Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Posted by Austin Klenk
Austin Klenk
4,399 Points

PHP Login Script not working..

session_start();
ob_start();

//Include the database connection file
include "inc/database.php";

//Check to see if the submit button has been clicked to process data
if(isset($_POST["submitted"]) && $_POST["submitted"] == "yes")
{
    //Variables Assignment
    $fullname = trim(strip_tags($_POST['fullname']));
    $user_email = trim(strip_tags($_POST['email']));
    $phone = trim(strip_tags($_POST['phone']));
    $street = trim(strip_tags($_POST['street']));
    $city = trim(strip_tags($_POST['city']));
    $state = trim(strip_tags($_POST['state']));
    $zipcode = trim(strip_tags($_POST['zipcode']));
    $manufacture = trim(strip_tags($_POST['manufacture']));
    $model_name = trim(strip_tags($_POST['model_name']));
    $year = trim(strip_tags($_POST['year']));
    $vin_number = trim(strip_tags($_POST['vin_number']));
    $mileage = trim(strip_tags($_POST['mileage']));
    $username = trim(strip_tags($_POST['username']));
    $user_password = trim(strip_tags($_POST['passwd']));
    $encrypted_md5_password = md5($user_password);
    $user_access_level = "0";

    $check_for_duplicates = mysql_query("select * from `customer_info` where `fullname` = '".mysql_real_escape_string($fullname)."'");

    //Validate against empty fields
    if($fullname == "" || $user_email == "" || $phone == "" || $street == "" || $city == "" || $state == "" || $zipcode == "" || $manufacture == ""  || $model_name == "" || $year == "" || $vin_number == "" || $mileage == "" || $username == "" || $user_password == "")
    {
        $error = '<br><div class="info">Sorry, all fields are required to create a new account. Thanks.</div><br>';
    }
    elseif(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $user_email))
    {
        $error = '<br><div class="info">Sorry, Your email address is invalid, please enter a valid email address to proceed. Thanks.</div><br>';
    }
    else if(mysql_num_rows($check_for_duplicates) > 0) //Email address is unique within this system and must not be more than one
    {
        $error = '<br><div class="info">Sorry, the username <b>'.$username.'</b> is already in use. Please enter a different username of your choice to proceed. Thanks.</div><br>';
    }
    else
    {
        if(mysql_query("insert into `customer_info` values('', '".mysql_real_escape_string($fullname)."', '".mysql_real_escape_string($user_email)."', '".mysql_real_escape_string($phone)."', '".mysql_real_escape_string($street)."', '".mysql_real_escape_string($city)."', '".mysql_real_escape_string($state)."', '".mysql_real_escape_string($zipcode)."', '".mysql_real_escape_string($manufacture)."', '".mysql_real_escape_string($model_name)."', '".mysql_real_escape_string($year)."', '".mysql_real_escape_string($vin_number."', '".mysql_real_escape_string($mileage)."', '".mysql_real_escape_string($username)."', '".mysql_real_escape_string($encrypted_md5_password)."', '".mysql_real_escape_string($user_access_level)."', '".mysql_real_escape_string(date('d-m-Y'))."')"))
            $_SESSION["VALID_USER_ID"] = $username;
            $_SESSION["USER_FULLNAME"] = $fullname;
            header("location: index.php");
        }
        else
        {
            $error = '<br><div class="info">Sorry, your account could not be created at the moment. Please try again or contact the site admin to report this error if the problem persist. Thanks.</div><br>';
        }
    }
}
?>

2 Answers

Austin Klenk
Austin Klenk
4,399 Points

i got it figure out it was a parenthesis off of the

'".mysql_real_escape_string($vin_number."'

Andrew McCormick
Andrew McCormick
17,730 Points
Andrew McCormick
Andrew McCormick
17,730 Points

what part doesn't work? Are you testing in database.php to make sure it's being included and a connection is made? I also don't see an else statement for the if (isset ($_POST)) to make sure anything is even being submitted to the form.

Are you getting anything displayed when submitting the form to this script?