Editing Register.php - cant get DOB to pass to the database Editing Register.php - cant get DOB to pass to the database
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Editing Register.php - cant get DOB to pass to the database

Started by nymyth, July 20, 2005, 04:32:55 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

nymyth

July 20, 2005, 04:32:55 AM
Ok heres the issue:  On the register page all we wanted was Email address and Date of Birth.  Also the email address would act as the user login.  The DOB has 3 text boxes for MM, DD, YYYY.  Also the email address and the DOB go into another table called cpg_bdays.  I also put an "echo" tag to see what data is being passed when an user signs up. 

So now when the users clicks submit, I see this data being passed from the echo tag:

Code Select
INSERT INTO cpg_bdays (user_bday_email, bday_month, bday_day, bday_year) VALUES ('yahoo@yahoo.com', '', '', '')

The url is: www.sandbarsaturdays.com/gallery

So i know the email is being passed to the new table (cpg_bdays) but the DOB information isnt.  Can anyone help me out with this, below is the register.php code block:

Code Select
define('IN_COPPERMINE', true);
define('REGISTER_PHP', true);

require('include/init.inc.php');
require('include/mailer.inc.php');

if (!$CONFIG['allow_user_registration'] || USER_ID) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);

if (defined('UDB_INTEGRATION')) udb_register_page();
// Display the disclaimer
function display_disclaimer()
{
    global $CONFIG, $PHP_SELF;
    global $lang_register_disclamer, $lang_register_php;

    starttable(-1, $lang_register_php['term_cond']);
    echo <<<EOT
        <form method="post" action="$PHP_SELF">
        <tr>
                <td class="tableb" style="padding: 10px;">

EOT;
    echo str_replace('{SITE_NAME}', $CONFIG['gallery_name'], $lang_register_disclamer);

    echo <<<EOT
                </td>
        </tr>
        <tr>
                <td colspan="2" align="center" class="tablef">
                        <input type="submit" name="agree" value="{$lang_register_php['i_agree']}" class="button">
                </td>
        </tr>
        </form>

EOT;
    endtable();
}

function input_user_info($errors = '')
{
    global $CONFIG, $PHP_SELF, $HTTP_POST_VARS;
    global $lang_register_php;

    starttable(-1, $lang_register_php['enter_info'], 2);
    echo <<<EOT
        <form method="post" action="$PHP_SELF">

EOT;

    $form_data = array(
        array('label', $lang_register_php['required_info']),
        //array('input', 'username', $lang_register_php['username'], 25),
        //array('password', 'password', $lang_register_php['password'], 25),
        //array('password', 'password_verification', $lang_register_php['password_again'], 25),
        array('input', 'email', $lang_register_php['email'], 255),
        // taken from line 80 below
        //array('input', 'website', $lang_register_php['website'], 255),
        array('bday', 'bday_month', $lang_register_php['bday_month'], 3),
        //array('input', 'bday_day', $lang_register_php['bday_day'], 2),
        //array('input', 'bday_year', $lang_register_php['bday_year'], 4),
        array('label', $lang_register_php['optional_info']),
        array('input', 'location', $lang_register_php['location'], 255),
        array('input', 'interests', $lang_register_php['interests'], 255)
        //,array('input', 'website', $lang_register_php['website'], 255),
        //array('input', 'occupation', $lang_register_php['occupation'], 255),
        );

    foreach ($form_data as $element) switch ($element[0]) {
        case 'label' :
            echo <<<EOT
        <tr>
            <td colspan="2" class="tableh2">
                        <b>{$element[1]}<b>
        </td>
        </tr>

EOT;
            break;

        case 'input' :
            if (isset($HTTP_POST_VARS[$element[1]])) {
                $value = $HTTP_POST_VARS[$element[1]];
            } else {
                $value = '';
            }
            echo <<<EOT
        <tr>
            <td width="40%" class="tableb"  height="25">
                        {$element[2]}
        </td>
        <td width="60%" class="tableb" valign="top">
                <input type="text" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="$value" class="textinput">
                </td>
        </tr>

EOT;
            break;


        case 'bday' :
            echo <<<EOT
        <tr>
            <td width="40%" class="tableb"  height="25">
                        Bday
        </td>
        <td width="60%" class="tableb" valign="top">
                <input type="text" style="width: 100%" name="bday_month" maxlength="2" class="textinput" value="MM">
                <input type="text" style="width: 100%" name="bday_day" maxlength="2" class="textinput" value="DD">
                <input type="text" style="width: 100%" name="bday_year" maxlength="4" class="textinput" value="YYYY">
                </td>
        </tr>

EOT;
            break;


        case 'password' :
            echo <<<EOT
        <tr>
            <td width="40%" class="tableb"  height="25">
                        {$element[2]}
        </td>
        <td width="60%" class="tableb" valign="top">
                <input type="password" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="" class="textinput">
                </td>
        </tr>

EOT;
            break;

        default:
            cpg_die(CRITICAL_ERROR, 'Invalid action for form creation ' . $element[0], __FILE__, __LINE__);
    }

    if ($errors) {
        echo <<<EOT
        <tr>
                <td colspan="2" class="tableh2" align="center">
                        <b>&#149;&nbsp;&#149;&nbsp;&#149;&nbsp;{$lang_register_php['error']}&nbsp;&#149;&nbsp;&#149;&nbsp;&#149;</b>
                </td>
        </tr>
        <tr>
                <td colspan="2" class="tableb">
                        <b><ul>$errors</ul><b>
                </td>
        </tr>

EOT;
    }
    echo <<<EOT
        <tr>
                <td colspan="2" align="center" class="tablef">
                        <input type="submit" name="submit" value="{$lang_register_php['submit']}" class="button">
                </td>
        </tr>
        </form>

EOT;
    endtable();
}

function get_post_var($var)
{
    global $HTTP_POST_VARS, $lang_errors;

    if (!isset($HTTP_POST_VARS[$var])) cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'] . " ($var)", __FILE__, __LINE__);
    return trim($HTTP_POST_VARS[$var]);
}

function check_user_info(&$error)
{
    global $CONFIG, $HTTP_SERVER_VARS, $PHP_SELF;
    global $lang_register_php, $lang_register_confirm_email, $lang_continue;

    // substituted username for email
    $user_name = trim(get_post_var('email'));

    // set all passwords to the same
    // took out the following: $password = trim(get_post_var('password'));
    $password = 'password';

    // took out the following: $password_again = trim(get_post_var('password_verification'));
    $password_again = 'password';
    $email = trim(get_post_var('email'));

    // taken from line 189 below
    //$website = addslashes(get_post_var('website'));
    $website = '';

    $location = addslashes(get_post_var('location'));
    $interests = addslashes(get_post_var('interests'));

    // $website = addslashes(get_post_var('website'));
    //$website = 'www.sandbarsaturdays.com';

    // $occupation = addslashes(get_post_var('occupation'));
    $occupation = '';

    $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "'";
    $result = db_query($sql);

    if (mysql_num_rows($result)) {
        $error = '<li>' . $lang_register_php['err_user_exists'];
        return false;
    }
    mysql_free_result($result);

    if (strlen($user_name) < 2) $error .= '<li>' . $lang_register_php['err_uname_short'];
    if (strlen($password) < 2) $error .= '<li>' . $lang_register_php['err_password_short'];
    if ($password == $user_name) $error .= '<li>' . $lang_register_php['err_uname_pass_diff'];
    if ($password != $password_again) $error .= '<li>' . $lang_register_php['err_password_mismatch'];

    if (!eregi("^[_\.0-9a-z\-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$", $email)) $error .= '<li>' . $lang_register_php['err_invalid_email'];

    if ($error != '') return false;

    if (!$CONFIG['allow_duplicate_emails_addr']) {
        $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'";
        $result = db_query($sql);

        if (mysql_num_rows($result)) {
            $error = '<li>' . $lang_register_php['err_duplicate_email'];
            return false;
        }

        mysql_free_result($result);
    }

    if ($CONFIG['reg_requires_valid_email']) {
        $active = 'NO';
        list($usec, $sec) = explode(' ', microtime());
        $seed = (float) $sec + ((float) $usec * 100000);
        srand($seed);
        $act_key = md5(uniqid(rand(), 1));
    } else {
        $active = 'YES';
        $act_key = '';
    }

    $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_location, user_interests, user_website, user_occupation) " . "VALUES (NOW(), '$active', '$act_key', '" . addslashes($user_name) . "', '" . addslashes($password) . "', '" . addslashes($email) . "', '$location', '$interests', '$website', '$occupation' )";
    $sql2 = "INSERT INTO cpg_bdays " . "(user_bday_email, bday_month, bday_day, bday_year) " . "VALUES ('$email', '" . addslashes($bday_month) . "', '$bday_day', '$bday_year')";
    $result = db_query($sql);
    $result2 = db_query($sql2);
    echo $sql2;
   
    if ($CONFIG['reg_requires_valid_email']) {
        $act_link = $CONFIG['ecards_more_pic_target'] . 'register.php?activate=' . $act_key;
        $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'],
            '{USER_NAME}' => $user_name,
            '{PASSWORD}' => $password,
            '{ACT_LINK}' => $act_link
            );
        if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), strtr($lang_register_confirm_email, $template_vars))) {
            cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
        }
        msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_continue, 'index.php');
    } else {
        msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php');
    }

    // email notification to admin
        if ($CONFIG['reg_notify_admin_email'])
        {
        cpg_mail($CONFIG['gallery_admin_email'], sprintf($lang_register_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php['notify_admin_email_body'], $user_name));
        }

    return true;
}

pageheader($lang_register_php['page_title']);
if (isset($HTTP_POST_VARS['agree'])) {
    input_user_info();
} elseif (isset($HTTP_POST_VARS['submit'])) {
    $errors = '';
    if (!check_user_info($errors)) {
        input_user_info($errors);
    }
} elseif (isset($HTTP_GET_VARS['activate'])) {
    $act_key = addslashes(substr($HTTP_GET_VARS['activate'], 0 , 32));
    if (strlen($act_key) != 32) cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);

    $sql = "SELECT user_active " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_actkey = '$act_key' " . "LIMIT 1";
    $result = db_query($sql);
    if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);

    $row = mysql_fetch_array($result);
    mysql_free_result($result);

    if ($row['user_active'] == 'YES') cpg_die(ERROR, $lang_register_php['acct_already_act'], __FILE__, __LINE__);

    $sql = "UPDATE {$CONFIG['TABLE_USERS']} " . "SET user_active = 'YES' " . "WHERE user_actkey = '$act_key' " . "LIMIT 1";
    $result = db_query($sql);

    msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'http://www.sandbarsaturdays.com');
} else {
    display_disclaimer();
}
pagefooter();
ob_end_flush();

?>

Nibbler

#1
July 20, 2005, 03:11:13 PM
It doesn't work because you are using made up variables, $bday_month does not exist unless you assign a value to it in a similar way to the code at the top of check_user_info().

nymyth

#2
July 20, 2005, 03:31:26 PM
not following, can u show me an example....thanks

Nibbler

#3
July 20, 2005, 03:37:30 PM
Code Select
$bday_month = (int) get_post_var('bday_month');

nymyth

#4
July 20, 2005, 03:47:20 PM
yeah sorry nibbler, i kinda figured it out...

Code Select
    // birthday information
    $bday_month = trim(get_post_var('bday_month'));
    $bday_day = trim(get_post_var('bday_day'));
    $bday_year = trim(get_post_var('bday_year'));

still cant believe i forgot to assign the variables...hahaha...thanks alot......

ps..is there anyway to check a number has been placed instead of a letter in the DOB fields.

THANKS AGAIN

Peace

Nibbler

#5
July 20, 2005, 04:55:03 PM
You can use the is_numeric() function.

nymyth

#6
July 21, 2005, 06:00:34 AM
where would i put it and how??? sorry

Peace

kegobeer

#7
July 21, 2005, 06:03:54 AM
Code Select
if (is_numeric($variable)) {
     is a number...
} else {
     not a number
}

(int) makes the variable a number.  The code Nibbler posted sanitizes the variable.  Just perform a check to make sure the number is within parameters.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots
Print
Go Up Pages1
User actions