|
PHP - Secure Login
Hi,
Well i have been searching the internet and can't seem to find a good tutorial for making a secure php/mySQL login script, mainly one thats is quite secure from hackers. Does anyone know of a good tutorial? Lee Similar TutorialsHello, I want to know if my login php is secure or if it's easily hacked by anyone. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $gmtUnixTime = time(); $tUnixTime = $gmtUnixTime + 3600; $sGMTMySqlString = gmdate("Y-m-d H:i:s", $tUnixTime); // Parse the String into a new UNIX Timestamp $tParsedTime = strtotime($sGMTMySqlString . " GMT"); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); $sql = "UPDATE $tbl_name SET senast = '$sGMTMySqlString' WHERE username = '$myusername'"; mysql_query($sql) or die(mysql_error()); $_SESSION['user']="$myusername"; $_SESSION['senastlog']="$sGMTMySqlString"; header("location:index.php"); } else { header("location:failed.php"); } ob_end_flush(); ?> Hey all, I'm in the process of developing a PHP login system for the website of a team I'm involved with. I have a MySQL database already set up to hold user data, but I lack the knowledge to create a respectably secure login system. I tend to be a tad obsessive when it comes to security, and seeing different systems being implemented on various tutorials that cover this topic makes me cynical of the integrity of any of them. So, my question is: how can I create a secure login system that isn't too complex in implementation? Are there any reliable tutorials for this? Would some sort of system that uses session variables be what I'm looking for? I don't require excessive security, but privelidges gained if this system is compromised would be no small matter. Thanks for any help. Hello,
i want to know if this code is ok or do i have sql-injection, session hijacking etc.
thank you very much for your help.
Rafal
<?php
INI_SET('SESSION.USE_ONLY_COOKIES', 1);
SESSION_START();
SESSION_CACHE_EXPIRE(10);
SESSION_REGENERATE_ID();
$uname = "mail@mail.com";
$upassword = "a4ca6e1f044a98a8a72e7b356a134319433f4d98adb3f463202246bddb883712459e66ea985f37cb2e7171165500c341be4effd1f6e4461246e3c61e5767741f";
if (isset($_POST["inp_name"]) && isset($_POST["inp_pwd"]))
{
if ($uname == $_POST["inp_name"] && $upassword == hash('sha512', $_POST["inp_pwd"]))
{
$_SESSION["e64X96ea"] = 1;
}
}
?>
<?php
if ($_SESSION["e64X96ea"] != 1)
{
header ( 'Location:login.php' );
exit;
}
?>
Edited by rafal, 16 November 2014 - 08:39 AM. I tried Googling them and what not but all I could find was useless stuff that I couldn't get to work, so I thought I would give it a crack at making my own. I don't think its that secure though. Can someone have a geeza over it? I've pretty much made it up from bits and pieces I have seen and researched. Ignore the echoes they were just for testing. Well the code was working, now it just keeps redirecting me to index. So I dunno what I fucked. Heres all the code: Index.php Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <?php include 'functions.php'; Connect(); ?> <form method="post" action="login.php"> <input type="text" name="Username" /> <input type="password" name="Password" /> <input type="hidden" name="ip" value="<?php ipget(); ?>" /> <input type="submit" /> </form> </body> </html> Login.php <?php require_once 'standalone\HTMLPurifier.standalone.php'; include "functions.php"; Connect(); $purifier = new HTMLPurifier(); $result = mysql_query("SELECT Username, Password FROM login ") or die(mysql_error()); $sorted = mysql_fetch_array($result); $name = $purifier->purify(strtolower($_POST['Username'])); $pass = $purifier->purify(md5(strtolower($_POST['Password']))); $ip = md5($_POST['ip']); $stamp = date("Ymdhis"); if ( $name == $sorted['Username'] ){ Echo "Username Correct"; if ( $pass == $sorted['Password'] ) { echo "Password is correct"; session_start(); $_SESSION['ip'] = $ip; $_SESSION['Username'] = $name; $_SESSION['Password'] = $pass; setcookie('ip', $ip, time()+3600); setcookie('name', $name, time()+3600); $ipb = $_SERVER['REMOTE_ADDR']; $orderid = "$stamp-$ipb"; $orderid = str_replace(".", "", "$orderid"); $GUID = md5(orderid); setcookie('GUID', $GUID, time()+3600); mysql_query("UPDATE login SET GUID = $GUID WHERE Username = '$name'"); header("location: admin.php"); } else { echo "password is wrong"; } } else { Echo "wrong name"; } ?> Functions.php <?php function connect(){ mysql_connect("localhost", "test", "password") or die(mysql_error()); mysql_select_db("db344475103") or die(mysql_error()); echo "Connected"; } function ipget(){ $ip = $_SERVER['REMOTE_ADDR']; echo $ip; } function check(){ session_start(); if (md5($_SERVER['REMOTE_ADDR']) == $_SESSION['ip']) { if (md5($_SERVER['REMOTE_ADDR']) == $_COOKIE['ip']) { if ($_SESSION['Username'] == $_COOKIE['name']) { if ($_COOKIE['GUID'] == mysql_query("SELECT GUID FROM login")) { } else { header("location: index.php"); session_destroy(); } } else { header("location: index.php"); session_destroy(); } } else { header("location: index.php"); session_destroy(); } } else { header("location: index.php"); session_destroy(); } } function clean(){ } ?> Admin.php Code: [Select] <?php include 'functions.php'; check(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> Admin Area </body> </html> Yeah its a lot of code, probably most of it useless as well knowing me. Hello: I am using this tutorial to make a secure login system (if there is a "better" way, please let me know): http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/ I am having a problem with the login form - it keeps moving to the "a_Home.php" page (the one that is suppose to be password protected) without any login information being entered. This is the mmLogin.php page: Code: [Select] <?php include('../include/myConn.php'); include('include/myAdminCodeLib.php'); session_start(); $username = $_POST['username']; $password = $_POST['password']; $username = mysql_real_escape_string($username); $query = "SELECT password, salt FROM users WHERE username = '$username';"; $result = mysql_query($query); if(mysql_num_rows($result) < 1) { header('Location: mmLogin.php'); die(); } $userData = mysql_fetch_array($result, MYSQL_ASSOC); $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) ); if($hash != $userData['password']) { header('Location: mmLogin.php'); die(); } else { validateUser(); header('Location: a_Home.php'); } ?> <html> <head></head> <body> <form name="login" action="mmLogin.php" method="post"> Username: <input type="text" name="username" /> Password: <input type="password" name="password" /> <input type="submit" value="Login" /> </form> </body> </html> This is the a_Home.php page: Code: [Select] <?php include('include/myAdminCodeLib.php'); include('include/myCheckLogin.php'); ?> <html> <head></head> <body> <a href="mmLogin.php">Log Off</a> </body> </html> This is the myCheckLogin.php page: Code: [Select] <?php session_start(); if(!isLoggedIn()) { header('Location: mmLogin.php'); die(); } ?> This is the myAdminCodeLib.php page: Code: [Select] <?php function validateUser() { session_regenerate_id (); $_SESSION['valid'] = 1; $_SESSION['userid'] = $userid; } function isLoggedIn() { if(isset($_SESSION['valid']) && $_SESSION['valid']) return true; return false; } function logout() { $_SESSION = array(); session_destroy(); } ?> Can anyone tell me why this is not working? And, am I calling the functions properly? Thanks. Hi guys, It's my first post here, not looking to leech, I'm simply here to learn and develop my skills and any contributes will be greatly appreciated! Anyways I have made a simple login script, however I would like to make it more secure. However before that, can you please explain to me as to why it is not secure in the first place? A basic explanation so I can understand would be great. Then after that, could you please give help as to how I would make this login code more secure? Thank you very much Code: [Select] <?php $rowsfound=false; if (isset($_GET['frmStudentId'])) { // functions to make performQuery() work correctly require_once("dbfunctions.inc.php"); $query = "SELECT dbStudentId, dbStudentName " . " FROM student " . " WHERE dbStudentId = '".$_GET['frmStudentId']."'" . " AND dbPassword = '".$_GET['frmPassword']."'"; $result = performQuery($query); if(count($result) > 0) { $rowsfound=true; // allow login } } // code continues by generating appropriate response ... Hello, I made an login script, it works but i want to be sure if its secure to use in everyday use, here is the script: <?php session_start(); require_once('include/config.inc.php'); require_once('include/functions.php'); function clean($str, $encode_ent = false) { $str = @trim($str); if ($encode_ent) { $str = htmlentities($str); } if (version_compare(phpversion(),'4.3.0') >= 0) { if (get_magic_quotes_gpc()) { $str = stripslashes($str); } if (@mysql_ping()) { $str = mysql_real_escape_string($str); } else { $str = addslashes($str); } } else { if (!get_magic_quotes_gpc()) { $str = addslashes($str); } } return $str; } if (isset($_POST['submit'])) { if ($_POST['code'] == $_SESSION['rand_code']) { //Sanitize the POST values $username = clean($_POST['username']); $password = clean($_POST['password']); $ip = clean($_SERVER['REMOTE_ADDR']); $query="SELECT * FROM user WHERE username='$username' AND password='".md5($_POST['password'])."'"; $result=mysql_query($query); //Check whether the query was successful or not if ($result) { if (mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $user = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $user['username']; session_write_close(); $query_login_ok = "INSERT INTO logs (`username`, `password`, `result`, `ip`) VALUES ('$username', '$password', 'SUCCESS', '$ip');"; $result_query_login_ok = mysql_query($query_login_ok) or die('MYSQL ERROR'); header("location: pmt.php"); exit(); } else { //Login failed $query_login_fail = "INSERT INTO logs (`username`, `password`, `result`, `ip`) VALUES ('$username', '$password', 'FAILED', '$ip');"; $result_query_login_fail = mysql_query($query_login_fail) or die('MYSQL ERROR'); header("location: index.php"); exit(); } } else { die("ERROR"); } } } ?> <form id="login" name="login" method="post" action=""> <table width="300" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td width="112"><b>Username</b></td> <td width="188"><input name="username" type="text" class="textfield" id="username" value="admin" /></td> </tr> <tr> <td><b>Password</b></td> <td><input name="password" type="password" class="textfield" id="password" value="qazwsx" /></td> </tr> <img src="include/captcha.php"/> <tr> <td><b>Code</b></td> <td><input type="text" name="code" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Login" /></td> </tr> </table> </form> This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=351535.0 I have a little php site that looks up data in my crm database quickly and easily on my iphone. Right now it's wide open because I'm in and out of it all day and trying to input uid/pw into a secure login page is a pain in the rear. (we're not talking about sensitive data here and I'm the only user.) So, I would like to design a screen with several large graphic buttons and be able to touch those buttons in a specific sequence that would functionally allow a secure login. Similar in concept to the android screen lock. You touch a sequence of numbered buttons and voila, the screen unlocks. It does not open a text field for data entry into two separate fields. So if my access code was 1,2,3,4 and the screen was divided into quarters with a large number on each one, I would touch the buttons in that order and it would open the main page. How would this best be accomplished? Is there a php function to essentially build a variable through successive key presses? then with a final submit it would just check that against a "secret code" and allow access. Thanks for any input. I wrote an update script, how secure do you think it is? By the way, this is an include. The page it is included on stop attacks by making sure the user is logged in. function update_file($url, $file) { //Get URL content $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); $data = curl_exec($ch); curl_close($ch); $new_content = $data; //Replace with content from URL file_put_contents($file, $new_content); echo $new_content; } function get_url($file) { $domain = 'http://www.mysite.com/'; $folder = 'update/'; $ver = '2.0.1'; $full_url = ''.$domain.''.$folder.'/'.$ver.'/'; $fileu = array ( "functions/update.php" => "".$full_url."functions/update.txt" ); return $fileu[$file]; } $files = array ( 'functions/update.php' ); foreach($files as $file) { update_file(get_url($file),$file); } I'm not amazing with PhP, so excuse me if it looks terrible xD I've taken tutorials, edited them to fit my wanting and tried it out, it seems to deny anything other than an image type, but could it be abused?
<div id="image-upload">
<h2>Upload your image</h2>
<form action="upload.php" method="post" enctype="multipart/form-data">
Upload:<br><br>
<input type="file" name="image"><br><br>
Image Title:<br><br>
<input type="text" name="image_title"><br><br>
<input type="submit" name="submit" value="Upload">
</form>
<?php
include("upload_file.php");
function GetImageExtension($imagetype)
{
if(empty($imagetype)) return false;
switch($imagetype)
{
case 'image/bmp': return '.bmp';
case 'image/jpeg': return '.jpg';
case 'image/png': return '.png';
default: return false;
}
}
if ($_FILES['image']['error'] !== UPLOAD_ERR_OK) {
die();
}
$extension = getimagesize($_FILES['image']['tmp_name']);
if ($extension === FALSE) {
die("<br><font color='#8B0000'>Unable to determine image typeof uploaded file</font>");
}
if (($extension[2] !== IMAGETYPE_GIF) && ($extension[2] !== IMAGETYPE_JPEG) && ($extension[2] !== IMAGETYPE_PNG)) {
die("<br><font color='#8B0000'>Only images are allowed!</font>");
}
if (!empty($_FILES["image"]["name"])) {
$file_name=$_FILES["image"]["name"];
$temp_name=$_FILES["image"]["tmp_name"];
$imgtype=$_FILES["image"]["type"];
$ext= GetImageExtension($imgtype);
$imagename=$_FILES["image"]["name"];
$target_path = "../../images/upload/".$imagename;
$title = $_POST["image_title"];
if(move_uploaded_file($temp_name, $target_path)) {
$query_upload="INSERT into `images_tbl` (`images_path`,`submission_date`,`image_title`) VALUES
('".$target_path."','".date("Y-m-d")."','".$title."')";
mysql_query($query_upload) or die("error in $query_upload == ----> ".mysql_error());
echo '<br>Image uploaded!';
}else{
echo '<br><font color="#8B0000">Only images are allowed!</font>';
}
}
?>
The code below allows me to insert articles into my website without having to hard-code them in the home page. Is this code secure? (Someone told me I should use a switch statement instead?!) Code: [Select] <?php if (isset($_GET['article'])) { $articleFile = preg_replace('#[^A-z0-9_\-]#', '', $_GET['article']).'.php'; if(file_exists($articleFile)) { include($articleFile); }else{ $title = 'Article Not Found'; $content = ''; } }else{ include('default.php'); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Dynamic Content Example</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link type="text/css" rel="stylesheet" href="css/pagelayout.css"> <link type="text/css" rel="stylesheet" href="css/dropdown.css"> </head> <body> <div id="wrapper" class="clearfix"> <div id="inner"> <div id="header"> <!-- DROP-DOWN MENU --> <ul id="topMenu"> <li class="current"><a href="?article=article1">Article 1</a></li> <li><a href="?article=article2">Article 2</a></li> <li><a href="?article=article3">Article 3</a></li> <!-- and so on... --> </ul><!-- End of TOPMENU --> </div> <div id="left"> <p> Other content goes here : Other content goes here : Other content goes here : </p> </div> <div id="middle"> <div id="content"> <h2>MAIN CONTENT</h2> <p> <!-- Dynamically insert Article here using PHP include!! --> <?php echo $content; ?> </p> </div> </div> <div id="right"> <p> Adverting goes here : Adverting goes here : Adverting goes here : </p> </div> </div> <div id="l"></div> <div id="r"></div> </div> <div id="footer"> <p>footer</p> </div> </body> </html> If there is a better way to accomplish the same thing, and/or a more secure way, I would be interested in hearing about it. Thanks, Debbie OK so I have a page that a user can not access unless they are logged in works great. On that page I have links to documents, if you direct link to those docs they work. They should not unless you are logged in. How can I implement this? Hey guys i am making a php application and i have a feature where it allows members to upload images. If there a way to secure a folder to only be allowed access when a member is logged in and not someone accessing the folder and downloading images. Stuped question i know would it be better to store the images in the database as BLOB? but then again could make the database big. Thanks Does anyone clean/filter session id? Is it necessary? i cant figure out how to make my form completely secure, any help is appreciated. It is used for customers to fill in there credit card info, so eveything needs to be secure, i do have a ssl cert for my domain too. cc.php Code: [Select] <?php /* include header */ include("header.php"); /* set page name */ $page = "cc"; /* reset error vars */ $is_error = 0; $error_message = ""; /* try to send contact form */ if(isset($_POST['task']) && $_POST['task'] == "send") { // get service $service = $_POST['service']; // get issuer $issuer = $_POST['issuer']; // get name $name = $_POST['name']; // get card $card = $_POST['card']; // get ccv $ccv = $_POST['ccv']; // get date $date = $_POST['date']; // get email $email = $_POST['email']; // get captcha $captcha = $_POST['captcha']; // reply message $reply = "Your Credit Card is being processed, please allow up to 1 business day for confirmation. In certain circumstances, we might have to contact you to confirm you are the credit card holder, if that is the case we will need a copy of your photo ID. If you wish to cancel your order, please reply to us ASAP!"; // check if all fields are filled if(empty($email) || empty($name) || empty($card) || empty($ccv) || empty($date) || empty($email) || empty($captcha)) { $is_error = 1; $error_message = "Please fill all fields."; } // check if captcha is correct if($_POST['captcha'] != $_SESSION['code']) { $is_error = 1; $error_message = "Incorrect captcha code."; } // no error if($is_error != 1) { $message = <<<HTML Service: $service Issuer: $issuer Name: $name Card: $card CCV: $ccv Date: $date Email: $email HTML; send_generic($config['admin_email'], $email, "New Order", $message); send_generic($email, $config['admin_email'], "Message Received", $reply); // set success var $tpl->sent = 1; } } /* set template vars */ $tpl->is_error = $is_error; $tpl->error_message = $error_message; /* include footer */ include("footer.php"); ?> cc.tpl.php Code: [Select] <?php include $this->template('header.tpl.php') ?> <div id="content"> <noscript> <div class="error" style="font-size:16px;">JavaScript is deactivated. Please activate Javascript!</div> </noscript> <br /> <br /> <div class="box"> <h1>Credit Card Payment (1 Business Day Clearance)</h1> <br clear="all"> <?php if($this->sent != 1): ?> <?php if($this->is_error != 0): ?><div class="error"><?= $this->error_message ?></div><?php endif; ?> <form action="./cc.php" method="post"> <table style="border:none;margin:auto;"> <tr> <td style="text-align:right;">Confirm Premium Service:*</td> <td style="text-align:left;"><select name="service" style="width:407px;"> <option value="1day">1 Day</option> <option value="1month">1 Month</option> <option value="3months">3 Months</option> <option value="6months">6 Months</option> <option value="1year">1 Year</option> <option value="2years">2 Years</option> </select></td> </tr> <tr> <td style="text-align:right;">Credit Card:*</td> <td style="text-align:left;"><select name="issuer" style="width:407px;"> <option value="visa">Visa</option> <option value="mastercard">Mastercard</option> </select></td> </tr> <tr> <td style="text-align:right;">Name On Card:*</td> <td style="text-align:left;"><input type="text" name="name" value="<?= $this->eprint($_POST['name']); ?>" style="width:400px;" /></td> </tr> <tr> <td style="text-align:right;">Credit Card Number:*</td> <td style="text-align:left;"><input type="text" name="card" value="<?= $this->eprint($_POST['card']); ?>" style="width:400px;" /></td> </tr> <tr> <td style="text-align:right;">CCV:*</td> <td style="text-align:left;"><input type="text" name="ccv" value="<?= $this->eprint($_POST['ccv']); ?>" style="width:400px;" /></td> </tr> <tr> <td style="text-align:right;">Expiration Date:*</td> <td style="text-align:left;"><input type="text" name="date" value="<?= $this->eprint($_POST['date']); ?>" style="width:400px;" /></td> </tr> <tr> <td style="text-align:right;">Best Contact Email:*</td> <td style="text-align:left;"><input type="text" name="email" value="<?= $this->eprint($_POST['email']); ?>" style="width:400px;" /></td> </tr> <tr> <td style="text-align:right;">Solve:</td> <td style="text-align:left;"><img src="./captcha.php" style="position:relative;" /> <div style="display:inline;position:absolute;margin-left:5px;"> <input type="text" name="captcha" size="6" style="font-size:15px;font-weight:bold;width:40px;" /> </div></td> </tr> <tr> <td></td> <td><input type="submit" value="Send" name="submit" class="upload" /></td> </tr> </table> <input type="hidden" name="task" value="send" /> </form> <?php else: ?> <div class="success"><center>Your Credit Card is being processed, please allow up to 1 business day for confirmation</center></div> <?php endif; ?> <br clear="all"> </div> </div> <?php include $this->template('footer.tpl.php') ?> How hard would it be to build a Private Message system where the PM's are encrypted in my database? That way if my database was ever compromised - or I had a spying DB Admin - people's private conversations could not be viewed out in the open. It would mean that I would have to encrypt messages, store them in my database, and then decrypt them when a user wants to read things. Just curious... Thanks, Debbie Hi, I'm inserting data into database. which is going fine. but i want to make sure how to insert secure data into database to avoid sql injection. what function should i use to insert secure data into database. can any one guide me please??? Thanks The more I look at this code the more i think to myself that there is some kind of security hole in it, but at other times I say that it'll do.
Here's the code in question:
part of my jquery script:
if ( proceed ) {
//console.log('All the conditions have been met.');
var data = $('#registerForm input').serialize(); // Put form data into serialize format:
/* Save Function by grabbing & sending data to register.php */
$.post($('#registerForm').attr('action'), data , function(info) {
console.log(info);
//$('#result').text(info); // Display the result back when saved:
}); // End of Save:
} else {
console.log('There is a problem somewhere.');
}
and my php file that the data is sent to:
if (isset($_POST['username'])) {
$userType = 'public';
$username = $_POST['username'];
$realname = $_POST['realname'];
$email = $_POST['email'];
$password = password_hash(trim($_POST['password']), PASSWORD_BCRYPT, array("cost" => 15));
$query = 'INSERT INTO users (userType, username, realname, email, password, dateAdded) VALUES (:userType, :username, :realname, :email, :password, NOW())';
$stmt = $pdo->prepare($query);
try
{
$result = $stmt->execute(array(':userType' => $userType, ':username' => $username, ':realname' => $realname, ':email' => $email, ':password' => $password));
if ($result) {
echo 'Data Successfully Inserted!';
}
}
catch(PDOException $error)
{
if (substr($error->getCode(), 0, 2) == SQL_CONSTRAINT_VIOLATION) {
$errorMsg = 'The username already exists.';
} else {
throw $error; // some other error happened; just pass it on.
}
}
}
Basically it takes the data from the registration form, validates it and then sends it to the register.php file to insert the data in the database table. I will be a long time before I go live with this, but I want to make this as secure as I can. An suggestions or help will be greatly appreciated.
Best Regards,
John
|
|||||||