#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2014
    Posts
    3
    Rep Power
    0

    2 forms 1 submit button?


    Ok, I have a slight issue I need some help with and hopefully any of you can help me!

    I have a user registration form system. Every thing works properly with this, it creates the Database with the users name, email and username MD5's the password and the confirmation code. 

    I have a domain registration form system. This works properly, creates the users domain and adds it into WHM. Biggest thing is, is how can I go about adding in the TWO forms into 1, as I have been working on this since 3 days ago. Yesterday was 6 hours, Today is a good 2 hours, and still nothing. When clicking on submit it only creates the users account, and nothing is done in the WHM.

    Here is the code for it. The top code above [Domain Registration] is the user registration. 



    Code:
    <form id='register' action='<?php echo $fgmembersite->GetSelfScript(); "<?=$PHP_SELF?>" ?>'  method='post' accept-charset='UTF-8'>
    
    <fieldset >
    
    <legend>Register</legend>
    
    
    
    <input type='hidden' name='submitted' id='submitted' value='1'/>
    
    
    
    <div class='short_explanation'>* required fields</div>
    
    <input type='text'  class='spmhidip' name='<?php echo $fgmembersite->GetSpamTrapInputName(); ?>' />
    
    
    
    <div><span class='error'><?php echo $fgmembersite->GetErrorMessage(); ?></span></div>
    
    <div class='container'>
    
        <label for='name' >Your Full Name*: </label><br/>
    
        <input type='text' name='name' id='name' value='<?php echo $fgmembersite->SafeDisplay('name') ?>' maxlength="50" /><br/>
    
        <span id='register_name_errorloc' class='error'></span>
    
    </div>
    
    <div class='container'>
    
        <label for='email' >Email Address*:</label><br/>
    
        <input type='text' name='email' id='email' value='<?php echo $fgmembersite->SafeDisplay('email') ?>' maxlength="50" /><br/>
    
        <span id='register_email_errorloc' class='error'></span>
    
    </div>
    
    <div class='container'>
    
        <label for='username' >Username*:</label><br/>
    
        <input type='text' name='username' id='username' value='<?php echo $fgmembersite->SafeDisplay('username') ?>' maxlength="50" /><br/>
    
        <span id='register_username_errorloc' class='error'></span>
    
    </div>
    
    <div class='container' style='height:80px;'>
    
        <label for='password' >Password*:</label><br/>
    
        <div class='pwdwidgetdiv' id='thepwddiv' ></div>
    
        <noscript>
    
        <input type='password' name='Password' id='password' maxlength="50" />
    
        </noscript>    
    
        <div id='register_password_errorloc' class='error' style='clear:both'></div>
    
    </div>
    
    
    
    [<b>Domain Registration</b>]
    
    
    
    <div class='container'>
    
        <label for='host' >Domain*:</label><br/>
    
        <input type="text" name="Host"><br/>
    
        
    
    </div>
    
    
    
    <div class='container'>
    
        <label for='package' >Package*:</label><br/>
    
        <select name="Package">
    
    <option value="ihosting_Small">Small</option>
    
    <option value="ihosting_Medium">Medium</option>
    
    <option value="ihosting_Large">Large</select></option><br/>
    
        
    
    </div>
    
    
    
    <div class='container'>
    
        <label for='username' >Username*:</label><br/>
    
        <input type="text" name="Username">
    
        <span id='register_username_errorloc' class='error'></span>
    
    </div>
    
    
    
    <div class='container'>
    
        <label for='password' >Password*:</label><br/>
    
        <input type="text" name="Password" value="Password">
    
    </div>
    
    <div class='container'>
    
        <input type='submit' name="submitted" value='Submit' />
    
    </div>
    
    
    
    </fieldset>
    
    </form>
    This part:&nbsp;<form id='register' action='<?php echo $fgmembersite->GetSelfScript(); "<?=$PHP_SELF?>" ?>' method='post' accept-charset='UTF-8'>


    The first and last part is for the user and this:&nbsp;"<?=$PHP_SELF?>" is for the domain registration, both need to use the action= method, but I have been trying to figure out how to integrate it, because if I delete:&nbsp;'<?php echo $fgmembersite->GetSelfScript(); the whole page disappears. Some how I don't think you can have to scripts needing the action= method. Both are vital and important.


    I've even tried making it in 2 forms, and both having their own separate "Submit" button which creates 2 buttons and you need to quickly press both buttons in order for both to work. >.<



    And this is the PHP formats for the forms:

    (Top is user bottom is domain)

    I obviously deleted the username and password for the WHM file.&nbsp;

    Code:
    <?PHP
    
    require_once("./include/membersite_config.php");
    
    
    
    if(isset($_POST['submitted']))
    
    {
    
       if($fgmembersite->RegisterUser())
    
       {
    
            $fgmembersite->RedirectToURL("thank-you.html");
    
       }
    
    }
    
    
    
    ?>
    
    
    
    <?php
    
    if(isset($_POST[project_submission])) {
    
    
    
    
    require_once('whm.php');
    
    
    
    
    
    $test= new whm;
    
    
    
    $test->init('hosting','user','pass');
    
     
    
    $Host = $_POST[Host];
    
    $User = $_POST[Username];
    
    $Pass = $_POST[Password];
    
    $Pack = $_POST[Package];
    
    $result = $test->createAccount($Host, $User, $Pass, $Pack); 
    
    
    
    if($result) 
    
    { 
    
    echo "submission successful!";
    
    } 
    
    else 
    
    {  
    
    echo "submission failed!";
    
    } 
    
    
    
    } else {
    
    ?>
    Here is the is the submit button for the user:&nbsp;<input type='submit' name="submitted" value='Submit' />
    and for the domain reg:
    <input type="submit" name="project_submission" value="Submit">

    I've already tried to rename both "name=" and the same in the PHP where it shows the names of the submit buttons to the same name, and yet nothing worked.

    Thank you in advanced! I know this is a lot to help with. :P
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1018
    Hi,

    before you worry about the form, you first need to fix several gaping security holes:

    You're using $PHP_SELF. That means your PHP installation still has the infamous register_globals “feature” turned on, one of the biggest security threats in the history of PHP. This feature has been removed a long time ago, so you're obviously using a totally outdated PHP version as well.

    $PHP_SELF itself is wide open to cross-site scripting attacks, meaning attackers can inject arbitrary JavaScript code into your website.

    For some reason, you're using MD5 for the passwords. This algorithm is extremely weak. Virtually any password can be broken in a matter of minutes with an average PC. Actually, you can even search the hashes on Google. Chances are somebody has already calculated them for you.

    See The 6 worst sins of security for an overview of basic security measures for websites.



    // Cross-posted on stackoverflow
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2014
    Posts
    3
    Rep Power
    0
    The only way the script will work is if it's in place. This is the original script for the domain reg.:

    Code:
    <?php
    if(isset($_POST[project_submission])) {
    
    require_once('whm.php');
    
    $test= new whm;
    
    $test->init('domain','user','pass');
     
    $Host = $_POST[Host];
    $User = $_POST[Username];
    $Pass = $_POST[Password];
    $Pack = $_POST[Package];
    $result = $test->createAccount($Host, $User, $Pass, $Pack); 
    
    if($result) 
    { 
    echo "submission successful!";
    } 
    else 
    {  
    echo "submission failed!";
    } 
    
    } else {
    ?>
    
    <form method="post" action="<?=$PHP_SELF?>">
    <input type="text" name="Host" value="Host">
    <input type="text" name="Username" value="Username">
    <input type="text" name="Password" value="Password">
    <select name="Package">
    <option value="ihosting_Small">Small</option>
    <option value="ihosting_Medium">Medium</option>
    <option value="ihosting_Large">Large</select></option>
    <input type="submit" name="project_submission" value="Submit">
    </form>
    
    <?php
    }
    ?>
    So it has nothing to do with the user registration.

    I was looking at the reg/login script posted in the PHP Guide, so I might give that a try.
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1018
    Originally Posted by Darkmage4
    I was looking at the reg/login script posted in the PHP Guide, so I might give that a try.
    This is for learning how to access a MySQL database, it's not for use on an actual website.

    You should also start with the security basics before you jump into programming a login system.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2014
    Posts
    3
    Rep Power
    0
    I see. Well thank you for that info. My user/domain reg isn't live yet. and I barely get hits to my site. Even then it's mostly me. :P

    A friend of mine helped me create some of this script. Mainly the PHP part. I found the reg script online. Which I assume is bad. lol. BUT I did change many things from the original script. Because even then I know the creator or anyone that knows the script could inject anything, which is why it's not live. :P

    Basically at the moment this is just a learning experience.

    ed: I was also trying to PM you, but apparently I cannot. I don't want my URL public though. I did confirm my account from the email I got.
  10. #6
  11. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Location
    Burb of Detroit, Michigan
    Posts
    107
    Rep Power
    97
    I just want to interject a small piece of advice, I have always found that learning how to do something right the first time always saves time in the long run. No matter on how long it takes to the learn the material, in this case on how to code. I have learned from past experience (I think everyone is guilty of doing this) that learning how to do something the wrong way most of the time leads to code being poorly written and very insecure.

    Comments on this post

    • Jacques1 agrees
  12. #7
  13. Web Developer/Musician
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2004
    Location
    Tennessee Mountains
    Posts
    2,424
    Rep Power
    1036
    There is no need to have two forms on a page to submit with a single button. For one thing you want to make sure that if one submission does not succeed the other will not either. Put it all in one form, do your registration and if all goes well use PHP to post the rest of the information to WHM.

IMN logo majestic logo threadwatch logo seochat tools logo