|
PHP - Php Registration Code Efficiency
Hello,
I hope it's ok to ask this question here. I have a registration script, but I'm not sure how to handle it efficiently and I have some questions about it. This is used in the page 'signup.php'. The class is called 'User'. I haven't noticed any errors or bugs. It would be very useful for me to be aware of my mistakes.
public function regUser($uname,$upass,$upassverify)
{
$new_password = password_hash($upass, PASSWORD_DEFAULT);
if(!password_verify($upassverify, $new_password)) {
// passwords are not the same (I thought it would be better to do this after hashing, but maybe it doesn't matter or it's worse. I'm not sure about it)
$info = 'pass_err';
}
$stmt1 = $this->db->prepare("SELECT * FROM users WHERE username=:uname");
$stmt1->execute(array(':uname'=>$uname));
if($stmt1->rowCount() > 0) {
// this username has already been used
$info = 'user_err';
}
if (!$info) {
$stmt2 = $this->db->prepare("INSERT INTO users(username,password)
VALUES(:uname, :upass)");
$stmt2->bindparam(":uname", $uname);
$stmt2->bindparam(":upass", $new_password);
$stmt2->execute();
// succesfully made an account
$info = "success";
}
header("Location:/signup.php?status=".$info);
exit();
}
Am I using the prepared statements as how I should be using them?
Is this a safe way of handling my data or do you see vulnerabilities?
I'm using PRG to prevent resubmission but I want to show a 'everything is fine' or 'oh no, something went wrong' to the one who is signinup. If I now go to signup.php?status=success, i see 'eveything is fine', without actually signing up, is there a better way to do this or can I somehow prevent everyone being able to see this?
As you might have noticed in my last post, my English is not very good, sorry about that. Thanks, Fabian Edited September 17, 2019 by FabelSimilar Tutorialsbelow is the code for a registration form. It "works",I mean that the insert query is being performed, some error messages appear. the problem is, i don't understand how "root" is being automatically sent to the database as a username. when logging into phpmyadmin, the username root appears because it is on autofill. but, i don't get why it's filling the registration form with root. i don't see "root" entered on the form, but, after registering, it says "Congratulations root!". If i leave the form blank, i don't get the error message for blank username either. i've just started learning php,so i guess something might be wrong with the code. any help, please? Code: [Select] <html> <head> <link rel="stylesheet" type="text/css" href="reset.css" media="screen" /> <link rel="stylesheet" type="text/css" href="style.css" media="screen" /> <title>Register</title> </head> <body> <div id="layout_wrapper"> <div id="layout_container"> <div id="layout_content"> <div id="site_title"> <h1><a href="home.html">WEBSITE</a></h1> <h2>WEBSITE DESCRI</h2> </div> <div id="header_image"></div> <div class="clearer"> </div> </div> <div id="main"> <div class="post"> <div class="post_top"> <div class="post_title"><h2>REGISTER</h2></div> </div> <div class="post_body"> <?php $error_stat=0; $errorMsg=''; if (isset ($_POST['submit'])){ $username = $_POST['username']; $gender = preg_replace('#[^a-z]#i', '', $_POST['gender']); $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); $b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); $email1 = $_POST['email1']; $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; $email1 = stripslashes($email1); $pass1 = stripslashes($pass1); $email2 = stripslashes($email2); $pass2 = stripslashes($pass2); $email1 = strip_tags($email1); $pass1 = strip_tags($pass1); $email2 = strip_tags($email2); $pass2 = strip_tags($pass2); include_once "../scripts/connect_to_mysql.php"; $emailCHecker = mysql_real_escape_string($email1); $emailCHecker = str_replace("`", "", $emailCHecker); $sql_uname_check = mysql_query("SELECT user_name FROM tbl_user WHERE user_name='$username'"); $uname_check = mysql_num_rows($sql_uname_check); $sql_email_check = mysql_query("SELECT email FROM tbl_user WHERE email='$emailCHecker'"); $email_check = mysql_num_rows($sql_email_check); if ((!$username) || (!$gender) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$pass1) || (!$pass2)) { $error_stat=1; $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />'; if(!$username){ $errorMsg .= ' * User Name<br />'; } if(!$gender){ $errorMsg .= ' * Sex <br />'; } if(!$b_m){ $errorMsg .= ' * Birth Month<br />'; } if(!$b_d){ $errorMsg .= ' * Birth Day<br />'; } if(!$b_y){ $errorMsg .= ' * Birth year<br />'; } if(!$email1){ $errorMsg .= ' * Email Address<br />'; } if(!$pass1){ $errorMsg .= ' * Login Password<br />'; } if(!$pass2){ $errorMsg .= ' * Confirm Login Password<br />'; } } else if ($pass1 != $pass2) { $errorMsg = 'ERROR: Your Password fields below do not match<br />'; } else if (strlen($username) < 4) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />"; } else if (strlen($username) > 20) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />"; } else if ($uname_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />"; } else if ($email_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />"; } else { $email1 = mysql_real_escape_string($email1); $pass1 = mysql_real_escape_string($pass1); $full_birthday = "$b_y-$b_m-$b_d"; $sql = mysql_query("INSERT INTO tbl_user (user_name, sex, dob, date_joined,email, password) VALUES('$username','$gender','$full_birthday', now(),'$email1', '$pass1')") or die (mysql_error()); $id = mysql_insert_id(); echo "<h2>Registration Successful!</h2>"; echo "<p>Congratulations <b>$username</b>, your registration was successful. Your account has now been created with the following details:</p>"; echo "<p><b>Username:</b> $username</p>"; echo "<p><b>Password:</b> $pass1</p>"; echo "<p><b>Sex:</b> $gender</p>"; echo "<p><b>Email:</b> $email1</p>"; echo "<p><b>DOB:</b> $full_birthday</p>"; echo "<p>You may now login.</p>"; } // Close else after duplication checks } if (!isset($_POST['submit']) || $error_stat==1) { ?> <?php echo $errorMsg;?> <form method="POST" action=""> <table> <tr> <td width="114" bgcolor="#FFFFFF">User Name: *</span></td> <td width="452" bgcolor="#FFFFFF"><input name="username" type="text" id="username " size="32" maxlength="20" /> <span id="nameresponse">Alphanumeric Characters Only</span></td> </tr> <tr> <td bgcolor="#EFEFEF">Sex:*</span></td> <td bgcolor="#EFEFEF"><label> <input name="gender" type="radio" id="gender" value="m" checked="checked" />Male <input type="radio" name="gender" id="gender" value="f" />Female </label></td> </tr> <tr> <td bgcolor="#FFFFFF">Date of Birth:*</span></td> <td bgcolor="#FFFFFF"> <select name="birth_month" id="birth_month"> <option value="01">January</option> <option value="02">February</option> <option value="03">March</option> <option value="04">April</option> <option value="05">May</option> <option value="06">June</option> <option value="07">July</option> <option value="08">August</option> <option value="09">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> <select name="birth_day" id="birth_day"> <option value="01">1</option> <option value="02">2</option> <option value="03">3</option> <option value="04">4</option> <option value="05">5</option> <option value="06">6</option> <option value="07">7</option> <option value="08">8</option> <option value="09">9</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> <option value="13">13</option> <option value="14">14</option> <option value="15">15</option> <option value="16">16</option> <option value="17">17</option> <option value="18">18</option> <option value="19">19</option> <option value="20">20</option> <option value="21">21</option> <option value="22">22</option> <option value="23">23</option> <option value="24">24</option> <option value="25">25</option> <option value="26">26</option> <option value="27">27</option> <option value="28">28</option> <option value="29">29</option> <option value="30">30</option> <option value="31">31</option> </select> <select name="birth_year" id="birth_year"> <option value="2010">2010</option> <option value="2009">2009</option> <option value="2008">2008</option> <option value="2007">2007</option> <option value="2006">2006</option> <option value="2005">2005</option> <option value="2004">2004</option> <option value="2003">2003</option> <option value="2002">2002</option> <option value="2001">2001</option> <option value="2000">2000</option> <option value="1999">1999</option> <option value="1998">1998</option> <option value="1997">1997</option> <option value="1996">1996</option> <option value="1995">1995</option> <option value="1994">1994</option> <option value="1993">1993</option> <option value="1992">1992</option> <option value="1991">1991</option> <option value="1990">1990</option> <option value="1989">1989</option> <option value="1988">1988</option> <option value="1987">1987</option> <option value="1986">1986</option> <option value="1985">1985</option> <option value="1984">1984</option> <option value="1983">1983</option> <option value="1982">1982</option> <option value="1981">1981</option> <option value="1980">1980</option> <option value="1979">1979</option> <option value="1978">1978</option> <option value="1977">1977</option> <option value="1976">1976</option> <option value="1975">1975</option> <option value="1974">1974</option> <option value="1973">1973</option> <option value="1972">1972</option> <option value="1971">1971</option> <option value="1970">1970</option> <option value="1969">1969</option> <option value="1968">1968</option> <option value="1967">1967</option> <option value="1966">1966</option> <option value="1965">1965</option> <option value="1964">1964</option> <option value="1963">1963</option> <option value="1962">1962</option> <option value="1961">1961</option> <option value="1960">1960</option> <option value="1959">1959</option> <option value="1958">1958</option> <option value="1957">1957</option> <option value="1956">1956</option> <option value="1955">1955</option> <option value="1954">1954</option> <option value="1953">1953</option> <option value="1952">1952</option> <option value="1951">1951</option> <option value="1950">1950</option> <option value="1949">1949</option> <option value="1948">1948</option> <option value="1947">1947</option> <option value="1946">1946</option> <option value="1945">1945</option> <option value="1944">1944</option> <option value="1943">1943</option> <option value="1942">1942</option> <option value="1941">1941</option> <option value="1940">1940</option> <option value="1939">1939</option> <option value="1938">1938</option> <option value="1937">1937</option> <option value="1936">1936</option> <option value="1935">1935</option> <option value="1934">1934</option> <option value="1933">1933</option> <option value="1932">1932</option> <option value="1931">1931</option> <option value="1930">1930</option> <option value="1929">1929</option> <option value="1928">1928</option> <option value="1927">1927</option> <option value="1926">1926</option> <option value="1925">1925</option> <option value="1924">1924</option> <option value="1923">1923</option> <option value="1922">1922</option> <option value="1921">1921</option> <option value="1920">1920</option> <option value="1919">1919</option> <option value="1918">1918</option> <option value="1917">1917</option> <option value="1916">1916</option> <option value="1915">1915</option> <option value="1914">1914</option> <option value="1913">1913</option> <option value="1912">1912</option> <option value="1911">1911</option> <option value="1910">1910</option> <option value="1909">1909</option> <option value="1908">1908</option> <option value="1907">1907</option> <option value="1906">1906</option> <option value="1905">1905</option> <option value="1904">1904</option> <option value="1903">1903</option> <option value="1902">1902</option> <option value="1901">1901</option> <option value="1900">1900</option> </select> </td> </tr> <tr> <td bgcolor="#EFEFEF">Email Address:*</span></td> <td bgcolor="#EFEFEF"><input name="email1" type="text" id="email1" size="32" maxlength="48" /></td> </tr> <tr> <td bgcolor="#FFFFFF">Create Password:*</span></td> <td bgcolor="#FFFFFF"><input name="pass1" type="password" id="pass1" size="32" maxlength="16" /> <span>Alphanumeric Characters Only</span></td> </tr> <tr> <td bgcolor="#EFEFEF">Confirm Password: *</span></td> <td bgcolor="#EFEFEF"><input name="pass2" type="password" id="pass2" size="32" maxlength="16" /> <span>Alphanumeric Characters Only</span></td> </tr> <tr> <td><input type="submit" name="submit" value="Sign Up!" /></td> </tr> </table> </form> <?php } ?> </div> <div id="footer"> <div class="left">© 2011</div> <div class="right"><a href="#">....</a><a href="#">....</a></div> <div class="clearer"> </div> </div> </div> </div> </div> </body> </html> Hello, I am currently coding a site from scratch. I know i can use templates and everything else but i want the experience. The HTML I've had down for years but it seems PHP is getting a little elusive for me. I'm trying to create a registration form and when i test my site i keep getting parse errors and syntax errors... mainly regarding the use of {} and if/else. Any help would be appreciated. Most of the code is still incomplete, I have to go back and fill in some areas I've left blank for now, but i have commented using // Where the browser is kicking back my errors.
- “Any sufficiently advanced technology is indistinguishable from magic” (Arthur C. Clark, 1962)
<?php
$con = Mysqli_connect("'', '', ''");
if (Mysqli_connect_errno()) {
echo "Failed to connect to DB. Please check your connection info." . Mysqli_connect_errno;
// Only if there is an error.
}
//Declaring Variable for Registration form
$fname = "";
$lname = "";
$em = "";
$emc = "";
$pass = "";
$passc = "";
$date = "";
$error_array = "";
if (insert($_POST['register_button'])) {
// To handle the registration form
// First Name Values
$fname = strip_tags($_POST['reg_fname']);
$fname = str_replace(' ', '', $fname);
$fname = ucfirst(strtolower($fname));
// Last Name Values
$lname = strip_tags($_POST['reg_lname']);
$lname = str_replace(' ', '', $lname);
$lname = ucfirst(strtolower($lname));
// Registration Email Values
$em = strip_tags($_POST['reg_email']);
$em = str_replace(' ', '', $em);
// Confirm Registration Email Values
$emc = strip_tags($_POST['reg_emailc']);
$emc = str_replace(' ', '', $emc);
// Registrsation Password Values
$pass = strip_tags($_POST['reg_pass']);
// Registration Password Confirmation Values
$passc = strip_tags($_POST['reg_passc']);
// Registration Date Values
$date = date("m-d-Y");
// Here is where the browser keeps kicking back parse errors
if ($em == $emc) {
}
else {
echo "Email and Confirmation Email must match";
}
if (filter_var($em, FILTER_VALIDATE_EMAIL)) {
$em = filter_var($em, FILTER_VALIDATE_EMAIL)
}
else {
echo "Invlaid Format";
}
?>
This Works But for Some reason when you Register an Account and try to login it says "Incorrect Username/Password" It is also Allowing Multiple Accounts to be Created Under the Same Username and Password: DB.php <?php session_start(); mysql_connect("localhost", "USERNAME", "PASSWORD"); mysql_select_db("DATABASE_USER"); function user_login ($username, $password) { //take the username and prevent SQL injections $username = mysql_real_escape_string($username); //begin the query $sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1"); //check to see how many rows were returned $rows = mysql_num_rows($sql); if ($rows<=0 ) { echo "Incorrect username/password"; } else { //have them logged in $_SESSION['sername'] = $username; } } ?> Register.php <?php include("db.php"); if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) { //Prevent SQL injections $username = mysql_real_escape_string($_POST['username']); $email = mysql_real_escape_string($_POST['email']); //Get MD5 hash of password $password = md5($_POST['password']); //Check to see if username exists $sql = mysql_query("SELECT username FROM usersystem WHERE username = 'username'"); if(mysql_num_rows($sql) > 0) { die ("Username taken."); } mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created."; } ?> <form action="register.php" method="post"> Username: <input name="username" type="text" /><br> Password: <input type="password" name="password" /><br> Email: <input name="email" type="text" /><br> <input type="submit" value="Submit" /> </form> Login.php <?php include("db.php"); if (isset($_POST['username']) && isset($_POST['password'])) { user_login($_POST['username'], $_POST['password']); } ?> <form action="login.php" method="post"> Username: <input name="username" type="text" /><br> Password: <input type="password" name="password" /><br> <button type="submit">Submit</button><br> </form> Could Anyone Help Please? Hi everyone, I wanted to let you know first that i am real new into this. I am trying to build a user management system and i can't seem to add a registration field. I got the free script uM Script and here's the code, please help me on this one: REGISTER.PHP Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB"> <head> <title>Member Registration</title> <meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" /> <meta name="description" content="" /> <meta name="keywords" content="" /> <meta name="robots" content="index, follow" /> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" type="text/css" href="css/style.css" media="screen" /> <script type="text/javascript" src="js/jquery-1.6.2.js"></script> <script type="text/javascript" src="js/script.js"></script> <script type="text/javascript"> $(document).ready(function(){ $('#regForm').submit(function(e) { register(); e.preventDefault(); }); }); </script> </head> <body> <table align="center" width="100%" cellspacing="1" cellpadding="1" border="0"> <tr> <td align="left"><a href="index.php">Home</a> | <a href="login.php">Log in</a> | <a href="register.php">Register</a> | <a href="pass_reset.php">Reset Password</a> | <a href="contact_us.php">Contact Us</a></td><td align="right"><a href="admin/login.php">Admin Login</a></td> </tr> </table> <hr/> <p>Register</p> <p>Use the form below to register.</p> <hr/> <div class="done"><p>Registration successful! <a href="login.php">Click here</a> to login.</p></div><!--close done--> <div class="form"> <form id="regForm" action="reg_submit.php" method="post"> <table align="center" width="50%" cellspacing="1" cellpadding="1" border="0"> <tr> <td colspan="2" ></td> </tr> <tr> <td> <label for="username">Username:</label> </td> <td> <input onclick="this.value='';" name="username" type="text" size="25" maxlength="8" value="<?php if(isset($_POST['username'])){echo $_POST['username'];}?>"/> </td> </tr> <tr> <td> <label for="password">Password:</label> </td> <td> <input name="password" type="password" size="25" maxlength="15" /> </td> </tr> <tr> <td> <label for="email">Email:</label> </td> <td> <input onclick="this.value='';" name="email" type="text" size="25" maxlength="50" value="<?php if(isset($_POST['email'])){echo $_POST['email'];}?>"/> </td> </tr> <tr> <td><label for="phone"><label>Phone:</label></td><td><input type="text" name="phone" value="<?php if(isset($_POST['phone'])){echo $_POST['phone'];}?>"/></td> </tr> <td> </td> <td> <input type="submit" name="register" value="Register" /><img id="loading" src="images/loading.gif" alt="working.." /> </td> </tr> <tr> <td colspan="2"><div id="error"> </div></td> </tr> </table> </form> </div><!--close form--> </body> </html> REG.SUBMIT.PHP Code: [Select] <?php require_once('lib/connections/db.php'); include('lib/functions/functions.php'); $sitesettings = getSiteSettings(); $site_url = $sitesettings[0]['site_url']; //For registration // we check if everything is filled in and perform checks if(!$_POST['username']) { die(msg(0,"<p>Please enter a username.</p>")); } if(strlen($_POST['username'])<3 || strlen($_POST['username'])>15) { die(msg(0,"<p>Username must be between 3 and 15 characters.</p>")); } elseif(uniqueUser($_POST['username'])) { die(msg(0,"Username already taken.")); } elseif(!$_POST['password']) { die(msg(0,"<p>Please enter a password.</p>")); } elseif(strlen($_POST['password'])<5) { die(msg(0,"<p>Usernames must be atleast 5 characters.</p>")); } elseif(!$_POST['email']) { die(msg(0,"<p>Please enter an email address.</p>")); } /*elseif(validateEmail($_POST['email'])) { die(msg(0,"<p>Invalid email address.</p>")); }*/ elseif(uniqueEmail($_POST['email'])) { die(msg(0,"<p>Email taken. Please select another email address.</p>")); } elseif(!$_POST['phone']) { die(msg(0,"Phone numbers must be of numeric type only.")); } else { $res = addUser($_POST['username'],$_POST['password'],$_POST['email'], $_POST['phone'],$site_url); if ($res == 1){ die(msg(0,"Failed to send activation email. Please contact the site admin.")); } if ($res == 2){ die(msg(0,"There was an error registering your details. Please contact the site admin.")); } if ($res == 99){ die(msg(1,"<p>Registration successful! <a href='login.php'>Click here</a> to login.</p>")); } } function msg($status,$txt) { return '{"status":'.$status.',"txt":"'.$txt.'"}'; } ?> And the code of the function: Code: [Select] //----------Function for adding user's profile---------- function addUser($user,$pass,$email,$site_url) { $user = secureInput($user); $pass = secureInput($pass); $email = secureInput($email); $site_url = secureInput($site_url); //Encrypt password for database $salt = 's+(_a*'; $pass = md5($pass.$salt); $reg_date = date("l, M j, Y, g:i a"); $sql = "INSERT INTO users (username,password,email,active,level_access,reg_date) VALUES ('".$user."','".$pass."','".$email."',0,2,'".$reg_date."')"; $res = mysql_query($sql); if($res){ //build email to be sent $to = $email; $subject = $site_url; $subject .= ": Activate Your Account"; $message = " <html> <head> <title>Account Activation</title> </head> <body> <h3>Account Activation</h3> <p>Dear ".$user.", thank you for registering at ".$site_url.".</p> <p>Please click on the link below to activate your account:</p> <a href='".$site_url."/confirm_user_reg.php?prsn=".$user."'>http://www.".$site_url."</a>. <p>If the above link does not work, copy and paste the below URL to your browser's address bar:</p> <p><i>http://www.".$site_url."/confirm_user_reg.php?prsn=".$user."</i></p><br/> <p>If you did not initiate this request, simply disregard this email, and we're sorry for bothering you.</p> <br/><br/> <p>Sincerely,</p> <p>The ".$site_url." Team.</p> </body> </html> "; // To send HTML mail, the Content-type header must be set $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; if($mail_send = mail($email, $subject, $message, $headers)) { } return 99; return 1; } else return 2; } I know i'm wrong somewhere because when i register a user the phone number won't post on the "phone" field on database. I have this working code except I can't redirect to a thank you page when a new user registers. When they login it works without issue. I just don't know where or what to put for the registration part.
Here is my Code. Any help would be much appreciated.
<?php Just looking for an opinion on which one of these two pieces of code would process faster: <tr align="center" class="border"> <td class="border">'; if($copper=="yes"){ $content.= '<span class="strike">Copper</span>'; } else{ $content.= 'Copper'; } $content.=' </td> <td class="border"> '; if($copper=="yes"){ $content.= '<span class="strike">$10 - $35</span>'; } else{ $content.= ' $10 - $35'; } $content.=' </td> <td class="border">'; if($copper=="yes"){ $content.= '<span class="strike">800</span>'; } else{ $content.= ' 800'; } $content.=' </td> <td class="border">'; if($copper=="yes"){ $content.='Levels that are crossed out are full.'; } else{ $content.='Name in end Credits + Nickel Level'; } $content.=' </td> </tr> vs. if($copper=="yes"){ <tr align="center" class="border"> <td class="border"> <span class="strike">Copper</span> </td> <td class="border"> <span class="strike">$10 - $35</span> </td> <td class="border"> <span class="strike">800</span> </td> <td class="border"> Levels that are crossed out are full. </td> </tr> } else{ <tr align="center" class="border"> <td class="border"> Copper </td> <td class="border"> $10 - $35 </td> <td class="border"> 800 </td> <td class="border"> Name in end Credits + Nickel Level </td> </tr> } Hello A question popped up in my head, while I was designing my database (this is both php and SQL thought). The scenario is that an item can have many categories. Yet the categories are finite (<100 let's say). I have no problem making a many to many link table. Yet I was wondering if the finite categories would necessitate this method. My thought is - make the categories table a default array and match it against a queried item (containing an array of category IDs) with an array_intersect. Is this efficient, silly, or a variable scenario? Thanks for any insight. Is it more efficient to concat strings to variables or include variables within a double quote enclosed string? I've created a couple of classes to help take tons of coding off of the front end, and I've been pondering the idea of creating a container class to hold specific objects of some classes. My container class methods will do a lot of iterating through a lot of varient object names, and I'm questioning efficiency in regards to resolving the object variable's names... Which is more efficient? ${"type_$i"}->setAttribute('readonly', 'readonly'); ${'type_'.$i}->setAttribute('readonly', 'readonly'); i am trying to set up a website for a school function. i have the register page up and running but i would like to make it so only people with a school email address may register. i.e name@school.edu I have looked through a lot of forms, but have yet to find the answer. Everything that i have found doesn't work. Thanks Hi, Im currently working on a website for a friend. The whole system works but registration is a bit dodgy. most of the time I have to add users via the backend as it throws up error messages. Can some one please look through my code and tell me what im doing wrong. Code: [Select] <?php session_start(); $page_title = 'Register'; include("includes/header.php");?> <!--main Nav--> <?php include('includes/mainNav.php'); ?> <!--Section Title--> <h1><?php echo $page_title; ?></h1> <!--primary Content--> <div id="primaryContent"> <h2><span class="RedGbColor">Subscribe Now</span></h2> <p><br /> Register here and create your profile and to attend an event of your choice (link please).<br /> </p> </div> <!--Main Content--> <div id="mainContent"> <?php $username = $_SESSION['cre_email']; $idg = $_GET['id']; $ids = $idg; $_SESSION['id'] = $ids; //grabs the variables $title = $_POST['title']; $gender = $_POST['gender']; $fname = $_POST['fname']; $lname = $_POST['lname']; $mobile = $_POST['mobile']; $email = $_POST['email']; $password = $_POST['password']; $cpassword = $_POST['cpassword']; $add1 = $_POST['add1']; $add2 = $_POST['add2']; $add3 = $_POST['add3']; $add4 = $_POST['add4']; $pcode = $_POST['pcode']; $dd = $_POST['day']; $mm = $_POST['month']; $yyyy = $_POST['year']; $news = $_POST['newsopt']; $market = $_POST['market']; $today = date(mdY); $tmp = explode(':', $title); $cust_gender = $tmp[0]; $cust_title = $tmp[1]; $male_status = $_POST[male_status]; $female_status = $_POST[female_status]; //debug info //error_reporting(E_ALL); //print_r($_GET); //print_r($_POST); //print_r($_SESSION); if ($_SESSION['loggedin'] == 1) { // logged in echo "<script language=\"JavaScript\">window.location='index.php'</script>"; exit(); } else { $month = array( array("01","Jan"), array("02","Feb"), array("03","Mar"), array("04","Apr"), array("05","May"), array("06","Jun"), array("07","Jul"), array("08","Aug"), array("09","Sep"), array("10","Oct"), array("11","Nov"), array("12","Dec") ); echo (' <h2><span class=\"RedGbColor\">Please take a few minutes to register.</span></h2> <div id=\"form1\"> <form action='validFormRegister.php?id=$idg' method=\"post\" enctype=\"multipart/form-data\"> <table width=\"380\"> <tr class=\"formText\"> <td width=\"152\" valign='bottom' style='padding-top:4px;'><label class=\"small\" for='gender'>Gender:</label><em>*</em></td> <td width=\"222\" class='small' style='padding-top:4px;'><input type='radio' name='gender' value='m' $male_status tabindex=\"1\">male <input type='radio' name='gender' value='f' $female_status>female </td> </tr> <tr class=\"formText\"> <td> <label class=\"small\" for='fname'>First Name:</label><em>*</em></td> <td><input name=\"fname\" size=\"25\" tabindex=\"2\" maxlength=\"25\" class=\"txtbx\" value=\"$fname\"></td> </tr> <tr class=\"formText\"> <td> <label class=\"small\" for='lname'>Last Name:</label><em>*</em></td><td><input name=\"lname\" value='$lname' size=\"30\" maxlength=\"30\" tabindex=\"3\" class=\"txtbx\"> </td> <tr> <td height=\"29\" colspan=\"2\"><hr /></td> </tr> <tr class=\"formText\"> <td> <label class=\"small\" for='mobile'>Mobile/Phone:</label><em>*</em></td><td><input name=\"mobile\" value='$mobile' size=\"12\" tabindex=\"4\" maxlength=\"12\" class=\"txtbx\"></td> </tr> <tr class=\"formText\"> <td> <label class=\"small\" for=\"email\">Email Address:</label><em>*</em> </td> <td><input name=\"email\" size=\"25\" tabindex=\"5\" value='$email' maxlength=\"100\" class=\"txtbx\"> </td> </tr> <tr class=\"formText\"> <td><label class=\"small\" for=\"password\">Password:</label><em>*</em></td><td><input type=\"password\" name=\"password\" size=\"12\" maxlength=\"14\" tabindex=\"6\" class=\"txtbx\"> <a href=\"javascript:alert('Your password must be between 4 and 14 characters long.')\"><small>HELP</small></a> </td> </tr> <tr class=\"formText\"> <td><label class=\"small\" for=\"cpassword\">Confirm Password:</label><em>*</em></td><td><input type=\"password\" name=\"cpassword\" size=\"12\" maxlength=\"14\" tabindex=\"7\" class=\"txtbx\"> <a href=\"javascript:alert('Your password must be between 4 and 14 characters long.')\"><small>HELP</small></a> </td> </tr> <tr> <td height=\"29\" colspan=\"2\"><hr /></td> </tr> <tr class=\"formText\"> <td><label class=\"small\" for=\"add1\">House Name:</label> </td> <td><input name=\"add1\" type=\"text\" tabindex=\"8\" class=\"txtbx\" value='$add1' /></td> </tr> <tr class=\"formText\"> <td><label class=\"small\" for=\"add2\">Street Address:</label> </td> <td><input name=\"add2\" type=\"text\" tabindex=\"9\" class=\"txtbx\" value='$add2' /></td> </tr> <tr class=\"formText\"> <td><label class=\"small\" for=\"add3\">Town:</label> </td> <td><input name=\"add3\" type=\"text\" tabindex=\"10\" class=\"txtbx\" value='$add3' /></td> </tr> <tr class=\"formText\"> <td><label class=\"small\" for=\"add4\">County:</label> </td> <td><input name=\"add4\" type=\"text\" tabindex=\"11\" class=\"txtbx\" value='$add4' /></td> </tr> <tr class=\"formText\"> <td><label class=\"small\" for=\"pcode\">Post Code:</label> </td> <td><input name=\"pcode\" type=\"text\" tabindex=\"12\" class=\"txtbx\" value='$pcode' /></td> </tr> <tr> <td height=\"29\" colspan=\"2\"><hr /></td> </tr> <tr class=\"formText\"> <td><label class=\"small\" for=\"market\">How did you hear of us?</label> </td> <td><select name=\"market\" id=\"market\" tabindex=\"13\"> <option value='$market' selected>$market</option> <option value='internet'>Internet search</option> <option value='friend'>Friend recommended</option> <option value='dating site'>Dating site</option> <option value='Gay press'>Gay press</option> <option value='Time Out'>Time Out</option> <option value='Flyer'>Flyer</option> <option value='previous customer'>Previous attendance</option> <option value='other'>Other</option> </select></td> <td> </td> </tr> <tr class=\"formText\"><td><label class=\"small\" for=\"day\">Date </label><label class=\"small\" for=\"Month\"> of </label><label class=\"small\" for=\"Year\"> Birth:</label></td> <td> <select name=\"day\" id=\"day\" tabindex=\"14\"> <option value='$dd'>$dd</option> "); for($i=1; $i<32; $i++) { echo "<option value=\"".$i."\">".$i."\n"; } echo (" </select> <select name=\"month\" id=\"month\" tabindex=\"15\"> <option value='$mm'>$mm</option> "); for($i=0; $i<12; $i++) { echo "<option value=\"".$month[$i][0]."\">".$month[$i][1]."\n"; } echo (" </select> <select name=\"year\" id=\"year\" tabindex=\"16\"> <option value='$yyyy'>$yyyy</option> "); for($i=1944; $i<1991; $i++) { echo "<option value=\"".$i."\">".$i."\n"; } echo (" </select> </td> <td> </td> </tr> <tr class=\"formText\"> <td><label for=\"photo\">Upload a photo</label></td> <td><input name=\"photo\" type=\"file\" tabindex=\"17\"></td> <tr> <td></td> <td>MAX FILE SIZE : 1MB <a href=\"javascript:alert('Please upload a photo of yourself. Optimum size is 640 pixels wide by 480 pixels high. Maximum file size of 1MB.')\"><small>HELP</small></a><br /><br /> </td> <tr class=\"formText\"> <td><label for=\"newsopt\">I wish to receive newsletters</label> </td> <td> <input name=\"newsopt\" type=\"checkbox\" tabindex=\"18\" id=\"newsOpt\" value='1' checked /> </td> <td> </td> </tr> <tr> <td> </td> <td> <input type=\"submit\" tabindex=\"19\" value=\"Continue\" class=\"btn_sm_left\" id=\"submitBtn\" onclick='this.disabled=true;this.value=\"Please Wait\";document.forms[1].submit();' style='width:120px;'/> <input type=\"reset\" value=\"Reset\" class=\"btn_sm_left\" /></td> <td> </td> </tr> </table> </form> <p class='pink2'><strong>Note</strong>: Fields marked with an <em>asterix (*)</em> are required.</p> '); } ?> </div> </div> <!--primary Content--> <div id="primaryContent"> <!--Login--> <?php include('includes/login.php'); ?> </div> <!--Footer--> <?php include('includes/footer.php'); ?> </div> </div> </body> </html> Hi guys, I have this registration form, for some reasons it just gives me "please all fields" on registration, can u help me see where im wrong please? thanks in advance code is attached below: Code: [Select] <?php //php form registration starts here if(isset($_POST['register'])){ $title=strip_tags($_POST ['title']); $firstname=strip_tags($_POST['firstname']); $surname=strip_tags($_POST['surname']); $email=strip_tags($_POST ['email']); $reemail=strip_tags($_POST ['reemail']); $password=strip_tags($_POST ['password']); $repassword=strip_tags($_POST ['repassword']); $street=strip_tags($_POST ['street']); $city=strip_tags($_POST ['city']); $postcode=strip_tags($_POST ['postocde']); $telephone=strip_tags($_POST ['telephone']); if($title && $firstname && $surname && $email && $reemail && $password && $repassword && $street && $city && $postcode && $telephone) { $getemails=mysql_query("SELECT * FROM member WHERE email='$email'"); $row=mysql_fetch_assoc($getemails); if(mysql_num_rows($getemails) > 0) { echo "This email is already registered in our database"; } else { if($email!=$reemail) echo "Your Emails do not match"; } if($password!=$repassword) { echo "Passwords do not match"; } else { $confirmedpass=md5($password); $submitusers= mysql_query("INSERT INTO members (title,Firstname,Surname,Street,City,Postcode,EmailAddress,Password, TelephoneNo,Credit) VALUES ('$title','$firstname','$surname','$street','$city','$postcode','$email','$confirmedpass','$telephone','0')"); } } else {echo "Please fill All required fields";} } ?> You can see exactly whats its doing at www.digitaldesignersmall.com/reg/register.php Stuff just isnt working and even when i purposely try to make a error occur its not going to the right place Code: [Select] <?php include('connection.php'); $test1=$_POST['firstname']; $test2=$_POST['lastname']; $test3=$_POST['username']; if (!eregi("([^A-Za-z0-9])",$test1)){ if (!eregi("([^A-Za-z])",$test2)){ if (!eregi("([^A-Za-z])",$test3)){ $query="SELECT * FROM merchants WHERE username = '$_POST(username)'"; $result=mysql_query($query); $num=mysql_num_rows($result); if ($num == 0) { $query1="SELECT * FROM merchants WHERE email = '$_POST(email)'"; $result1=mysql_query($query1); $num1=mysql_num_rows($result1); if ($num1 == 0) { if (($_POST['password']==$_POST['password1'])&&($_POST['email']==$_POST['email1'])) { $name=strip_tags($_POST['username']); $first=strip_tags($_POST['firstname']); $last=strip_tags($_POST['lastname']); $pass=strip_tags($_POST['password']); $country=strip_tags($_POST['country']); $address=strip_tags($_POST['address']); $email=strip_tags($_POST['email']); $city=strip_tags($_POST['city']); $zip=strip_tags($_POST['zipcode']); $state=strip_tags($_POST['state']); $phone=strip_tags($_POST['phonenumber']); $aql="INSERT INTO merchants SET username='$name', firstname='$first', lastname='$last', email='$email', Country='$country', zipcode='$zip', password='$pass', city='$city', state='$state', phonenumber='$phone', address='$address'"; $result=mysql_query($sql); if ($result){ header("location:http://www.digitaldesignersmall.com/ffx.html"); } else { header("location:http://www.digitaldesignersmall.com/fff.html"); } } else{ header("location:http://www.digitaldesingersmall.com/afx.html"); } } else { header("location:http://www.digitaldesingersmall.com/afx.html"); } } else{ header("location:http://www.digitaldesignersmall.com/cxs.html"); } } else{ header("location:http://www.digitaldesignersmall.com/cxs.html"); } } else{ header("location:http://www.digitaldesignersmall.com/cxs.html"); } } ?> MOD EDIT: [code] . . . [/code] tags added. New to php and starting to feel way in over my head. Please help, point me in the right direction here. How do i create a new folder with a index.html like (www.mydomain.com/NEWUSER/index.html) when a user registers for my site and have it do live check for AVAILABILITY? I want to give my users a unique url for there profile. how then do i automate the creation of x.com/newuser/index.html and write it with the users input from my database at the same time? Hey guys!
I'm sorry if this wrong section to post this, but this one was the most reasonable to ask.
So I'm looking for a guy who could program a system for my website. It's gonna be a site where people can register and join the raffles.
The raffles will work on a ticket system where you have to buy a ticket to join a competition. The registration has to be safe and same as raffle without any bugs etc..
Will give more info when you write me down!
If you are intrested you can add me on skype: mikinjsh95
Or send an email on: miks.silins@outlook.com
I will pay for the code, no doubt! Will pay half money and when the script is done will pay the rest!
Im trying to build mysql php user registration. For some reason i cannot insert values into my database. Code: [Select] <?php $submit = $_POST['submit']; $fullname = strip_tags($_POST['fullname']); $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); // Connect the database $connection = mysql_connect("bla", "bla", "bla") or die ("Could not connect"); mysql_select_db("my_db", $connection); // mysql query $query = "INSERT INTO users VALUES (''. 'fullname', 'username', 'password')"; mysql_query($query); echo "You have successfully registered"; ?> Any help spotting the error would be appreciated! I'm making a registration form and i want to add a user when i click the registration button, but the user can not already be in the database, i set the user to be unique inside of the database and when i try to add a new user it gives an error message, but instead of that error message i would like to input please enter another user-name or user already exist something like that the error message says duplicate entry 'username' inside of db basically... can someone help me with this ? I'm using an open source registration and login validation system. I've got it working well, apart from I've discovered when adding check if username is taken, it has broken the script and allows duplicate usernames and email addresses: Code: [Select] <?php include ('database_connection.php'); if (isset($_POST['formsubmitted'])) { $error = array();//Declare An Array to store any error message if (empty($_POST['name'])) {//if no name has been supplied $error[] = 'Please Enter a name ';//add to array "error" } else { $name = $_POST['name'];//else assign it a variable } if (empty($_POST['e-mail'])) { $error[] = 'Please Enter your Email '; } else { if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['e-mail'])) { //regular expression for email validation $Email = $_POST['e-mail']; } else { $error[] = 'Your EMail Address is invalid '; } } if (empty($_POST['Password'])) { $error[] = 'Please Enter Your Password '; } else { $Password = $_POST['Password']; } if (empty($error)) //send to Database if there's no error ' { // If everything's OK... // Make sure the email address is available: $query_verify_email = "SELECT * FROM members WHERE Email ='$Email'"; $result_verify_email = mysqli_query($dbc, $query_verify_email); if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false) echo ' Database Error Occured '; } if (mysqli_num_rows($result_verify_email) == 0) { // IF no previous user is using this email . // Make sure the user is available: $query_verify_user = "SELECT * FROM members WHERE Username ='$name'"; $result_verify_user = mysqli_query($dbc, $query_verify_user); if (!$result_verify_user) { echo ' Database Error Occured '; } } if (mysqli_num_rows($result_verify_user) == 0) { // IF no previous user is using this user . // Create a unique activation code: $activation = md5(uniqid(rand(), true)); $query_insert_user = "INSERT INTO `members` ( `Username`, `Email`, `Password`, `Activation`, `res1`, `res2`, `ounit1`, `dunit1`) VALUES ( '$name', '$Email', '$Password', '$activation', '50000', '50000', '100', '100')"; $result_insert_user = mysqli_query($dbc, $query_insert_user); if (!$result_insert_user) { echo 'Query Failed '; } if (mysqli_affected_rows($dbc) == 1) { //If the Insert Query was successfull. // Send the email: $message = " To activate your account, please click on this link:\n\n"; $message .= WEBSITE_URL . '/activate.php?email=' . urlencode($Email) . "&key=$activation"; mail($Email, 'Registration Confirmation', $message, 'From: Admin@TheGameCo.Com'); // Flush the buffered output. // Finish the page: echo '<div class="success">Thank you for registering! A confirmation email has been sent to '.$Email.' Please click on the Activation Link to Activate your account </div>'; } else { // If it did not run OK. echo '<div class="errormsgbox">You could not be registered due to a system error. We apologize for any inconvenience.</div>'; } } else { // The email address is not available. echo '<div class="errormsgbox" >That email address or username has already been registered. </div>'; } } else {//If the "error" array contains error msg , display them echo '<div class="errormsgbox"> <ol>'; foreach ($error as $key => $values) { echo ' <li>'.$values.'</li>'; } echo '</ol></div>'; } mysqli_close($dbc);//Close the DB Connection } // End of the main Submit conditional. ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Game Name - Home</title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <div id="container"> <div id="header"> <?php include("includes/header.php"); ?> </div> <div id="nav"> <?php include("includes/nav.php"); ?> </div> <div id="content"> <form action="index.php" method="post" class="registration_form"> <fieldset> <legend>Registration Form</legend> <p>Create A new Account<br />Already a member? <a href="login.php">Log in</a></p> <div class="elements"> <label for="name">Username:</label> <input type="text" id="name" name="name" size="25" /> </div> <div class="elements"> <label for="e-mail">E-mail:</label> <input type="text" id="e-mail" name="e-mail" size="25" /> </div> <div class="elements"> <label for="Password">Password:</label> <input type="password" id="Password" name="Password" size="25" /> </div> <div class="submit"> <input type="hidden" name="formsubmitted" value="TRUE" /> <input type="submit" value="Register" /> </div> </fieldset> </form> </div> <div id="footer"> <?php include("includes/footer.php"); ?> </div> </div> </body> </html> To add user verification I simply duplicated the email verification: Code: [Select] // Make sure the user is available: $query_verify_user = "SELECT * FROM members WHERE Username ='$name'"; $result_verify_user = mysqli_query($dbc, $query_verify_user); if (!$result_verify_user) { echo ' Database Error Occured '; } } if (mysqli_num_rows($result_verify_user) == 0) { // IF no previous user is using this user . Can anyone see where I've gone wrong? |
|||||||