Adding Email to registering account + DB + Config File etc

[Lewis2212]

Hey guys, Just lately I have been trying to start a specific project for myself. I started off by designing the pages etc on HTML, and then a friend of mine helped me convert them to PHP.

 

At the moment, when a user registers to the site, they only require to enter a Username and Password. I would like to add their email to it too, due to adding slightly extra security. It would also be used for future reasons such as sending emails out etc.

 

I'm not sure about adding this, I know that most likely it is going to be VERY similar to how it already is, but I couldn't seem to get it to work when I tried.

 

Ill give the coding which I am using for this below (the documents which I believe would need editing) :

 

Register.php

<?php

require($_SERVER['DOCUMENT_ROOT'] . '/TruckWorld/includes/config.php');

$sOutput .= '<div id="register-body">';

if (isset($_GET['action'])) {
	switch (strtolower($_GET['action'])) {
		case 'register':
			// If the form was submitted lets try to create the account.
			if (isset($_POST['username']) && isset($_POST['password'])) {
				if (createAccount($_POST['username'], $_POST['password'])) {
					$sOutput .= '<h1>Account Created</h1><br />Your account has been created. 
								You can now login <a href="login.php">here</a>.';
				}else {
					// unset the action to display the registration form.
					unset($_GET['action']);
				}				
			}else {
				$_SESSION['error'] = "Username and or Password was not supplied.";
				unset($_GET['action']);
			}
		break;
	}
}

// If the user is logged in display them a message.
if (loggedIn()) {
	$sOutput .= '<h2>Already Registered</h2>
				You have already registered and are currently logged in as: ' . $_SESSION['username'] . '.
				<h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4>
				<h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
				
// If the action is not set, we want to display the registration form
}elseif (!isset($_GET['action'])) {
	// incase there was an error 
	// see if we have a previous username
	$sUsername = "";
	if (isset($_POST['username'])) {
		$sUsername = $_POST['username'];
	}
	
	$sError = "";
	if (isset($_SESSION['error'])) {
		$sError = '<span id="error">' . $_SESSION['error'] . '</span><br />';
	}
	
	$sOutput .= '<!DOCTYPE html>
	<html>
	
	<head>
	
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
	
    <title>Truck World - Register</title>
	
    <!-- Core CSS - Include with every page -->
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <link href="font-awesome/css/font-awesome.css" rel="stylesheet">
	
    <!-- SB Admin CSS - Include with every page -->
    <link href="css/sb-admin.css" rel="stylesheet">
	
	
	</head>
	
	<body>
	
	<div align=center><img src="images/logintitle.png" alt="LoginTitle" /></div>
	
    <div class="container">
	<div class="row">
	<div class="col-md-4 col-md-offset-4">
	<div class="login-panel panel panel-default">
	<div class="panel-heading">
	<h3 class="panel-title">Register To Join Truck World!</h3>
	</div>
	<div class="panel-body">
		' . $sError . '
		<form name="register" method="post" action="' . $_SERVER['PHP_SELF'] . '?action=register">
			<fieldset>
			<div class="form-group">
				<input class="form-control" placeholder="Username" name="username" type="username" autofocus="">
			</div>
			<div class="form-group">
				<input class="form-control" placeholder="Password" name="password" type="password" value="">
			</div>
			<div class="form-group">
				<input class="form-control" placeholder="Email" name="email" type="email" value="">
			</div>
			<!-- Change this to a button or input when using this as a form -->
			<input type="submit" class="btn btn-lg btn-success btn-block" name="submit" value="Register" />
			<a href="login.php"class="btn btn-lg btn-success btn-block">Login</a>
		</fieldset>';
}

$sOutput .= '</div>
</div>
</div>
</div>
</div>

<div align=center><h5><small>Copyright - Lewis Pickles 2014 - All Rights Reserved</small></h5></div>

<!-- Core Scripts - Include with every page -->
<script src="js/jquery-1.10.2.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="js/plugins/metisMenu/jquery.metisMenu.js"></script>

<!-- SB Admin Scripts - Include with every page -->
<script src="js/sb-admin.js"></script>

</body>

</html>
';

// display our output.
echo $sOutput;
?>

Functions.php (Not sure if this would need editing, I think it might, Correct me if I'm wrong)

<?php

function createAccount($pUsername, $pPassword) {
	// First check we have data passed in.
	if (!empty($pUsername) && !empty($pPassword)) {
		$uLen = strlen($pUsername);
		$pLen = strlen($pPassword);
		
		// escape the $pUsername to avoid SQL Injections
		$eUsername = mysql_real_escape_string($pUsername);
		$sql = "SELECT username FROM users WHERE username = '" . $eUsername . "' LIMIT 1";

		// Note the use of trigger_error instead of or die.
		$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());

		// Error checks (Should be explained with the error)
		if ($uLen <= 4 || $uLen >= 11) {
			$_SESSION['error'] = "Username must be between 4 and 11 characters.";
		}elseif ($pLen < 6) {
			$_SESSION['error'] = "Password must be longer then 6 characters.";
		}elseif (mysql_num_rows($query) == 1) {
			$_SESSION['error'] = "Username already exists.";
		}else {
			// All errors passed lets
			// Create our insert SQL by hashing the password and using the escaped Username.
			$sql = "INSERT INTO users (`username`, `password`) VALUES ('" . $eUsername . "', '" . hashPassword($pPassword, SALT1, SALT2) . "');";
			
			$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
			
			if ($query) {
				return true;
			}	
		}
	}
	
	return false;
}

/***********
	string hashPassword (string $pPassword, string $pSalt1, string $pSalt2)
		This will create a SHA1 hash of the password
		using 2 salts that the user specifies.
************/
function hashPassword($pPassword, $pSalt1="2345#$%@3e", $pSalt2="taesa%#@2%^#") {
	return sha1(md5($pSalt2 . $pPassword . $pSalt1));
}

/***********
	bool loggedIn
		verifies that session data is in tack
		and the user is valid for this session.
************/
function loggedIn() {
	// check both loggedin and username to verify user.
	if (isset($_SESSION['loggedin']) && isset($_SESSION['username'])) {
		return true;
	}
	
	return false;
}

/***********
	bool logoutUser 
		Log out a user by unsetting the session variable.
************/
function logoutUser() {
	// using unset will remove the variable
	// and thus logging off the user.
	unset($_SESSION['username']);
	unset($_SESSION['loggedin']);
	
	return true;
}

/***********
	bool validateUser
		Attempt to verify that a username / password
		combination are valid. If they are it will set
		cookies and session data then return true. 
		If they are not valid it simply returns false. 
************/
function validateUser($pUsername, $pPassword) {
	// See if the username and password are valid.
	$sql = "SELECT username FROM users 
		WHERE username = '" . mysql_real_escape_string($pUsername) . "' AND password = '" . hashPassword($pPassword, SALT1, SALT2) . "' LIMIT 1";
	$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
	
	// If one row was returned, the user was logged in!
	if (mysql_num_rows($query) == 1) {
		$row = mysql_fetch_assoc($query);
		$_SESSION['username'] = $row['username'];
		$_SESSION['loggedin'] = true;
			
		return true;
	}
	
	
	return false;
}
?>

The Database for the email is as follows:

 

Edited August 6, 2014 by Lewis2212

[ginerjm]

Way too much code here to look at.  Is that a dump of your data?  Uhh.......

 

Exactly what is not working?  Are you getting errors?

 

PS - tried to copy your code into my ide and find it has no carriage returns/line feeds.  Can  you perhaps post something a bit more presentable?

Edited August 6, 2014 by ginerjm

[Lewis2212]

Way too much code here to look at.  Is that a dump of your data?  Uhh.......

 

Exactly what is not working?  Are you getting errors?

 

PS - tried to copy your code into my ide and find it has no carriage returns/line feeds.  Can  you perhaps post something a bit more presentable?

 

The current code your seeing does not have anything to do adding the email function to it. It contains the styling for the Email input box, but not the coding to actually insert the email into the database etc.

Thats what I would like some possible help with.

[Lewis2212]

Bump...Seems to have gone dead, Could really do with some possible help for this

[CroNiX]

So you'd have an email field on that same form (which you did), and create an email field in the db for the user account table.

 

Then just add the email field to the rest of the code where you create the user.

 

1. if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) {
2. if (createAccount($_POST['username'], $_POST['password'], $_POST['email'])) {

 

Then in createAccount:

 

1. function createAccount($pUsername, $pPassword, $pEmail) {
2. ...
3. $eUsername = mysql_real_escape_string($pUsername);
4. $eEmail = mysql_real_escape_string($pEmail);
5. ...
6. $sql = "INSERT INTO users (`username`, `password`, `email`) VALUES ('" . $eUsername . "', '" . hashPassword($pPassword, SALT1, SALT2) . "', "' . $eEmail . "');";

Edit: I would also do your check to see if the username already exists before validating the rest of the values. If it exists, there is no need to continue validating the other fields.

Edited August 7, 2014 by CroNiX