Thread: Mysterious Entries
View Single Post
Old June 29th, 2008, 8:05 PM   #3 (permalink)
hunna03
Registered User
Comfy Contributor
 
hunna03's Avatar
 
Joined in Mar 2006
Lives in UT
Hosted on SH92
165 posts
Gave thanks: 28
Thanked 0 times
Here's the code below. It's a .php form. Everything is passed via POST. No script in the URL. I have the real_escape_string but the inserts are still happening. :-(

Code:
<? 


$first = mysql_real_escape_string($_POST['first']);
$middle = mysql_real_escape_string($_POST['middle']);
$last = mysql_real_escape_string($_POST['last']);
$email = mysql_real_escape_string($_POST['email']);
$wphone = mysql_real_escape_string($_POST['wphone']);
$cphone = mysql_real_escape_string($_POST['cphone']);
$username = mysql_real_escape_string($_POST['username']);
$location = mysql_real_escape_string($_POST['location']);
 /* Let's strip some slashes in case the user entered 
any escaped characters. */ 
$first = stripslashes($first); 
$middle = stripslashes($middle); 
$last = stripslashes($last); 
$email = stripslashes($email); 
$wphone = stripslashes($wphone); 
$cphone = stripslashes($cphone); 
$username = stripslashes($username); 
$location = stripslashes($location); 
 /* Do some error checking on the form posted fields */ 
if((!$first) || (!$middle) || (!$last) || (!$email) || (!$wphone) || (!$location) || (!$username)){ 
echo 'You did not submit the following required information! <br />'; 
if(!$first){ 
echo "First Name is a required field. Please enter it below.<br />"; 
}
if(!$middle){ 
echo "Middle Name, or Initial, is a required field. Enter NMN if you do not have one. Please enter it below.<br />"; 
} 
if(!$last){ 
echo "Last Name is a required field. Please enter it below.<br />"; 
} 
if(!$email){ 
echo "Email Address is a required field. Please enter it below.<br />"; 
} 
if(!$wphone){ 
echo "Work Phone is a required field. Please enter it below.<br />"; 
}
if(!$location){ 
echo "Your location is a required field. Please enter it below.<br />"; 
} 
if(!$username){ 
echo "Desired Username is a required field. Please enter it below.<br />"; 
} 
include 'join_form.html'; // Show the form again! 
 /* End the error checking and if everything is ok, we'll move on to 
creating the user account */ 
 exit(); // if the error checking has failed, we'll exit the script! 
} 
/* Let's do some checking and ensure that the user's email address or username 
does not exist in the database */ 
$sql_email_check = mysql_query("SELECT email FROM usert WHERE email='$email'"); 
$sql_username_check = mysql_query("SELECT username FROM usert WHERE username='$username'"); 
$email_check = mysql_num_rows($sql_email_check); 
$username_check = mysql_num_rows($sql_username_check); 
if(($email_check > 0) || ($username_check > 0)){ 
echo "Please fix the following errors: <br />"; 
if($email_check > 0){ 
echo "<strong>Your email address has already been used by another member in our database. Please submit a different Email address!<br />"; 
unset($email); 
} 
if($username_check > 0){ 
 echo "The username you have selected has already been used by another member 
in our database. Please choose a different Username!<br />"; 
 unset($username); 
 } 
 include 'join_form.html'; // Show the form again! 
 exit(); // exit the script so that we do not create this account! 
} 
/* Everything has passed both error checks that we have done. 
It's time to create the account! */ 
/* Random Password generator. 
http://www.phpfreaks.com/quickcode/Random_Password_Generator/56.php 
We'll generate a random password for the 
user and encrypt it, email it and then enter it into the db. */
function makeRandomPassword() { 
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
srand((double)microtime()*1000000); 
$i = 0; 
while ($i <= 7) { 
$num = rand() % 33; 
$tmp = substr($salt, $num, 1); 
$pass = $pass . $tmp; 
$i++; 
} 
return $pass; 
} 
$random_password = makeRandomPassword(); 
$db_password = md5($random_password); 
// Enter info into the Database. 
$info2 = htmlspecialchars($info); 
$sql = mysql_query("INSERT INTO usert (first, middle, last, email, wphone, cphone, username, location, password, signup_date) 
VALUES('$first', '$middle', '$last', '$email', '$wphone', '$cphone', '$username', '$location', '$db_password', now())")
or die (mysql_error()); 
if(!$sql){ 
echo 'There has been an error creating your account. Please contact the webmaster.'; 
} else { 
$id = mysql_insert_id(); 
// Let's mail the user! 
$subject = "Your Membership at the new NorthAmerican!"; 
$message = "Dear $first $last, 
Thank you for registering at the new NorthAmerican website.
We are still undergoing a major renovation so please excuse our mess. 
You are a few steps away from logging in and accessing our exclusive members area.
To verify your membership, 
please click here:  
Once you activate your membership, your account will go to the account manager for approval.
Once the approval occurs you will receive an e-mail directing you to the login area.
You may login with the following credentials at that time: 
Username: $username 
Password: $random_password 
Thanks! 
The Webmaster 
This is an automated response, please do not reply!";
mail($email, $subject, $message,
"From: The NorthAmerican Webmaster<>\n 
X-Mailer: PHP/" . phpversion()); 
echo 'Your membership information has been mailed to your email address! 
Please check it and follow the directions!'; 
} 
?>
__________________
~CJA~
72.29.87.117
"Constantly lost in the world of PHP" is my personal understatement.
hunna03 is offline   Reply With Quote