Jump to content

Recommended Posts

Hi Guys,

 

Im new here and im hoping someone has the answer to my question...

 

I have a flash site with a registration form which works very well but i need to add a validation to it to check that the email address that the user adds ends in .pnn.police.uk

Im not sure if i need the code to be in the php page which is here...

 

<?php
//include the connect script
include "connect.php";

/*THIS VARIABLE IS WHAT TABLE YOU ARE USING...IF YOU USED MY SQL FILE, THEN YOUR DEFAULT TABLE*/
/*NAME SHOULD BE 'userv2' AND YOU DO NOT NEED TO CHANGE ANYTHING, BUT IF YOU MADE YOUR OWN TABLE,*/
/*CHANGE THIS VARIABLE.*/
$tableName = "usersv2";

//Post all of the users information (md5 Encrypt the password)
$username = $_POST['username'];
$password = md5($_POST['password']);
$passwordsend = ($_POST['password']);
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];


//Generate confKey (this is used to determine which user it is when the user forget's their password.
function createConfKey() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$key = '';
while ($i <= 31) { 
	$num = rand() % 33;
	$tmp = substr($chars, $num, 1);
	$key = $key . $tmp;
	$i++;
}    
return $key;
}
$thekey = createConfKey();
//$theKey is the random 32 character string and then $confKey is the random 32 character string with md5 encryption.
$confKey = md5($thekey);
//grab all the usernames in the table
$sql1 = mysql_query("SELECT * FROM $tableName WHERE username = '$username'");
//grab all the emails in the table
$sql2 = mysql_query("SELECT * FROM $tableName WHERE email = '$email'");
//get number of results from both queries
$row1 = mysql_num_rows($sql1);
$row2 = mysql_num_rows($sql2);
//if there is a result it will be either 1 or higher
if($row1 > 0 || $row2 > 0) {
//echo username or email is already in use and deny registration.
echo "&msgText=Username or email already in use!";
} else {
//if there was no existing username or email, insert all their information into the database.
$insert = mysql_query("INSERT INTO $tableName (username,password,firstName,lastName,email,phone,address,city,state,zip,confKey) VALUES ('$username','$password','$firstName','$lastName','$email','$phone','$address','$city','$state','$zip','$confKey')") or die(mysql_error());
//This is required for and HTML email to be sent through PHP.
$headers = "From: admin@redwebsecurity.com\r\n";
$headers.= "Subject: RedWeb Security Group Registration Details\r\n";
$headers.= "Content-Type: text/html; charset=ISO-8859-1 ";
$headers .= "MIME-Version: 1.0 ";
/******HERE YOU CAN EDIT WHAT YOU WANT THE EMAIL TO SAY WHEN THEY FORGET THEIR PASSWORD******/
/*																							*/
/*PHP Explained:                                                                            */
/*$msg are all the same variable, however, when you set the first one to just '=' and the   */
/*second one to '.=' it basically concatinates the two variables. For example:              */
/*																							*/
/*																							*/
/*										$a = 1;												*/
/*										$a .= 2;											*/
/*										$a .= 3;											*/
/*										echo $a;											*/
/*																							*/
/*										This will echo: 123									*/
/*																							*/
/*																							*/
/*	Be sure to include $firstName & $lastName somewhere in the message so the user knows 	*/
/*  what the message is																		*/
/*																							*/
/*																							*/
/*																							*/
/********************************************************************************************/
$msg = "Hello $firstName $lastName,<br/>";
$msg .= "We would like to thank you for joining our web site.<br/><br>";
$msg .= "Your Username is: $username<br/>";
$msg .= "Your Password is: $passwordsend<br/><br>";
$msg .= "Please keep these safe and if you have any questions, contact us at <br><br>";
$msg .= "<a href=\"mailto:admin@redwebsecurity.com\">admin@redwebsecurity.com</a>.";
mail($email,"Thanks for Registering!",$msg,$headers);


//and echo "Successfully registered!" and take them to a "thanks for registering" frame in flash
echo "&msgText=Successfully registered!";
echo "&nameText=$firstName";
}

?>

 

or in the flash actionscript which is here...

 

stop();

//This sets a minimum character length to the password field. Change how you like.
var passwordLength:Number = 4;


//This variable determines if the registration completed successfully. If it did, change the submitBtn actions to go back to the login page.
var success:Boolean = false;
status_txt.text = "";
status_txt.autoSize = true;
//Variables to hand the PHP files.
var dataOut:LoadVars = new LoadVars();
var dataIn:LoadVars = new LoadVars();
//Run this once flash gets a response from the PHP.
dataIn.onLoad = function() {
var responsetext = this.msgText;
var nametext = this.nameText;
status_txt.text = responsetext;
submitBtn.enabled = true;
//If success change the button to continue and go back to the login screen and proceed to login.
if (responsetext == "Successfully registered!") {
	_global.whoReg = nametext;
	success = true;
	gotoAndPlay("regcomplete");
}
};

//This is run once the user clicks on submit
submitBtn.onRelease = function() {
//If the user has not registered successfully yet, do this...
if (success == false) {
	//if the passwords dont match, alert the user.
	if (password1.text != password2.text) {
		status_txt.text = "Password Mismatch.";
	} else if (username.text == "" || password1.text == "" || password2.text == "" || firstName.text == "" || lastName.text == "" || email.text == "" || phone.text == "" || address.text == "" || city.text == "" || state_cb.value == "Select a state" || zip.text == "") {
		//If there are any empty fields, alert the user.
		status_txt.text = "Please fill in all fields.";
	} else if (password1.length < passwordLength || password2.length < passwordLength) {
		//If the password doesn't meet the required length, alert the user.
		status_txt.text = "Password length too short. " + passwordLength + " or more characters.";
	} else {
		//If everything goes through, send the input data to register.php
		submitBtn.enabled = false;
		status_txt.text = "Registering...Please wait...";
		dataOut.username = username.text;
		dataOut.password = password1.text;
		dataOut.firstName = firstName.text;
		dataOut.lastName = lastName.text;
		dataOut.email = email.text;
		dataOut.phone = phone.text;
		dataOut.address = address.text;
		dataOut.city = city.text;
		dataOut.state = state_cb.value;
		dataOut.zip = zip.text;
		dataOut.sendAndLoad(registerLocation,dataIn,"POST");
	}
} else {
	//if success was equal to true, change the button actions to go back to the login screen.
	_parent.gotoAndStop("login");
}
};
//Same actions as above, just adds functionality to the enter key.
var keyObj:Object = new Object();
keyObj.onKeyDown = function() {
if (Key.getCode() == Key.ENTER) {
	if (success == false) {
		if (password1.text != password2.text) {
			status_txt.text = "Password Mismatch.";
		} else if (username.text == "" || password1.text == "" || password2.text == "" || firstName.text == "" || lastName.text == "" || email.text == "" || phone.text == "" || address.text == "" || city.text == "" || state_cb.value == "Select a state" || zip.text == "") {
			status_txt.text = "Please fill in all fields.";
		} else if (password1.length < passwordLength || password2.length < passwordLength) {
			status_txt.text = "Password length too short. " + passwordLength + " or more characters.";
		} else {
			submitBtn.enabled = false;
			status_txt.text = "Registering...Please wait...";
			dataOut.username = username.text;
			dataOut.password = password1.text;
			dataOut.firstName = firstName.text;
			dataOut.lastName = lastName.text;
			dataOut.email = email.text;
			dataOut.phone = phone.text;
			dataOut.address = address.text;
			dataOut.city = city.text;
			dataOut.state = state_cb.value;
			dataOut.zip = zip.text;
			dataOut.sendAndLoad(registerLocation,dataIn,"POST");
		}
	} else {
		_parent.gotoAndStop("login");
	}
}
};
Key.addListener(keyObj);

// Populate the combo box with all the states.
state_cb.addItem({data:"Select a county", label:"Select a county"});
state_cb.addItem({data:"England", label:"Avon"});
state_cb.addItem({data:"Bedfordshire", label:"Bedfordshire"});
state_cb.addItem({data:"Berkshire", label:"Berkshire"});
state_cb.addItem({data:"Borders", label:"Borders"});
state_cb.addItem({data:"Buckinghamshire", label:"Buckinghamshire"});
state_cb.addItem({data:"Cambridgeshire", label:"Cambridgeshire"});
state_cb.addItem({data:"Central", label:"Central"});
state_cb.addItem({data:"Cheshire", label:"Cheshire"});
state_cb.addItem({data:"Cleveland", label:"Cleveland"});
state_cb.addItem({data:"Clwyd", label:"Clwyd"});
state_cb.addItem({data:"Cornwall", label:"Cornwall"});
state_cb.addItem({data:"County Antrim", label:"County Antrim"});
state_cb.addItem({data:"County Armagh", label:"County Armagh"});
state_cb.addItem({data:"County Down", label:"County Down"});
state_cb.addItem({data:"Indiana", label:"Indiana"});
state_cb.addItem({data:"County Fermanagh", label:"County Fermanagh"});
state_cb.addItem({data:"County Londonderry", label:"County Londonderry"});
state_cb.addItem({data:"County Tyrone", label:"County Tyrone"});
state_cb.addItem({data:"Cumbria", label:"Cumbria"});
state_cb.addItem({data:"Derbyshire", label:"Derbyshire"});
state_cb.addItem({data:"Devon", label:"Devon"});
state_cb.addItem({data:"Dorset", label:"Dorset"});
state_cb.addItem({data:"Dumfries and Galloway", label:"Dumfries and Galloway"});
state_cb.addItem({data:"Durham", label:"Durham"});
state_cb.addItem({data:"Dyfed", label:"Dyfed"});
state_cb.addItem({data:"East Sussex", label:"East Sussex"});
state_cb.addItem({data:"Essex", label:"Essex"});
state_cb.addItem({data:"Fife", label:"Fife"});
state_cb.addItem({data:"Gloucestershire", label:"Gloucestershire"});
state_cb.addItem({data:"New Hampshire", label:"New Hampshire"});
state_cb.addItem({data:"Grampian", label:"Grampian"});
state_cb.addItem({data:"Greater Manchester", label:"Greater Manchester"});
state_cb.addItem({data:"Gwent", label:"Gwent"});
state_cb.addItem({data:"Gwynedd County", label:"Gwynedd County"});
state_cb.addItem({data:"Hampshire", label:"Hampshire"});
state_cb.addItem({data:"Herefordshire", label:"Herefordshire"});
state_cb.addItem({data:"Hertfordshire", label:"Hertfordshire"});
state_cb.addItem({data:"Highlands and Islands", label:"Highlands and Islands"});
state_cb.addItem({data:"Humberside", label:"Humberside"});
state_cb.addItem({data:"Isle of Wight", label:"Isle of Wight"});
state_cb.addItem({data:"Kent", label:"Kent"});
state_cb.addItem({data:"Lancashire", label:"Lancashire"});
state_cb.addItem({data:"Leicestershire", label:"Leicestershire"});
state_cb.addItem({data:"Lincolnshire", label:"Lincolnshire"});
state_cb.addItem({data:"Lothian", label:"Lothian"});
state_cb.addItem({data:"Merseyside", label:"Merseyside"});
state_cb.addItem({data:"Mid Glamorgan", label:"Mid Glamorgan"});
state_cb.addItem({data:"Norfolk", label:"Norfolk"});
state_cb.addItem({data:"North Yorkshire", label:"North Yorkshire"});
state_cb.addItem({data:"Northamptonshire", label:"Northamptonshire"});
state_cb.addItem({data:"Northumberland", label:"Northumberland"});
state_cb.addItem({data:"Nottinghamshire", label:"Nottinghamshire"});
state_cb.addItem({data:"Oxfordshire", label:"Oxfordshire"});
state_cb.addItem({data:"Powys", label:"Powys"});
state_cb.addItem({data:"Rutland", label:"Rutland"});
state_cb.addItem({data:"Shropshire", label:"Shropshire"});
state_cb.addItem({data:"Somerset", label:"Somerset"});
state_cb.addItem({data:"South Glamorgan", label:"South Glamorgan"});
state_cb.addItem({data:"South Yorkshire", label:"South Yorkshire"});
state_cb.addItem({data:"Staffordshire", label:"Staffordshire"});
state_cb.addItem({data:"Strathclyde", label:"Strathclyde"});
state_cb.addItem({data:"Suffolk", label:"Suffolk"});
state_cb.addItem({data:"Surrey", label:"Surrey"});
state_cb.addItem({data:"Tayside", label:"Tayside"});
state_cb.addItem({data:"Tyne and Wear", label:"Tyne and Wear"});
state_cb.addItem({data:"Warwickshire", label:"Warwickshire"});
state_cb.addItem({data:"West Glamorgan", label:"West Glamorgan"});
state_cb.addItem({data:"West Midlands", label:"West Midlands"});
state_cb.addItem({data:"West Sussex", label:"West Sussex"});
state_cb.addItem({data:"West Yorkshire", label:"West Yorkshire"});
state_cb.addItem({data:"Wiltshire", label:"Wiltshire"});
state_cb.addItem({data:"Worcestershire", label:"Worcestershire"});

// Add event listener and event handler function.
var cbListener:Object = new Object();
cbListener.change = function(evt_obj:Object):Void  {
var currentlySelected:Object = evt_obj.target.selectedItem;
//trace("data: " + currentlySelected.data);
//trace("label: " + currentlySelected.label);
};
state_cb.addEventListener("change",cbListener);

 

If someone knows the answer to this i would really appreciate it.

 

cheers

 

Craig

Link to comment
https://forums.phpfreaks.com/topic/114263-solved-help-me-please/
Share on other sites

Ah OK this looks like it might work...

 

So if i need it to check that the extension of an email address is .pnn.police.uk could i do something like...

 

<?php
// Example 1
$extension  = "pnn police uk";
$email = explode(" ", $extension);
echo $email[0]; // .pnn
echo $email[1]; // .police
echo $email[2]; // .uk

?> 

Guest Xanza

The explode feature will allow you to basically disect your requestee's email address - something like this

 

<?php
$explode = explode("@", $email);

if($email == $explode){
   NUL;
} elseif {
if($explode['1'] = ".pnn.police.uk")
}

?>

 

As you can see I'm still a noob, and that will prolly never ever work, but it's simple enough to where someone here could quickly make it work I'm sure. ;)

hi

i need to add a validation to it to check that the email address that the user adds ends in .pnn.police.uk

 

here you go.

 

<?php
function check_email($email)
{
      return (substr(trim($email), -14) == '.pnn.police.uk');	
}

//example use

if(!check_email($email))
{
    echo "email not ok";
}
else{
   
    // ok.
}

?>

 

At the moment, your script is really, REALLY insecure. Your database could be dropped in a jiffy.

 

The bare minimum you should do to this input is pass it all through mysql_real_escape_string() and strip_tags(). The actionscript validation is not validation. it just checks to see if they've input something.

 

thats $14,211,199.64 for services rendered. I shall PM you the invoice. be careful what you wish for  ;D

Ha Ha yeah sure paypal ok? lol

 

Sorry to sound stupid but im a designer and a bit of flash and this has been dumped on me to sort out.

 

So i would add this to my register file?

 

<?php
function check_email($email)
{
     return (substr(trim($email), -14) == '.pnn.police.uk');	
}

//example use

if(!check_email($email))
{
   echo "email not ok";
}
else{
  
   // ok.
}

?>

 

And what is the mysql_real_escape_string() all about, what does it do? and is it easy to addon?

Guest Xanza

Craig - http://us3.php.net/manual/en/function.mysql-real-escape-string.php

 

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

 

I think it will strip the url and protect you against mysql injections!

Guest Xanza

This will probabally work for you.. :(

 

<?php


//include the connect script
include "connect.php";

/*THIS VARIABLE IS WHAT TABLE YOU ARE USING...IF YOU USED MY SQL FILE, THEN YOUR DEFAULT TABLE*/
/*NAME SHOULD BE 'userv2' AND YOU DO NOT NEED TO CHANGE ANYTHING, BUT IF YOU MADE YOUR OWN TABLE,*/
/*CHANGE THIS VARIABLE.*/
$tableName = "usersv2";

//Post all of the users information (md5 Encrypt the password)
$username = $_POST['username'];
$password = md5($_POST['password']);
$passwordsend = ($_POST['password']);
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];

//Custom function to check to see if email domain is equal to ".pnn.police.uk"
//phpfreaks.com rules!
function check_email($email) {
      return (substr(trim($email), -14) == '.pnn.police.uk');
}

//Generate confKey (this is used to determine which user it is when the user forget's their password.
function createConfKey() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$key = '';
while ($i <= 31) {
	$num = rand() % 33;
	$tmp = substr($chars, $num, 1);
	$key = $key . $tmp;
	$i++;
}
return $key;
}
if(!check_email($email)) { //Start check email
$thekey = createConfKey();
//$theKey is the random 32 character string and then $confKey is the random 32 character string with md5 encryption.
$confKey = md5($thekey);
//grab all the usernames in the table
$sql1 = mysql_query("SELECT * FROM $tableName WHERE username = '$username'");
//grab all the emails in the table
$sql2 = mysql_query("SELECT * FROM $tableName WHERE email = '$email'");
//get number of results from both queries
$row1 = mysql_num_rows($sql1);
$row2 = mysql_num_rows($sql2);
//if there is a result it will be either 1 or higher
if($row1 > 0 || $row2 > 0) {
//echo username or email is already in use and deny registration.
echo "&msgText=Username or email already in use!";
} else {
//if there was no existing username or email, insert all their information into the database.
$insert = mysql_query("INSERT INTO $tableName (username,password,firstName,lastName,email,phone,address,city,state,zip,confKey) VALUES ('$username','$password','$firstName','$lastName','$email','$phone','$address','$city','$state','$zip','$confKey')") or die(mysql_error());
//This is required for and HTML email to be sent through PHP.
$headers = "From: admin@redwebsecurity.com\r\n";
$headers.= "Subject: RedWeb Security Group Registration Details\r\n";
$headers.= "Content-Type: text/html; charset=ISO-8859-1 ";
$headers .= "MIME-Version: 1.0 ";
/******HERE YOU CAN EDIT WHAT YOU WANT THE EMAIL TO SAY WHEN THEY FORGET THEIR PASSWORD******/
/*																							*/
/*PHP Explained:                                                                            */
/*$msg are all the same variable, however, when you set the first one to just '=' and the   */
/*second one to '.=' it basically concatinates the two variables. For example:              */
/*																							*/
/*																							*/
/*										$a = 1;												*/
/*										$a .= 2;											*/
/*										$a .= 3;											*/
/*										echo $a;											*/
/*																							*/
/*										This will echo: 123									*/
/*																							*/
/*																							*/
/*	Be sure to include $firstName & $lastName somewhere in the message so the user knows 	*/
/*  what the message is																		*/
/*																							*/
/*																							*/
/*																							*/
/********************************************************************************************/
$msg = "Hello $firstName $lastName,<br/>";
$msg .= "We would like to thank you for joining our web site.<br/><br>";
$msg .= "Your Username is: $username<br/>";
$msg .= "Your Password is: $passwordsend<br/><br>";
$msg .= "Please keep these safe and if you have any questions, contact us at <br><br>";
$msg .= "<a href=\"mailto:admin@redwebsecurity.com\">admin@redwebsecurity.com</a>.";
mail($email,"Thanks for Registering!",$msg,$headers);


//and echo "Successfully registered!" and take them to a "thanks for registering" frame in flash
echo "&msgText=Successfully registered!";
echo "&nameText=$firstName";
    }
} else {
echo "Email does not match!"; //error message to display if $email doesnot contain ".pnn.police.uk"
}
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.