PHP register form problems
108 views
Skip to first unread message
Jennifer
Mar 30, 2012, 12:10:10 PM3/30/12
to reCAPTCHA
I haven't been using PHP very long and admittedly, I had help writing
the form initially, but without the captcha, I was getting junk
registrations - something I want to stop ASAP, but getting the captcha
to behave has proven to be a challenge.
Here's my code:
<?php require_once('Connections/test.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) :
$theValue;
}
$theValue = function_exists("mysql_real_escape_string") ?
mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
}
return $theValue;
}
}
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="login.php";
$loginUsername = $_POST['username'];
$LoginRS__query = sprintf("SELECT username FROM `user` WHERE
username=%s", GetSQLValueString($loginUsername, "text"));
mysql_select_db($database_test, $test);
$LoginRS=mysql_query($LoginRS__query, $test) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the username was found - can
not add the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect .
$MM_qsChar ."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
$privatekey = "";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("The reCAPTCHA wasn't entered correctly. Go back and try it
again." .
"(reCAPTCHA said: " . $resp->error . ")");
} else {
// Your code here to handle a successful verification
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1"))
{
$insertSQL = sprintf("INSERT INTO `user` (username, password, email,
paypal) VALUES (%s, %s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['password'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['paypal'], "text"));
mysql_select_db($database_test, $test);
$Result1 = mysql_query($insertSQL, $test) or die(mysql_error());
$insertGoTo = "welcome.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
}
?>
<?php include ('header.php'); ?>
<div id="content">
<div id="contentleft">
<form action="<?php echo $editFormAction; ?>" method="post"
name="form1" id="form1">
<table align="center">
<tr valign="baseline">
<td nowrap="nowrap" align="right">Username:</td>
<td><input type="text" name="username" value="" size="32" /></
td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Password:</td>
<td><input type="text" name="password" value="" size="32" /></
td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Email:</td>
<td><input type="text" name="email" value="" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Paypal:</td>
<td><input type="text" name="paypal" value="" size="32" /></
td>
</tr>
<tr><td colspan="2"><?php
require_once('recaptchalib.php');
$publickey = ""; // you got this from the signup page
echo recaptcha_get_html($publickey);
}
?></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"> </td>
<td><input type="submit" value="Register!" /></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form1" />
</form>
<p> </p>
</div>
<?php include ('sidebar.php'); ?>
</div>
<?php include ('footer.php'); ?>
Everything's handled in the one file, regiser.php. I know it's "dummy
level" but it works - without the captcha, which is what I need help
fixing.
This is all the troubleshooting info said:
Form Has No Validation
If there's currently no validation logic for your form -- if clicking
on submit always succeeds -- then you have a more tricky problem. In
that case you'll have to add the reCAPTCHA validation code right
before the existing form handling code does whatever it does when the
user submits. You'll also have to figure out how to redisplay the form
to give the user another attempt at the captcha. Unfortunately there's
no one stock answer to how you do that. It depends entirely on the
structure of the code you already have. If the existing code isn't too
complex you may have luck posting it on the reCAPTCHA developer forum
and asking for advice. (If you do post there, be sure to include
enough information for others to help you; simply saying "my code
doesn't work" usually doesn't yield good results.)
https://developers.google.com/recaptcha/docs/troubleshooting#wheretoadd
I did make a good attempt at putting the code in, but when I ran it on
the server, I got a blank page http://club.dreamangelsparadise.com/register.php
I probably have the code in the wrong place - it's usually something
that silly, but I'd welcome the help to make this work and prevent
further spam registrations on my site.
the form initially, but without the captcha, I was getting junk
registrations - something I want to stop ASAP, but getting the captcha
to behave has proven to be a challenge.
Here's my code:
<?php require_once('Connections/test.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) :
$theValue;
}
$theValue = function_exists("mysql_real_escape_string") ?
mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
}
return $theValue;
}
}
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="login.php";
$loginUsername = $_POST['username'];
$LoginRS__query = sprintf("SELECT username FROM `user` WHERE
username=%s", GetSQLValueString($loginUsername, "text"));
mysql_select_db($database_test, $test);
$LoginRS=mysql_query($LoginRS__query, $test) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the username was found - can
not add the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect .
$MM_qsChar ."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
$privatekey = "";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("The reCAPTCHA wasn't entered correctly. Go back and try it
again." .
"(reCAPTCHA said: " . $resp->error . ")");
} else {
// Your code here to handle a successful verification
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1"))
{
$insertSQL = sprintf("INSERT INTO `user` (username, password, email,
paypal) VALUES (%s, %s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['password'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['paypal'], "text"));
mysql_select_db($database_test, $test);
$Result1 = mysql_query($insertSQL, $test) or die(mysql_error());
$insertGoTo = "welcome.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
}
?>
<?php include ('header.php'); ?>
<div id="content">
<div id="contentleft">
<form action="<?php echo $editFormAction; ?>" method="post"
name="form1" id="form1">
<table align="center">
<tr valign="baseline">
<td nowrap="nowrap" align="right">Username:</td>
<td><input type="text" name="username" value="" size="32" /></
td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Password:</td>
<td><input type="text" name="password" value="" size="32" /></
td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Email:</td>
<td><input type="text" name="email" value="" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Paypal:</td>
<td><input type="text" name="paypal" value="" size="32" /></
td>
</tr>
<tr><td colspan="2"><?php
require_once('recaptchalib.php');
$publickey = ""; // you got this from the signup page
echo recaptcha_get_html($publickey);
}
?></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"> </td>
<td><input type="submit" value="Register!" /></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form1" />
</form>
<p> </p>
</div>
<?php include ('sidebar.php'); ?>
</div>
<?php include ('footer.php'); ?>
Everything's handled in the one file, regiser.php. I know it's "dummy
level" but it works - without the captcha, which is what I need help
fixing.
This is all the troubleshooting info said:
Form Has No Validation
If there's currently no validation logic for your form -- if clicking
on submit always succeeds -- then you have a more tricky problem. In
that case you'll have to add the reCAPTCHA validation code right
before the existing form handling code does whatever it does when the
user submits. You'll also have to figure out how to redisplay the form
to give the user another attempt at the captcha. Unfortunately there's
no one stock answer to how you do that. It depends entirely on the
structure of the code you already have. If the existing code isn't too
complex you may have luck posting it on the reCAPTCHA developer forum
and asking for advice. (If you do post there, be sure to include
enough information for others to help you; simply saying "my code
doesn't work" usually doesn't yield good results.)
https://developers.google.com/recaptcha/docs/troubleshooting#wheretoadd
I did make a good attempt at putting the code in, but when I ran it on
the server, I got a blank page http://club.dreamangelsparadise.com/register.php
I probably have the code in the wrong place - it's usually something
that silly, but I'd welcome the help to make this work and prevent
further spam registrations on my site.
PJH
Apr 2, 2012, 5:08:54 AM4/2/12
to reca...@googlegroups.com
On Fri, Mar 30, 2012 at 5:10 PM, Jennifer <teikoun...@gmail.com> wrote:
> I did make a good attempt at putting the code in, but when I ran it on
> the server, I got a blank page http://club.dreamangelsparadise.com/register.php
> I did make a good attempt at putting the code in, but when I ran it on
> the server, I got a blank page http://club.dreamangelsparadise.com/register.php
That's an indication that you have a syntax error somewhere in your
php and the default error reporting is to not send the errors to the
browser.
You either need to (temporarily) change the error reporting to report
errors to the user[1] or (better still) view the error logs on the
webserver. The latter is preferred, since that can still report errors
that won't get passed to the user.
[1] http://php.net/manual/en/function.error-reporting.php
--
PJH
Reply all
Reply to author
Forward
0 new messages