Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Jul 2007
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    php Register Script

    Ok i have made a php register user script.

    Code:
    $db = mysql_connect('localhost', 'dan_new', 'new');
    mysql_select_db('dan_new', $db);
    
       $username = $_POST['username'];
       $password = md5($_POST['password']);
    
       $sql = "INSERT INTO dan (username, password) VALUES ('$username', '$password')";
    
       mysql_query($sql, $db);
    
    ?>
    
    <html>
       <head>
           <title>Registration</title>
       </head>
       <body>
           <form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
               Username: <input type="text" name="username">
               Password: <input type="password" name="password">
               <input type="submit" value="Register">
           </form>
       </body>
    how can i add username validation to this? So for example if a username already exists in the database it will show an error etc, also the same for password validation.

    I am a bit of a php noob atm, i'm trying my best to code a cms system. Something i never done before. So any improvments to this register script will be helpful

    Dan

  • #2
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,072
    Thanks
    2
    Thanked 320 Times in 312 Posts
    improvments to this register script will be helpful
    Here they are -

    Add error checking and error reporting to every mysql_xxxxx() function call. There are examples in the php manual under the definition for each function call you are using.

    Your code unconditionally executes the PHP database INSERT code, so you will be inserting records with null values into your database by just browsing to the page. You need to enclose the PHP database code in an if(...) conditional statement that checks if the form was submitted.

    To accomplish the above item, your submit button must have a name="..." parameter.

    $HTTP_SERVER_VARS are depreciated. Use $_SERVER instead.

    To avoid sql injection, you need to make sure that any variables from outside your code ($_POST variables in this case) that are placed directly into query strings have been escaped.

    if a username already exists in the database it will show an error
    Form a SELECT query to check if the entered username already exists. Run the query and check the number of rows found. Echo a message if the number of rows is not zero.

    As long as usernames are unique, there is no real need to check for duplicate passwords. To log someone in, you only need to check if the username/password pair matches a row in your database.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #3
    New to the CF scene
    Join Date
    Jul 2007
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i'm still confused i'm sorry to say. Would you mind just adding what you said to the code so in future i know exactly what i have to do. Thats way i can see how it's implemented and duplicate it for the other fields i will have in the register script

  • #4
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    ill give you a nice big fat hint, and show you my register script. you can use parts of it if you wish, but its there for example code to teach you, do as you will...
    PHP Code:
    <?php
    if (isset($_POST['submit'])) {
    $submit $_POST['submit'];
    $username strip_tags($_POST['username']);
    $pass1 sha1(strip_tags($_POST['pass1']));
    $pass2 sha1(strip_tags($_POST['pass2']));
    $email $_POST['email'];
    $email2 $_POST['email_confirm'];
    $errormsg = array("No password entered or password too short \n""No email address entered or email address's didn't match "); 
    $error '';
    $count strlen($pass1);
    if (isset(
    $submit))


    if (empty(
    $pass1)  || $count )

    $error .= $errormsg[0];
    }
    if (empty(
    $pass2)) 
    {
    $error .= $errormsg[0];
    }
    if (empty(
    $email) || $email != $email2)
    {
    $error .= $errormsg[1];
    }
    if (
    $error == '')
    {
    include (
    "sqlprotect.php");
    include (
    "sqlconnect.php");
    mysql_select_db($db$con) or die(mysql_error());
    $user_exist mysql_result(mysql_query("SELECT COUNT(1) username FROM users WHERE username='$username'"), 0);
    if(
    $user_exist 0){ 
        echo 
    "I'm sorry but the username you specified has already been taken.  Please pick another one."
        unset(
    $username);   ?>    
        
        <form name="register" method="post" action="register.php">
    <label for="username">Display Name: <input type="text" name="username" id="username" /> <br />
    <label for="email">Email:</label><input id="email" type="text" name="email" /> <br />
    <label for="email2">Confirm Email:</label><input id="email2" type="text" name="email_confirm" /> <br />
    <label for="password">Password:</label><input id="password" type="password" name="pass1" /><br />
    <label for="pass2">Confirm Password:</label><input id="pass2" type="password" name="pass2" /><br />
    <input type="submit" name="submit" value="Register" /><br />
    </form>
         <?php
    }
    $email_exist mysql_result(mysql_query("SELECT COUNT(1) email FROM users WHERE email='$email'"), 0);
    if(
    $email_exist 0){ 
        echo 
    "I'm sorry but have already got an account. Please click <a href=\"/login.php\">here</a> to login "
        unset(
    $email);   
        exit;   
    }
    $query "INSERT INTO users (`email`, `username`, `password` ) 
    VALUES('$email', '$username', '$pass1')"

    $result = @mysql_query($query) or die (mysql_error()."<strong>SQL:</strong> $query");
    mysql_close();

    header("Location: http://site.com/register_success.php");

    }else{
    echo 
    "<ul class='error'>";
    $err explode("\n","$error");
    foreach (
    $err as $key) {
    echo 
    "<li>$key</li>";
    }
    echo 
    "</ul> ";
    ?>
    <div class='form'>
    <form name="register" method="post" action="register.php">
    <label for="username">Display Name: <input type="text" name="username" id="username" /> <br />
    <label for="email">Email:</label><input id="email" type="text" name="email" /> <br />
    <label for="email2">Confirm Email:</label><input id="email2" type="text" name="email_confirm" /> <br />
    <label for="password">Password:</label><input id="password" type="password" name="pass1" /><br />
    <label for="pass2">Confirm Password:</label><input id="pass2" type="password" name="pass2" /><br />
    <input type="submit" name="submit" value="Register" /><br />
    </form>
    </div>
    <?php
    }
    }
    }else{

    ?>

    <form name="register" method="post" action="register.php">
    <label for="username">Display Name: <input type="text" name="username" id="username" /> <br />
    <label for="email">Email:</label><input id="email" type="text" name="email" /> <br />
    <label for="email2">Confirm Email:</label><input id="email2" type="text" name="email_confirm" /> <br />
    <label for="password">Password:</label><input id="password" type="password" name="pass1" /><br />
    <label for="pass2">Confirm Password:</label><input id="pass2" type="password" name="pass2" /><br />
    <input type="submit" name="submit" value="Register" /><br />
    </form>
    <?php

    }
    ?>


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •