problems with adding tables to my login system

Discussion in 'Web Design and Development' started by Cabbit, Jul 11, 2007.

  1. Cabbit macrumors 68020

    Cabbit

    Joined:
    Jan 30, 2006
    Location:
    Scotland
    #1
    Ok i have a login system witch i downloaded form a site with tutorials with the licance, do as you please with this. but everytime i add a extra table to my database for the users it fails to allow any futher registrations.

    http://evolt.org/PHP-Login-System-with-Admin-Features

    I have asked there for help with no reply for over a week, the artical is about 3 years old.

    Process.php

    PHP:
    <?
    /**
     * Process.php
     * 
     * The Process class is meant to simplify the task of processing
     * user submitted forms, redirecting the user to the correct
     * pages if errors are found, or if form is successful, either
     * way. Also handles the logout procedure.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 19, 2004
     */
    include("include/session.php");

    class 
    Process
    {
       
    /* Class constructor */
       
    function Process(){
          global 
    $session;
          
    /* User submitted login form */
          
    if(isset($_POST['sublogin'])){
             
    $this->procLogin();
          }
          
    /* User submitted registration form */
          
    else if(isset($_POST['subjoin'])){
             
    $this->procRegister();
          }
          
    /* User submitted forgot password form */
          
    else if(isset($_POST['subforgot'])){
             
    $this->procForgotPass();
          }
          
    /* User submitted edit account form */
          
    else if(isset($_POST['subedit'])){
             
    $this->procEditAccount();
          }
          
    /**
           * The only other reason user should be directed here
           * is if he wants to logout, which means user is
           * logged in currently.
           */
          
    else if($session->logged_in){
             
    $this->procLogout();
          }
          
    /**
           * Should not get here, which means user is viewing this page
           * by mistake and therefore is redirected.
           */
           
    else{
              
    header("Location: index.php");
           }
       }

       
    /**
        * procLogin - Processes the user submitted login form, if errors
        * are found, the user is redirected to correct the information,
        * if not, the user is effectively logged in to the system.
        */
       
    function procLogin(){
          global 
    $session$form;
          
    /* Login attempt */
          
    $retval $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
          
          
    /* Login successful */
          
    if($retval){
             
    header("Location: ".$session->referrer);
          }
          
    /* Login failed */
          
    else{
             
    $_SESSION['value_array'] = $_POST;
             
    $_SESSION['error_array'] = $form->getErrorArray();
             
    header("Location: ".$session->referrer);
          }
       }
       
       
    /**
        * procLogout - Simply attempts to log the user out of the system
        * given that there is no logout form to process.
        */
       
    function procLogout(){
          global 
    $session;
          
    $retval $session->logout();
          
    header("Location: index.php");
       }
       
       
    /**
        * procRegister - Processes the user submitted registration form,
        * if errors are found, the user is redirected to correct the
        * information, if not, the user is effectively registered with
        * the system and an email is (optionally) sent to the newly
        * created user.
        */
       
    function procRegister(){
          global 
    $session$form;
          
    /* Convert username to all lowercase (by option) */
          
    if(ALL_LOWERCASE){
             
    $_POST['user'] = strtolower($_POST['user']);
          }
          
    /* Registration attempt */
          
    $retval $session->register($_POST['user'], $_POST['pass'], $_POST['email']);
          
          
    /* Registration Successful */
          
    if($retval == 0){
             
    $_SESSION['reguname'] = $_POST['user'];
             
    $_SESSION['regsuccess'] = true;
             
    header("Location: ".$session->referrer);
          }
          
    /* Error found with form */
          
    else if($retval == 1){
             
    $_SESSION['value_array'] = $_POST;
             
    $_SESSION['error_array'] = $form->getErrorArray();
             
    header("Location: ".$session->referrer);
          }
          
    /* Registration attempt failed */
          
    else if($retval == 2){
             
    $_SESSION['reguname'] = $_POST['user'];
             
    $_SESSION['regsuccess'] = false;
             
    header("Location: ".$session->referrer);
          }
       }
       
       
    /**
        * procForgotPass - Validates the given username then if
        * everything is fine, a new password is generated and
        * emailed to the address the user gave on sign up.
        */
       
    function procForgotPass(){
          global 
    $database$session$mailer$form;
          
    /* Username error checking */
          
    $subuser $_POST['user'];
          
    $field "user";  //Use field name for username
          
    if(!$subuser || strlen($subuser trim($subuser)) == 0){
             
    $form->setError($field"* Username not entered<br>");
          }
          else{
             
    /* Make sure username is in database */
             
    $subuser stripslashes($subuser);
             if(
    strlen($subuser) < || strlen($subuser) > 30 ||
                !
    eregi("^([0-9a-z])+$"$subuser) ||
                (!
    $database->usernameTaken($subuser))){
                
    $form->setError($field"* Username does not exist<br>");
             }
          }
          
          
    /* Errors exist, have user correct them */
          
    if($form->num_errors 0){
             
    $_SESSION['value_array'] = $_POST;
             
    $_SESSION['error_array'] = $form->getErrorArray();
          }
          
    /* Generate new password and email it to user */
          
    else{
             
    /* Generate new password */
             
    $newpass $session->generateRandStr(8);
             
             
    /* Get email of user */
             
    $usrinf $database->getUserInfo($subuser);
             
    $email  $usrinf['email'];
             
             
    /* Attempt to send the email with new password */
             
    if($mailer->sendNewPass($subuser,$email,$newpass)){
                
    /* Email sent, update database */
                
    $database->updateUserField($subuser"password"md5($newpass));
                
    $_SESSION['forgotpass'] = true;
             }
             
    /* Email failure, do not change password */
             
    else{
                
    $_SESSION['forgotpass'] = false;
             }
          }
          
          
    header("Location: ".$session->referrer);
       }
       
       
    /**
        * procEditAccount - Attempts to edit the user's account
        * information, including the password, which must be verified
        * before a change is made.
        */
       
    function procEditAccount(){
          global 
    $session$form;
          
    /* Account edit attempt */
          
    $retval $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['email']);

          
    /* Account edit successful */
          
    if($retval){
             
    $_SESSION['useredit'] = true;
             
    header("Location: ".$session->referrer);
          }
          
    /* Error found with form */
          
    else{
             
    $_SESSION['value_array'] = $_POST;
             
    $_SESSION['error_array'] = $form->getErrorArray();
             
    header("Location: ".$session->referrer);
          }
       }
    };

    /* Initialize process */
    $process = new Process;

    ?>
    register.php

    PHP:
    <?
    /**
     * Register.php
     * 
     * Displays the registration form if the user needs to sign-up,
     * or lets the user know, if he's already logged in, that he
     * can't register another name.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 19, 2004
     */
    include("include/session.php");
    ?>

    <html>
    <title>Registration Page</title>
    <body>

    <?
    /**
     * The user is already logged in, not allowed to register.
     */
    if($session->logged_in){
       echo 
    "<h1>Registered</h1>";
       echo 
    "<p>We're sorry <b>$session->username</b>, but you've already registered. "
           
    ."<a href=\"index.php\">Main</a>.</p>";
    }
    /**
     * The user has submitted the registration form and the
     * results have been processed.
     */
    else if(isset($_SESSION['regsuccess'])){
       
    /* Registration was successful */
       
    if($_SESSION['regsuccess']){
          echo 
    "<h1>Registered!</h1>";
          echo 
    "<p>Thank you <b>".$_SESSION['reguname']."</b>, your information has been added to the database, "
              
    ."you may now <a href=\"index.php\">log in</a>.</p>";
       }
       
    /* Registration failed */
       
    else{
          echo 
    "<h1>Registration Failed</h1>";
          echo 
    "<p>We're sorry, but an error has occurred and your registration for the username <b>".$_SESSION['reguname']."</b>, "
              
    ."could not be completed.<br>Please try again at a later time.</p>";
       }
       unset(
    $_SESSION['regsuccess']);
       unset(
    $_SESSION['reguname']);
    }
    /**
     * The user has not filled out the registration form yet.
     * Below is the page with the sign-up form, the names
     * of the input fields are important and should not
     * be changed.
     */
    else{
    ?>

    <h1>Register</h1>
    <?
    if($form->num_errors 0){
       echo 
    "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
    }
    ?>
    <form action="process.php" method="POST">
    <table align="left" border="0" cellspacing="0" cellpadding="3">
    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>
    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
    <tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<? echo $form->value("email"); ?>"></td><td><? echo $form->error("email"); ?></td></tr>
    <tr><td colspan="2" align="right">
    <input type="hidden" name="subjoin" value="1">
    <input type="submit" value="Join!"></td></tr>
    <tr><td colspan="2" align="left"><a href="index.php">Back to Main</a></td></tr>
    </table>
    </form>

    <?
    }
    ?>

    </body>
    </html>
     
  2. Cabbit thread starter macrumors 68020

    Cabbit

    Joined:
    Jan 30, 2006
    Location:
    Scotland
    #2
    or lol i would be happy if someone could write a secure replacement registration page to just bypass this one.
     

Share This Page