Skip to content

Registration script, need a database input to be checked then deleted upon register

I have a problem with my script. What it is supposed to do is that when a user register with the form, it should insert it, but only if the “passkey” matches the one that is in a different table that I set. After it has been verified it should insert the user info to the database, and then delete the passkey. I cannot seem to figure out what is wrong, it worked when there was only one input in the “passkey” table, but when I inserted more it stoped working. Any help would be appreciated!

Here is the code:

<?php

session_start();

if ($_SESSION['auth'] == true)
{
header('location: ../../index.php');
}

else

{
include($_SERVER['DOCUMENT_ROOT']."/skole/system/db/DbConnector.php");

new DbConnector();

if ($_POST)
{
        $navn = mysql_real_escape_string($_POST['name']);
        $brukernavn = mysql_real_escape_string($_POST['username']);
        $passord = md5(mysql_real_escape_string($_POST['password']));
        $siste_logginn = date("d/m/y H:i:s");
        $logginn_ip = $_SERVER['REMOTE_ADDR'];
        $email = mysql_real_escape_string($_POST['email']);
        $passkey = mysql_real_escape_string($_POST['passkey']);

        $qGetPasskey = mysql_query("SELECT * FROM passkey");
        $rGetPasskey = mysql_fetch_array($qGetPasskey);

    if($rGetPasskey['passkey'] == $passkey)
        {

        mysql_query("INSERT INTO brukere SET navn = '{$navn}', brukernavn = '{$brukernavn}', passord = '{$passord}', siste_logginn = '{$siste_logginn}', logginn_ip= '{$logginn_ip}', email = '{$email}', passkey = '{$passkey}'");

    mysql_query("DELETE FROM passkey WHERE passkey = '{$passkey}'");

    echo 'Success';
    }
//header('location: ../../index.php');
}
else
{
echo 'Failure';
//header('location: ../../index.php?aksjon=register&feil=1');
}
}

?>

Advertisement

Answer

I believe it is not matching because there is no loop to check multiple records in your array:

    $qGetPasskey = mysql_query("SELECT * FROM passkey");
    while($rGetPasskey = mysql_fetch_array($qGetPasskey)) {
        if($rGetPasskey['passkey'] == $passkey) {

        mysql_query("INSERT INTO brukere SET navn = '{$navn}', brukernavn = '{$brukernavn}', passord = '{$passord}', siste_logginn = '{$siste_logginn}', logginn_ip= '{$logginn_ip}', email = '{$email}', passkey = '{$passkey}'");

       mysql_query("DELETE FROM passkey WHERE passkey = '{$passkey}'");

        echo 'Success';
        }
   }
User contributions licensed under: CC BY-SA
7 People found this is helpful