craigtolputt Posted July 11, 2008 Share Posted July 11, 2008 Hi Guys, Im new here and im hoping someone has the answer to my question... I have a flash site with a registration form which works very well but i need to add a validation to it to check that the email address that the user adds ends in .pnn.police.uk Im not sure if i need the code to be in the php page which is here... <?php //include the connect script include "connect.php"; /*THIS VARIABLE IS WHAT TABLE YOU ARE USING...IF YOU USED MY SQL FILE, THEN YOUR DEFAULT TABLE*/ /*NAME SHOULD BE 'userv2' AND YOU DO NOT NEED TO CHANGE ANYTHING, BUT IF YOU MADE YOUR OWN TABLE,*/ /*CHANGE THIS VARIABLE.*/ $tableName = "usersv2"; //Post all of the users information (md5 Encrypt the password) $username = $_POST['username']; $password = md5($_POST['password']); $passwordsend = ($_POST['password']); $firstName = $_POST['firstName']; $lastName = $_POST['lastName']; $email = $_POST['email']; $phone = $_POST['phone']; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; //Generate confKey (this is used to determine which user it is when the user forget's their password. function createConfKey() { $chars = "abcdefghijkmnopqrstuvwxyz023456789"; srand((double)microtime()*1000000); $i = 0; $key = ''; while ($i <= 31) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $key = $key . $tmp; $i++; } return $key; } $thekey = createConfKey(); //$theKey is the random 32 character string and then $confKey is the random 32 character string with md5 encryption. $confKey = md5($thekey); //grab all the usernames in the table $sql1 = mysql_query("SELECT * FROM $tableName WHERE username = '$username'"); //grab all the emails in the table $sql2 = mysql_query("SELECT * FROM $tableName WHERE email = '$email'"); //get number of results from both queries $row1 = mysql_num_rows($sql1); $row2 = mysql_num_rows($sql2); //if there is a result it will be either 1 or higher if($row1 > 0 || $row2 > 0) { //echo username or email is already in use and deny registration. echo "&msgText=Username or email already in use!"; } else { //if there was no existing username or email, insert all their information into the database. $insert = mysql_query("INSERT INTO $tableName (username,password,firstName,lastName,email,phone,address,city,state,zip,confKey) VALUES ('$username','$password','$firstName','$lastName','$email','$phone','$address','$city','$state','$zip','$confKey')") or die(mysql_error()); //This is required for and HTML email to be sent through PHP. $headers = "From: admin@redwebsecurity.com\r\n"; $headers.= "Subject: RedWeb Security Group Registration Details\r\n"; $headers.= "Content-Type: text/html; charset=ISO-8859-1 "; $headers .= "MIME-Version: 1.0 "; /******HERE YOU CAN EDIT WHAT YOU WANT THE EMAIL TO SAY WHEN THEY FORGET THEIR PASSWORD******/ /* */ /*PHP Explained: */ /*$msg are all the same variable, however, when you set the first one to just '=' and the */ /*second one to '.=' it basically concatinates the two variables. For example: */ /* */ /* */ /* $a = 1; */ /* $a .= 2; */ /* $a .= 3; */ /* echo $a; */ /* */ /* This will echo: 123 */ /* */ /* */ /* Be sure to include $firstName & $lastName somewhere in the message so the user knows */ /* what the message is */ /* */ /* */ /* */ /********************************************************************************************/ $msg = "Hello $firstName $lastName,<br/>"; $msg .= "We would like to thank you for joining our web site.<br/><br>"; $msg .= "Your Username is: $username<br/>"; $msg .= "Your Password is: $passwordsend<br/><br>"; $msg .= "Please keep these safe and if you have any questions, contact us at <br><br>"; $msg .= "<a href=\"mailto:admin@redwebsecurity.com\">admin@redwebsecurity.com</a>."; mail($email,"Thanks for Registering!",$msg,$headers); //and echo "Successfully registered!" and take them to a "thanks for registering" frame in flash echo "&msgText=Successfully registered!"; echo "&nameText=$firstName"; } ?> or in the flash actionscript which is here... stop(); //This sets a minimum character length to the password field. Change how you like. var passwordLength:Number = 4; //This variable determines if the registration completed successfully. If it did, change the submitBtn actions to go back to the login page. var success:Boolean = false; status_txt.text = ""; status_txt.autoSize = true; //Variables to hand the PHP files. var dataOut:LoadVars = new LoadVars(); var dataIn:LoadVars = new LoadVars(); //Run this once flash gets a response from the PHP. dataIn.onLoad = function() { var responsetext = this.msgText; var nametext = this.nameText; status_txt.text = responsetext; submitBtn.enabled = true; //If success change the button to continue and go back to the login screen and proceed to login. if (responsetext == "Successfully registered!") { _global.whoReg = nametext; success = true; gotoAndPlay("regcomplete"); } }; //This is run once the user clicks on submit submitBtn.onRelease = function() { //If the user has not registered successfully yet, do this... if (success == false) { //if the passwords dont match, alert the user. if (password1.text != password2.text) { status_txt.text = "Password Mismatch."; } else if (username.text == "" || password1.text == "" || password2.text == "" || firstName.text == "" || lastName.text == "" || email.text == "" || phone.text == "" || address.text == "" || city.text == "" || state_cb.value == "Select a state" || zip.text == "") { //If there are any empty fields, alert the user. status_txt.text = "Please fill in all fields."; } else if (password1.length < passwordLength || password2.length < passwordLength) { //If the password doesn't meet the required length, alert the user. status_txt.text = "Password length too short. " + passwordLength + " or more characters."; } else { //If everything goes through, send the input data to register.php submitBtn.enabled = false; status_txt.text = "Registering...Please wait..."; dataOut.username = username.text; dataOut.password = password1.text; dataOut.firstName = firstName.text; dataOut.lastName = lastName.text; dataOut.email = email.text; dataOut.phone = phone.text; dataOut.address = address.text; dataOut.city = city.text; dataOut.state = state_cb.value; dataOut.zip = zip.text; dataOut.sendAndLoad(registerLocation,dataIn,"POST"); } } else { //if success was equal to true, change the button actions to go back to the login screen. _parent.gotoAndStop("login"); } }; //Same actions as above, just adds functionality to the enter key. var keyObj:Object = new Object(); keyObj.onKeyDown = function() { if (Key.getCode() == Key.ENTER) { if (success == false) { if (password1.text != password2.text) { status_txt.text = "Password Mismatch."; } else if (username.text == "" || password1.text == "" || password2.text == "" || firstName.text == "" || lastName.text == "" || email.text == "" || phone.text == "" || address.text == "" || city.text == "" || state_cb.value == "Select a state" || zip.text == "") { status_txt.text = "Please fill in all fields."; } else if (password1.length < passwordLength || password2.length < passwordLength) { status_txt.text = "Password length too short. " + passwordLength + " or more characters."; } else { submitBtn.enabled = false; status_txt.text = "Registering...Please wait..."; dataOut.username = username.text; dataOut.password = password1.text; dataOut.firstName = firstName.text; dataOut.lastName = lastName.text; dataOut.email = email.text; dataOut.phone = phone.text; dataOut.address = address.text; dataOut.city = city.text; dataOut.state = state_cb.value; dataOut.zip = zip.text; dataOut.sendAndLoad(registerLocation,dataIn,"POST"); } } else { _parent.gotoAndStop("login"); } } }; Key.addListener(keyObj); // Populate the combo box with all the states. state_cb.addItem({data:"Select a county", label:"Select a county"}); state_cb.addItem({data:"England", label:"Avon"}); state_cb.addItem({data:"Bedfordshire", label:"Bedfordshire"}); state_cb.addItem({data:"Berkshire", label:"Berkshire"}); state_cb.addItem({data:"Borders", label:"Borders"}); state_cb.addItem({data:"Buckinghamshire", label:"Buckinghamshire"}); state_cb.addItem({data:"Cambridgeshire", label:"Cambridgeshire"}); state_cb.addItem({data:"Central", label:"Central"}); state_cb.addItem({data:"Cheshire", label:"Cheshire"}); state_cb.addItem({data:"Cleveland", label:"Cleveland"}); state_cb.addItem({data:"Clwyd", label:"Clwyd"}); state_cb.addItem({data:"Cornwall", label:"Cornwall"}); state_cb.addItem({data:"County Antrim", label:"County Antrim"}); state_cb.addItem({data:"County Armagh", label:"County Armagh"}); state_cb.addItem({data:"County Down", label:"County Down"}); state_cb.addItem({data:"Indiana", label:"Indiana"}); state_cb.addItem({data:"County Fermanagh", label:"County Fermanagh"}); state_cb.addItem({data:"County Londonderry", label:"County Londonderry"}); state_cb.addItem({data:"County Tyrone", label:"County Tyrone"}); state_cb.addItem({data:"Cumbria", label:"Cumbria"}); state_cb.addItem({data:"Derbyshire", label:"Derbyshire"}); state_cb.addItem({data:"Devon", label:"Devon"}); state_cb.addItem({data:"Dorset", label:"Dorset"}); state_cb.addItem({data:"Dumfries and Galloway", label:"Dumfries and Galloway"}); state_cb.addItem({data:"Durham", label:"Durham"}); state_cb.addItem({data:"Dyfed", label:"Dyfed"}); state_cb.addItem({data:"East Sussex", label:"East Sussex"}); state_cb.addItem({data:"Essex", label:"Essex"}); state_cb.addItem({data:"Fife", label:"Fife"}); state_cb.addItem({data:"Gloucestershire", label:"Gloucestershire"}); state_cb.addItem({data:"New Hampshire", label:"New Hampshire"}); state_cb.addItem({data:"Grampian", label:"Grampian"}); state_cb.addItem({data:"Greater Manchester", label:"Greater Manchester"}); state_cb.addItem({data:"Gwent", label:"Gwent"}); state_cb.addItem({data:"Gwynedd County", label:"Gwynedd County"}); state_cb.addItem({data:"Hampshire", label:"Hampshire"}); state_cb.addItem({data:"Herefordshire", label:"Herefordshire"}); state_cb.addItem({data:"Hertfordshire", label:"Hertfordshire"}); state_cb.addItem({data:"Highlands and Islands", label:"Highlands and Islands"}); state_cb.addItem({data:"Humberside", label:"Humberside"}); state_cb.addItem({data:"Isle of Wight", label:"Isle of Wight"}); state_cb.addItem({data:"Kent", label:"Kent"}); state_cb.addItem({data:"Lancashire", label:"Lancashire"}); state_cb.addItem({data:"Leicestershire", label:"Leicestershire"}); state_cb.addItem({data:"Lincolnshire", label:"Lincolnshire"}); state_cb.addItem({data:"Lothian", label:"Lothian"}); state_cb.addItem({data:"Merseyside", label:"Merseyside"}); state_cb.addItem({data:"Mid Glamorgan", label:"Mid Glamorgan"}); state_cb.addItem({data:"Norfolk", label:"Norfolk"}); state_cb.addItem({data:"North Yorkshire", label:"North Yorkshire"}); state_cb.addItem({data:"Northamptonshire", label:"Northamptonshire"}); state_cb.addItem({data:"Northumberland", label:"Northumberland"}); state_cb.addItem({data:"Nottinghamshire", label:"Nottinghamshire"}); state_cb.addItem({data:"Oxfordshire", label:"Oxfordshire"}); state_cb.addItem({data:"Powys", label:"Powys"}); state_cb.addItem({data:"Rutland", label:"Rutland"}); state_cb.addItem({data:"Shropshire", label:"Shropshire"}); state_cb.addItem({data:"Somerset", label:"Somerset"}); state_cb.addItem({data:"South Glamorgan", label:"South Glamorgan"}); state_cb.addItem({data:"South Yorkshire", label:"South Yorkshire"}); state_cb.addItem({data:"Staffordshire", label:"Staffordshire"}); state_cb.addItem({data:"Strathclyde", label:"Strathclyde"}); state_cb.addItem({data:"Suffolk", label:"Suffolk"}); state_cb.addItem({data:"Surrey", label:"Surrey"}); state_cb.addItem({data:"Tayside", label:"Tayside"}); state_cb.addItem({data:"Tyne and Wear", label:"Tyne and Wear"}); state_cb.addItem({data:"Warwickshire", label:"Warwickshire"}); state_cb.addItem({data:"West Glamorgan", label:"West Glamorgan"}); state_cb.addItem({data:"West Midlands", label:"West Midlands"}); state_cb.addItem({data:"West Sussex", label:"West Sussex"}); state_cb.addItem({data:"West Yorkshire", label:"West Yorkshire"}); state_cb.addItem({data:"Wiltshire", label:"Wiltshire"}); state_cb.addItem({data:"Worcestershire", label:"Worcestershire"}); // Add event listener and event handler function. var cbListener:Object = new Object(); cbListener.change = function(evt_obj:Object):Void { var currentlySelected:Object = evt_obj.target.selectedItem; //trace("data: " + currentlySelected.data); //trace("label: " + currentlySelected.label); }; state_cb.addEventListener("change",cbListener); If someone knows the answer to this i would really appreciate it. cheers Craig Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/ Share on other sites More sharing options...
Guest Xanza Posted July 11, 2008 Share Posted July 11, 2008 It's actually more simple than you would of imagined... Check more into explode. Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587533 Share on other sites More sharing options...
craigtolputt Posted July 11, 2008 Author Share Posted July 11, 2008 Hmmmmm Simple Hey!! Im not sure about that ha ha Anyway what is explode? and is it php or flash? or is it a site? sorry im probably looking a bit silly right now but i really need to get this sorted. cheers Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587538 Share on other sites More sharing options...
kenrbnsn Posted July 11, 2008 Share Posted July 11, 2008 The explode() function is PHP. Ken Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587543 Share on other sites More sharing options...
Lamez Posted July 11, 2008 Share Posted July 11, 2008 use PHP, it is so much easier. Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587545 Share on other sites More sharing options...
craigtolputt Posted July 11, 2008 Author Share Posted July 11, 2008 Ah OK this looks like it might work... So if i need it to check that the extension of an email address is .pnn.police.uk could i do something like... <?php // Example 1 $extension = "pnn police uk"; $email = explode(" ", $extension); echo $email[0]; // .pnn echo $email[1]; // .police echo $email[2]; // .uk ?> Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587550 Share on other sites More sharing options...
craigtolputt Posted July 11, 2008 Author Share Posted July 11, 2008 If someone here knows how i can do this i am willing to pay for the advice as i have been playing with this for about 3 days now and the dealine is getting close cheers Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587551 Share on other sites More sharing options...
Guest Xanza Posted July 11, 2008 Share Posted July 11, 2008 The explode feature will allow you to basically disect your requestee's email address - something like this <?php $explode = explode("@", $email); if($email == $explode){ NUL; } elseif { if($explode['1'] = ".pnn.police.uk") } ?> As you can see I'm still a noob, and that will prolly never ever work, but it's simple enough to where someone here could quickly make it work I'm sure. Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587556 Share on other sites More sharing options...
the shig Posted July 11, 2008 Share Posted July 11, 2008 hi i need to add a validation to it to check that the email address that the user adds ends in .pnn.police.uk here you go. <?php function check_email($email) { return (substr(trim($email), -14) == '.pnn.police.uk'); } //example use if(!check_email($email)) { echo "email not ok"; } else{ // ok. } ?> At the moment, your script is really, REALLY insecure. Your database could be dropped in a jiffy. The bare minimum you should do to this input is pass it all through mysql_real_escape_string() and strip_tags(). The actionscript validation is not validation. it just checks to see if they've input something. thats $14,211,199.64 for services rendered. I shall PM you the invoice. be careful what you wish for Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587559 Share on other sites More sharing options...
Guest Xanza Posted July 11, 2008 Share Posted July 11, 2008 thats $14,211,199.64 for services rendered. I shall PM you the invoice. be careful what you wish for Grin ROFL! Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587563 Share on other sites More sharing options...
craigtolputt Posted July 11, 2008 Author Share Posted July 11, 2008 Ha Ha yeah sure paypal ok? lol Sorry to sound stupid but im a designer and a bit of flash and this has been dumped on me to sort out. So i would add this to my register file? <?php function check_email($email) { return (substr(trim($email), -14) == '.pnn.police.uk'); } //example use if(!check_email($email)) { echo "email not ok"; } else{ // ok. } ?> And what is the mysql_real_escape_string() all about, what does it do? and is it easy to addon? Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587570 Share on other sites More sharing options...
Guest Xanza Posted July 11, 2008 Share Posted July 11, 2008 Craig - http://us3.php.net/manual/en/function.mysql-real-escape-string.php mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a. I think it will strip the url and protect you against mysql injections! Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587572 Share on other sites More sharing options...
craigtolputt Posted July 11, 2008 Author Share Posted July 11, 2008 Is it easy to implement into my php file? Could someone take a look? Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587581 Share on other sites More sharing options...
Guest Xanza Posted July 11, 2008 Share Posted July 11, 2008 This will probabally work for you.. <?php //include the connect script include "connect.php"; /*THIS VARIABLE IS WHAT TABLE YOU ARE USING...IF YOU USED MY SQL FILE, THEN YOUR DEFAULT TABLE*/ /*NAME SHOULD BE 'userv2' AND YOU DO NOT NEED TO CHANGE ANYTHING, BUT IF YOU MADE YOUR OWN TABLE,*/ /*CHANGE THIS VARIABLE.*/ $tableName = "usersv2"; //Post all of the users information (md5 Encrypt the password) $username = $_POST['username']; $password = md5($_POST['password']); $passwordsend = ($_POST['password']); $firstName = $_POST['firstName']; $lastName = $_POST['lastName']; $email = $_POST['email']; $phone = $_POST['phone']; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; //Custom function to check to see if email domain is equal to ".pnn.police.uk" //phpfreaks.com rules! function check_email($email) { return (substr(trim($email), -14) == '.pnn.police.uk'); } //Generate confKey (this is used to determine which user it is when the user forget's their password. function createConfKey() { $chars = "abcdefghijkmnopqrstuvwxyz023456789"; srand((double)microtime()*1000000); $i = 0; $key = ''; while ($i <= 31) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $key = $key . $tmp; $i++; } return $key; } if(!check_email($email)) { //Start check email $thekey = createConfKey(); //$theKey is the random 32 character string and then $confKey is the random 32 character string with md5 encryption. $confKey = md5($thekey); //grab all the usernames in the table $sql1 = mysql_query("SELECT * FROM $tableName WHERE username = '$username'"); //grab all the emails in the table $sql2 = mysql_query("SELECT * FROM $tableName WHERE email = '$email'"); //get number of results from both queries $row1 = mysql_num_rows($sql1); $row2 = mysql_num_rows($sql2); //if there is a result it will be either 1 or higher if($row1 > 0 || $row2 > 0) { //echo username or email is already in use and deny registration. echo "&msgText=Username or email already in use!"; } else { //if there was no existing username or email, insert all their information into the database. $insert = mysql_query("INSERT INTO $tableName (username,password,firstName,lastName,email,phone,address,city,state,zip,confKey) VALUES ('$username','$password','$firstName','$lastName','$email','$phone','$address','$city','$state','$zip','$confKey')") or die(mysql_error()); //This is required for and HTML email to be sent through PHP. $headers = "From: admin@redwebsecurity.com\r\n"; $headers.= "Subject: RedWeb Security Group Registration Details\r\n"; $headers.= "Content-Type: text/html; charset=ISO-8859-1 "; $headers .= "MIME-Version: 1.0 "; /******HERE YOU CAN EDIT WHAT YOU WANT THE EMAIL TO SAY WHEN THEY FORGET THEIR PASSWORD******/ /* */ /*PHP Explained: */ /*$msg are all the same variable, however, when you set the first one to just '=' and the */ /*second one to '.=' it basically concatinates the two variables. For example: */ /* */ /* */ /* $a = 1; */ /* $a .= 2; */ /* $a .= 3; */ /* echo $a; */ /* */ /* This will echo: 123 */ /* */ /* */ /* Be sure to include $firstName & $lastName somewhere in the message so the user knows */ /* what the message is */ /* */ /* */ /* */ /********************************************************************************************/ $msg = "Hello $firstName $lastName,<br/>"; $msg .= "We would like to thank you for joining our web site.<br/><br>"; $msg .= "Your Username is: $username<br/>"; $msg .= "Your Password is: $passwordsend<br/><br>"; $msg .= "Please keep these safe and if you have any questions, contact us at <br><br>"; $msg .= "<a href=\"mailto:admin@redwebsecurity.com\">admin@redwebsecurity.com</a>."; mail($email,"Thanks for Registering!",$msg,$headers); //and echo "Successfully registered!" and take them to a "thanks for registering" frame in flash echo "&msgText=Successfully registered!"; echo "&nameText=$firstName"; } } else { echo "Email does not match!"; //error message to display if $email doesnot contain ".pnn.police.uk" } ?> Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587591 Share on other sites More sharing options...
craigtolputt Posted July 11, 2008 Author Share Posted July 11, 2008 Sorry, that don't seem to work either, it now lets me register with say just an f in the email field.... This is very hard for such a simple thing i wish it was as easy as if ( email ends in .pnn.police.uk ) goto and play(): lmao I WISH! Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587607 Share on other sites More sharing options...
Guest Xanza Posted July 11, 2008 Share Posted July 11, 2008 Realistically you're probably having so many problems because you're using flash... But ehh, it can't be helped. Sorry I can't help you out more. Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587611 Share on other sites More sharing options...
craigtolputt Posted July 11, 2008 Author Share Posted July 11, 2008 thats cool man cheers for the help and trying ill keep trying to find an answer Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587614 Share on other sites More sharing options...
the shig Posted July 11, 2008 Share Posted July 11, 2008 hi, you've got the check email the wrong way round <?php if( ! check_email($email)) // should be if(check_email($email)) ?> Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587628 Share on other sites More sharing options...
craigtolputt Posted July 11, 2008 Author Share Posted July 11, 2008 Ah thanks to all of you i finallay have it working and i really appreciate all the help and advice you have all given cheers again Quote Link to comment https://forums.phpfreaks.com/topic/114263-solved-help-me-please/#findComment-587642 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.