Page 1 of 1

Add first name and last name to the register system help me.

Posted: Mon May 07, 2012 9:09 am
by hys
Hello

I have tryed to fix the first name and last name for the register system. But i can't get it to work it well not put the date to my mysql.

here is the register.php code:
<?php 

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])) {
	if (empty($_POST['username'])) {
		$errors[] = 'The username cannot be empty.';
	}
	
	if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
		$errors[] = 'The email address you entered does not appear to be valid.';
	}
	
	if (empty($_POST['password']) || empty($_POST['repeat_password'])) {
		$errors[] = 'The password cannot be empty.';
	}
	
	if ($_POST['password'] !== $_POST['repeat_password']) {
		$errors[] = 'Password verification failed.';
	}
	
	if (user_exists($_POST['username'])) {
		$errors[] = 'The username you entered is already taken.';
	}
	
	if (empty($errors)) {
		add_user($_POST['username'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['password']);
		
		header('Location: protected.php');
		die();
	}
}

?>
<!DOCTYPE html>

<html lang="da">
<head>
        <meta charset="utf-8">
        <title></title>
	<link rel="stylesheet" type="text/css" href="ext/css/style.css" />

</head>
	<body>
		<div>
			<?php
			
			if (empty($errors) === false) {
				?>
				<ul>
					<?php
					
					foreach ($errors as $error) {
						echo "<li>{$error}</li>";
					}
					
					?>
				</ul>
			<?php
			}
			
				?>
		</div>
		<form action="" method="post">
			<p>
				<label for="username"><b>Username:</b><br/></label>
				<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
			</p>
			<p>
				<label for="username"><b>Firstname:</b><br/></label>
				<input type="text" name="firstname" id="firstname" value="<?php if (isset($_POST['firstname'])) echo htmlentities($_POST['firstname']); ?>" />
			</p>
			<p>
				<label for="username"><b>Lastname:</b><br/></label>
				<input type="text" name="lastname" id="lastname" value="<?php if (isset($_POST['lastname'])) echo htmlentities($_POST['lastname']); ?>" />
			</p>
			<p>
				<label for="email"><b>Email:</b><br/></label>
				<input type="text" name="email" id="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email']); ?>" />
			</p>
			<p>
				<label for="password"><b>Password:</b><br/></label>
				<input type="password" name="password" id="password" />
			</p>
			<p>
				<label for="repeat_password"><b>Repeat Password:</b><br/></label>
				<input type="password" name="repeat_password" id="repeat_password" />
			</p>
			<p>
				<input type="submit" value="Register" />
			</p>
		</form>
	</body>
</html>
And here is the user.inc.php code:
<?php

// fetches the right profile with id.
function fetch_current_user_id($username){
        $username = mysql_real_escape_string($username);
       
        $sql = "SELECT `user_id` FROM `users` WHERE `user_name` = '{$username}'";
        $result = mysql_query($sql);
       
        return mysql_result($result, 0);
}
 
if(empty($_SESSION['uid'])){
        $_SESSION['uid'] = fetch_current_user_id($_SESSION['username']);
}

// fetches all of the users from the table.
function fetch_users() {
	$result = mysql_query('SELECT `user_id` AS `id`, `user_name` AS `username` FROM `users`');
	
	$users = array();
	
	while (($row = mysql_fetch_assoc($result)) !== false) {
		$users[] = $row;
	}	
	
	return $users;
}

// fetches profile infomation for the given user.
function fetch_user_info($uid) {
	$uid = (int)$uid;
	
	$sql = "SELECT
				`user_id` AS `id`,
				`user_name` AS `username`,
				`user_firstname` AS `firstname`,
				`user_lastname` AS `lastname`,
				`user_email` AS `email`,
				`user_about` AS `about`,
				`user_location` AS `location`,
				`user_gender` AS `gender`
			FROM `users`
			WHERE `user_id` = {$uid}";
			
	$result = mysql_query($sql);
	
	$info = mysql_fetch_assoc($result);
	
	$info['avatar'] = (file_exists("{$GLOBALS['path']}/user_avatars/{$info['id']}.jpg")) ? "core/user_avatars/{$info['id']}.jpg" : "core/user_avatars/default.jpg";
	
	return $info;
}

// updates the current users profile info.
function set_profile_info($email, $about, $location ,$avatar) {
	$email		= mysql_real_escape_string(htmlentities($email));
	$about		= mysql_real_escape_string(nl2br(htmlentities($about)));
	$location 	= mysql_real_escape_string($location);
	
	if (file_exists($avatar)) {
		$src_size = getimagesize($avatar);
		
		if ($src_size['mime'] === 'image/jpeg') {
			$src_img = imagecreatefromjpeg($avatar);
		}else if ($src_size['mime'] === 'image/png') {
			$src_img = imagecreatefrompng($avatar);
		}else if ($src_size['mime'] === 'image/gif') {
			$src_img = imagecreatefromgif($avatar);
		}else {
			$src_img = false;
		}
		
		if ($src_img !== false) {
			$thumb_width = 200;
			
			if ($src_size[0] <= $thumb_width) {
				$thumb = $src_img;
			}else {
				$new_size[0] = $thumb_width;
				$new_size[1] = ($src_size[1] / $src_size[0]) * $thumb_width;
				
				$thumb = imagecreatetruecolor($new_size[0], $new_size[1]);
				imagecopyresampled($thumb, $src_img, 0, 0, 0, 0, $new_size[0], $new_size[1], $src_size[0], $src_size[1]);
			}
			
			imagejpeg($thumb, "{$GLOBALS['path']}/user_avatars/{$_SESSION['uid']}.jpg");
		}
	}
	
	$sql = "UPDATE `users` SET
				`user_email` = '{$email}',
				`user_about` = '{$about}',
				`user_location` = '{$location}'
			WHERE `user_id` = {$_SESSION['uid']}";
			
	mysql_query($sql);
}

// check if the given username exists in the database.
function user_exists($user) {
	$user 	= mysql_real_escape_string($user);
	
	$total 	= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}

// check if the given username and password combination is valid.
function valid_credentials($user, $pass) {
	$user 	= mysql_real_escape_string($user);
	$pass 	= mysql_real_escape_string($pass);
	
	$total 	= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");

	return (mysql_result($total, 0) == '1') ? true : false;
}

// checks is the given user account is active.
function is_active($user) {
	$user = mysql_real_escape_string($user);
	
	$sql = "SELECT
				COUNT(`user_activations`.`user_id`)
			FROM `users`
			INNER JOIN `user_activations`
			ON `users`.`user_id` = `user_activations`.`user_id`
			WHERE `users`.`user_name` = '{$user}'";
			
	$result = mysql_query($sql);
	
	return (mysql_result($result, 0) == '0') ? true : false;
}


// activates the account related to the given activation code.
function activate_account($aid) {
	$aid = mysql_real_escape_string($aid);
	
	mysql_query("DELETE FROM `user_activations` WHERE `activation_code` = '{$aid}'");
}

// adds a user to the database
function add_user($user, $firstname, $lastname, $email, $pass) {
	$user 	= mysql_real_escape_string(htmlentities($user));
	$firstname 	= mysql_real_escape_string(htmlentities($firstname));
	$lastname 	= mysql_real_escape_string(htmlentities($lastname));
	$email 	= mysql_real_escape_string($email);
	$pass 	= sha1($pass);
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
	$aid = implode('', array_rand($charset, 10));
	
	$body = <<<EMAIL

	Hi,
	
	Thanks for registering, before you login you need to activate your account.
	
	To do that simply click the following link.
	
	http://localhost:8888/UserSystem/activate.php?aid={$aid}

EMAIL;

	mail($email, 'Your new account at onslowdemolering.dk', $body, 'From: ekim@onslowdemolering.dk');
	
	mysql_query("INSERT INTO `users` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')");
	
	$user_id = mysql_insert_id();
	
	mysql_query("INSERT INTO `user_activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");
}

?>
But i have edited this part in user.inc.php code:
// adds a user to the database
function add_user($user, $firstname, $lastname, $email, $pass) {
	$user 	= mysql_real_escape_string(htmlentities($user));
	$firstname 	= mysql_real_escape_string(htmlentities($firstname));
	$lastname 	= mysql_real_escape_string(htmlentities($lastname));
	$email 	= mysql_real_escape_string($email);
	$pass 	= sha1($pass);
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
	$aid = implode('', array_rand($charset, 10));
Hope u can help me with that.

// Hys

Re: Add first name and last name to the register system help

Posted: Mon May 07, 2012 9:25 pm
by jacek
I'm sure I replied to this already ! Oh well, double explanation !

In the add_user() function you need to modify the INSERT query to account for the new columns.

It would also be a good idea to add the new $_POST fields to the isset check and do some simple validation like with all the other fields.

Re: Add first name and last name to the register system help

Posted: Mon May 07, 2012 9:30 pm
by hys
jacek wrote:I'm sure I replied to this already ! Oh well, double explanation !

In the add_user() function you need to modify the INSERT query to account for the new columns.

It would also be a good idea to add the new $_POST fields to the isset check and do some simple validation like with all the other fields.
Sorry if i need you to explain it again.

But i don´t really understand it how much of the change i did is wrong hehe :)

Re: Add first name and last name to the register system help

Posted: Thu May 10, 2012 12:40 am
by jacek
hys wrote:But i don´t really understand it how much of the change i did is wrong hehe :)
Nothing really, you just did half the job.

If you understand what is going on in the INSERT query it should be pretty simple to change.