Hey everyone. I just recently set up(or tried to) a userdatabase where people can log in and see a user edit page. For some reason when you try to register, instead of redirecting to the successfull register page, it just goes to a page, "process.php" which process the login when clicked. Below is my register function... can anyone see a problem?? Thanks.

function procRegister()
    {
        global $session, $form;

        //Registration attempt
        $retval = $session->register( $_POST['username'], $_POST['password'], $_POST['email'] );
        
        //Registration success
        if( $retval == 0 )
        {
            $_SESSION['reguname']   = $_POST['username'];
            $_SESSION['regsuccess'] = true;
            header( "Location: ".$session->referrer );
        }
        
        //Error found with form
        else if( $retval == 1 )
        {
            $_SESSION['value_array'] = $_POST;
            $_SESSION['error_array'] = $form->getErrorArray();
            header( "Location: ".$session->referrer );
        }
        //Registration attempt failed
        else if( $retval == 2 )
        {
            
            $_SESSION['reguname']  = $_POST['username'];
            $_SESSION['regsuccess'] = false;
            header( "Location: ".$session->referrer );
        }
    }

On log in success you redirect to $session->referrer, which unlikely is the success page. Change it to the url of your success page.

I changed it to the following but even then it stays on process.php and I cant get past it. Any help would be much apprecaited.

header( "Location: ".$session->referrer );

Instead of header( "Location: ".$session->referrer ); put the success page in a different variable e.g.

$host = $_SERVER;
$uri = rtrim(dirname($_SERVER), '/\\');
$good = 'success_page.php';

header("Location: http://$host$uri/$good");

And if you want to add maybe an error page in a different variable you could do the following:

$host = $_SERVER;
$uri = rtrim(dirname($_SERVER), '/\\');
$good = 'success_page.php';
$bad = 'denied.php';

header("Location: http://$host$uri/$bad");

Just a thought

<?php
$con = mysql_connect('localhost', 'root', '') OR die("Error: ".mysql_error());
mysql_select_db('db_name', $con) OR die("Error: ".mysql_error());

function protect($string){
    $string = mysql_real_escape_string($string);
    $string = strip_tags($string);
    $string = addslashes($string);

    return $string;
}
if(!$_POST['submit']){
    echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\" align=\"center\">\n";
    echo "<form method=\"post\" action=\"".$self."\">\n";
    echo "<tr><td colspan=\"2\" align=\"center\" bgcolor=\"#333333\"><font color=\"#ffffff\">Registration Form</font></td></tr>\n";
    echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
    echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
    echo "<tr><td>Confirm</td><td><input type=\"password\" name=\"passconf\"></td></tr>\n";
    echo "<tr><td>E-Mail</td><td><input type=\"text\" name=\"email\"></td></tr>\n";
    echo "<tr><td align=\"left\"><input type=\"submit\" name=\"submit\" value=\"Register\"></form></td><form action='login.php' method='POST'><td align=\"right\"><input type=\"submit\" value=\"Login\"></td></tr>\n";
    echo "</form></table>\n";
}else {
    $username = protect($_POST['username']);
    $password = protect($_POST['password']);
    $confirm = protect($_POST['passconf']);
    $email = protect($_POST['email']);

    $errors = array();

        if(!$username){
            $errors[] = "Username is not defined!";
        }

        if(!$password){
            $errors[] = "Password is not defined!";
        }

        if($password){
            if(!$confirm){
                $errors[] = "Confirmation password is not defined!";
            }
        }

        if(!$email){
            $errors[] = "E-mail is not defined!";
        }



        if($username){
            if(!ctype_alnum($username)){
                $errors[] = "Username can only contain numbers and letters!";
            }

            $range = range(1,32);
            if(!in_array(strlen($username),$range)){
                $errors[] = "Username must be between 1 and 32 characters!";
            }
        }

        if($password && $confirm){
            if($password != $confirm){
                $errors[] = "Passwords do not match!";
            }
        }

        if($email){
            $checkemail = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i";
            if(!preg_match($checkemail, $email)){
                $errors[] = "E-mail is not valid, must be [email]name@server.tld[/email]!";
            }
        }


        if($username){
            $sql = "SELECT * FROM `users` WHERE `username`='".$username."'";
            $res = mysql_query($sql) or die(mysql_error());

                if(mysql_num_rows($res) > 0){
                    $errors[] = "The username you supplied is already in use!";
                }
        }

        if($email){
            $sql2 = "SELECT * FROM `users` WHERE `email`='".$email."'";
            $res2 = mysql_query($sql2) or die(mysql_error());

                if(mysql_num_rows($res2) > 0){
                    $errors[] = "The e-mail address you supplied is already in use of another user!";
                }

        }

        if(count($errors) > 0){
            foreach($errors AS $error){
                echo $error . "<br>\n";
            }
        }else {
            $sql4 = "INSERT INTO `users`
                    (`username`,`password`,`email`)
                    VALUES ('".$username."','".$password."','".$email."')";
            $res4 = mysql_query($sql4) or die(mysql_error());
            echo "<font align=\"center\"><br><br>You have successfully registered with the username <b>".$username."</b> and the password <b>".$password."</b>!</font>";
        }
}

Edited 3 Years Ago by mike_2000_17: Fixed formatting

Comments
Don't bump a 3 year old thread.
This article has been dead for over six months. Start a new discussion instead.