']){
echo "<h1>Inscrit !</h1>";
echo "<p>Merci <b>".$_SESSION['reguname']."</b>, tes infos son maintenant dans notre base de données, "
."tu peu dès a present te <a href=\"index.php?id=connect\">connecter</a>.</p>";
}
/* Registration failed */
else{
echo "<h1>Oops !</h1>";
echo "<p>Desoler l'inscription a échouer pour le pseudo : <b>".$_SESSION['reguname']."</b>, "
."essai un peu plus tard !</p>";
}
unset($_SESSION['regsuccess']);
unset($_SESSION['reguname']);
}
/**
* The user has not filled out the registration form yet.
* Below is the page with the sign-up form, the names
* of the input fields are important and should not
* be changed.
*/
else{
?>

<h1>Inscription</h1>
<?
if($form->num_errors > 0){
echo "<br><font size=\"2\" color=\"#ff0000\">".$form->num_errors." erreur(s) trouvée(s)</font><br><br>";
}
?>
<form action="index.php?id=process" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Pseudo :</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td>
</tr>
<tr>
<td>Mot de passe :</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td>
</tr>
<tr>
<td>Email :</td><td><input type="text" name="email" maxlength="50" value="<? echo $form->value("email"); ?>"></td><td><? echo $form->error("email"); ?></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="hidden" name="subjoin" value="1"><input type="submit" value="Envoyer !"></td>
</tr>
<tr>
<td colspan="2" align="left"><a href="index.php?id=main">Retour a la page d'acceuil</a></td>
</tr>
</table>
</form>

<?
}
?>

Than the form sends it to PROCESS

CODE

<?

class Process
{
/* Class constructor */
function Process(){
global $session;
/* User submitted login form */
if(isset($_POST['sublogin'])){
$this->procLogin();
}
/* User submitted registration form */
else if(isset($_POST['subjoin'])){
$this->procRegister();
}
/* User submitted forgot password form */
else if(isset($_POST['subforgot'])){
$this->procForgotPass();
}
/* User submitted edit account form */
else if(isset($_POST['subedit'])){
$this->procEditAccount();
}
/**
* The only other reason user should be directed here
* is if he wants to logout, which means user is
* logged in currently.
*/
else if($session->logged_in){
$this->procLogout();
}
/**
* Should not get here, which means user is viewing this page
* by mistake and therefore is redirected.
*/
else{
header("Location: index.php?id=main");
}
}

/**
* procLogin - Processes the user submitted login form, if errors
* are found, the user is redirected to correct the information,
* if not, the user is effectively logged in to the system.
*/
function procLogin(){
global $session, $form;
/* Login attempt */
$retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));

/* Login successful */
if($retval){
header("Location: ".$session->referrer);
}
/* Login failed */
else{
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
}

/**
* procLogout - Simply attempts to log the user out of the system
* given that there is no logout form to process.
*/
function procLogout(){
global $session;
$retval = $session->logout();
header("Location: index.php?id=main");
}

/**
* procRegister - Processes the user submitted registration form,
* if errors are found, the user is redirected to correct the
* information, if not, the user is effectively registered with
* the system and an email is (optionally) sent to the newly
* created user.
*/
function procRegister(){
global $session, $form;
/* Convert username to all lowercase (by option) */
if(ALL_LOWERCASE){
$_POST['user'] = strtolower($_POST['user']);
}
/* Registration attempt */
$retval = $session->register($_POST['user'], $_POST['pass'], $_POST['email']);

/* Registration Successful */
if($retval == 0){
$_SESSION['reguname'] = $_POST['user'];
$_SESSION['regsuccess'] = true;
header("Location: index.php?id=register");
}
/* Error found with form */
else if($retval == 1){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: index.php?id=register");
}
/* Registration attempt failed */
else if($retval == 2){
$_SESSION['reguname'] = $_POST['user'];
$_SESSION['regsuccess'] = false;
header("Location: index.php?id=register");
}
}

/**
* procForgotPass - Validates the given username then if
* everything is fine, a new password is generated and
* emailed to the address the user gave on sign up.
*/
function procForgotPass(){
global $database, $session, $mailer, $form;
/* Username error checking */
$subuser = $_POST['user'];
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Vous avez oublier d'entrer votre Pseudo<br>");
}
else{
/* Make sure username is in database */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
!eregi("^([0-9a-z])+$", $subuser) ||
(!$database->usernameTaken($subuser))){
$form->setError($field, "* Le Pseudo que vous avez entrer n'existe pas !<br>");
}
}

/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
}
/* Generate new password and email it to user */
else{
/* Generate new password */
$newpass = $session->generateRandStr(8);

/* Get email of user */
$usrinf = $database->getUserInfo($subuser);
$email = $usrinf['email'];

/* Attempt to send the email with new password */
if($mailer->sendNewPass($subuser,$email,$newpass)){
/* Email sent, update database */
$database->updateUserField($subuser, "password", md5($newpass));
$_SESSION['forgotpass'] = true;
}
/* Email failure, do not change password */
else{
$_SESSION['forgotpass'] = false;
}
}

header("Location: ".$session->referrer);
}

/**
* procEditAccount - Attempts to edit the user's account
* information, including the password, which must be verified
* before a change is made.
*/
function procEditAccount(){
global $session, $form;
/* Account edit attempt */
$retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['email']);

/* Account edit successful */
if($retval){
$_SESSION['useredit'] = true;
header("Location: index.php?id=useredit");
}
/* Error found with form */
else{
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: index.php?id=useredit");
}
}
};

/* Initialize process */
$process = new Process;

?>

Than process somehow connects with Session

CODE

<?

include("database.php");
include("mailer.php");
include("form.php");

class Session
{
var $username; //Username given on sign-up
var $userid; //Random value generated on current login
var $userlevel; //The level to which the user pertains
var $time; //Time user was last active (page loaded)
var $logged_in; //True if user is logged in, false otherwise
var $userinfo = array(); //The array holding all user info
var $url; //The page url current being viewed
var $referrer; //Last recorded site page viewed
/**
* Note: referrer should really only be considered the actual
* page referrer in process.php, any other time it may be
* inaccurate.
*/

/* Class constructor */
function Session(){
$this->time = time();
$this->startSession();
}

/**
* startSession - Performs all the actions necessary to
* initialize this session object. Tries to determine if the
* the user has logged in already, and sets the variables
* accordingly. Also takes advantage of this page load to
* update the active visitors tables.
*/
function startSession(){
global $database; //The database connection
session_start(); //Tell PHP to start the session

/* Determine if user is logged in */
$this->logged_in = $this->checkLogin();

/**
* Set guest value to users not logged in, and update
* active guests table accordingly.
*/
if(!$this->logged_in){
$this->username = $_SESSION['username'] = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
}
/* Update users last active timestamp */
else{
$database->addActiveUser($this->username, $this->time);
}

/* Remove inactive visitors from database */
$database->removeInactiveUsers();
$database->removeInactiveGuests();

/* Set referrer page */
if(isset($_SESSION['url'])){
$this->referrer = $_SESSION['url'];
}else{
$this->referrer = "/";
}

/* Set current url */
$this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
}

/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
global $database; //The database connection
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
$this->username = $_SESSION['username'] = $_COOKIE['cookname'];
$this->userid = $_SESSION['userid'] = $_COOKIE['cookid'];
}

/* Username and userid have been set and not guest */
if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
$_SESSION['username'] != GUEST_NAME){
/* Confirm that username and userid are valid */
if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['userid']);
return false;
}

/* User is logged in, set class variables */
$this->userinfo = $database->getUserInfo($_SESSION['username']);
$this->username = $this->userinfo['username'];
$this->userid = $this->userinfo['userid'];
$this->userlevel = $this->userinfo['userlevel'];
return true;
}
/* User not logged in */
else{
return false;
}
}

/**
* login - The user has submitted his username and password
* through the login form, this function checks the authenticity
* of that information in the database and creates the session.
* Effectively logging in the user if all goes well.
*/
function login($subuser, $subpass, $subremember){
global $database, $form; //The database and form object

/* Username error checking */
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Pseudo Oublier !");
}
else{
/* Check if username is not alphanumeric */
if(!eregi("^([0-9a-z])*$", $subuser)){
$form->setError($field, "* Caractères non reconnu !");
}
}

/* Password error checking */
$field = "pass"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Mot de passe oublier !");
}

/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}

/* Checks that username is in database and password is correct */
$subuser = stripslashes($subuser);
$result = $database->confirmUserPass($subuser, md5($subpass));

/* Check error codes */
if($result == 1){
$field = "user";
$form->setError($field, "* Pseudo pas trouver !");
}
else if($result == 2){
$field = "pass";
$form->setError($field, "* Mot de passe incorrect !");
}

/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}

/* Username and password correct, register session variables */
$this->userinfo = $database->getUserInfo($subuser);
$this->username = $_SESSION['username'] = $this->userinfo['username'];
$this->userid = $_SESSION['userid'] = $this->generateRandID();
$this->userlevel = $this->userinfo['userlevel'];

/* Insert userid into database and update active users table */
$database->updateUserField($this->username, "userid", $this->userid);
$database->addActiveUser($this->username, $this->time);
$database->removeActiveGuest($_SERVER['REMOTE_ADDR']);

/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his random value userid. It expires by the time
* specified in constants.php. Now, next time he comes to our site, we will
* log him in automatically, but only if he didn't log out before he left.
*/
if($subremember){
setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH);
}

/* Login completed successfully */
return true;
}

/**
* logout - Gets called when the user wants to be logged out of the
* website. It deletes any cookies that were stored on the users
* computer as a result of him wanting to be remembered, and also
* unsets session variables and demotes his user level to guest.
*/
function logout(){
global $database; //The database connection
/**
* Delete cookies - the time must be in the past,
* so just negate what you added when creating the
* cookie.
*/
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
}

/* Unset PHP session variables */
unset($_SESSION['username']);
unset($_SESSION['userid']);

/* Reflect fact that user has logged out */
$this->logged_in = false;

/**
* Remove from active users table and add to
* active guests tables.
*/
$database->removeActiveUser($this->username);
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);

/* Set user level to guest */
$this->username = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
}

/**
* register - Gets called when the user has just submitted the
* registration form. Determines if there were any errors with
* the entry fields, if so, it records the errors and returns
* 1. If no errors were found, it registers the new user and
* returns 0. Returns 2 if registration failed.
*/
function register($subuser, $subpass, $subemail){
global $database, $form, $mailer; //The database, form and mailer object

/* Username error checking */
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered");
}
else{
/* Spruce up username, check length */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 5){
$form->setError($field, "* Username below 5 characters");
}
else if(strlen($subuser) > 30){
$form->setError($field, "* Username above 30 characters");
}
/* Check if username is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", $subuser)){
$form->setError($field, "* Username not alphanumeric");
}
/* Check if username is reserved */
else if(strcasecmp($subuser, GUEST_NAME) == 0){
$form->setError($field, "* Username reserved word");
}
/* Check if username is already in use */
else if($database->usernameTaken($subuser)){
$form->setError($field, "* Username already in use");
}
/* Check if username is banned */
else if($database->usernameBanned($subuser)){
$form->setError($field, "* Username banned");
}
}

/* Password error checking */
$field = "pass"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Password not entered");
}
else{
/* Spruce up password and check length*/
$subpass = stripslashes($subpass);
if(strlen($subpass) < 4){
$form->setError($field, "* Password too short");
}
/* Check if password is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){
$form->setError($field, "* Password not alphanumeric");
}
/**
* Note: I trimmed the password only after I checked the length
* because if you fill the password field up with spaces
* it looks like a lot more characters than 4, so it looks
* kind of stupid to report "password too short".
*/
}

/* Email error checking */
$field = "email"; //Use field name for email
if(!$subemail || strlen($subemail = trim($subemail)) == 0){
$form->setError($field, "* Email not entered");
}
else{
/* Check if valid email address */
$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
."\.([a-z]{2,}){1}$";
if(!eregi($regex,$subemail)){
$form->setError($field, "* Email invalid");
}
$subemail = stripslashes($subemail);
}

/* Errors exist, have user correct them */
if($form->num_errors > 0){
return 1; //Errors with form
}
/* No errors, add the new account to the */
else{
if($database->addNewUser($subuser, md5($subpass), $subemail)){
if(EMAIL_WELCOME){
$mailer->sendWelcome($subuser,$subemail,$subpass);
}
return 0; //New user added succesfully
}else{
return 2; //Registration attempt failed
}
}
}

/**
* editAccount - Attempts to edit the user's account information
* including the password, which it first makes sure is correct
* if entered, if so and the new password is in the right
* format, the change is made. All other fields are changed
* automatically.
*/
function editAccount($subcurpass, $subnewpass, $subemail){
global $database, $form; //The database and form object
/* New password entered */
if($subnewpass){
/* Current Password error checking */
$field = "curpass"; //Use field name for current password
if(!$subcurpass){
$form->setError($field, "* Mot de passe incorrect !");
}
else{
/* Check if password too short or is not alphanumeric */
$subcurpass = stripslashes($subcurpass);
if(strlen($subcurpass) < 4 ||
!eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
$form->setError($field, "* Mot de passe actuel incorrect !");
}
/* Password entered is incorrect */
if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
$form->setError($field, "* Mot de passe actuel incorrect !");
}
}

/* New Password error checking */
$field = "newpass"; //Use field name for new password
/* Spruce up password and check length*/
$subpass = stripslashes($subnewpass);
if(strlen($subnewpass) < 4){
$form->setError($field, "* Nouveau mot de passe trop court !");
}
/* Check if password is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
$form->setError($field, "* Caractères non reconnu !");
}
}
/* Change password attempted */
else if($subcurpass){
/* New Password error reporting */
$field = "newpass"; //Use field name for new password
$form->setError($field, "* Nouveau mot de passe oublier !");
}

/* Email error checking */
$field = "email"; //Use field name for email
if($subemail && strlen($subemail = trim($subemail)) > 0){
/* Check if valid email address */
$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
."\.([a-z]{2,}){1}$";
if(!eregi($regex,$subemail)){
$form->setError($field, "* Email invalide !");
}
$subemail = stripslashes($subemail);
}

/* Errors exist, have user correct them */
if($form->num_errors > 0){
return false; //Errors with form
}

/* Update password since there were no errors */
if($subcurpass && $subnewpass){
$database->updateUserField($this->username,"password",md5($subnewpass));
}

/* Change Email */
if($subemail){
$database->updateUserField($this->username,"email",$subemail);
}

/* Success! */
return true;
}

/**
* isAdmin - Returns true if currently logged in user is
* an administrator, false otherwise.
*/
function isAdmin(){
return ($this->userlevel == ADMIN_LEVEL ||
$this->username == ADMIN_NAME);
}

/**
* generateRandID - Generates a string made up of randomized
* letters (lower and upper case) and digits and returns
* the md5 hash of it to be used as a userid.
*/
function generateRandID(){
return md5($this->generateRandStr(16));
}

/**
* generateRandStr - Generates a string made up of randomized
* letters (lower and upper case) and digits, the length
* is a specified parameter.
*/
function generateRandStr($length){
$randstr = "";
for($i=0; $i<$length; $i++){
$randnum = mt_rand(0,61);
if($randnum < 10){
$randstr .= chr($randnum+48);
}else if($randnum < 36){
$randstr .= chr($randnum+55);
}else{
$randstr .= chr($randnum+61);
}
}
return $randstr;
}
};


/**
* Initialize session object - This must be initialized before
* the form object because the form uses session variables,
* which cannot be accessed unless the session has started.
*/
$session = new Session;

/* Initialize form object */
$form = new Form;

?>

CODE

<?

class Form
{
var $values = array(); //Holds submitted form field values
var $errors = array(); //Holds submitted form error messages
var $num_errors; //The number of errors in submitted form

/* Class constructor */
function Form(){
/**
* Get form value and error arrays, used when there
* is an error with a user-submitted form.
*/
if(isset($_SESSION['value_array']) && isset($_SESSION['error_array'])){
$this->values = $_SESSION['value_array'];
$this->errors = $_SESSION['error_array'];
$this->num_errors = count($this->errors);

unset($_SESSION['value_array']);
unset($_SESSION['error_array']);
}
else{
$this->num_errors = 0;
}
}

/**
* setValue - Records the value typed into the given
* form field by the user.
*/
function setValue($field, $value){
$this->values[$field] = $value;
}

/**
* setError - Records new form error given the form
* field name and the error message attached to it.
*/
function setError($field, $errmsg){
$this->errors[$field] = $errmsg;
$this->num_errors = count($this->errors);
}

/**
* value - Returns the value attached to the given
* field, if none exists, the empty string is returned.
*/
function value($field){
if(array_key_exists($field,$this->values)){
return htmlspecialchars(stripslashes($this->values[$field]));
}else{
return "";
}
}

/**
* error - Returns the error message attached to the
* given field, if none exists, the empty string is returned.
*/
function error($field){
if(array_key_exists($field,$this->errors)){
return "<font size=\"2\" color=\"#ff0000\">".$this->errors[$field]."</font>";
}else{
return "";
}
}

/* getErrorArray - Returns the array of error messages */
function getErrorArray(){
return $this->errors;
}
};

?>

And somehow it returns as CANT register the user... now it will work because i don't have any extra fields into my database...

[swordz]

Wow... Huge chunks of code... I was following it logically until I couldn't find your database class - any chance of doing the same with database.php?

And... Who wrote this code? As it's quite good as far as I can see... And also probably quite flexible, as it uses classes.

swordz

[MrTouz]

CODE

<?

include("constants.php");

class MySQLDB
{
var $connection; //The MySQL database connection
var $num_active_users; //Number of active users viewing site
var $num_active_guests; //Number of active guests viewing site
var $num_members; //Number of signed-up users
/* Note: call getNumMembers() to access $num_members! */

/* Class constructor */
function MySQLDB(){
/* Make connection to database */
$this->connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $this->connection) or die(mysql_error());

/**
* Only query database to find out number of members
* when getNumMembers() is called for the first time,
* until then, default value set.
*/
$this->num_members = -1;

if(TRACK_VISITORS){
/* Calculate number of users at site */
$this->calcNumActiveUsers();

/* Calculate number of guests at site */
$this->calcNumActiveGuests();
}
}

/**
* confirmUserPass - Checks whether or not the given
* username is in the database, if so it checks if the
* given password is the same password in the database
* for that user. If the user doesn't exist or if the
* passwords don't match up, it returns an error code
* (1 or 2). On success it returns 0.
*/
function confirmUserPass($username, $password){
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}

/* Verify that user is in database */
$q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}

/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);

/* Validate that password is correct */
if($password == $dbarray['password']){
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}

/**
* confirmUserID - Checks whether or not the given
* username is in the database, if so it checks if the
* given userid is the same userid in the database
* for that user. If the user doesn't exist or if the
* userids don't match up, it returns an error code
* (1 or 2). On success it returns 0.
*/
function confirmUserID($username, $userid){
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}

/* Verify that user is in database */
$q = "SELECT userid FROM ".TBL_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}

/* Retrieve userid from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['userid'] = stripslashes($dbarray['userid']);
$userid = stripslashes($userid);

/* Validate that userid is correct */
if($userid == $dbarray['userid']){
return 0; //Success! Username and userid confirmed
}
else{
return 2; //Indicates userid invalid
}
}

/**
* usernameTaken - Returns true if the username has
* been taken by another user, false otherwise.
*/
function usernameTaken($username){
if(!get_magic_quotes_gpc()){
$username = addslashes($username);
}
$q = "SELECT username FROM ".TBL_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
return (mysql_numrows($result) > 0);
}

/**
* usernameBanned - Returns true if the username has
* been banned by the administrator.
*/
function usernameBanned($username){
if(!get_magic_quotes_gpc()){
$username = addslashes($username);
}
$q = "SELECT username FROM ".TBL_BANNED_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
return (mysql_numrows($result) > 0);
}

/**
* addNewUser - Inserts the given (username, password, email)
* info into the database. Appropriate user level is set.
* Returns true on success, false otherwise.
*/
function addNewUser($username, $password, $email){
$time = time();
/* If admin sign up, give admin user level */
if(strcasecmp($username, ADMIN_NAME) == 0){
$ulevel = ADMIN_LEVEL;
}else{
$ulevel = USER_LEVEL;
}
$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time)";
return mysql_query($q, $this->connection);
}

/**
* updateUserField - Updates a field, specified by the field
* parameter, in the user's row of the database.
*/
function updateUserField($username, $field, $value){
$q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE username = '$username'";
return mysql_query($q, $this->connection);
}

/**
* getUserInfo - Returns the result array from a mysql
* query asking for all information stored regarding
* the given username. If query fails, NULL is returned.
*/
function getUserInfo($username){
$q = "SELECT * FROM ".TBL_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
/* Error occurred, return given name by default */
if(!$result || (mysql_numrows($result) < 1)){
return NULL;
}
/* Return result array */
$dbarray = mysql_fetch_array($result);
return $dbarray;
}

/**
* getNumMembers - Returns the number of signed-up users
* of the website, banned members not included. The first
* time the function is called on page load, the database
* is queried, on subsequent calls, the stored result
* is returned. This is to improve efficiency, effectively
* not querying the database when no call is made.
*/
function getNumMembers(){
if($this->num_members < 0){
$q = "SELECT * FROM ".TBL_USERS;
$result = mysql_query($q, $this->connection);
$this->num_members = mysql_numrows($result);
}
return $this->num_members;
}

/**
* calcNumActiveUsers - Finds out how many active users
* are viewing site and sets class variable accordingly.
*/
function calcNumActiveUsers(){
/* Calculate number of users at site */
$q = "SELECT * FROM ".TBL_ACTIVE_USERS;
$result = mysql_query($q, $this->connection);
$this->num_active_users = mysql_numrows($result);
}

/**
* calcNumActiveGuests - Finds out how many active guests
* are viewing site and sets class variable accordingly.
*/
function calcNumActiveGuests(){
/* Calculate number of guests at site */
$q = "SELECT * FROM ".TBL_ACTIVE_GUESTS;
$result = mysql_query($q, $this->connection);
$this->num_active_guests = mysql_numrows($result);
}

/**
* addActiveUser - Updates username's last active timestamp
* in the database, and also adds him to the table of
* active users, or updates timestamp if already there.
*/
function addActiveUser($username, $time){
$q = "UPDATE ".TBL_USERS." SET timestamp = '$time' WHERE username = '$username'";
mysql_query($q, $this->connection);

if(!TRACK_VISITORS) return;
$q = "REPLACE INTO ".TBL_ACTIVE_USERS." VALUES ('$username', '$time')";
mysql_query($q, $this->connection);
$this->calcNumActiveUsers();
}

/* addActiveGuest - Adds guest to active guests table */
function addActiveGuest($ip, $time){
if(!TRACK_VISITORS) return;
$q = "REPLACE INTO ".TBL_ACTIVE_GUESTS." VALUES ('$ip', '$time')";
mysql_query($q, $this->connection);
$this->calcNumActiveGuests();
}

/* These functions are self explanatory, no need for comments */

/* removeActiveUser */
function removeActiveUser($username){
if(!TRACK_VISITORS) return;
$q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE username = '$username'";
mysql_query($q, $this->connection);
$this->calcNumActiveUsers();
}

/* removeActiveGuest */
function removeActiveGuest($ip){
if(!TRACK_VISITORS) return;
$q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE ip = '$ip'";
mysql_query($q, $this->connection);
$this->calcNumActiveGuests();
}

/* removeInactiveUsers */
function removeInactiveUsers(){
if(!TRACK_VISITORS) return;
$timeout = time()-USER_TIMEOUT*60;
$q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE timestamp < $timeout";
mysql_query($q, $this->connection);
$this->calcNumActiveUsers();
}

/* removeInactiveGuests */
function removeInactiveGuests(){
if(!TRACK_VISITORS) return;
$timeout = time()-GUEST_TIMEOUT*60;
$q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE timestamp < $timeout";
mysql_query($q, $this->connection);
$this->calcNumActiveGuests();
}

/**
* query - Performs the given query on the database and
* returns the result, which may be false, true or a
* resource identifier.
*/
function query($query){
return mysql_query($query, $this->connection);
}
};

/* Create database connection */
$database = new MySQLDB;

?>

Btw, it was from Jpmaster 77, type it in google. The script is just awsome... it has everything i need, but made simple... nothing is developped so you need to tweek it to make it nicer and of course make it look nicer with CSS.

[swordz]

Phew... got there in the end... I hope.

CODE

/**
    * addNewUser - Inserts the given (username, password, email)
    * info into the database. Appropriate user level is set.
    * Returns true on success, false otherwise.
    */
   function addNewUser($username, $password, $email){
      $time = time();
      /* If admin sign up, give admin user level */
      if(strcasecmp($username, ADMIN_NAME) == 0){
         $ulevel = ADMIN_LEVEL;
      }else{
         $ulevel = USER_LEVEL;
      }
      $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time)";
      return mysql_query($q, $this->connection);
   }

The problem is the line:

CODE

$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time)";

That format assumes that ('$username', '$password', '0', $ulevel, '$email', $time) are the only fields. To make this better, use the format:

CODE

INSERT INTO `tablename` (`column1name`,`column2name`,`column3name`,`column4name`) VALUES (`column1value`,`column2value`,`column3value`,`column4value`)

You don't need to specify all the columns with this method.

However, I've just realised that this might not be exactly what you're after, but I've looked at so much code this evening, I'm not sure any more...

swordz

[MrTouz]

So you feel what i am feeling

Ive been coding and modifing and changing this thing as well as some freakin css and html since this morning at 9. Its 2316.... i am almost done. Im doing the edit and adding your code.

if i can't find a way i will re-write a whole new registering system. Which will suck but oh well... i am tired of dealing with this.

Thanks for your help... a lot !

This is what i came up with via your instructions :

CODE

$q = "INSERT INTO 'users' ('username','password','userid','userlevel','email','timestamp') VALUES ('$username', '$password', '0', $ulevel, '$email', $time)";

Not able to register at all, i have set the old code back :

CODE

$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time)";

And it works. I am sure i am doing completely stupid as usual...

[IamShipon1988]

Aaahh my head. I just read 60% of the way and it hurts. Is this the template system login script? The MD5 one right? I will try re-reading this and try writing it from what they have and will let you know.

[MrTouz]

I dunno if i posted on the shrud site. But yea this is the new one i am replacing. I am basically replacing it on all my sites. But to start i need one that works

Problem is, i can't have any more fields on my MySql database because if i do... registering wont work. :/ Boooooo

[swordz]

Exactly how I feel atm Shipon! I kept switching between this and a log in script that I'm doing for someone - the two similar but different scripts kept getting muddled in my head...

swordz

[Bogey]

Do you still have the problem or is it solved?

[MrTouz]

I solved it from an other topic.

Basically i could not (did not want to) modify the already made form, i did not want to change the whole php behind it because it looked safe and well coded.

So i made a whole new table and instead of creating data directly upon register i made the data while modifying the 'profile'.

So you register, you are on my user list but do NOT have a profile. And than when you go to your profile... fields are empty (obviously) and what happens is that you enter data and it saves it up into the new table.

its better that way so i can count people having an account and people having a profile - people just registering to people actually using the site - spammers and real users.

And its better organized and safer... damn 4 hits with one rock

[Bogey]

Alright Looks like your happy with what you have. I wonder, is it all in your local server or do you have it hosted somewhere? Just to check up on what your doing

[MrTouz]

Lol, its a secret. I am hacking into the CIA's server and i wanted to register each members data Hahahahahah that was not funny at all.

Nah, im buidling something up, its been over 2 months, well actually a year, but ive sat on it for a year BUT ive moved on with the project so the very first part is almost open... very good project, very smart idea from whom gave it to me... I just need to have full functioning profiles and believe or not... its the hardest part of the freakin system.

Ill post a link here once i am done !