Hello,
I am a amateur php programmer and I have a problem with two scripts.
The first one is a script that checks if the new user typed in a login
name or password that is already used by another user and it looks in
the database for that information and if is not found in the database
then it stores it inside the database and sends them a 
message with their information.The second one checks if the user
is already signed up and lets them in if they are or if they are
not it tells them that the user name or password is invalid. When I
try any of the two scripts it just shows a blank screen. Here are the
two scripts and I really need to know what is wrong with them.


Script #1:
<?
  session_start();                                              //  8
include("connection.php");    
switch (@$do)   
{
     }                                     // 60
      foreach($HTTP_POST_VARS as $key => $value)                // 61
      {
        if ($key != "")                                      // 63
        {
          if ($value == "")                                     // 65
          {
           unset($do);
            $message_new = "Required information is missing. 
                Please try again.";
            include("CHECKALL2.php");
            exit();
          }
        }
             /* check to see if login name already exists */
      $connection = mysql_connect($host,$user,$password)      // 123
                or die ("Couldn't connect to server.");
      $db = mysql_select_db($database, $connection)
                or die ("Couldn't select database.");
      $sql = "SELECT loginName FROM Members 
                WHERE loginName='$newname'";
      $result = mysql_query($sql)
                or die("Couldn't execute query.");
      $num = mysql_numrows($result);
      if ($num > 0)                                           // 132
      {
        unset($do);
        $message_new = "$newname already used. Select another 
                         member ID.";
        include("CHECKALL2.php");
        exit();
      }
      else                                                    // 140
      {   
        $today = time("Y-m-d");
        $sql = "INSERT INTO Members (loginName,password,
                  ) VALUES
                ('$newname',password('$newpass'),
                 )";
        mysql_query($sql); 
        $auth="yes";                                          // 150
        $logname = $newname;                                  // 151
        /* send email to new member */                        // 152
        $emess1="A new Member Account has been setup for you. ";
        $emess2="Your new Member ID and password are: ";
        $emess3="\n\n\t$newname\n\t$newpass\n\n";
        $emess4="We appreciate your interest in Pet Store ";
        $emess5="at PetStore.com\n\n";
        $emess6="If you have any questions or problems, email ";
        $emess7="webmaster@petstore.com";
        $emess = 
           $emess1.$emess2.$emess3.$emess4.$emess5.$emess6.$emess7;
        $ehead="From: member-desk@petstore.com\r\n";          // 162
        $subject = "Your new Member Account from Pet Store";
        $mailsend=mail("$email","$subject","$emess","$ehead");// 
                       // 165
     }
  }


Script #2:

<?php
  session_start();                                              //  8
  session_register('auth');                                     //  9
  session_register('logname');
  include("connection.php");                                         
// 11
  switch (@$do)                                                 // 12
  {
    case "login":                                               // 14
      $connection = mysql_connect($host, $user,$password)       // 15
               or die ("Couldn't connect to server.");
      $db = mysql_select_db($database, $connection)
               or die ("Couldn't select database.");

      $sql = "SELECT loginName FROM Members                      // 19
              WHERE loginName='$fusername'";
      $result = mysql_query($sql)
                  or die("Couldn't execute query.");
      $num = mysql_num_rows($result);                           // 23
      if ($num == 1)  // login name was found                      24
      {
         $sql = "SELECT loginName FROM Members                   // 26
                 WHERE loginName='$fusername'
                 AND password=password('$fpassword')";
         $result2 = mysql_query($sql)
                   or die("Couldn't execute query.");
         $num2 = mysql_num_rows($result2);
         if ($num2 > 0)  // password is correct                 // 32
         {
           $auth="yes";                                         // 34
           $logname=$fusername;                                 // 35
           $today = date("Y-m-d h:m:s");                        // 36
           $sql = "INSERT INTO Login (loginName,loginTime)
                   VALUES ('$logname','$today')";
           mysql_query($sql) or die("Can't execute query.");
           header("Location: test1.php");                 // 40
         }
         else    // password is not correct                     // 42
         {
           unset($do);                                          // 44
           $message="The Login Name, '$fusername' exists,       // 45
                     but you have not entered the correct 
                     password! Please try again.<br>";
           include("login_form.inc");                           // 48
         } 
      }                                                         // 50
      elseif ($num == 0)  // login name not found               // 51
      {   
         unset($do);                                            // 53
         $message = "The Login Name you entered does not 
                     exist! Please try again.<br>";
         include("CHECKALL2.php");
      }
    break;  
}                                                    // 58
?>

---

Request for Question Clarification by andyt-ga on 21 Jul 2003 16:59 PDT

galgal1-ga,

the scripts are referencing 3 files:

connection.php
CHECKALL2.php
login_form.inc

It'd be much easier to debug this if we knew the contents of these
files.

Also, would finding you a register and login script that does a
similiar task as the scripts below be acceptable?

---

Clarification of Question by galgal1-ga on 22 Jul 2003 10:56 PDT

Hello Andyt-ga,
Thank you for answering my questions.  I am sorry for the mistake but
login_form.inc is not suppose to be there. Instead there should be
CHECKALL2.php. CHECKALL2.php is a script that includes a script that
checks the previous information that is in another script and if the
information that the user gave (from a previous page) would be correct
then it displays another script that inludes the user name and
password (it is still not fully done so please ignore any kind of
spelling or other uncomplete things). CHECKALL2.php is located below.
Then the script is send to script #1 and is processed using it so that
it checks if the user name already exists and if it is in the correct
format. Please tell me if there is another (better) way to organize
these scripts. connection.php just includes my information (such as
user name, password, database name, and so on). Yes, another script
would be acceptable and thank you again for being so kind. I don't
think these script are any good at all anyway.





Here is CHECKALL2.php:


<html>
<head><title>Empty fields</title></head>
<body background="C:\My Documents\My Webs\graystarsbg.gif">    

<FONT SIZE=-1 FACE="Taxoma"COLOR="Black">
<CENTER>
<img src="C:\My Documents\My Webs\logo.gif"></CENTER>
<h3>Step1 - Please fill out the following information
<u>cafefully</u>. This information will be used to send you for
auditions.
The fields that have a star (*) must be filled out.</h3>
                                            <hr><br><br><br>
                                            

<?php
include("connection.php");
$connection = mysql_connect($host,$user,$password)      // 123
                or die ("Couldn't connect to server.");
      $db = mysql_select_db($database, $connection)
                or die ("Couldn't select database.");

  /* set up array of field labels */
  $label_array = array ( "first_name" => "First Name",
                         "last_name" => "Last Name",
                         "country" => "Country",
                         "address1" => "Address1",
		         "address2" => "Address2",
		         "city" => "City",
			 "state" => "State",
                         "zip" => "Zip",
                         "zip2" => "Zip2",
                         "area_code1" => "Area Code1",
                         "phone_number" => "Phone Number",
                         "area_code2" => "Area Code2",
                         "cell_number" => "Cell Number",
                         "phone_outside_us" => "Phone Outside U.S",
                         "email" => "E-mail",
                         "DOB" => "Date of Birth",
                         "gender" => "Gender",
                         "eye_color" => "Eye Color",
                         "hair_color" => "Hair Color",
                         "weight" => "Weight",
                         "height" => "Height",
                         "shoe_size" => "Shoe Size",
		         "agent" => "Agent",
			 "sag" => "Sag",
                         "resume" => "Resume",
                         "username" => "User Name",
                         "password1" => "Password");
  foreach ($HTTP_POST_VARS as $key => $value)
  {
    /* check each field except middle name for blank fields */
    if ( $value == "" )
    {
       if ($key != "address2" and $key != "email" and $key !=
"area_code2" and $key != "cell_number" and $key != "phone_outside_us"
and $key != "zip2")
       {
          $blank_array[$key] = "blank";
       }
    }
        elseif ($key == "first_name" or $key == "last_name" or $key ==
"country" or $key == "city" or $key == "state" or $key == "eye_color"
or $key == "hair_color")

    {
        if (!ereg("^[A-Za-z' -]{1,50}$",$HTTP_POST_VARS[$key]) )
        {
             $bad_format[$key] = "bad";
        }
    }
        elseif ($key == "phone_number" or $key == "cell_number" or
$key == "phone_outside_us")

    {
        if (!ereg("^[0-9)( -]{7,20}(([xX]|(ext)|(ex))?[
-]?[0-9]{1,7})?$",$HTTP_POST_VARS[$key]) )
        {
             $bad_format[$key] = "bad";
        }
    }

         elseif ($key == "email") 
       {
                    if (!ereg("^.+@.+\..+$",$HTTP_POST_VARS[$key]) )
                    { 
                         $bad_format[$key] = "bad"; 
                    } 
       } 

       
  }
  /* if any fields were not okay, display error message and form */
  if (@sizeof($blank_array) > 0 or @sizeof($bad_format) > 0)
  {
    if (@sizeof($blank_array) > 0)
    {
        /* display message for missing information */
        echo "<b>You didn't fill in one or more required fields. You
must enter:</b><br>";
        /* display list of missing information */
        foreach($blank_array as $key => $value)
        {
           echo "&nbsp;&nbsp;&nbsp;{$label_array[$key]}<br>";
        }
    }
    if (@sizeof($bad_format) > 0)
    {
        /* display message for bad information */
        echo "<b>One or more fields have information that appears to
be incorrect. Correct the format for:</b><br>";
        /* display list of bad information */
        foreach($bad_format as $key => $value)
        {
           echo "&nbsp;&nbsp;&nbsp;{$label_array[$key]}<br>";
        }
    }
    /* redisplay form */
    echo "<p><hr>
      <form action='CHECKALL2.php' method='post'>

      First Name:<input type='text' name='first_name' size=20
maxlength=20 value='$first_name'>* (example: Brad)<br><BR>
Last Name:<input type='text' name='last_name' size=20 maxlength=20
value='$last_name'>* (example: Pitt)<br><BR>
Country:<input type='text' name='country' size=12 maxlength=12
value='$country'>* (example: United States)<br><BR>
Address Line 1:<input type='text' name='address1' size=35 maxlength=35
value='$address1'>* (example: 2222 E. My Street apt.999)<br><BR>
Address Line 2:<input type='text' name='address2' size=35 maxlength=35
value='$address2'><br><BR>
City:<input type='text' name='city' size=15 maxlength=15
value='$city'>* State:<input type='text' name='state' size=2
value='$state' maxlength=2>* Zip:<input type='text' name='zip' size=5
value='$zip' maxlength=5>*<input type='text name='zip2' size=4
value='$zip2' maxlength=4><BR><br>
Phone Number:<input type='text' name='area_code1' size=3
value='$area_code1' maxlength=3> <input type='text'
name='phone_number' size=8 value='$phone_number'maxlength=8>*
(example: 555 515-5555)<br><BR>
Cell Number:<input type='text' name='area_code2' size=3
value='$area_code2' maxlength=3> <input type='text' name='cell_number'
size=8 value='$cell_number' maxlength=8>* (example: 555
515-5555)<br><BR>
Phone Number(if outside of U.S.):<input type='text'
name='phone_outside_us' size=16 maxlength=18
value='$phone_outside_us'><br><br>
E-mail:<input type='text' name='email' size=25 maxlength=30
value='$email'> * <BR><BR>
Date of Birth:<input type='text' name='DOB' size=8  value='$DOB'
maxlength=8> * <br><BR>
Gender:<select name='gender' value='$gender'>
<option value='male' selected>male
<option value='female'>female
</select><br><BR>
Do you have an agent?<tab>Yes<input type='radio' name='agent'
value=yes>
No<input type='radio' name='agent' value=no checked><br><BR>
Are you SAG?<tab>Yes<input type='radio' name='sag' value=yes>
No<input type='radio' name='sag' value=no checked><br><br><BR>
Eye Color:<input type='text' name='eye_color' size=5 maxlength=5 
value='$eye_color'>*<br><BR>
Hair Color:<input type='text' name='hair_color' size=7 maxlength=7
value='$hair_color'>*<br><BR>
Weight:<input type='text' name='weight' size=3 maxlength=3
value='$weight' maxlength=3>*<br><BR>
Height:<input type='text' name='height' size=5 maxlength=5
value='$height'>*<br><BR>
Shoe Size:<input type='text' name='shoe_size' size=2 maxlength=2
value='$shoe_size' maxlength=2>*<br><br><br><br>
Resume*:<BR><textarea rows=40 cols=70 name=resume maxlength=30
wrap=virtual value=$'resume'></textarea><br><BR>
User Name:<input type='text' name='username'
value='$username'><br><br>
Password:<input type='password' name='password1' size=20 maxlength=7
value='$password1'><br><br>
<input type='submit' value='Proceed'>\n

      </form>";
    exit();
  }
  else
    {
$resume = strip_tags($resume);
$first_name = strip_tags($first_name);
$last_name = strip_tags($last_name);
$country = strip_tags($country);
$address1 = strip_tags($address1);
$address2 = strip_tags($address2);
$city = strip_tags($city);
$state = strip_tags($state);
$zip = strip_tags($zip);
$zip2 = strip_tags($zip2);
$area_code1 = strip_tags($area_code1);
$phone_number= strip_tags($phone_number);
$area_code2 = strip_tags($area_code2);
$cell_number = strip_tags($cell_number);
$phone_outside_us = strip_tags($phone_outside_us);
$email = strip_tags($email);
$gender = strip_tags($gender);
$eye_color = strip_tags($eye_color);
$hair_color = strip_tags($hair_color);
$weight = strip_tags($weight);
$height = strip_tags($height);
$shoe_size = strip_tags($shoe_size);
$dob = strip_tags($dob);


$query = "Insert Into Members
(loginName,password,resume,first_name,last_name,country,address1,address2,city,state,zip,zip2,area_code1,phone_number,area_code2,cell_number,phone_outside_us,email,gender,eye_color,hair_color,weight,height,shoe_size,agent,sag,dob)
VALUES ('$username','$password1','$resume','$first_name','$last_name','$country','$address1','$address2','$city','$state','$zip','$zip2','$area_code1','$phone_number','$area_code2','$cell_number','$phone_outside_us','$email','$gender','$eye_color','$hair_color','$weight','$height','$shoe_size','$agent','$sag','$DOB')";
$result = mysql_query($query)
or die ("Couldn't execute query.");


    echo "
      <form action='checklogin.php' method='post'>
       <input type='text' name='newname' size=20 maxlngth=30><BR>
       <input type='password'name='newpass' size=20
maxlength=7><BR><BR>
      
<input type='submit' value='Proceed'>\n
        </form>";
  
}
?>
</body>
</html>




Thank you and have a great day!

---

Request for Question Clarification by sycophant-ga on 24 Jul 2003 21:20 PDT

Hi galgal1, 

Are those line numbers in the actual script you are trying to execute,
or have you added them only for reference here?

If they are in the actual script, I would recommend you remove them.
In at least two places, they get included in SQL statements (which
will cause them to fail).

I have only just started looking at your code, but that is the most
obvious flaw I have seen as yet.

Regards,
Sycophant-ga

---

Clarification of Question by galgal1-ga on 25 Jul 2003 14:02 PDT

Hello andyt,

I am behind schedule so I tried to fix it on my own and for now I am
doing well and it is fixed. I am sorry if I wasted your time but thank
you for all of your help. I will close this question and I will
probably have another one soon so please keep your eyes open since you
are the best programmer and I would like for you to answer all of my
questions. Thank you and good luck!

Since you are getting blank pages - it would also be helpful to know
if any other PHP scripts work on the server. This would help us narrow
down the problem area.

Hello and thank you for you interst in helping me. Yes, I have had
many scripts that did work on the server. I think the problem is
directed some other way.

Thank you and have a great day!