# Creating web form



## gurutech (Apr 23, 2004)

I'm trying to create a web form as a "registration" page for a website, but having some issues getting it working.

I am trying to create the form so that after a user clicks "register", they enter a user name, password & confirmation, their email address, and a "captcha" code. I have this part working fine, but the next step is where I'm having issues - actually inserting the information into the "system".

What I would like to do (at least to start) is when a user completes the registration form and clicks "submit", the page will send me an email with a link that I can click on to "approve" the registration. When I click the link to approve, the account is then created and the user will receive an email indicating this information. Ultimately, I'd like the account to be created automatically (I won't receive email), and the user will receive an email confirmation.

Can someone give some pointers? (Would like to do this in PHP.)

Thanks in advance!


----------



## JiminSA (Dec 15, 2011)

Hi gurutech,
You should set up a database (MySQL, works with php) to contain your user information, if you have not already done so.
Then attach an email script to the registration php - which informs the user of a short delay for approval.
You'll have to also write a little bit of Content Management which will update a field in your user db called, say "approved" with either a yes or a no. This script on your website is accessible only by you via a link in your browser bookmarks. This script will then send a confirmation or disapproval email to the user.
Make sure that your login script references the approved field for login verification, so that only approved users are allowed entry.
Hope this helps...


----------



## gurutech (Apr 23, 2004)

I do have MySQL already, but I can't seem to get the data from the registration form into the database.

Any ideas?


----------



## JiminSA (Dec 15, 2011)

For us to be able to help, could you post your code to date, please?


----------



## gurutech (Apr 23, 2004)

Here is the "register.php" code:

```
<?php
session_start();
include("lib/config.php");
if(isset($_POST["username"])) { 
$redirect = $_POST["redirect"];
$username = mysql_real_escape_string($_POST["username"]);
$email = mysql_real_escape_string($_POST["email"]);
$password = mysql_real_escape_string(md5($_POST["password"]));
$cpassword = mysql_real_escape_string(md5($_POST["cpassword"]));
$spassword = mysql_real_escape_string($_POST['password']);
$captcha = md5($_POST['captcha']);

if($username==NULL|$email==NULL|$password==NULL|$cpassword==NULL|$captcha==NULL) { 
$error = "All fields are required!"; 
}else{

if($password!=$cpassword) { 
$error = "Both passwords must be the same."; 
}else{ 

$checkuser = mysql_query("SELECT username FROM $usertable WHERE username='$username' OR email='$email'"); 
$username_exist = mysql_num_rows($checkuser); 

if($username_exist>0) { 
$error = "This user or e-mail address already exists."; 
}else{
include("lib/vmail.php");
$check = vMail($email);
if($check==FALSE) {
$error = "The field \"E-mail\" doesn't contain a valid e-mail address.";
}else{
if($captcha!=$_SESSION['captcha']) {
$error = "Verification code is incorrect.";
}else{
if($woa==true) {
$query = "INSERT INTO $woausertable (username, password, spassword, email) VALUES('$username','$password','$spassword','$email')"; 
mysql_query($query) or die(mysql_error()); 
require("lib/mailconf.php");
//mail for admin
mail($adminemail, $adminsubject, $adminmessage, "From: $fromname <$sender>\r\nContent-type: text/html\r\nX-Mailer:PHP/".phpversion());
echo "<center>\n";
echo "<table width=\"400\" cellspacing=\"0\" cellpadding=\"3\" border=\"0\" bgcolor=\"#FFFFFF\" style=\"border:1px solid #535353;\">\n";
echo "<tr>\n";
echo "<td colspan=\"2\" bgcolor=\"#535353\" style=\"text-align:center;padding:4px;font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#FFFFFF\"><b>Registreren</b></td>";
echo "</tr>\n";
echo "<tr><td style=\"font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#535353\" align=\"right\" width=\"30%\">\n";
echo "$username is now waiting for approval, you will receive an e-mail if the administrator activated your account.\n"; 
echo "</td></tr>\n";
echo "</table>\n";
echo "</center>\n";
exit();
}else{
if($dbreg==true) {
$query = "INSERT INTO $usertable (username, password, email) VALUES('$username','$password','$email')"; 
mysql_query($query) or die(mysql_error()); 
}
if($subsonicreg==true) {
$url = "http://".$subsonicdomain."/rest/createUser.view?u=".$admin."&p=".$pass."&v=1.9.0&c=remoteregister&username=".$username."&password=".$spassword."&email=".$email."&settingsRole=".$settingsRole."&streamRole=".$streamRole."&jukeboxRole=".$jukeboxRole."&downloadRole=".$downloadRole."&uploadRole=".$uploadRole."&playlistRole=".$playlistRole."&coverartRole=".$coverartRole."&commentRole=".$commentRole."&podcastRole=".$podcastRole."&shareRole=".$shareRole;
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_exec($curl);
curl_close($curl);
}
if($multihostreg==true) {
$time = time();
mysql_select_db($multihosttable, $connect) or die("Cannot connect database 'multihost'.");
$query2 = mysql_query("INSERT INTO `mmh_user_info` (`username`, `password`, `email_address`, `ip_address`, `private_gallery`, `time_joined`, `user_group`, `upload_type`) VALUES('$username', '$password', '$email', '0.0.0.0', '0', '$time', 'normal_user', 'standard')")or die("Error in multihost DB: ".mysql_error());
}
require("lib/mailconf.php");
//Mail for user
mail($email, $subject, $message, "From: $fromname <$sender>\r\nContent-type: text/html\r\nX-Mailer:PHP/".phpversion());
//mail for admin
mail($adminemail, $adminsubject, $adminmessage, "From: $fromname <$sender>\r\nContent-type: text/html\r\nX-Mailer:PHP/".phpversion());
echo "<center>\n";
echo "<table width=\"400\" cellspacing=\"0\" cellpadding=\"3\" border=\"0\" bgcolor=\"#FFFFFF\" style=\"border:1px solid #535353;\">\n";
echo "<tr>\n";
echo "<td colspan=\"2\" bgcolor=\"#535353\" style=\"text-align:center;padding:4px;font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#FFFFFF\"><b>Registreren</b></td>";
echo "</tr>\n";
echo "<tr><td style=\"font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#535353\" align=\"right\" width=\"30%\">\n";
echo "$username is successfully registered.\n"; 
echo "</td></tr>\n";
echo "</table>\n";
echo "</center>\n";
}
if($redirect=="1") {
echo "<meta http-equiv=Refresh content=3;url=http://$subsonicdomain>";
}else{
echo "<meta http-equiv=Refresh content=3;url=http://www.schattorie.nl>";
}
exit();
} 
} 
}
} 
}
}
?> 
<html>
<head>
<title>Register on Buster Music!</title>
</head>

<body>
<center>
<span style="font-size:11px;font-family:Verdana;font-weight:bold;text-decoration:none;color:#535353">Register for music on Buster Music!<br><br><br></span>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> 
<table width="400" cellspacing="0" cellpadding="3" border="0" bgcolor="#FFFFFF" style="border:1px solid #535353;">
<tr>
<td colspan="2" bgcolor="#535353" style="text-align:center;padding:4px;font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#FFFFFF"><b>Register</b></td>
</tr>
<tr><td colspan="2" align="center" style="font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#535353">
<?php echo $error; ?>
</td></tr>
<tr><td style="font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#535353" align="right" width="30%">
Username: 
</td>
<td>
<input type="hidden" name="redirect" value="0">
<input type="text" size="15" maxlength="25" name="username" style="border:1px solid #535353;width:250px;">
</td>
<tr><td style="font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#535353" align="right" width="30%">
E-mail: 
</td>
<td>
<input type="text" size="15" maxlength="25" name="email" style="border:1px solid #535353;width:250px;">
</td>
</tr>
<tr><td style="font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#535353" align="right" width="30%">
Password: 
<td>
<input type="password" size="15" maxlength="25" name="password" style="border:1px solid #535353;width:250px;">
</td>
</td></tr>
<tr><td style="font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#535353" align="right" width="30%">
Confirm password: 
<td>
<input type="password" size="15" maxlength="25" name="cpassword" style="border:1px solid #535353;width:250px;"> 
</td>
</td></tr>
<tr><td>
Verification code:
</td>
<td>
<img src="lib/captcha.php" border="0"><br>
<input type="text" name="captcha" size="15" maxlength="25" style="border:1px solid #535353;width:250px;">
</td></tr>
<tr><td colspan="2" align="center">
<input type="submit" value="Registeer"> 
</td></tr>
</table>
</form>
</center>
</body>
</html>
```
And the "config.php" code:

```
<?php
//Database  connetion
$dbhost = "192.168.0.0";  //local IP of machine running MySQL database
$dbuser = "dbusername";
$dbpass = "dbpassword";
$dbname = "dbtable";
$usertable = "users";
$woausertable = "woausers";
$multihosttable = "multihost";
$connect = mysql_connect($dbhost, $dbuser, $dbpass) or die('Cannot connect to the database, username or password are wrong.');
mysql_select_db($dbname, $connect) or die("Cannot connect database tot '$db_name'.");

//Register settings
$dbreg = true; //Register users in Global DB.
$subsonicreg = true; //Register users in Subsonic.
$multihostreg = false; //Register users in a multihost DB
$woa = false; //Enable approval feature. This will require the admin to approve users before they can user their credentials.
$woaadmin = "admin"; //If the previous setting is true, give the name of the user who may approve users (only 1 user possible, make sure to use lower/upper case characters).

//Set subsonic permisions
$subsonicdomain = "domain.com:port#"; //The IP address or domain name where your subsonic is located.
$admin = "admin"; //Your Subsonic admin.
$pass = "XXXXXXXXXXX"; //(Not the real password)
$settingsRole = true;
$streamRole = true;
$jukeboxRole = false;
$downloadRole = false;
$uploadRole = false;
$playlistRole = true;
$coverartRole = false;
$commentRole = false; 
$podcastRole = false;
%shareRole = true;

//Auto register mail & Pass reset mail
//Zie: lib/mailconf.php
?>
```
I'm not getting any errors connecting to the database, but the issue is when I click the "register" link from the home page, it brings up the registration "window", asks for username, pw, and email, and a captcha, then when I click submit, it's supposed to go to the register.php page (listed above), but instead I get a blank screen (in FF). In IE, it actually tells me there's a programming error. I just can't figure it out...


----------



## JiminSA (Dec 15, 2011)

I rather think that the problem lies in the following bit of code...

```
if($woa==true) {
$query = "INSERT INTO $woausertable (username, password, spassword, email) VALUES('$username','$password','$spassword','$email')"; 
mysql_query($query) or die(mysql_error()); 
require("lib/mailconf.php");
//mail for admin
mail($adminemail, $adminsubject, $adminmessage, "From: $fromname <$sender>\r\nContent-type: text/html\r\nX-Mailer:PHP/".phpversion());
echo "[CENTER]\n";
echo "<table width=\"400\" cellspacing=\"0\" cellpadding=\"3\" border=\"0\" bgcolor=\"#FFFFFF\" style=\"border:1px solid #535353;\">\n";
echo "[TR]\n";
echo "<td colspan=\"2\" bgcolor=\"#535353\" style=\"text-align:center;padding:4px;font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#FFFFFF\">[B]Registreren[/B][/TD]";
echo "[/TR]\n";
echo "[TR]<td style=\"font-size:11px;font-family:Verdana;font-weight:normal;text-decoration:none;color:#535353\" align=\"right\" width=\"30%\">\n";
echo "$username is now waiting for approval, you will receive an e-mail if the administrator activated your account.\n"; 
echo "[/TD][/TR]\n";
echo "[/TABLE]\n";
echo "[/CENTER]\n";
exit();
}else{
if($dbreg==true) {
$query = "INSERT INTO $usertable (username, password, email) VALUES('$username','$password','$email')"; 
mysql_query($query) or die(mysql_error()); 
}
```
whereby you send the email and immediately exit - hence the blank page. What I think you need here is a redirect to your thank you script, no?


----------



## gurutech (Apr 23, 2004)

That's only if "woa" is true, and I have that set for "false".

But for some reason, now I am getting an error when generating the "captcha" code... the background image is there, but the captcha text is not.


----------



## JiminSA (Dec 15, 2011)

Ok, so the problem could be in the form code - could you post it?

When this sort of non-event takes place in stuff I'm testing, I normally stick an echo in the earliest if statement and trace forward to find the problem area....
... perhaps you could put one straight after your username posted check (line 5) - something like - echo "Check what's posted"; and proceed forwards to try find where it's gluing up?


----------



## JiminSA (Dec 15, 2011)

Whoops - you have already posted the form code - my apologies


----------



## JiminSA (Dec 15, 2011)

Could you post the captcha.php, mailconf.php and the vmail.php code please? I am simulating the script on my m/c...


----------



## gurutech (Apr 23, 2004)

Captcha:

```
<?php
session_start();
$captchaTextSize = 6;
do {
$md5Hash = md5(microtime( ) * time());
preg_replace('([1aeilou0])', "", $md5Hash);
}while(strlen($md5Hash) < $captchaTextSize);
$key = substr($md5Hash, 0, $captchaTextSize);
$_SESSION['captcha'] = md5($key);

$captchaImage = imagecreatefrompng("../img/captcha3.png");
$textColor = imagecolorallocate($captchaImage, 31, 118, 92);
$lineColor = imagecolorallocate($captchaImage, 15, 103, 103);
$imageInfo = getimagesize("../img/captcha3.png");
$linesToDraw = 15;
for( $i = 0; $i < $linesToDraw; $i++) {
$xStart = mt_rand(0, $imageInfo[0]);
$xEnd = mt_rand(0, $imageInfo[0]);
imageline($captchaImage, $xStart, 0, $xEnd, $imageInfo[1], $lineColor);
}

imagettftext($captchaImage, 20, 0, 35, 35, $textColor, "fonts/VeraBd.ttf", $key);
header ("Content-type: image/png");
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Fri, 19 Jan 1994 05:00:00 GMT");
header("Pragma: no-cache");
imagepng($captchaImage);
?>
```
Mailconf:

```
<?php
$cwd = getcwd();
$cwd = scandir($cwd);
$checkdir = array_search('lib', $cwd);
if($checkdir=='') {
$mailtemplates = "../lib/mail";
}else{
$mailtemplates = "lib/mail";
}

$fromname = "My Name";
$sender = "[email protected]";
$nohash = 'None';

//Auto register mail
$subject = "Registration on My Website";
$open1 = file_get_contents($mailtemplates.'/regmail.txt', false);
$message = adddata($open1,$username,$spassword,$email,$nohash);

//Pass reet mail
$subject2 = "Password reset request on My Website";
$open2 = file_get_contents($mailtemplates.'/passresetmail.txt', false);
$message2 = adddata($open2,$username,$spassword,$email,$hash);

//adminmail
$adminemail = "[email protected]";
$adminsubject = "Registration on My Website";
if($woa==true) {
$rquri = folder($_SERVER['REQUEST_URI']);
$adminmessage = $username." is registered on the server.\n Approve: http://".$_SERVER['HTTP_HOST']."".$rquri."?user=".$username;
}else{
$adminmessage = $username." is registered on the server.";
}
?>
```
Vmail:

```
<?php
function vMail($field)
  {
  $field=filter_var($field, FILTER_SANITIZE_EMAIL);

   if(filter_var($field, FILTER_VALIDATE_EMAIL))
    {
    return TRUE;
    }
  else
    {
    return FALSE;
    }
  }
?>
```
Hope this helps. I'm thinking it may have something to do with file permissions, so can you let me know what permissions you have on at least these files/folders? I've tried 755, 766, and 777, but get the same results. Also tried different owners, root:root, me:me, and even apache:apache


----------



## JiminSA (Dec 15, 2011)

I can't see in your code, where you connect to the database - am I missing something here? Also, in line 21 you specify your table name in $usertable, which has not been set up...


----------



## gurutech (Apr 23, 2004)

JiminSA said:


> I can't see in your code, where you connect to the database - am I missing something here? Also, in line 21 you specify your table name in $usertable, which has not been set up...


Connection to the database is done in the "register.php" file, using an "include" from the config.php file.

I did edit some of the information in config.php before posting, for security reasons, but I am able to connect to the database (or so I believe, as I do not get any error messages).


----------



## JiminSA (Dec 15, 2011)

Sorry about the delay GuruTech, if you're doing your db update in a called php script, you may be missing a link back to the caller? (hence the white page).
Try inserting

```
header('Location: ' . $_SERVER['HTTP_REFERER']);
```
at the end of your db processing script...


----------



## color (Apr 18, 2013)

come to learn..I'm a rookie..


----------



## JiminSA (Dec 15, 2011)

That's cool Bruce - welcome to TSG


----------



## gurutech (Apr 23, 2004)

Tried adding that line at the end of the script, but still not working... :-(


----------



## JiminSA (Dec 15, 2011)

Sorry for not seeing this earlier ...
You have $subsonicreg set to true and $subsonicdomain set to "domain.com: port#" - a description of what to put in there.
I'm sure if you put a valid url: port in there it will work...
(space between : and port deliberately inserted to avoid smiley)


----------

