8 replies to this topic

[Vswe]

I'm currently making a registration form on a website. Everything went fin until I changed the password's textbox to the password type.

<input type='password' name='rPass1' />

All things below I need help with works if It got the type text.


I want to compare if two passwords are the same:

if $_POST["rPass1"] != $_POST["rPass2"] || empty($_POST["rPass2"]))

and be able to store the password in a MySQL server:

mysql_query("INSERT INTO Users (Name, Password, Email, Referer)

VALUES ('$_POST[rName]', '$_POST[rPass1]', '$_POST[rEmail1]', '$_POST[rReferer])");

and then be able to receive it again:

$result = mysql_query("SELECT * FROM Users where Name='$username'");

while($row = mysql_fetch_array($result))

{

  if ($row['Password']==$password)

  echo "yay"


}

Can someone please help me with this?

[BlaineSch]

Which part is not working?

Try and print things out until your isolate the problem I suppose.

Put this at the top

print_r($_POST);

echo something IF the passwords are the same and is not empty (I think you have if it is empty so you may wanna put a ! before that statement

if you do that you can ensure you are making a query

at the end of the query put an "or die(mysql_error())" so you can see what error you may or may not be getting on bot those queries.

[relapse]

Holy ballz:

VALUES ('$_POST[rName]', '$_POST[rPass1]', '$_POST[rEmail1]', '$_POST[rReferer])");

SQL injection anyone?

[sdavis2702]

How would you protect yourself from SQL injection in this case? Like what would that line of code look like protected?

[amrosama]

watch out theres a missing "(" here after the "if"

if $_POST["rPass1"] != $_POST["rPass2"] || empty($_POST["rPass2"]))

also storing passwords as plain text is highly discouraged

[BlaineSch]

Aw come on guys be nice. For one I am sure this is a personal project not something that would go public, two, is that really something you have to add when you yourself are playing with it? I would try to get it to work first, then add security.

[amrosama]

we are helping here :amr:
btw changing the input type into a password shouldn't make a difference it works the same as "text" input, it just hides the password.
try dumping the $_GET or $_POST, and seeing if the password field is there:

var_dump($_GET);

also inputs without names are the only ones that doesn't get submitted

[Vswe]

BlaineSch said:

Which part is not working?

Try and print things out until your isolate the problem I suppose.

Put this at the top

print_r($_POST);

echo something IF the passwords are the same and is not empty (I think you have if it is empty so you may wanna put a ! before that statement

if you do that you can ensure you are making a query

at the end of the query put an "or die(mysql_error())" so you can see what error you may or may not be getting on bot those queries.

It doesn't work. When I try to print the password it only prints an empty string.

amrosama said:

watch out theres a missing "(" here after the "if"

if $_POST["rPass1"] != $_POST["rPass2"] || empty($_POST["rPass2"]))

also storing passwords as plain text is highly discouraged

This is my problem, I know how to get all this working as plain text. My whole question was how to do it with a password.

amrosama said:

we are helping here :amr:
btw changing the input type into a password shouldn't make a difference it works the same as "text" input, it just hides the password.
try dumping the $_GET or $_POST, and seeing if the password field is there:

var_dump($_GET);

also inputs without names are the only ones that doesn't get submitted

The thing is. It worked fine until I changed the type, so it must make a difference.

[Vswe]

Thanks for all the help everyone. I don't really get what all of you mean though, I started with MySQL and PHP two days ago after all.

The error where in a row a little bit earlier.

I had this code:

if (strlen($_POST["rName"]) < 4 ||  strlen($_POST["rName"]) > 15)
$invalid_name='true';

and approximately at the same time I changed the type to password I changed it to this:

if ($_POST["rName"]="" || strlen($_POST["rName"]) < 4 ||  strlen($_POST["rName"]) > 15)
$invalid_name='true';

When it should be like this:

if ($_POST["rName"]=="" || strlen($_POST["rName"]) < 4 ||  strlen($_POST["rName"]) > 15)
$invalid_name='true';

I feels a little bit stupid now but I'm glad it worked.