Hi, I have successfully added md5 to my membership join page
and the password is encrypted in my database table. However, it
does not go to the member page when successful. It adds all the
data that was filled out in the form into the database table and
then returns with the membership join page again but with the form
empty. Here is my script.
<?php require_once('Connections/member.php'); ?>
<?php
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="choose_another_username.php";
$loginUsername = $_POST['username'];
$LoginRS__query = "SELECT loginname FROM member WHERE
loginname='" . $loginUsername . "'";
mysql_select_db($database_member, $member);
$LoginRS=mysql_query($LoginRS__query, $member) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the username was found
- can not add the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar
= "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar
."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
if (isset($_POST['password'])) {$_POST['password'] =
md5($_POST['password']);}
function GetSQLValueString($theValue, $theType,
$theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ?
addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" :
"NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) .
"'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" :
"NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" .
htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) &&
($_POST["MM_insert"] == "newuser")) {
$insertSQL = sprintf("INSERT INTO member (loginname,
password, lastname, firstname, street, suburb, `state`, postcode,
email, phone, newsletter, changenotes) VALUES (%s, %s, %s, %s, %s,
%s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['password'], "text"),
GetSQLValueString($_POST['lastname'], "text"),
GetSQLValueString($_POST['firstname'], "text"),
GetSQLValueString($_POST['street'], "text"),
GetSQLValueString($_POST['suburb'], "text"),
GetSQLValueString($_POST['select'], "text"),
GetSQLValueString($_POST['postcode'], "int"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['phone'], "int"),
GetSQLValueString(isset($_POST['subscribeyes']) ? "true" :
"", "defined","'Y'","'N'"),
GetSQLValueString(isset($_POST['changeyes']) ? "true" : "",
"defined","'Y'","'N'"));
mysql_select_db($database_member, $member);
$Result1 = mysql_query($insertSQL, $member) or
die(mysql_error());
$insertGoTo = "members_home.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>
I am also trying to add md5 to the loginpage but without
success. I have been told what to add but I am unsure where to add
or what to modify to make it work. Your help on both matters would
be awesome. Here is the md5 addition that I was given
if (isset($_POST['password'])) {$_POST['password'] =
md5($_POST['password']);}
Here is my login script
<?php require_once('Connections/member.php'); ?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
if (isset($_POST['password'])) {$_POST['password'] =
md5($_POST['password']);}
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "members_home.php";
$MM_redirectLoginFailed = "failed_login.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_member, $member);
$LoginRS__query=sprintf("SELECT loginname, password FROM
member WHERE loginname='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername :
addslashes($loginUsername), get_magic_quotes_gpc() ? $password :
addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $member) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
Thanks everyone, I am a PHP nuffie and I really appreciate
all the help!
4
Replies
AdChoices