A
Anonymous
Guest
This script should allow the creation of a user for the web frontend of the database. I got 2 problems with this, check it out:
Problem 1: The username created in this is always the one of the currently logged in user (I know that is because of the sessions management on top, but dunno what to do agains it)
Problem 2: The newly entered password has to be encoded md5 because of the db requirements. Currently it will enter in clear and as such won't work with login because the entered pw there is of course md5 encoded to check with the database.
Help me Obi-Wan Kenobi! ;-)
Code:
<?php // Check, if a session ist startet, if not you get the message to log in!
session_start();
if (!session_is_registered('username'))
{
echo "<html>";
echo "<head>";
echo "<title>Login error</title>";
echo "<link rel='stylesheet' type='text/css' href='style.css'> ";
echo "<meta http-equiv='refresh' content='5; URL=http://10.25.108.61/inv/login.htm'> ";
echo "</head>";
echo "<body bgcolor='#F0F8FF'>";
echo "<div align=center class=error>Sorry, you are not logged in. You will be forwarded to the login page in 5 seconds or klick <a href='http://10.25.108.61/inv/login.htm'>HERE</a>!";
echo "</body>";
echo "</html>";
die; //No more code is progressed after the die statement!!!
}
?>
<html>
<head>
<title>Output</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body bgcolor="#F0F8FF">
<p class="text"><span class="heading">Please enter the new Databaseuser data:</span><br>
Note: Username as well as password are required fields. </p>
<p> </p>
<?php
include('var.inc.php');
// include database variables
$conn=@mysql_connect($dbserver,$dbuser,$dbpass); // connect to database
mysql_select_db($dbname,$conn); // select inventorysystem
if (($username) && ($password)) {
$sql= "INSERT INTO inventorysystem.login (Login_ID,first_name,last_name,Titel,username,password) VALUES ('$Login_ID','$first_name','$last_name','$Titel','$username','$password')";
mysql_query($sql);
echo 'Information was entered succesfully and a Login-ID was created for reference.';
} else {
// we don't have an author and content.
// Either the form was not submited, or it was submited without enough data. show the form
// $PHP_SELF as the form action will cause the script to post to itself
echo '<form method="post" action="'.$PHP_SELF.'">
<p class="text"> first_name:
<input type="text" name="first_name">
<p class="text"> last_name:
<input type="text" name="last_name">
<p class="text"> Title:
<input type="text" name="Titel">
<p class="text"> username:
<input type="text" name="username">
<p class="text"> password:
<input type="password" name="password">
<input type="submit" value="Update Database">
</p>
</form>';
}
?>
</body>
</html>Problem 1: The username created in this is always the one of the currently logged in user (I know that is because of the sessions management on top, but dunno what to do agains it)
Problem 2: The newly entered password has to be encoded md5 because of the db requirements. Currently it will enter in clear and as such won't work with login because the entered pw there is of course md5 encoded to check with the database.
Help me Obi-Wan Kenobi! ;-)