Search the Community

Hi, I am trying to create a login system in PHP, but I am not the greatest at PHP so I am using a source code which I found online as I found it to be more secure as it uses things like salted passwords. Anyway I am trying to add more fields to the register system so it adds them to the mysql, the source has a way to do this with arrays, but it is quite complicated so I am just using variables from the original file. There are 2 files: register.php and class.loginsys.php which contains all the functions. At first the query syntax was incorrect so I decided to use the variables created in register.php in the class.loginsys, but now it's giving me an out of memory error: Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 28672 bytes) in C:\xampp\htdocs\ls\class.loginsys.php on line 34 Which I am unsure of how to fix. I have tried using different variable names, checking the line, checking the whole register.php file for anything rogue. Here is the code: Top part of register.php <?php include "config.php"; ?> Config.php: <?php require "class.loginsys.php"; $LS=new LoginSystem(); ?> Then actual register part from register.php: <?php if( isset($_POST['submit']) ){ $firstname2 = $_POST['firstname']; $lastname2 = $_POST['lastname']; $user2 = $_POST['username']; $sex2 = $_POST['sex']; $country2 = $_POST['strCountryChoice']; $email2 = $_POST['email']; $pass2 = $_POST['pass']; $pass3 = $_POST['pass2']; $birthdate2 = $_POST['birthdate']; $created2 = date("Y-m-d H:i:s"); //need to add a lot more validation functions.. AKA Check if email exists and username. Password > 5 chars if( $user2=="" || $email2=="" || $pass2=='' || $pass3=='' || $firstname2=='' || $lastname2=='' || $sex2=='' || $country2=='' || $birthdate2=='' ){ echo "Fields Left Blank","Some Fields were left blank. Please fill up all fields."; exit; } if( !$LS->validEmail($email2) ){ echo "E-Mail Is Not Valid", "The E-Mail you gave is not valid"; exit; } if( !ctype_alnum($user2) ){ echo "Invalid Username", "The Username is not valid. Only ALPHANUMERIC characters are allowed and shouldn't exceed 10 characters."; exit; } if($pass2 != $pass3){ echo "Passwords Don't Match","The Passwords you entered didn't match"; exit; } $createAccount2 = $LS->register($user2, $pass2, array( "email" => $email2, "name" => $firstname2, "lastname" => $lastname2, "gender" => $sex2, "country" => $country2, "DOB" => $birthdate2, "created" => date("Y-m-d H:i:s") // Just for testing ) ); //$createAccount = $LS->register($firstname,$lastname,$user,$sex,$country,$email,$pass,$birthdate,$created); if($createAccount2 === "exists"){ echo "User Exists."; }elseif($createAccount2 === true){ echo "Success. Created account."; } } ?> And the function from the class: /* A function to register a user with passing the username, password and optionally any other additional fields. */ public function register( $id, $password, $other = array() ){ if( $this->userExists($id) && (isset($other['email']) && $this->userExists($other['email'])) ){ return "exists"; }else{ $randomSalt = $this->rand_string(20); $saltedPass = hash('sha256', "{$password}{$this->passwordSalt}{$randomSalt}"); if( count($other) == 0 ){ /* If there is no other fields mentioned, make the default query */ //old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)"); //new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)"); $sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)"); }else{ /* if there are other fields to add value to, make the query and bind values according to it */ //old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)"); //new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)"); $keys = array_keys($other); $columns = implode(",", $keys); $colVals = implode(",:", $keys); //l= $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)"); //INSERT INTO MyGuests (firstname, lastname, email)cLUES ('John', 'Doe', 'john@example.com') $sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (username,email,password,password_salt,name,lastname,created,gender,country,DOB) VALUES ('$username2','$email2','$pass2','$saltedPass','$firstname2','$lastname2','$created2','$gender2','$country2','$birthdate2')"); print($sql); foreach($other as $key => $value){ $value = htmlspecialchars($value); $sql->bindValue(":$key", $value); } } /* Bind the default values */ $sql->bindValue(":username", $id); $sql->bindValue(":password", $saltedPass); $sql->bindValue(":passwordSalt", $randomSalt); $sql->execute(); return true; } } Thanks for your help. I am doing this because for a hobby I am trying to create a browser based game in which I use this login system to login the user to a main page then code all of the other pages myself. I have posted on stackoverflow and someone on their suggested that I should use a framework. If this is the case, can someone point me in the right direction? Thanks again, if you need any info ask.