[Lightcms] Register Not Making User?

D

Diddy8000

Member
Aug 22, 2011
78
18
Hello,

The issue im having is that after completing register steps it takes you to the me page as the user you made but it hasn't acutally made the user in the database if you log out and try to log in with those same details it says user not found.
You must be registered for see links


Register:
PHP: 
<?php

    /*
      _____ _ _                _           
    |_  _| | |              (_)           
      | | | | |_  _ _ __ ___  _ _ __  __ _
      | | | | | | | | '_ ` _ \| | '_ \ / _` |
      _| |_| | | |_| | | | | | | | | | | (_| |
    |_____|_|_|\__,_|_| |_| |_|_|_| |_|\__,_|
       
        Illumina CMS by Jonteh (http://zaphotel.net/)
        ***** Thread for updates & help: http://forum.*****.com/f353/rel-illumina-cms-php-oop-917506/
    */

    require_once "required.php";

    if($users->isLogged()) {
        header ("Location: " . WWW . "/me");
        exit;
    }
    else if(!$light->reg_enabled) {
        header ("Location: " . WWW . "/index.php?registerDisabled");
        exit;
    }
    else if(isset($_GET["_error"])) {
        $gerr = $db->real_escape_string($_GET["_error"]);
        $err = str_replace('-', ' ', $gerr);
        $tpl->assign('errorSpace', '<div id="error-messages-container" class="cbb">
          <div class="rounded" style="background-color: #cb2121;">
            <div id="error-title" class="error">
                ' . $err . ' <br />
                    </div>
                  </div>
              </div>');
    }
    else {
        $tpl->assign('errorSpace', '<div id="error-placeholder"></div>');
    }
   
    if($db->lnumrows("SELECT null FROM users WHERE ip_last = '" . $_SERVER["REMOTE_ADDR"] . "' OR ip_reg = '" . $_SERVER["REMOTE_ADDR"] . "'") >= $light->max_per_ip) {
        header ("Location: " . WWW . "/index.php?maxAccountsReached");
        exit;
    }
   
    $tpl->assign('title', 'Register an account');
   
    if(isset($_GET["_register_step"])) {
        $s = $db->real_escape_string($_GET["_register_step"]);
        if($s == 1) {    // Birth date, gender
            $tpl->draw('quickregister-step1');
        }
        else if($s == 2) { // age_gate_submit - verify birthdate and gender
            if(isset($_POST["bean_month"]) && isset($_POST["bean_day"]) && isset($_POST["bean_year"]) && isset($_POST["bean_gender"])) {
                $m = $db->real_escape_string($_POST["bean_month"]);
                $d = $db->real_escape_string($_POST["bean_day"]);
                $y = $db->real_escape_string($_POST["bean_year"]);
                $g = $db->real_escape_string($_POST["bean_gender"]);

                $_SESSION["_ageGatePass"] = true;
                $_SESSION["_userAge"] = $d . "/" . $m . "/" . $y;
                $_SESSION["_userGender"] = $g;
                header ("Location: " . WWW . "/quickregister/email_password");
                exit;
            }
        }
        else if($s == 3) { // email_password - get their email and their password for future logins
            if(!isset($_SESSION["_ageGatePass"]) || !isset($_SESSION["_userAge"]) || !isset($_SESSION["_userGender"])) {
                header ("Location: " . WWW . "/quickregister/age_gate/error");
                exit;
            }
            else {
                $tpl->draw('quickregister-step2');
            }
        }
        else if($s == 4) { // email_password_submit
            if(isset($_POST["bean_username"]) && isset($_POST["bean_email"]) && isset($_POST["bean_retypedEmail"]) && isset($_POST["bean_password"]) && isset($_POST["bean_termsOfServiceSelection"])) {
                $u1 = str_replace(" ", "", $db->real_escape_string($_POST["bean_username"]));
                $u = $users->forceFormat($u1);
                $e = $db->real_escape_string($_POST["bean_email"]);
                $e2 = $db->real_escape_string($_POST["bean_retypedEmail"]);
                $pwlen = strlen($_POST["bean_password"]);
                $p =    $users->userHash($_POST["bean_password"], $u);
                $t = $db->real_escape_string($_POST["bean_termsOfServiceSelection"]);
                if(!$users->isUsernameValid($u)) {
                    header("Location: " . WWW . "/quickregister/email_password_submit/invalid_username");
                    exit;
                }
                else {
                    if($e == $e2 && $users->isEmailValid($e)) {
                        if($pwlen >= 6 && !empty($u)) {
                            $_SESSION["_captcha"] = rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9);
                            $_SESSION["_emailGatePass"] = true;
                            $_SESSION["_userEmail"] = $e;
                            $_SESSION["_userPassword"] = $p;
                            $_SESSION["_userName"] = $u;
                            header("Location: " . WWW . "/quickregister/captcha");
                            exit;
                        }
                        else {
                            header("Location: " . WWW . "/quickregister/email_password_submit/invalid_password");
                            exit;
                        }
                    }
                    else {
                        header("Location: " . WWW . "/quickregister/email_password_submit/invalid_email");
                        exit;
                    }
                }   
            }
            else {
                header ("Location: " . WWW . "/quickregister/email_password_submit/fields");
                exit;
            }
        }
        else if($s == 5) {
            if(!isset($_SESSION["_emailGatePass"])) { header ("Location: " . WWW . "/quickregister/start"); }
            $_SESSION["_captcha"] = rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9);
            $tpl->assign('captcha', '<font color="white" size="6">' . $_SESSION["_captcha"] . '</font>');
            $tpl->draw('quickregister-step3');
        }
        else if($s == 6) {
            if(isset($_POST["captchaResponse"])) {
                $r = $_POST["captchaResponse"];
                $rc = $_SESSION["_captcha"];
               
                if($r == $rc)
                {
                    // Lets recap all the user vars we need, add the user and then unset everything.
                    $user_age = $_SESSION["_userAge"];
                    $user_name = $_SESSION["_userName"];
                    $user_gender = $_SESSION["_userGender"];
                    $user_email = $_SESSION["_userEmail"];
                    $user_password = $_SESSION["_userPassword"];
                    $user_signupip = $_SERVER["REMOTE_ADDR"];
                   
                    $users->addUser($user_name, $user_password, $user_email, $light->default_rank, $light->default_look, $light->default_gender, $light->default_motto, $light->default_homeroom);
                       
                    unset($user_age);
                    unset($user_gender);
                    unset($user_email);
                    unset($user_betakey);
                    unset($_SESSION["_captcha"]);
                    unset($_SESSION["_emailGatePass"]);
                    unset($_SESSION["_ageGatePass"]);
                   
                    $_SESSION["Username"] = $user_name;
                    unset($user_name);
                   
                    $_SESSION["HashedPassword"] = $user_password;
                    unset($user_password);

                    header ("Location: " . WWW . "/me");
                    exit;
                }
                else {
                    header ("Location: " . WWW . "/quickregister/captcha/error");
                    exit;
                }   
            }
        }
        else {
            header("Location: " . WWW . "/quickregister/captcha");
            exit;
        }
    }
?>


Quickregister-step1.tpl:
You must be registered for see links

Quickregister-step2.tpl:
You must be registered for see links

Quickregister-step3.tpl:
You must be registered for see links


Thanks,
Josh

- - - Updated - - -

Replaced All Those Register Files with the original files for it, still doesn't work any ideas?
 
Sort by date Sort by votes
ItsNick

ItsNick

Member
Nov 19, 2013
96
15
Does the registration put a user into the database? As you mentioned you were able to register and view a page as the user. This would only be possible if the 'me' page can pull session info from the database. If you are just unable to log in with an account, most likely your login script is broken, and isn't working properly, and not the registration.
 
Upvote 0 Downvote
D

Diddy8000

Member
Aug 22, 2011
78
18
@ItsNick No The Registration does not put the user in the database, the me page comes up 'temporary' As if it was placed in the database though, although when you log out and try to log in with the same details the user is not found as its not in the database.

@DrPepper23
Class_users.php
PHP: 
<?php
  
    class UserManager {
        public function userHash($password, $username) {
            global $light;
            if($light->hashing_method == "Normal") {
                return sha1(md5($password) . strtolower($username));
            }
            else if($light->hashing_method == "MD5") {
                return md5($password);
            }
        }
        public function userVar($username, $var) {
            global $db, $core, $light;
            if($light->apc_enabled) {
                $key = $username . "_" . $var;
                if(apc_exists($key)) {
                    return json_decode(apc_fetch($key), true);
                }
                else {
                    $returner = json_encode($this->getUserVar($username, $var), true);
                    apc_store($key, $returner, 120);
                    return json_decode(apc_fetch($key), true);
                }
            }
            elseif ($light->wincache_enabled) {
                $key = $username . "_" . $var;
                if (wincache_ucache_exists($key)) {
                    return json_decode(wincache_ucache_get($key), true);
                } else {
                    $returner = json_encode($this->getUserVar($username, $var), true);
                    wincache_ucache_set($key, $returner, 120);
                    return json_decode($returner, true);
                }
            }
            else {
                return $this->getUserVar($username, $var);
            }
        }
        public function getUserVar($username, $var) {
            global $db;
            $this->query = "SELECT `" . $var . "` FROM `users` WHERE `username` = '" . $username . "'";
          
            if($this->result = $db->query($this->query)) {
                while($this->data = $this->result->fetch_row()) {
                    $this->return = $this->data[0];
                    return $this->return;
                }
            }
            else {
                $db->databaseError($db->error);
            }
        }
        public function idToName($id) {
            global $db;
            if($query = $db->query("SELECT username FROM users WHERE id = '" . $id . "'")) {
                while($data = $query->fetch_row()) {
                    return $data[0];
                }
            }
            else {
                return null;
            }
        }
        public function forceFormat($name) {
            return preg_replace("/[^A-Za-z0-9 ]/", '', $name);
        }
        public function validCredentials($username, $password) {
            if ($password == $this->userVar($username, 'password')) {
                return true;
            }
            return false;
        }
        public function isLogged() {
            if (isset($_SESSION["Username"]) && isset($_SESSION["HashedPassword"])) {
                return true;
            }
            return false;
        }
        public function doesUserExist($username) {
            global $db;
            $query = $db->query("SELECT null FROM users WHERE username = '" . $username . "'");
            $rows = $query->num_rows;
            if($rows < 1) {
                return false;
            }
            return true;
        }
        public function checkSessions() {
            if($this->isLogged()) {
                $this->username = $_SESSION["Username"];
                $this->sesPass = $_SESSION["HashedPassword"];
                if(!$this->doesUserExist($this->username) || $this->sesPass != $this->userVar($this->username, 'password', false)) {
                    unset($_SESSION["Username"]);
                    unset($_SESSION["HashedPassword"]);
                }
            }
        }
        public function isBlockedName($name) {
            $this->blockedNames = array ('mod', 'adm', 'admin', 'events', 'supermod', 'staff', 'jonty', 'jonteh', 'tech', 'sulake', 'owner', 'ownr', ' ', '£', '™', '£', '¢', '∞', '§', '¶', '•', 'ª', '©', '®');
            foreach($this->blockedNames as $this->list) {
                if(strtolower($name) == strtolower($this->list)) {
                    return true;
                }
            }
            foreach($this->blockedNames as $this->two) {
                if(strpos(strtolower($name), strtolower($this->two)) !== false) {
                    return true;
                }
            }
            return false;
        }
        public function isEmailValid($email) {
            if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
                return true;
            }
            else {
                return false;
            }
        }
        public function isUsernameValid($username) {
            if(!preg_match('/^[a-z0-9]+$/i', $username) && strlen($username) < 4 && strlen($username) > 20) {
                return false;
            }
            elseif($this->doesUserExist($username)) {
                return false;
            }
            elseif($this->isBlockedName($username)) {
                return false;
            }
            return true;
        }
        public function addUser($username, $passwordHash, $email, $rank, $figure, $sex, $motto, $homeroom) {
            global $db, $core;
            if($this->stmt = $db->prepare("INSERT INTO users (username,password,mail,auth_ticket,rank,look,gender,motto,home_room,credits,activity_points,last_online,account_created,ip_last,ip_reg) VALUES ('" . $username . "','" . $passwordHash . "','" . $email . "','','" . $rank . "','" . $figure . "','" . $sex . "', '" . $motto . "', '" . $homeroom . "','25000','10000','','" . time() . "', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['REMOTE_ADDR']."')")) {
                $this->stmt->execute();
                $this->stmt->close();
            }
            else {
                $db->databaseError($db->error);
            }
        }
        public function genSSO() {
            global $light;
            $this->sso = "SSO";
            $this->sso .= "-";
            $this->sso .= rand(1,12345);
            $this->sso .= rand(1,12345);
            $this->sso .= rand(1,12345);
            $this->sso .= "-";
            $this->sso .= rand(1,12345);
            $this->sso .= rand(1,12345);
            $this->sso .= "-" . str_replace(" ", "", $light->site_name);
            $this->sso .= "-" . USER_ID;
            return $this->sso;
        }
        public function doesUserHaveTicket($user_id) {
            global $db, $light;
            if($light->server_type == "Butterfly") {
                $this->query = "SELECT null FROM user_tickets WHERE userid = '" . $user_id . "'";
                if($this->result = $db->query($this->query)) {
                    $this->check = $this->result->num_rows;
                    $this->result->close();
                }
                else {
                    return false;
                }
                if($this->check >= 1) {
                    return true;
                }
            }
            return false;
        }
        public function isUserBanned($username) {
            global $db;
            $this->query = "SELECT * FROM bans WHERE expire > " . time() . " AND value = '" . $username . "'";
            if($this->result = $db->query($this->query)) {
                $this->check = $this->result->num_rows;
                $this->result->close();
            }
            else {
                $db->databaseError($db->error);
            }
            if($this->check >= 1) {
                return true;
            }
        }
        public function isIpBanned($ip) {
            global $db, $core;
            $this->query = "SELECT * FROM bans WHERE expire > " . time() . " AND value = '" . $ip . "'";
            if($this->result = $db->query($this->query)) {
                $this->check = $this->result->num_rows;
                $this->result->close();
            }
            else {
                $db->databaseError($db->error);
            }
            if($this->check >= 1) {
                return true;
            }
        }
        public function doesUserHaveBadge($userid, $badgeid) {
            global $db;
            if(!$db->lnumrows("SELECT * FROM user_badges WHERE user_id = '" . $userid . "' AND badge_id = '" . $badgeid . "'")) {
                return false;
            }
            return true;
        }
        public function isUserOnline($username) {
            if($this->userVar($username, 'online') == 1) {
                return true;
            }
            return false;
        }
    }
?>
 
Upvote 0 Downvote
G

GarettM

Posting Freak
Aug 5, 2010
833
136
If you want send me a copy of your cms & db cleaned* I don't want any user info. And I'll have a look in about 40 minutes when I get to my friends house
 
Upvote 0 Downvote
ItsNick

ItsNick

Member
Nov 19, 2013
96
15
PHP: 
public function doesUserExist($username) {
            global $db;
            $query = $db->query("SELECT null FROM users WHERE username = '" . $username . "'");
            $rows = $query->num_rows;
            if($rows < 0) {
                return false;
            }
            return true;
        }
In your Class_users.php...
This functions says its selecting if a column is null, or doesn't find anything. Try changing it to:
PHP: 
 $query = $db->query("SELECT * FROM users WHERE username ='".$username."' LIMIT 1");

This way, if it finds something, it will return true if that user is found with the matching username.
 
Upvote 0 Downvote
D

Diddy8000

Member
Aug 22, 2011
78
18
Iv'e fixed this now,
PHP: 
if($this->stmt = $db->prepare("INSERT INTO users (username,password,mail,auth_ticket,rank,look,gender,motto,home_room,credits,activity_points,last_online,account_created,ip_last,ip_reg) VALUES ('" . $username . "','" . $passwordHash . "','" . $email . "','','" . $rank . "','" . $figure . "','" . $sex . "', '" . $motto . "', '" . $homeroom . "','25000','10000','','" . time() . "', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['REMOTE_ADDR']."')")) {

This line wasn't inserting all fields in the users so i changed it so it would now it works prefectly.
 
Upvote 0 Downvote
G

GarettM

Posting Freak
Aug 5, 2010
833
136
Diddy8000 said:
Iv'e fixed this now,
PHP: 
if($this->stmt = $db->prepare("INSERT INTO users (username,password,mail,auth_ticket,rank,look,gender,motto,home_room,credits,activity_points,last_online,account_created,ip_last,ip_reg) VALUES ('" . $username . "','" . $passwordHash . "','" . $email . "','','" . $rank . "','" . $figure . "','" . $sex . "', '" . $motto . "', '" . $homeroom . "','25000','10000','','" . time() . "', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['REMOTE_ADDR']."')")) {

This line wasn't inserting all fields in the users so i changed it so it would now it works prefectly.
Click to expand...
This is still a bad way of doing this xD
just use regular mysqli_query because all your doing is seeing if it prepares your not checking if it executes right?
:confused: i could be horribly wrong?
 
Upvote 0 Downvote

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top