Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
PHP DISABLE HTML ON MEMBERS PAGE
#1
Hello,

I am new here, and i have to say i am very impressed on the site layout and the value of members that are on here. I am pleased to join such an appropriate forum to learn from!

Now, if i may get started on my little problem that i am having with my registration form. Before i get further into detail i am a nub at php coding, i have been getting into it lately and want to advance my learning with it.

Ok, that being said i would like to disable html sign up's on my registration. People are inserting html tag's in my registration field causing the members page to mess up. They inserted a big image that covered my whole page with the word 'hacked on it'. Which is very funny because it doesn't cause any harm but it's my stupidity for not disabling html tag's.

I would like some help with this so people can stop doing this stupid crap. I added a spam filter to my project so people don't use wpe pro to spam the mysql database and waist space.

Here is my register.php code:

PHP Code:
<?php session_start() ?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
    <title>DigiChat Member</title>
    <link rel="stylesheet" href="images/main.css" media="screen">
    <link rel="stylesheet" href="images/colors.css" media="screen">
    <link href="loginmodule.css" rel="stylesheet" type="text/css" />
    <style type="text/css">
.style1 {
    color: #CCCCCC;
    font-style: italic;
    font-weight: bold;
}
    </style>
</head>
<body>
<p>&nbsp;</p>

<p>&nbsp;</p>
<div id="container">
    <div id="header">
  <a id="logo" href="#" title="Support Center"><img src="images/head.png" alt="Support Center" width="801" height="64" border="0"></a></div>
    <ul id="nav">
                  <li><a class="ticket_status" href="./index.php">Home</a></li>
                  <li><a class="new_ticket" href="./members.php">Members</a><a class="new_ticket" href="./register.php">Register</a><a class="new_ticket" href="./news.php">News</a></li>
         <li></li>

    </ul>
    <div id="content">
      <div id="index"><?php
    
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >) {
        echo 
'<ul class="err">';
        foreach(
$_SESSION['ERRMSG_ARR'] as $msg) {
            echo 
'<li>'.strip_tags($msg).'</li>'
        }
        echo 
'</ul>';
        unset(
$_SESSION['ERRMSG_ARR']);
    }
?>
        <h1 align="left">Register A Free Account! </h1>
        <form id="loginForm" name="loginForm" method="post" action="register-exec.php">
          <p>&nbsp;</p>
          <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
            <tr>
              <th>First Name </th>
              <td><input name="fname" type="text" class="textfield" id="fname" /></td>
            </tr>
            <tr>
              <th width="124">Real Name </th>
              <td width="168"><input name="realname" type="text" class="textfield" id="realname" /></td>
            </tr>
            <tr>
              <th>Last Name </th>
              <td><input name="lname" type="text" class="textfield" id="lname" /></td>
            </tr>
            <tr>
              <th>Login</th>
              <td><input name="login" type="text" class="textfield" id="login" /></td>
            </tr>
            <tr>
              <th>Site ID</th>
              <td><input name="SiteID" type="text" class="textfield" id="SiteID" /></td>
            </tr>
            <tr>
              <th>Age</th>
              <td><input name="Age" type="text" class="textfield" id="Age" /></td>
            </tr>
            <tr>
              <th>Exit Message </th>
              <td><input name="exitmessage" type="text" class="textfield" id="exitmessage" /></td>
            </tr>
            <tr>
              <th>Comments </th>
              <td><input name="comments" type="text" class="textfield" id="comments" /></td>
            </tr>
            <tr>
              <th>Url</th>
              <td><input name="Url" type="text" class="textfield" id="Url" /></td>
            </tr>
            <tr>
              <th>Password</th>
              <td><input name="password" type="password" class="textfield" id="password" /></td>
            </tr>
            <tr>
              <th>Confirm Password </th>
              <td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
            </tr>
            <tr></tr>
            <tr>
            <tr></tr>
<tr></tr>
<tr></tr>
<tr>
  <td></td>
  <td><div align="center">
    <p><img id="captcha" src="securimage_show.php" alt="CAPTCHA Image" /></p>
    <p>
      <input name="captcha_code" type="text" class="textfield" size="10" maxlength="6" />     
        <input type="submit" name="submit" value="Submit" />    
      </p>
    </div></td>
</tr>
              <td></td>
              </tr>  <tr></tr>
          </table>
        </form>
      </div>
      <div style="clear:both"></div> 
 </div>
 <div id="footer"></div>
</div>
 <div align="center">
<img src="images/poweredby.png" height="38" width="802"></div>
</body></html> 

Here is register-exec.php:

PHP Code:
<?php
    
//Start session
    
session_start();
    
    
//Include database connection details
    
require_once('config.php');
    include_once (
'securimage.php');
    
    
//Array to store validation errors
    
$errmsg_arr = array();
    
    
//Validation error flag
    
$errflag false;
    
    
//Connect to mysql server
    
$link mysql_connect(DB_HOSTDB_USERDB_PASSWORD);
    if(!
$link) {
        die(
'Failed to connect to server: ' mysql_error());
    }
    
    
//Select database
    
$db mysql_select_db(DB_DATABASE);
    if(!
$db) {
        die(
"Unable to select database");
    }
    
    
//Function to sanitize values received from the form. Prevents SQL injection
    
function clean($str) {
        
$str = @trim($str);
        if(
get_magic_quotes_gpc()) {
            
$str stripslashes($str);
        }
        return 
mysql_real_escape_string($str);
    }
    
    
//Sanitize the POST values
    
$fname clean($_POST['fname']);
    
$lname clean($_POST['lname']);
    
$login clean($_POST['login']);
    
$SiteID clean($_POST['SiteID']);
    
$Age clean($_POST['Age']);
    
$Url clean($_POST['Url']);
    
$realname clean($_POST['realname']);
    
$exitmessage clean($_POST['exitmessage']);
    
$comments clean($_POST['comments']);
    
$password clean($_POST['password']);
    
$cpassword clean($_POST['cpassword']);
    
$securimage = new Securimage();

    
    
//Input Validations
    
if($fname == '') {
        
$errmsg_arr[] = 'First name missing';
        
$errflag true;
    }
    if(
$lname == '') {
        
$errmsg_arr[] = 'Last name missing';
        
$errflag true;
    }
    if(
$login == '') {
        
$errmsg_arr[] = 'Login ID missing';
        
$errflag true;
    }
    if(
$SiteID == '') {
        
$errmsg_arr[] = 'Site ID missing';
        
$errflag true;
        }
    if(
$Age == '') {
        
$errmsg_arr[] = 'Age missing';
        
$errflag true;
        }
    if(
$Url == '') {
        
$errmsg_arr[] = 'Url missing';
        
$errflag true;
    }
    if(
$exitmessage == '') {
        
$errmsg_arr[] = 'Exit Message missing';
        
$errflag true;
    }
    if(
$comments == '') {
        
$errmsg_arr[] = 'Comments missing';
        
$errflag true;
    }
    if(
$realname == '') {
        
$errmsg_arr[] = 'Real Name missing';
        
$errflag true;
    }
    if(
$password == '') {
        
$errmsg_arr[] = 'Password missing';
        
$errflag true;
    }

    if(
$cpassword == '') {
        
$errmsg_arr[] = 'Confirm password missing';
        
$errflag true;
    }

    if( 
strcmp($password$cpassword) != ) {
        
$errmsg_arr[] = 'Passwords do not match';
        
$errflag true;
    }
        if (
$securimage->check($_POST['captcha_code']) == false) {
$errmsg_arr[] = 'Captcha Incorrect';
        
$errflag true;
    }
    

    
//Check for duplicate login ID
    
if($login != '') {
        
$qry "SELECT * FROM members WHERE login='$login'";
        
$result mysql_query($qry);
        if(
$result) {
            if(
mysql_num_rows($result) > 0) {
                
$errmsg_arr[] = 'Login ID already in use';
                
$errflag true;
            }
            @
mysql_free_result($result);
        }
        else {
            die(
"Query failed");
        }
    }
    
    
//If there are input validations, redirect back to the registration form
    
if($errflag) {
        
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        
session_write_close();
        
header("location: register.php");
        exit();
    }

    
//Create INSERT query
    
$qry "INSERT INTO members(firstname, lastname, login, SiteID, Age, Url, exitmessage, comments, realname, passwd) VALUES('$fname','$lname','$login','$SiteID','$Age','$Url','$exitmessage','$comments','$realname','".md5($_POST['password'])."')";
    
$result = @mysql_query($qry);
    
    
//Check whether the query was successful or not
    
if($result) {
        
header("location: success.php");
        exit();
    }else {
        die(
"Query failed");
    }
?>

If i could get some help with this i would be greatly appreciated. This can be annoying to other's, and i thought this would be a place to submit a question like this to users with the same problem...

Regards,

Leprechaun Coder
Reply


Messages In This Thread
PHP DISABLE HTML ON MEMBERS PAGE - by Leprechaun Coder - 05-14-2011, 01:16 PM
RE: PHP DISABLE HTML ON MEMBERS PAGE - by Gaijin - 05-14-2011, 02:45 PM
RE: PHP DISABLE HTML ON MEMBERS PAGE - by Sly - 05-14-2011, 09:07 PM
RE: PHP DISABLE HTML ON MEMBERS PAGE - by Sly - 05-14-2011, 09:10 PM
RE: PHP DISABLE HTML ON MEMBERS PAGE - by Sly - 05-14-2011, 09:21 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  PHP Framework List: An Ultimate Guide to 102 PHP Frameworks for Web Developers tk-hassan 0 938 07-27-2020, 11:26 PM
Last Post: tk-hassan
  [PHP] Very Basic Login Page BreShiE 17 7,918 07-11-2013, 05:57 AM
Last Post: 1n9i9c7om ツ
  PHP Video Tutorials (PHP For Beginners) Eleqtriq 4 3,660 10-10-2011, 01:00 PM
Last Post: Greyersting
  PHP error on page submit kaosjon 7 2,709 09-18-2011, 03:31 AM
Last Post: AceInfinity
  HTML&PHP Games. flAmingw0rm 25 4,449 06-04-2011, 07:23 AM
Last Post: Strafeness

Forum Jump:


Users browsing this thread: 2 Guest(s)