Need help with registration system...

I have a registration system for my “free email” site which does a few functions like inserting info into the database, then it makes an http request to my cpanel which then creates the email account, if all goes well it’s supposed to return with a success page but all it’s doing is returning an error message like this:

Warning: fgets() [function.fgets]: SSL: fatal protocol error in /home/site/public_html/directory/reguser.php on line 88

but if the registration info is sent and the user is already taken I get this error message:

[code]Warning: fgets() [function.fgets]: SSL: fatal protocol error in /home/site/public_html/directory/reguser.php on line 88

Warning: Cannot modify header information - headers already sent by (output started at /home/site/public_html/directory/reguser.php:88) in /home/site/public_html/directory/reguser.php on line 148[/code]

Below is the code for my processor page:

[code]<?php

function check_email_address($email) {
// First, we check that there’s one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&’*+/=?^_{|}~-][A-Za-z0-9!#$%&'*+/=?^_{|}~.-]{0,63})|("[^(|")]{0,62}"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^[?[0-9.]+]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}

// Check for Available Email Address
$requser = $_GET[‘username’];
if ( $requser == “” ) {
$ermsg = “You must enter a username.”;
}

include (“includes/db.inc.php”);
$dbh=mysql_connect ("$dbhost", “$dbusername”, “$dbpassword”) or die ('I cannot connect to the database because: ’ . mysql_error());
mysql_select_db ("$dbdatabase");

$result = mysql_query(“SELECT id FROM useraccounts WHERE username=’$requser’”)
or die(mysql_error());
$row = mysql_fetch_array( $result );
$id = $row[‘id’];
if ( $id != “” ) {
//echo “Username already taken”;
$ermsg = “Username is already taken.”;
}

//Check for no blank fields
$reqpass = $_GET[‘password1’];
$regfname = $_GET[‘Fname’];
$reglname = $_GET[‘Lname’];
$reqsecquest = $_GET[‘securityquestion’];
$reqsecansw = $_GET[‘securityanswer’];
$reqaltemail = $_GET[‘altemail’];

if ( $reqpass == “” OR $regfname == “” OR $reglname == “” OR $reqsecquest == “” OR $reqsecansw == “” OR $reqaltemail == “” ) {
$ermsg = “All fields of the form must be completed.”;
}

//Validate Alt Email
if (check_email_address($reqaltemail)) {
//$ermsg = “”;
} else {
$ermsg = “Invalid alternate email address.”;
}

if ( $ermsg == “” ) {
// Get Cpanel connection details
$result = mysql_query(“SELECT username, password, ip, port FROM cpanel”)
or die(mysql_error());
$row = mysql_fetch_array( $result );
$cpusername = $row[‘username’];
$cppassword = $row[‘password’];
$cpip = $row[‘ip’];
$cpport = $row[‘port’];

$cpurl = “https://$cpusername:$cppassword@$cpip:$cpport/frontend/$cpskin/mail/doaddpop.html?email=$requser&domain=$domain&password=$reqpass&quota=$quota”;

$ok = TRUE;
$file = fopen ("$cpurl", “r”);
if (!$file) {
$ok = FALSE;
$target = “error.php”;
}
while (!feof ($file)) {
$line = fgets ($file, 1024);
if (ereg (“already exists!”, $line, $out)) {
$ok = FALSE;
$target = “error.php”;
}
}
fclose($file);
if ($ok) {
$target = “done.php”;
$form_fields=array_keys($HTTP_POST_VARS);
$temp=“n”;
while($field=array_pop($form_fields)){
$temp.=" $field : = $HTTP_POST_VARS[$field] n";
}
return $line;

//mail($HTTP_POST_VARS[‘to’],“Free Email”,$temp);
//Write to DB
$altemail = $_GET[‘altemail’];
$fname = $_GET[‘Fname’];
$lname = $_GET[‘Lname’];
$securityquestion = $_GET[‘securityquestion’];
$securityanswer = $_GET[‘securityanswer’];
$domainip = GetHostByName($REMOTE_ADDR);
$date = time();
$timestamp = date(“F j, Y, g:i a”,$date);

include (“includes/db.inc.php”);
$dbh=mysql_connect ("$dbhost", “$dbusername”, “$dbpassword”) or die (‘I cannot connect to the database because: ’ . mysql_error());
mysql_select_db ("$dbdatabase");
mysql_query("INSERT INTO useraccounts (username, password, activated, altemail, fname, lname, securityquestion, securityanswer, ip, timestamp, quota) VALUES(’$requser’, ‘$reqpass’, ‘1’, ‘$altemail’, ‘$fname’, ‘$lname’, ‘$securityquestion’, ‘$securityanswer’, ‘$domainip’, ‘$timestamp’, ‘$quota’ ) ") or die(mysql_error());

//Mail to user

$to = "<$altemail>n";

mail($altemail, $subject,
‘Hi ‘.$fname.$messageprt1.$requser.’@’.$domain.$messageprt2.$reqpass.$messageprt3.’’,
“To: $to” .
“From: $fromn” .
“MIME-Version: 1.0n” .
“Content-type: text/html; charset=iso-8859-1”);

// Mail to Admin
//Mail to admin new account notification
$to = “<$adminnotifyaddy>n”;
mail($adminnotifyaddy, ‘New ‘.$domain.’ Email Account Created’,
'New email account created for '.$domain.‘

Email Address: ‘.$requser.’@’.$domain.'
Password: '.$reqpass.'
Quota: ‘.$quota.’ MB

First Name: '.$fname.'
Last Name: '.$lname.'
Security Question: '.$securityquestion.'
Security Answer: '.$securityanswer.'

Alternate Email: '.$altemail.‘

Created :’.$timestamp.‘
IP: ‘.$domainip.’
’,
“To: $to” .
“From: $fromn” .
“MIME-Version: 1.0n” .
“Content-type: text/html; charset=iso-8859-1”);
/********************************************/

}
$target = $target."?newemail=$requser&pass=$reqpass&name=$fname";
header(“location:$target”);

} else {
$target = “error.php?ermsg=$ermsg”;
header(“location:$target”);

}

?>[/code]

If anyone can help me out with this it would be great

Also just to let you guys know, I’m not very good at php I just use snippets I get from here and there…

Are you using Microsoft IIS web server? You could be getting the warning because of that. Once you get output from an error or warning, you cant process a header() function. You need to suppress the output.

This is from http://us3.php.net/manual/en/function.fopen.php

Warning When using SSL, Microsoft IIS will violate the protocol by closing the connection without sending a close_notify indicator. PHP will report this as "SSL: Fatal Protocol Error" when you reach the end of the data. To workaround this, you should lower your error_reporting level not to include warnings. PHP 4.3.7 and higher can detect buggy IIS server software when you open the stream using the https:// wrapper and will suppress the warning for you. If you are using fsockopen() to create an ssl:// socket, you are responsible for detecting and suppressing the warning yourself.

You can lower your error_reporting level on the page or just put an @ in front of the function. Like this: $line = @fgets ($file, 1024); You may have to do it for the fopen() function too.

This would be masquerading the symptoms but wouldn’t solve the issue at hand. I strongly advise against using @ or lowering the error_reporting level in a development/quality environment. Instead, make sure the notifications are fixed so it won’t pop up anymore, and the output will be surpressed until your script actually calls for an output operation (and I presume that will be after you define additional headers).

The notification happens due to a bug in IIS (according to php.net). See the quote I posted above from the fopen() page at http://www.php.net
Your operations are succeeding so that is why I suggested suppressing this output if indeed this is why you are getting that warning message. It sounds like your other alternative is to upgrade to PHP 4.3.7 or higher. If you are not using IIS and are running PHP 4.3.7 or higher then you do have some other problem that should be taken care of.

Hi, I took care of that problem it was due to a section in the form that was "<select name=“squestion>” when it should have had another " in it. But now I’m getting another problem, everything works fine accept for the email account creating though my cpanel. It makes all the proper checks, then it’s supposed to create the email account after this but it doesn’t and moves on to the next section which inserts the info into the database which works fine, then it moves to the second to last section with sends a welcome email to the new account registered and one to me the Admin which works, then for the last part it either redirects to an error page or the success page, the error page is for if any of the checks fail, if all goes well then it displays the success page which is does the only problem is the the email account is created, the user has no way to know that his/her account isn’t really there which stirs up more problems. Here is the entire code for the proccessing page if someone can take a quick little look though it and see if there are any common errors:

Also I’ve places a --private-- where there is information that is private

[code]<?php

// database information
$dbhost = ‘–private–’;
$dbuser = ‘–private–’;
$dbpassword = ‘–private–’;
$dbName = ‘–private–’;

// form information
$fname = $_POST[‘fname’];
$lname = $_POST[‘lname’];
$staddress = $_POST[‘staddress’];
$apt = $_POST[‘apt’];
$city = $_POST[‘city’];
$country = $_POST[‘country’];
$state = $_POST[‘state’];
$zipcode = $_POST[‘zipcode’];
$phone = $_POST[‘phone’];
$mm = $_POST[‘mm’];
$dd = $_POST[‘dd’];
$yyyy = $_POST[‘yyyy’];
$sex = $_POST[‘sex’];
$username = $_POST[‘username’];
$password1 = $_POST[‘password1’];
$password2 = $_POST[‘password2’];
$squestion = $_POST[‘squestion’];
$sanswer = $_POST[‘sanswer’];
$sanswer2 = $_POST[‘sanswer2’];
$altemail = $_POST[‘altemail’];

// additional information

/***** Mailbox Quota *****/
$quota = “10”;

/**** Welcome Mail to send to email address of user ****/
$from = “registrations@–private–.com”;
$subject = “Welcome to --private-- Mail”;
$messageprt1 = "

This is an automatically generated email from --private-- Mail

There is no need to reply to this email.

Welcome to your new --private-- Mail email account.

To access your account on the web go to http://www.–private–.com/members or click on the Webmail link on the --private-- Mail site.

Username - ";
$messageprt2 = "

Password - ";
$messageprt3 = “


To access your account using a POP3 or IMAP email client the settings you will need are as below…
Incoming (POP) Server - mail.–private–.com
Outgoing (SMTP) Server - mail.–private–.com
Username - your full --private–.com email address


–private-- Mail
http://www.–private–.com”;

/**** Domain ****/
$domain = “–private–.com”;

/**** Password Recover Email ****/
$prfrom = “admin@–private–.com”;
$prsubject = “Password Recovery”;
$prmessageprt1 = "This is an automatically generated email password recover message from --private-- Mail

There is no need to reply to this email.

Your requested login details are as below…
Username: ";
$prmessageprt2 = "

Password: ";
$prmessageprt3 = “


You can login to --private-- Mail email account from our main site Here


Xolur Mail
http://www.–private–.com”;

/**** Admin Notification address for new email signup ****/
$adminnotifyaddy = “admin@–private–.com”;

/**** Path to skin ****/
// Must have trailing slash
$skin_path = “…/skins/default/”;

/**** CPanel Skin ****/
$cpskin = “–private–”;

// run through general checks
// make sure user filled in username
if ( $username == “” ) {
$ermsg = “You must enter a username.”;
}

$dbh = mysql_connect ("$dbhost", “$dbuser”, “$dbpassword”) or die ('I cannot connect to the database because: ’ . mysql_error());
mysql_select_db ("$dbName");

// make sure username is available
$result = mysql_query(“SELECT id FROM useraccounts WHERE username=’$username’”)
or die(mysql_error());
$row = mysql_fetch_array( $result );
$id = $row[‘id’];
if ( $id != “” ) {
//echo “Username already taken”;
$ermsg = “Username is already taken.”;
}

//Check for no blank fields

if ( $fname == “” OR $lname == “” OR $staddress == “” OR $apt == “” OR $city == “” OR $country == “” OR $state == “” OR $zipcode == “” OR $phone == “” OR $mm == “” OR $dd == “” OR $yyyy == “” OR $sex == “” OR $username == “” OR $password1 == “” OR $password2 == “” OR $squestion == “” OR $sanswer == “” OR $sanswer2 == “” OR $altemail == “” ) {
$ermsg = “All fields of the registration must be completed.”;
}

function check_email_address($email) {
// First, we check that there’s one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&’*+/=?^_{|}~-][A-Za-z0-9!#$%&'*+/=?^_{|}~.-]{0,63})|("[^(|")]{0,62}"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^[?[0-9.]+]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}

//Validate Alternate Email
if (check_email_address($altemail)) {
//$ermsg = “”;
} else {
$ermsg = “Invalid alternate email address.”;
}

// creating the email account

if ( $ermsg == “” ) {

// required cpanel data
define( ‘CPEMAIL_DOMAIN’, ‘–private–.com’); // Cpanel domain
define( ‘CPEMAIL_SSL’, 0); // 0 = no SSL, 1 = Uses SSL
define( ‘CPEMAIL_PORT’, 2082); // usually the port is 2082 withought SSL and 2083 with SSL
define( ‘CPEMAIL_THEME’, ‘–private–’); // x is the default theme, others include: bluelagoon, x2, xmail, xcontroller, monsoon
define( ‘CPEMAIL_QUOTA’, 10); // email quota in Megabytes

// sensitive cpanel info
define( ‘CPEMAIL_USER’, ‘–private–’); // Cpanel Username
define( ‘CPEMAIL_PASS’, ‘–private–’); // Cpanel Password

if (isset($_POST[‘send’])) {

$password = $_POST[‘password1’];

$url = ‘http’.(CPEMAIL_SSL ? ‘s’ : ‘’).’://’.CPEMAIL_USER.’:’.CPEMAIL_PASS.’@’.CPEMAIL_DOMAIN.’:’.CPEMAIL_PORT.’/frontend/’.CPEMAIL_THEME.’/mail/doaddpop.html’;
$url .= ‘?email=’.$username.’&domain=’.CPEMAIL_DOMAIN.’&password=’.$password.’&quota=’.CPEMAIL_QUOTA;

// makes an fopen request to the url and returns the content
function http_request($url) {
ini_set(‘user_agent’,‘MSIE 4.0b2;’); // set user agent as IE browser

$txt = ‘’;
if ($fp = fopen($url, ‘r’)) {
while( !feof($fp) ) {
$txt .= fread( $fp, 2082 );
}
fclose($fp);
}
return $txt;

// make the http request to cpanel, this is where the email is created
// this is just like the browser making the request, only php does it for the user
$txt = http_request( $url );

echo ‘


’;

}

//Write to DB
$domainip = GetHostByName($REMOTE_ADDR);
$date = time();
$timestamp = date(“F j, Y, g:i a”,$date);

$dbh=mysql_connect ("$dbhost", “$dbuser”, “$dbpassword”) or die (‘I cannot connect to the database because: ’ . mysql_error());
mysql_select_db ("$dbName");
mysql_query("INSERT INTO useraccounts (username, password, activated, altemail, fname, lname, securityquestion, securityanswer, ip, timestamp, quota) VALUES(’$username’, ‘$password1’, ‘1’, ‘$altemail’, ‘$fname’, ‘$lname’, ‘$squestion’, ‘$sanswer’, ‘$domainip’, ‘$timestamp’, ‘$quota’ ) ") or die(mysql_error());

//Mail to user

$to = "<$altemail>n";

mail($altemail, $subject,
‘Hi ‘.$fname.$messageprt1.$username.’@’.$domain.$messageprt2.$password1.$messageprt3.’’,
“To: $to” .
“From: $fromn” .
“MIME-Version: 1.0n” .
“Content-type: text/html; charset=iso-8859-1”);

// Mail to Admin
//Mail to admin new account notification
$to = “<$adminnotifyaddy>n”;
mail($adminnotifyaddy, ‘New ‘.$domain.’ Email Account Created’,
‘New email account created at –private-- Mail

Email Address: ‘.$username.’@’.$domain.'
Password: '.$password1.'
Quota: ‘.$quota.’ MB

First Name: '.$fname.'
Last Name: '.$lname.'
Security Question: '.$squestion.'
Security Answer: '.$sanswer.'

Alternate Email: '.$altemail.‘

Created :’.$timestamp.‘
IP: ‘.$domainip.’
’,
“To: $to” .
“From: $fromn” .
“MIME-Version: 1.0n” .
“Content-type: text/html; charset=iso-8859-1”);
/********************************************/

}

$target = “http://www.–private–.com/members/done.php?newemail=$requser&pass=$reqpass&name=$fname”;
header(“location:$target”);

} else {
$target = “http://www.–private–.com/members/error.php?ermsg=$ermsg”;
header(“location:$target”);

}

?>[/code]

Sponsor our Newsletter | Privacy Policy | Terms of Service