I need help with PHP.?

  • Thread starter Thread starter ben
  • Start date Start date
B

ben

Guest
Here is my PHP coding....

<?php

if($_POST['username1']&&
$_POST['password1'])
{
$username = $_POST["username1"];
$password = $_POST["password1"];
$databaseusername = "root";
$databasepassword = "";
$createemailaccount = $username;
$con = mysql_connect(localhost,$databaseusername,$databasepassord);
$continueregister1 = "@mysql_select_db($username) or die('Unable to select the database')";
$continueregister2 = "DROP TABLE IF EXISTS $username.deleted";
$continueregister3 = "CREATE TABLE deleted (From varchar(256) NOT NULL,Subject varchar(256) NOT NULL,Date carchar(256) NOT NULL,Message text)";


if (!$con)
{
die('Could not connect: ' . mysql_error());
}

if (mysql_query("CREATE DATABASE $username",$con))
{

mysql_query($continueregister1);
mysql_query($continueregister2);
mysql_query($continueregister3);
echo "Database created!";

}
else
{
echo "Error creating database: " . mysql_error();
}


mysql_close($con);
}
else
{
?>
<html>
<head>
<title>Mailster</title>
<body>

<form name="register" method="post" action="Register.php">
Username: <input type="text" name="username1" /><br />


Password: <input type="text" name="password1" /><br />


<input type="submit" name="register" value="Register" />
</form>
</body>

</html>

<?php
}
?>

I need to know how to make it check for tables....like Im pretty sure I got this wrong.. $continueregister2 = "DROP TABLE IF EXISTS $username.deleted";

What is the correct PHP coding?

Thank you!
 
I wouldn't create and delete "tables" for users. Just delete the id/valuse where they are. And if you are trying to do a login script. You are not checking anything. You are trusting their input which is a NO NO.
try this class as a reference. Yahoo truncates, so see the reference link for the res of the code and a detailed explanation

<?
/***************************
login.class.php
***************************/
class user{
//To track the switch/errors through out
var $login_error;

//constructor
function user($UserInput){
$this->login_form();
}//End function


//Just a simple login form
function login_form(){
echo "<div align=\"center\"><form name=\"LoginForm\" action=\"$_SERVER[PHP_SELF]\" method=\"POST\"><table><tr><td><tr><td>User Name:</td><td><input type=\"text\" name=\"FLU\"></td><td>Password:</td><td><input type=\"password\" name=\"FLP\"></td></tr><tr><td colspan=\"2\"><input type=\"submit\" value=\"Submit\"> <input type=\"reset\" value=\"Reset\"></td></tr></table></div>";

}//End Function

function validate_user($UserInput){

//my chosen user name and password pattern
$this->user_name_pattern = ("^[a-zA-Z0-9]{5,15}$");
$this->password_pattern = ("^[a-zA-Z0-9\!\@\#\$\%\^\&\*\`\~\_]{5,15}$");
//JavaScript History -1
$this->go_back = <a href=javascript:history.go(-1)><font color=red size=-2>(Go Back)</font></a>;
$this->success_login_redirect = "http://dzsoundnirvana.com/";

switch($UserInput){
case ($UserInput['FLU'] == "" || !ereg($this->user_name_pattern,$UserInput['FLU'])):
$this->login_form();
echo "<div align=\"center\"><font color=\"red\">Invalid user name. Try again or $this->go_back!</font></div>";
$this->login_error == false;
break;

case ($UserInput['FLP'] == "" || !ereg($this->password_pattern,$UserInput['FLP'])):
$this->login_form();
echo "<div align=\"center\"><font color=\"red\">Invalid password. Try again or $this->go_back!</font></div>";
$this->login_error == false;
break;
}
if($this->login_error === false){
//Or you can redirect to a "Forgot password/user name" page or leave it alone. This will kill the script. No output after though!
exit;
}
else{
//Now we go to the Database and validate the user
$this->db();
$this->query_string = "SELECT * FROM users WHERE user_name='$UserInput[FLU]' && password='" . md5($UserInput['password']) . "'";
$this->query = mysql_query($this->query_string);
//Error check the query
if(!$this->query){
echo "System error! Contact the system administrator!<br>or<br>$this->go_back";
//use this for debugging (below), Delete the // at the beginning
//echo mysql_error();
}
else{
//Need to check if more than 1 user exists if so....throw HACKING error (not supported here)..another class
$this->num_rows = mysql_num_rows($this->query);
if($this->num_rows > 1){
echo "Hacking warning";
exit;
}
else{
//Get the user information and set into the $_SESSION and then redirect to the directed page
$this->user_information = mysql_fetch_assoc($this->query);
//Put all user data into $_SESSION
foreach($this->user_information as $key => $value){
$_SESSION[$key] = $value;
//Now we redirect to the page specified
echo "<script type=\"text/javascript\">window.location=\"$this->success_login_redirect\"</script>";
echo "If you are not redirected <a href=\"this->success_login_redirect\" target=\"_parent\">Click here to continue</a>";
}
}

}//else

}//if($this->login_error === false)/else{


}//End function

function db(){
$this->db_link = mysql_connect("data_base_host","data_base_user","data_base_password]);
//Select the DB
$this->db_select = mysql_select_db("data_base_name");

}


}//End Class
?>
 
I wouldn't create and delete "tables" for users. Just delete the id/valuse where they are. And if you are trying to do a login script. You are not checking anything. You are trusting their input which is a NO NO.
try this class as a reference. Yahoo truncates, so see the reference link for the res of the code and a detailed explanation

<?
/***************************
login.class.php
***************************/
class user{
//To track the switch/errors through out
var $login_error;

//constructor
function user($UserInput){
$this->login_form();
}//End function


//Just a simple login form
function login_form(){
echo "<div align=\"center\"><form name=\"LoginForm\" action=\"$_SERVER[PHP_SELF]\" method=\"POST\"><table><tr><td><tr><td>User Name:</td><td><input type=\"text\" name=\"FLU\"></td><td>Password:</td><td><input type=\"password\" name=\"FLP\"></td></tr><tr><td colspan=\"2\"><input type=\"submit\" value=\"Submit\"> <input type=\"reset\" value=\"Reset\"></td></tr></table></div>";

}//End Function

function validate_user($UserInput){

//my chosen user name and password pattern
$this->user_name_pattern = ("^[a-zA-Z0-9]{5,15}$");
$this->password_pattern = ("^[a-zA-Z0-9\!\@\#\$\%\^\&\*\`\~\_]{5,15}$");
//JavaScript History -1
$this->go_back = <a href=javascript:history.go(-1)><font color=red size=-2>(Go Back)</font></a>;
$this->success_login_redirect = "http://dzsoundnirvana.com/";

switch($UserInput){
case ($UserInput['FLU'] == "" || !ereg($this->user_name_pattern,$UserInput['FLU'])):
$this->login_form();
echo "<div align=\"center\"><font color=\"red\">Invalid user name. Try again or $this->go_back!</font></div>";
$this->login_error == false;
break;

case ($UserInput['FLP'] == "" || !ereg($this->password_pattern,$UserInput['FLP'])):
$this->login_form();
echo "<div align=\"center\"><font color=\"red\">Invalid password. Try again or $this->go_back!</font></div>";
$this->login_error == false;
break;
}
if($this->login_error === false){
//Or you can redirect to a "Forgot password/user name" page or leave it alone. This will kill the script. No output after though!
exit;
}
else{
//Now we go to the Database and validate the user
$this->db();
$this->query_string = "SELECT * FROM users WHERE user_name='$UserInput[FLU]' && password='" . md5($UserInput['password']) . "'";
$this->query = mysql_query($this->query_string);
//Error check the query
if(!$this->query){
echo "System error! Contact the system administrator!<br>or<br>$this->go_back";
//use this for debugging (below), Delete the // at the beginning
//echo mysql_error();
}
else{
//Need to check if more than 1 user exists if so....throw HACKING error (not supported here)..another class
$this->num_rows = mysql_num_rows($this->query);
if($this->num_rows > 1){
echo "Hacking warning";
exit;
}
else{
//Get the user information and set into the $_SESSION and then redirect to the directed page
$this->user_information = mysql_fetch_assoc($this->query);
//Put all user data into $_SESSION
foreach($this->user_information as $key => $value){
$_SESSION[$key] = $value;
//Now we redirect to the page specified
echo "<script type=\"text/javascript\">window.location=\"$this->success_login_redirect\"</script>";
echo "If you are not redirected <a href=\"this->success_login_redirect\" target=\"_parent\">Click here to continue</a>";
}
}

}//else

}//if($this->login_error === false)/else{


}//End function

function db(){
$this->db_link = mysql_connect("data_base_host","data_base_user","data_base_password]);
//Select the DB
$this->db_select = mysql_select_db("data_base_name");

}


}//End Class
?>
 
First, you should know that what you're doing is wildly nonstandard. It is a really bad practice for PHP scripts to modify the database schema except in very rare instances. Even scripts that install things like blogging software, etc., generally use a completely separate SQL script to create the schema initially.

In general, this seems poorly thought-out. In a security sense this is a nightmare, especially since you're using the root MySQL user.

That said, the line that's probably giving you trouble is this:
$continueregister1 = "@mysql_select_db($username) or die('Unable to select the database')";

Get rid of that nonsense; that's not an SQL query, that's PHP. You don't need to run it as a MySQL query.
 
Back
Top