brabus85
Reputation: 71
if statement mysql value and form value error
I am trying to create a random string with my function which works and to insert the string in my table.
After submitting register.php the page activation.php follows. On the activation page the user should input the generated string and if it works the page login.php follows.
My problem is that on the activation.php page the error "ERROR" show. It looks like my if condition between the user input $code and the variable $result wont work. Where is the mistake?
<?php require_once './auth.php'; ?>
<?php
//activation.php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="user2"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// upload picture
// Get values from form
if (isset($_POST['code'])) {
$code=$_POST['code'];
}
$username = ($_SESSION['user']['username']);
// Insert data into mysql
$result = mysql_query("SELECT code FROM user2 WHERE username = '$username'");
if (!$result) {
echo 'Konnte Abfrage nicht ausführen: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
if( $result == $_POST['code']){
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/socialad/login.php');
//$codedelete = mysqli_query("UPDATE user2 SET code='0' WHERE username = '$username'");
}
else {
echo "ERROR";
}
// close connection
mysql_close();
?>
<?php
session_start(); // auth.php
session_regenerate_id();
if (empty($_SESSION['login'])) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/login.php');
exit;
} else {
$username = ($_SESSION['user']['username']);
}
?>
<?php
//register.php
$message = array();
if (!empty($_POST)) {
if(isset($_POST['f']['country']) )
{
$country = $_POST['f']['country'];
}
function generateRandomString($length = 8) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
$randomString = generateRandomString();
if (
empty($_POST['f']['username']) ||
empty($_POST['f']['password']) ||
empty($_POST['f']['password_again']) ||
empty($_POST['f']['email']) ||
empty($_POST['f']['firstname']) ||
empty($_POST['f']['lastname']) ||
empty($_POST['f']['phone']) ||
empty($_POST['f']['town']) ||
empty($_POST['f']['street']) ||
empty($_POST['f']['zip'])
) {
$message['error'] = 'Es wurden nicht alle Felder ausgefüllt.';
} else if ($_POST['f']['password'] != $_POST['f']['password_again']) {
$message['error'] = 'Die eingegebenen Passwörter stimmen nicht überein.';
} else {
unset($_POST['f']['password_again']);
$salt = '';
for ($i = 0; $i < 22; $i++) {
$salt .= substr('./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', mt_rand(0, 63), 1);
}
$_POST['f']['password'] = crypt(
$_POST['f']['password'],
'$2a$10$' . $salt
);
$mysqli = @new mysqli('localhost', 'root', '', '');
if ($mysqli->connect_error) {
$message['error'] = 'Datenbankverbindung fehlgeschlagen: ' . $mysqli->connect_error;
}
$query = sprintf(
"INSERT INTO user2 (username, password, email, firstname, lastname, phone, town, street, zip, country, code)
SELECT * FROM (SELECT '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') as new_user
WHERE NOT EXISTS (
SELECT username FROM user2 WHERE username = '%s'
) LIMIT 1;",
$mysqli->real_escape_string($_POST['f']['username']),
$mysqli->real_escape_string($_POST['f']['password']),
$mysqli->real_escape_string($_POST['f']['email']),
$mysqli->real_escape_string($_POST['f']['firstname']),
$mysqli->real_escape_string($_POST['f']['lastname']),
$mysqli->real_escape_string($_POST['f']['phone']),
$mysqli->real_escape_string($_POST['f']['town']),
$mysqli->real_escape_string($_POST['f']['street']),
$mysqli->real_escape_string($_POST['f']['zip']),
$mysqli->real_escape_string($_POST['f']['country']),
$mysqli->real_escape_string($randomString),
$mysqli->real_escape_string($_POST['f']['username'])
);
$mysqli->query($query);
if ($mysqli->affected_rows == 1) {
$message['success'] = 'Neuer Benutzer (' . htmlspecialchars($_POST['f']['username']) . ') wurde angelegt, <a href="login.php">weiter zur Anmeldung</a>.';
header('Location: http://' . $_SERVER['HTTP_HOST'] . '//activation.php');
// $empfaenger = $_POST['f']['email'];
// $betreff = "Registration";
// $from = "From: Webmaster <[email protected]>";
// $text = "Thank you for your registration. Your code is : " + $randomString;
// mail($empfaenger, $betreff, $text, $from);
session_start();
$_SESSION = array(
'login' => true,
'user' => array(
'username' => $row['username']
)
);
} else {
}
$mysqli->close();
}
}
?>
Upvotes: 0
Views: 64
Answers (1)
Henders
Reputation: 1215
As I understand it, you are asking why you are shown "ERROR" on activation.php. "ERROR" is created by this piece of code, as i'm sure you know:
if( $result == $_POST['code']){
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/socialad/login.php');
} else {
echo "ERROR";
}
What you are are currently checking for is: IF $result (which contains the return of mysql_query which would be a resource. See here for more details: PHP Mysql_query) is the same as $_POST['code'] which is probably not what you are looking for. I think what you actually want to check for is this:
if($row[0] == $code){
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/socialad/login.php');
}
Upvotes: 1
Related Questions
- Using IF statements with MySql and PHP error
- MySQL returns always Error
- MySQL- IF Statement error
- How do I add php if statement into my form
- PHP issue: using if statement
- PHP + MySQL problems :(
- Broken If statment in SQL Query
- php if else error with form field
- MySql if statment not working
- PHP Mysql If statement not working