Lewis2212

Bump...Seems to have gone dead, Could really do with some possible help for this

The current code your seeing does not have anything to do adding the email function to it. It contains the styling for the Email input box, but not the coding to actually insert the email into the database etc. Thats what I would like some possible help with.

Hey guys, Just lately I have been trying to start a specific project for myself. I started off by designing the pages etc on HTML, and then a friend of mine helped me convert them to PHP. At the moment, when a user registers to the site, they only require to enter a Username and Password. I would like to add their email to it too, due to adding slightly extra security. It would also be used for future reasons such as sending emails out etc. I'm not sure about adding this, I know that most likely it is going to be VERY similar to how it already is, but I couldn't seem to get it to work when I tried. Ill give the coding which I am using for this below (the documents which I believe would need editing) : Register.php <?php require($_SERVER['DOCUMENT_ROOT'] . '/TruckWorld/includes/config.php'); $sOutput .= '<div id="register-body">'; if (isset($_GET['action'])) { switch (strtolower($_GET['action'])) { case 'register': // If the form was submitted lets try to create the account. if (isset($_POST['username']) && isset($_POST['password'])) { if (createAccount($_POST['username'], $_POST['password'])) { $sOutput .= '<h1>Account Created</h1><br />Your account has been created. You can now login <a href="login.php">here</a>.'; }else { // unset the action to display the registration form. unset($_GET['action']); } }else { $_SESSION['error'] = "Username and or Password was not supplied."; unset($_GET['action']); } break; } } // If the user is logged in display them a message. if (loggedIn()) { $sOutput .= '<h2>Already Registered</h2> You have already registered and are currently logged in as: ' . $_SESSION['username'] . '. <h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4> <h4>Would you like to go to <a href="index.php">site index</a>?</h4>'; // If the action is not set, we want to display the registration form }elseif (!isset($_GET['action'])) { // incase there was an error // see if we have a previous username $sUsername = ""; if (isset($_POST['username'])) { $sUsername = $_POST['username']; } $sError = ""; if (isset($_SESSION['error'])) { $sError = '<span id="error">' . $_SESSION['error'] . '</span><br />'; } $sOutput .= '<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Truck World - Register</title> <!-- Core CSS - Include with every page --> <link href="css/bootstrap.min.css" rel="stylesheet"> <link href="font-awesome/css/font-awesome.css" rel="stylesheet"> <!-- SB Admin CSS - Include with every page --> <link href="css/sb-admin.css" rel="stylesheet"> </head> <body> <div align=center><img src="images/logintitle.png" alt="LoginTitle" /></div> <div class="container"> <div class="row"> <div class="col-md-4 col-md-offset-4"> <div class="login-panel panel panel-default"> <div class="panel-heading"> <h3 class="panel-title">Register To Join Truck World!</h3> </div> <div class="panel-body"> ' . $sError . ' <form name="register" method="post" action="' . $_SERVER['PHP_SELF'] . '?action=register"> <fieldset> <div class="form-group"> <input class="form-control" placeholder="Username" name="username" type="username" autofocus=""> </div> <div class="form-group"> <input class="form-control" placeholder="Password" name="password" type="password" value=""> </div> <div class="form-group"> <input class="form-control" placeholder="Email" name="email" type="email" value=""> </div> <!-- Change this to a button or input when using this as a form --> <input type="submit" class="btn btn-lg btn-success btn-block" name="submit" value="Register" /> <a href="login.php"class="btn btn-lg btn-success btn-block">Login</a> </fieldset>'; } $sOutput .= '</div> </div> </div> </div> </div> <div align=center><h5><small>Copyright - Lewis Pickles 2014 - All Rights Reserved</small></h5></div> <!-- Core Scripts - Include with every page --> <script src="js/jquery-1.10.2.js"></script> <script src="js/bootstrap.min.js"></script> <script src="js/plugins/metisMenu/jquery.metisMenu.js"></script> <!-- SB Admin Scripts - Include with every page --> <script src="js/sb-admin.js"></script> </body> </html> '; // display our output. echo $sOutput; ?> Functions.php (Not sure if this would need editing, I think it might, Correct me if I'm wrong) <?php function createAccount($pUsername, $pPassword) { // First check we have data passed in. if (!empty($pUsername) && !empty($pPassword)) { $uLen = strlen($pUsername); $pLen = strlen($pPassword); // escape the $pUsername to avoid SQL Injections $eUsername = mysql_real_escape_string($pUsername); $sql = "SELECT username FROM users WHERE username = '" . $eUsername . "' LIMIT 1"; // Note the use of trigger_error instead of or die. $query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error()); // Error checks (Should be explained with the error) if ($uLen <= 4 || $uLen >= 11) { $_SESSION['error'] = "Username must be between 4 and 11 characters."; }elseif ($pLen < 6) { $_SESSION['error'] = "Password must be longer then 6 characters."; }elseif (mysql_num_rows($query) == 1) { $_SESSION['error'] = "Username already exists."; }else { // All errors passed lets // Create our insert SQL by hashing the password and using the escaped Username. $sql = "INSERT INTO users (`username`, `password`) VALUES ('" . $eUsername . "', '" . hashPassword($pPassword, SALT1, SALT2) . "');"; $query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error()); if ($query) { return true; } } } return false; } /*********** string hashPassword (string $pPassword, string $pSalt1, string $pSalt2) This will create a SHA1 hash of the password using 2 salts that the user specifies. ************/ function hashPassword($pPassword, $pSalt1="2345#$%@3e", $pSalt2="taesa%#@2%^#") { return sha1(md5($pSalt2 . $pPassword . $pSalt1)); } /*********** bool loggedIn verifies that session data is in tack and the user is valid for this session. ************/ function loggedIn() { // check both loggedin and username to verify user. if (isset($_SESSION['loggedin']) && isset($_SESSION['username'])) { return true; } return false; } /*********** bool logoutUser Log out a user by unsetting the session variable. ************/ function logoutUser() { // using unset will remove the variable // and thus logging off the user. unset($_SESSION['username']); unset($_SESSION['loggedin']); return true; } /*********** bool validateUser Attempt to verify that a username / password combination are valid. If they are it will set cookies and session data then return true. If they are not valid it simply returns false. ************/ function validateUser($pUsername, $pPassword) { // See if the username and password are valid. $sql = "SELECT username FROM users WHERE username = '" . mysql_real_escape_string($pUsername) . "' AND password = '" . hashPassword($pPassword, SALT1, SALT2) . "' LIMIT 1"; $query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error()); // If one row was returned, the user was logged in! if (mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); $_SESSION['username'] = $row['username']; $_SESSION['loggedin'] = true; return true; } return false; } ?> The Database for the email is as follows: