Hi, I'm still in early processes of trying to learn PHP and have done a basic form so far for registration on the site i am designing, however I don't know too much about the security side of it and am afraid that my code may not be too secure. Was wondering if possible someone could look at it and tell me if its really vunerable to attacks. I still have to do a check on the invalid chartacters for username and prevent it from having spaces, which i'm trying to figure out.
Cheers
<?php
// Start a session
session_start();
include("database.php");
include("login.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Ad'll Do</title>
<link rel='stylesheet' type='text/css' href='css/base.css' />
<script language="javascript">
function info(director)
{
document.getElementById('directions').innerHTML = director;
}
function infotitle(text)
{
document.getElementById('directionstitle').innerHTML = text;
}
</script>
</head>
<body class='home'>
<div id='top'>
<a href="mailto:cozzy1@gmail.com" class="contact"><img src="img/contact.png" alt="" /><span>Contact Us</span></a>
</div>
<div id='mastheadwrapper'>
<div id='masthead'>
<ul id='smallnav'>
<li><a href='index.php'>Home</a> | </li>
<li><a href='register.php';">Sign Up</a> FREE!</li>
</ul>
</div>
</div><!-- end div masthead -->
</div><!-- end div masthead wrapper -->
<div id='menu'>
<ul class="mainmenu">
<li><a href="#" onClick="sendRequest('home.php');">Computers</a></li>
<li><a href="#">Electrical</a></li>
<li><a href="#">Home & Garden</a></li>
<li><a href="#">Music</a></li>
<li><a href="#">Pets</a></li>
<li><a href="#">Sport & Leisure</a></li>
</ul>
<div id='searchbar'>
<form action='#' method='post'>
<input type='text' name='searchtext' size='20' />
<input class='searchbtn' type='submit' value='' title="Search" />
</form>
</div>
</div>
<div id='contentwrapper'>
<ul id='bignav'>
<li id="nav-home"><a href="index.php"></a></li>
<li id="nav-about"><a href="#"></a></li>
<li id="nav-faqs"><a href="#"></a></li>
</ul>
<div id='maincontent'>
<div id='content'>
<?php
if (isset($_POST['submit'])) {
$username = trim($_POST['username']);
$password = $_POST['password'];
$password2 = $_POST['password2'];
$md5password = md5($_POST['password']);
$email = $_POST['email'];
$forename = $_POST['forename'];
$surname = $_POST['surname'];
$location = $_POST['location'];
$ip = $_SERVER['REMOTE_ADDR'];
if($username && strlen($username) >= 3){
$query = mysql_query("SELECT username FROM users WHERE username ='$username' LIMIT 1");
if(@mysql_num_rows($query)){
$error['userexists'] = 'Username already exists';
$usernameerror = 'regerrorwrong';
}
} else {
$error['usernameinput'] = 'Username Invalid';
$usernameerror = 'regerrorwrong';
}
if (!$username || !$password || !$email || !$forename || !$surname || !$location) {
$error['reqfieldsinput'] = 'Please complete all the fields below '; }
if($password && $password2)
{
if($password != $password2)
{
$error['dontmatch'] = 'Passwords don\'t match';
$passworderror = 'regerrorwrong';
}
} else {
$error['passwordinput'] = 'Enter password in both fields';
$passworderror = 'regerrorwrong';
}
if($email){
if(!eregi("^[a-zA-Z0-9]+[a-zA-Z0-9_.-]*@[a-zA-Z0-9]+[a-zA-Z0-9_.-])*\.[a-z]{2,4}$", $email)){
$error['emailerror'] = 'Email Incorrect';
$emailerror = 'regerrorwrong';
} else {
$query = mysql_query("SELECT username FROM users WHERE email='$email' LIMIT 1");
if(@mysql_num_rows($query)){
$error['emailexists'] = 'Email exists';
$emailerror = 'regerrorwrong';
}
}
} else {
$error['emailinput'] = 'Email Required';
$emailerror = 'regerrorwrong';
}
if(strlen($forename) > 15){
$error['forename'] = 'Forename too long';
$forenameerror = 'regerrorwrong';
}
if(strlen($surname) > 20){
$error['surname'] = 'Surname too long';
$surnameerror = 'regerrorwrong';
}
if ($location == 'Please Select'){
$error['location'] = 'Please select a location';
$locationerror = 'regerrorwrong';
}
$query = mysql_query("SELECT ipaddress FROM users WHERE ipaddress ='$ip' LIMIT 1");
if(@mysql_num_rows($query)){
$error['ipexists'] = 'You IP address already has an account registered';
}
}
if(!$error && isset($_POST['submit'])){
mysql_query("INSERT INTO users (username, password, email, forename, surname, location, ipaddress) VALUES ('$username', '$md5password', '$email', '$forename', '$surname', '$location', '$ip')");
?>
<div id='postit'>
<div id='scotchtape'>
<img src='img/scotchtape.png' alt='' height='41' width='100'>
</div>
<h2>Registration Successful</h2>
<?php echo "<p>Congratulations <span class='highlight'>$username</span>, your registration was successful. Your account has now been created with the following details:</p>";?>
</div>
<?php
echo "<p class='registered'><font color='#bc2525'>Username:</font> $username</p>";
echo "<p class='registered'><font color='#bc2525'>Password:</font> $password</p>";
echo "<p class='registered'><font color='#bc2525'>Email:</font> $email</p>";
echo "<p class='registered'><font color='#bc2525'>Forename:</font> $forename</p>";
echo "<p class='registered'><font color='#bc2525'>Surname:</font> $surname</p>";
echo "<p class='registered'><font color='#bc2525'>Location:</font> $location</p><br/><br/>";
echo "<span class='box'>You may now login using the login form & begin creating adverts.</span>";
} else{ ?>
<div id='postit'>
<div id='scotchtape'>
<img src='img/scotchtape.png' alt='' height='41' width='100' />
</div>
<h2>Sign Up Form</h2>
<p><span class='highlight'>Please enter your details below to register.</span><br/>Be advised that contact to you from buyers will be made through the email address that you supply therefore it must be a valid one.</p>
<div id="helpicon"><img src='img/help_icon.png' alt='' height='70' width='70' /></div>
<div id="directionstitle">Help Information</div>
<div id="directions">This box will contain help relating to each section.<br/> All fields are required.</div>
<span class="regerror"><?php echo $error['reqfieldsinput']; ?></span><br/><span class="regerror"><?php echo $error['ipexists']; ?></span>
</div>
<form name="registration" method="post" class="regform" action="" enctype="application/x-www-form-urlencoded">
<fieldset>
<label for="username">Username:</label>
<input name="username" type="text" id="username" maxlength="12" value="<?php echo $_POST['username']; ?>" onfocus="infotitle('Enter Username'); info('Your username must be between 3 and 12 characters in length and cannot contain any spaces.');" />
<span class="<?php echo $usernameerror; ?>"><?php echo $error['userexists']; echo $error['usernameinput']; ?></span>
</fieldset>
<fieldset>
<label for="password">Password:</label>
<input name="password" type="password" id="password" maxlength="15" value="<?php echo $_POST['password']; ?>" onfocus="infotitle('Enter Password'); info('Your password can be any combination of characters and must be at least 4 chartacters in length.');" />
<span class="<?php echo $passworderror; ?>"><?php echo $error['dontmatch']; echo $error['passwordinput']; ?></span>
</fieldset>
<fieldset>
<label for="password2">Re-Type Password:</label>
<input name="password2" type="password" id="password2" maxlength="15" value="<?php echo $_POST['password2']; ?>" onfocus="infotitle('Re-Enter Password'); info('Please re-enter your password to make sure it is correct');" />
</fieldset>
<fieldset>
<label for="email">Email:</label>
<input name="email" type="text" id="email" maxlength="35" value="<?php echo $_POST['email']; ?>" onfocus="infotitle('Enter Email Address'); info('Your email address is how buyers will intially contact you. Therefore it is essential that you supply the correct email. ');" />
<span class="<?php echo $emailerror; ?>"><?php echo $error['emailinput']; ?><?php echo $error['emailerror']; echo $error['emailexists']; ?></span>
</fieldset>
<fieldset>
<label for="forename">Forename:</label>
<input name="forename" type="text" id="forename" maxlength="15" value="<?php echo $_POST['forename']; ?>" onfocus="infotitle('Enter Forename'); info('Your forename is needed for our records only, and won\'t be posted up for other users to see.');" />
<span class="<?php echo $forenameerror; ?>"><?php echo $error['forename']; ?></span>
</fieldset>
<fieldset>
<label for="surname">Surname:</label>
<input name="surname" type="text" id="surname" maxlength="20" value="<?php echo $_POST['surname']; ?>" onfocus="infotitle('Enter Surname'); info('Again this is for our records only, other users will only know you by your username.');" />
<span class="<?php echo $surnameerror; ?>"><?php echo $error['surname']; ?></span>
</fieldset>
<fieldset>
<label for="county">Location:</label>
<select name="location" onfocus="infotitle('Enter Location'); info('Please select the location that you live in, this will be displayed in your ads.');">
<option value="Please Select">Please Select..</option>
<option value="Co.Antrim">Co.Antrim</option>
<option value="Co.Armagh">Co.Armagh</option>
</select>
<span class="<?php echo $locationerror; ?>"><?php echo $error['location']; ?></span>
</fieldset>
<br />
<input type="submit" class="signupbtn" name="submit" value="" />
</form>
<?php
}
?>
</div>
</div>
<div id='sidebar'>
<div id='member'>
<?php
displaylogin();
?>
</div>
<div id='categories'>
<h2>Categories</h2>
<ul class="cats">
<li><a href="#">Computers</a></li>
<li><a href="#">Electrical</a></li>
<li><a href="#">Home & Garden</a></li>
<li><a href="#">Music</a></li>
<li><a href="#">Pets</a></li>
<li><a href="#">Sport & Leisure</a></li>
</ul>
</div>
</div>
<div id='floatclearer'>.</div>
</div><!-- end div contentwrapper -->
<!--footer start -->
<div id="footerMain">
<div id="footer">
<ul>
<li><a href="#">Computers</a>|</li>
<li><a href="#">Electrical</a>|</li>
<li><a href="#">Home & Garden</a>|</li>
<li><a href="#">Music</a>|</li>
<li><a href="#">Pets</a>|</li>
<li><a href="#">Sports & Leisure</a>|</li>
<li><a href="#">FAQs</a>|</li>
<li><a href="#">Terms & Conditions</a>|</li>
<li><a href="#">Contact Us</a></li>
</ul>
<p class="copyright">©Ad'll Do. All rights reserved.</p>
</div>
</div>
<!--footer end -->
</body>
</html>
