My code technically works, as it registers the user, but it won't keep the user logged in. (yes, once a registration is successful, they should be logged into their new account). It should go right to the index page on success and have the user logged in.

On failure it should reload the page with an error message with in the <p id="error"></p> tags. It doesn't but thats another issue.

so registration.php:

<?php
require_once('checklogin.php');
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) 
{
  $con = mysql_connect('localhost','jddancks','csc255');
  mysql_select_db('dancks_db',$con);
  $match = array();
  $query = sprintf("SELECT * FROM UserTable WHERE nick='%s' OR email='%s'",
  mysql_real_escape_string($_POST['nick']),
  mysql_real_escape_string($_POST['e-mail']));
  $test = mysql_query($query,$con) or die(mysql_error()." line 10");
  if(mysql_num_rows($test)>0)
  {
      $_SESSION['error']=" Someone is already registered with that username/email combination";
  }
  else
  {
    //test username:
    preg_match("/[A-Za-z]+[A-Za-z0-9]{6,12}/",$_POST['nick'],$match);
    if(implode($match)!=$_POST['nick'])
    {
        $_SESSION['error']="Nick did not meet specifications.";
    }
    //test email:
    preg_match("/[A-Za-z0-9]{4,12}+@[A-Za-z0-9]{3,12}+\.[A-Za-z0-9.]{2,5}/",$_POST['e-mail'],$match);
    if(implode($match)!=$_POST['e-mail'])
    {
        if(isset($_SESSION['error']))
        {
            $_SESSION['error']=$_SESSION['error']." Email did not meet specifications.";
        }
        else
        {
            $_SESSION['error']=" Email did not meet specifications.";
        }
    }
    //test pass:
    preg_match("/[A-Za-z0-9]{8,20}/",$_POST['pass'],$match);
    if(implode($match)!=$_POST['pass'])
    {
        if(isset($_SESSION['error']))
        {
            $_SESSION['error']=$_SESSION['error']." Password did not meet specifications.";
        }
        else
        {
            $_SESSION['error']=" Password did not meet specifications.";
        }
     }
     if(!isset($_SESSION['error']))
     {
        unset($_SESSION['error']);
        $query = sprintf("INSERT INTO UserTable(nick,email,pass) VALUES ('%s','%s',SHA1('%s'))",
        mysql_real_escape_string($_POST['nick']),
        mysql_real_escape_string($_POST['e-mail']),
        mysql_real_escape_string($_POST['pass']));
        $reg = mysql_query($query,$con) or die(mysql_error()." line 57");
        //sleep(1);//I didn't think it would be smart to do back to back query on same data.
        $get_data = mysql_query(sprintf("SELECT userID FROM UserTable WHERE nick='%s' AND pass=SHA1('%s')",
        mysql_real_escape_string($_POST['nick']),
        mysql_real_escape_string($_POST['pass'])
        )) or die(mysql_error()+"line 62");
        if(mysql_num_rows($get_data)!=1)
        {
            die("select statement for new user did not match anything in table\n");
        }
        $reg2 = mysql_fetch_assoc($get_data);
        $_SESSION['name']="SHOP";
        $_SESSION['user']=$_POST['nick'];
        $_SESSION['ID'] = $reg2['userID'];
        $_SESSION['email']=$_POST['e-mail'];
        $_SESSION['date']=date('m/d/y');
        $_SESSION['time']=time() + (60*60*2); //stay logged in for 2 hours
        mysql_free_result($get_data);
        mysql_close($con);
        header('Location:http://cs4.sunyocc.edu/~j.d.dancks/onestopshop/index.php');
    }
  }//end else
  mysql_free_result($test);
  mysql_close($con);
}//end if MM_Insert
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Register to list items and bid at the Onestopshop</title>
<script src="SpryAssets/SpryValidationPassword.js" type="text/javascript"></script>
<script src="SpryAssets/SpryValidationConfirm.js" type="text/javascript"></script>
<script type="text/javascript">
if(<?php echo isset($_SESSION['error']);?>)
{
    document.getElementById("error").style.visiblity="visible";
    document.getElementById("error").style.background-color=#FF;
}
</script>
<style type="text/css">
#error
{
    visiblity="hidden";
}
</style>
<link href="SpryAssets/SpryValidationPassword.css" rel="stylesheet" type="text/css" />
<link href="SpryAssets/SpryValidationConfirm.css" rel="stylesheet" type="text/css" />
</head>
<body>
<p id="error" hidden="true"><?php echo (isset($_SESSION['error'])?$_SESSION['error']:""); ?></p>
<form action="register2.php" name="form" method="POST">
<p>non-alphanumeric characters are not allowed. First character in username and email has to be a letter.</p>
<p>User name: <input type="text" name="nick" id="nick" value="<?php echo (isset($_POST['nick'])?$_POST['nick']:"");?>"/></p>
<p>password: <span id="sprypassword1">
<input type="password" name="pass" id="pass" /><span>Password be be between 8-20 characters, 1 upper case, 2 numbers and minimum 4 letters total.</span>
<span class="passwordRequiredMsg">A value is required.</span><span class="passwordMinCharsMsg">Minimum number of characters not met.</span><span class="passwordMaxCharsMsg">Exceeded maximum number of characters.</span><span class="passwordInvalidStrengthMsg">The password doesn't meet the specified strength.</span></span></p>
<span id="spryconfirm1">
<label for="pass2">re-type password:</label>
<input type="password" name="pass2" id="pass2" />
<span class="confirmRequiredMsg">A value is required.</span><span class="confirmInvalidMsg">The values don't match.</span></span>
<p>email: <input type="email" name="e-mail" id="e-mail" value="<?php echo (isset($_POST['e-mail'])?$_POST['e-mail']:"");?>"/>Note: Hostname (name following'@') needs to be at least 3 characters long. What proceeds after the dot should be between 2 and 5 characters long</p>
<input type="hidden" name="MM_insert" value="form" />
<input type="submit" />
</form>
<script type="text/javascript">
var sprypassword1 = new Spry.Widget.ValidationPassword("sprypassword1", {minChars:8, maxChars:20, minUpperAlphaChars:1, minNumbers:2, minAlphaChars:4});
var spryconfirm1 = new Spry.Widget.ValidationConfirm("spryconfirm1", "pass", {validateOn:["change"]});
</script>
</body>
</html>

relevant: checklogin.php:

<?php
session_start();
$good = true;
function redir()
{
    //die("redir is called");
    if(isset($_SERVER['HTTP_REFERER']))
    {
        header('Location:'.$_SERVER['HTTP_REFERER']);
    }
    else
    {
        header('Location:http://cs4.sunyocc.edu/~j.d.dancks/onestopshop/index.php');
    }
}
function logout()
{
        $_SESSION = array();
        session_destroy();
        //header('Location:http://cs4.sunyocc.edu/~j.d.dancks/index.php');
}
if(isset($_SESSION['attempts']))
{
    if($_SESSION['attempts']>=5)
    {
        $good=false;
    }
}
if($good)
{
    if(!isset($_SESSION['time']) || !isset($_SESSION['user']))
    {
        logout();
    }
    else if($_SESSION['time'] < time())
    {
        logout();
    }
}
else
{
    logout();
    redir();
}
function cleanup($junk)
{
    /*$ref = array();
    $ref = $_SESSION;
    $_SESSION = array();
    foreach($var as $ref)
    {
        if(!isset($_POST[array_keys($ref,$var)]))
        {
            $_SESSION[$var] = $ref[$var];
        }
    }*/
    //die("cleanup called\n");
    foreach($junk as $var)
    {
        $k = array_keys($junk,$var);
        if(isset($junk[$k[0]]))
        {
            unset($_SESSION[$k[0]]);
        }
    }
}
?>
Member Avatar for Zagga

Hi,

I don't see session_start(); in your code. This must be called before any output is sent (right after the opening <?php tag is usually a good place to put it).
If the SESSION isn't being started, no session variables will be stored, so this is probably the reason you aren't being shown any error messages as well.

I include in checklogin.php, which I include with require_once. Is that good enough? as I rely on that for the rest of my website.

Member Avatar for Zagga

Hi again dancks,

The session 'should' persist the way you have included it.

We need to find out where your script is causing errors so I would suggest adding a debugging message BEFORE each call to your logout function.
If you add

exit ("Logout called at line xx");

before each logout call (lines 33, 37 and 42) we will find out exactly what is causing the logout. Remember to change each 'xx' to the actual line number.

I appreciate yur help, but I'm tired I'll need to look into this tomorrow.

I suspected it had something to do with the back to back MySQL call to the same data, like both calls were threaded (crap I don't remember my computer science knowledge), like when a thread has to wait for data from a pervious thread, like it starts before the other is finished, and it stalls right from the get go because it needs to wait for the data from the other thread to be produced, so the processor times it out or something. Kills it right on the vine. you know what IDK. That sounds right to me kinda.

So basically right after the mysql insert I take out the 2nd mysql query and instead of goign to the index page I go to an intermediate page where I mysql_query the userID and then go to the index. And that worked.

I do have a logout .php page but its never executed by my code unless the session times out (I have time limits). or if the user logs out.

So kids remember no back to back but front to front is OK.

Member Avatar for Zagga

Interesting!

Maybe you could just close and reopen the database connection, to avoid having to use an intermediary page?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.