[SOLVED] HELP ME PLEASE!!!

[craigtolputt]

Hi Guys,

 

Im new here and im hoping someone has the answer to my question...

 

I have a flash site with a registration form which works very well but i need to add a validation to it to check that the email address that the user adds ends in .pnn.police.uk

Im not sure if i need the code to be in the php page which is here...

 

<?php
//include the connect script
include "connect.php";

/*THIS VARIABLE IS WHAT TABLE YOU ARE USING...IF YOU USED MY SQL FILE, THEN YOUR DEFAULT TABLE*/
/*NAME SHOULD BE 'userv2' AND YOU DO NOT NEED TO CHANGE ANYTHING, BUT IF YOU MADE YOUR OWN TABLE,*/
/*CHANGE THIS VARIABLE.*/
$tableName = "usersv2";

//Post all of the users information (md5 Encrypt the password)
$username = $_POST['username'];
$password = md5($_POST['password']);
$passwordsend = ($_POST['password']);
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];


//Generate confKey (this is used to determine which user it is when the user forget's their password.
function createConfKey() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$key = '';
while ($i <= 31) { 
	$num = rand() % 33;
	$tmp = substr($chars, $num, 1);
	$key = $key . $tmp;
	$i++;
}    
return $key;
}
$thekey = createConfKey();
//$theKey is the random 32 character string and then $confKey is the random 32 character string with md5 encryption.
$confKey = md5($thekey);
//grab all the usernames in the table
$sql1 = mysql_query("SELECT * FROM $tableName WHERE username = '$username'");
//grab all the emails in the table
$sql2 = mysql_query("SELECT * FROM $tableName WHERE email = '$email'");
//get number of results from both queries
$row1 = mysql_num_rows($sql1);
$row2 = mysql_num_rows($sql2);
//if there is a result it will be either 1 or higher
if($row1 > 0 || $row2 > 0) {
//echo username or email is already in use and deny registration.
echo "&msgText=Username or email already in use!";
} else {
//if there was no existing username or email, insert all their information into the database.
$insert = mysql_query("INSERT INTO $tableName (username,password,firstName,lastName,email,phone,address,city,state,zip,confKey) VALUES ('$username','$password','$firstName','$lastName','$email','$phone','$address','$city','$state','$zip','$confKey')") or die(mysql_error());
//This is required for and HTML email to be sent through PHP.
$headers = "From: admin@redwebsecurity.com\r\n";
$headers.= "Subject: RedWeb Security Group Registration Details\r\n";
$headers.= "Content-Type: text/html; charset=ISO-8859-1 ";
$headers .= "MIME-Version: 1.0 ";
/******HERE YOU CAN EDIT WHAT YOU WANT THE EMAIL TO SAY WHEN THEY FORGET THEIR PASSWORD******/
/*																							*/
/*PHP Explained:                                                                            */
/*$msg are all the same variable, however, when you set the first one to just '=' and the   */
/*second one to '.=' it basically concatinates the two variables. For example:              */
/*																							*/
/*																							*/
/*										$a = 1;												*/
/*										$a .= 2;											*/
/*										$a .= 3;											*/
/*										echo $a;											*/
/*																							*/
/*										This will echo: 123									*/
/*																							*/
/*																							*/
/*	Be sure to include $firstName & $lastName somewhere in the message so the user knows 	*/
/*  what the message is																		*/
/*																							*/
/*																							*/
/*																							*/
/********************************************************************************************/
$msg = "Hello $firstName $lastName,<br/>";
$msg .= "We would like to thank you for joining our web site.<br/><br>";
$msg .= "Your Username is: $username<br/>";
$msg .= "Your Password is: $passwordsend<br/><br>";
$msg .= "Please keep these safe and if you have any questions, contact us at <br><br>";
$msg .= "<a href=\"mailto:admin@redwebsecurity.com\">admin@redwebsecurity.com</a>.";
mail($email,"Thanks for Registering!",$msg,$headers);


//and echo "Successfully registered!" and take them to a "thanks for registering" frame in flash
echo "&msgText=Successfully registered!";
echo "&nameText=$firstName";
}

?>

 

or in the flash actionscript which is here...

 

stop();

//This sets a minimum character length to the password field. Change how you like.
var passwordLength:Number = 4;


//This variable determines if the registration completed successfully. If it did, change the submitBtn actions to go back to the login page.
var success:Boolean = false;
status_txt.text = "";
status_txt.autoSize = true;
//Variables to hand the PHP files.
var dataOut:LoadVars = new LoadVars();
var dataIn:LoadVars = new LoadVars();
//Run this once flash gets a response from the PHP.
dataIn.onLoad = function() {
var responsetext = this.msgText;
var nametext = this.nameText;
status_txt.text = responsetext;
submitBtn.enabled = true;
//If success change the button to continue and go back to the login screen and proceed to login.
if (responsetext == "Successfully registered!") {
	_global.whoReg = nametext;
	success = true;
	gotoAndPlay("regcomplete");
}
};

//This is run once the user clicks on submit
submitBtn.onRelease = function() {
//If the user has not registered successfully yet, do this...
if (success == false) {
	//if the passwords dont match, alert the user.
	if (password1.text != password2.text) {
		status_txt.text = "Password Mismatch.";
	} else if (username.text == "" || password1.text == "" || password2.text == "" || firstName.text == "" || lastName.text == "" || email.text == "" || phone.text == "" || address.text == "" || city.text == "" || state_cb.value == "Select a state" || zip.text == "") {
		//If there are any empty fields, alert the user.
		status_txt.text = "Please fill in all fields.";
	} else if (password1.length < passwordLength || password2.length < passwordLength) {
		//If the password doesn't meet the required length, alert the user.
		status_txt.text = "Password length too short. " + passwordLength + " or more characters.";
	} else {
		//If everything goes through, send the input data to register.php
		submitBtn.enabled = false;
		status_txt.text = "Registering...Please wait...";
		dataOut.username = username.text;
		dataOut.password = password1.text;
		dataOut.firstName = firstName.text;
		dataOut.lastName = lastName.text;
		dataOut.email = email.text;
		dataOut.phone = phone.text;
		dataOut.address = address.text;
		dataOut.city = city.text;
		dataOut.state = state_cb.value;
		dataOut.zip = zip.text;
		dataOut.sendAndLoad(registerLocation,dataIn,"POST");
	}
} else {
	//if success was equal to true, change the button actions to go back to the login screen.
	_parent.gotoAndStop("login");
}
};
//Same actions as above, just adds functionality to the enter key.
var keyObj:Object = new Object();
keyObj.onKeyDown = function() {
if (Key.getCode() == Key.ENTER) {
	if (success == false) {
		if (password1.text != password2.text) {
			status_txt.text = "Password Mismatch.";
		} else if (username.text == "" || password1.text == "" || password2.text == "" || firstName.text == "" || lastName.text == "" || email.text == "" || phone.text == "" || address.text == "" || city.text == "" || state_cb.value == "Select a state" || zip.text == "") {
			status_txt.text = "Please fill in all fields.";
		} else if (password1.length < passwordLength || password2.length < passwordLength) {
			status_txt.text = "Password length too short. " + passwordLength + " or more characters.";
		} else {
			submitBtn.enabled = false;
			status_txt.text = "Registering...Please wait...";
			dataOut.username = username.text;
			dataOut.password = password1.text;
			dataOut.firstName = firstName.text;
			dataOut.lastName = lastName.text;
			dataOut.email = email.text;
			dataOut.phone = phone.text;
			dataOut.address = address.text;
			dataOut.city = city.text;
			dataOut.state = state_cb.value;
			dataOut.zip = zip.text;
			dataOut.sendAndLoad(registerLocation,dataIn,"POST");
		}
	} else {
		_parent.gotoAndStop("login");
	}
}
};
Key.addListener(keyObj);

// Populate the combo box with all the states.
state_cb.addItem({data:"Select a county", label:"Select a county"});
state_cb.addItem({data:"England", label:"Avon"});
state_cb.addItem({data:"Bedfordshire", label:"Bedfordshire"});
state_cb.addItem({data:"Berkshire", label:"Berkshire"});
state_cb.addItem({data:"Borders", label:"Borders"});
state_cb.addItem({data:"Buckinghamshire", label:"Buckinghamshire"});
state_cb.addItem({data:"Cambridgeshire", label:"Cambridgeshire"});
state_cb.addItem({data:"Central", label:"Central"});
state_cb.addItem({data:"Cheshire", label:"Cheshire"});
state_cb.addItem({data:"Cleveland", label:"Cleveland"});
state_cb.addItem({data:"Clwyd", label:"Clwyd"});
state_cb.addItem({data:"Cornwall", label:"Cornwall"});
state_cb.addItem({data:"County Antrim", label:"County Antrim"});
state_cb.addItem({data:"County Armagh", label:"County Armagh"});
state_cb.addItem({data:"County Down", label:"County Down"});
state_cb.addItem({data:"Indiana", label:"Indiana"});
state_cb.addItem({data:"County Fermanagh", label:"County Fermanagh"});
state_cb.addItem({data:"County Londonderry", label:"County Londonderry"});
state_cb.addItem({data:"County Tyrone", label:"County Tyrone"});
state_cb.addItem({data:"Cumbria", label:"Cumbria"});
state_cb.addItem({data:"Derbyshire", label:"Derbyshire"});
state_cb.addItem({data:"Devon", label:"Devon"});
state_cb.addItem({data:"Dorset", label:"Dorset"});
state_cb.addItem({data:"Dumfries and Galloway", label:"Dumfries and Galloway"});
state_cb.addItem({data:"Durham", label:"Durham"});
state_cb.addItem({data:"Dyfed", label:"Dyfed"});
state_cb.addItem({data:"East Sussex", label:"East Sussex"});
state_cb.addItem({data:"Essex", label:"Essex"});
state_cb.addItem({data:"Fife", label:"Fife"});
state_cb.addItem({data:"Gloucestershire", label:"Gloucestershire"});
state_cb.addItem({data:"New Hampshire", label:"New Hampshire"});
state_cb.addItem({data:"Grampian", label:"Grampian"});
state_cb.addItem({data:"Greater Manchester", label:"Greater Manchester"});
state_cb.addItem({data:"Gwent", label:"Gwent"});
state_cb.addItem({data:"Gwynedd County", label:"Gwynedd County"});
state_cb.addItem({data:"Hampshire", label:"Hampshire"});
state_cb.addItem({data:"Herefordshire", label:"Herefordshire"});
state_cb.addItem({data:"Hertfordshire", label:"Hertfordshire"});
state_cb.addItem({data:"Highlands and Islands", label:"Highlands and Islands"});
state_cb.addItem({data:"Humberside", label:"Humberside"});
state_cb.addItem({data:"Isle of Wight", label:"Isle of Wight"});
state_cb.addItem({data:"Kent", label:"Kent"});
state_cb.addItem({data:"Lancashire", label:"Lancashire"});
state_cb.addItem({data:"Leicestershire", label:"Leicestershire"});
state_cb.addItem({data:"Lincolnshire", label:"Lincolnshire"});
state_cb.addItem({data:"Lothian", label:"Lothian"});
state_cb.addItem({data:"Merseyside", label:"Merseyside"});
state_cb.addItem({data:"Mid Glamorgan", label:"Mid Glamorgan"});
state_cb.addItem({data:"Norfolk", label:"Norfolk"});
state_cb.addItem({data:"North Yorkshire", label:"North Yorkshire"});
state_cb.addItem({data:"Northamptonshire", label:"Northamptonshire"});
state_cb.addItem({data:"Northumberland", label:"Northumberland"});
state_cb.addItem({data:"Nottinghamshire", label:"Nottinghamshire"});
state_cb.addItem({data:"Oxfordshire", label:"Oxfordshire"});
state_cb.addItem({data:"Powys", label:"Powys"});
state_cb.addItem({data:"Rutland", label:"Rutland"});
state_cb.addItem({data:"Shropshire", label:"Shropshire"});
state_cb.addItem({data:"Somerset", label:"Somerset"});
state_cb.addItem({data:"South Glamorgan", label:"South Glamorgan"});
state_cb.addItem({data:"South Yorkshire", label:"South Yorkshire"});
state_cb.addItem({data:"Staffordshire", label:"Staffordshire"});
state_cb.addItem({data:"Strathclyde", label:"Strathclyde"});
state_cb.addItem({data:"Suffolk", label:"Suffolk"});
state_cb.addItem({data:"Surrey", label:"Surrey"});
state_cb.addItem({data:"Tayside", label:"Tayside"});
state_cb.addItem({data:"Tyne and Wear", label:"Tyne and Wear"});
state_cb.addItem({data:"Warwickshire", label:"Warwickshire"});
state_cb.addItem({data:"West Glamorgan", label:"West Glamorgan"});
state_cb.addItem({data:"West Midlands", label:"West Midlands"});
state_cb.addItem({data:"West Sussex", label:"West Sussex"});
state_cb.addItem({data:"West Yorkshire", label:"West Yorkshire"});
state_cb.addItem({data:"Wiltshire", label:"Wiltshire"});
state_cb.addItem({data:"Worcestershire", label:"Worcestershire"});

// Add event listener and event handler function.
var cbListener:Object = new Object();
cbListener.change = function(evt_obj:Object):Void  {
var currentlySelected:Object = evt_obj.target.selectedItem;
//trace("data: " + currentlySelected.data);
//trace("label: " + currentlySelected.label);
};
state_cb.addEventListener("change",cbListener);

 

If someone knows the answer to this i would really appreciate it.

 

cheers

 

Craig

[Guest Xanza]

It's actually more simple than you would of imagined...

 

Check more into explode.

[craigtolputt]

Hmmmmm Simple Hey!!

 

Im not sure about that ha ha

 

Anyway what is explode? and is it php or flash? or is it a site?

 

sorry im probably looking a bit silly right now but i really need to get this sorted.

 

cheers

 

[kenrbnsn]

The explode() function is PHP.

 

Ken

[Lamez]

use PHP, it is so much easier.

[craigtolputt]

Ah OK this looks like it might work...

 

So if i need it to check that the extension of an email address is .pnn.police.uk could i do something like...

 

<?php
// Example 1
$extension  = "pnn police uk";
$email = explode(" ", $extension);
echo $email[0]; // .pnn
echo $email[1]; // .police
echo $email[2]; // .uk

?> 

[craigtolputt]

If someone here knows how i can do this i am willing to pay for the advice as i have been playing with this for about 3 days now and the dealine is getting close

 

cheers

[Guest Xanza]

The explode feature will allow you to basically disect your requestee's email address - something like this

 

<?php
$explode = explode("@", $email);

if($email == $explode){
   NUL;
} elseif {
if($explode['1'] = ".pnn.police.uk")
}

?>

 

As you can see I'm still a noob, and that will prolly never ever work, but it's simple enough to where someone here could quickly make it work I'm sure.

[the shig]

hi

i need to add a validation to it to check that the email address that the user adds ends in .pnn.police.uk

 

here you go.

 

<?php
function check_email($email)
{
      return (substr(trim($email), -14) == '.pnn.police.uk');	
}

//example use

if(!check_email($email))
{
    echo "email not ok";
}
else{
   
    // ok.
}

?>

 

At the moment, your script is really, REALLY insecure. Your database could be dropped in a jiffy.

 

The bare minimum you should do to this input is pass it all through mysql_real_escape_string() and strip_tags(). The actionscript validation is not validation. it just checks to see if they've input something.

 

thats $14,211,199.64 for services rendered. I shall PM you the invoice. be careful what you wish for 

[Guest Xanza]

thats $14,211,199.64 for services rendered. I shall PM you the invoice. be careful what you wish for  Grin

 

ROFL!

[craigtolputt]

Ha Ha yeah sure paypal ok? lol

 

Sorry to sound stupid but im a designer and a bit of flash and this has been dumped on me to sort out.

 

So i would add this to my register file?

 

<?php
function check_email($email)
{
     return (substr(trim($email), -14) == '.pnn.police.uk');	
}

//example use

if(!check_email($email))
{
   echo "email not ok";
}
else{
  
   // ok.
}

?>

 

And what is the mysql_real_escape_string() all about, what does it do? and is it easy to addon?

[Guest Xanza]

Craig - http://us3.php.net/manual/en/function.mysql-real-escape-string.php

 

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

 

I think it will strip the url and protect you against mysql injections!

[craigtolputt]

Is it easy to implement into my php file?

 

Could someone take a look?

 

[Guest Xanza]

This will probabally work for you..

 

<?php


//include the connect script
include "connect.php";

/*THIS VARIABLE IS WHAT TABLE YOU ARE USING...IF YOU USED MY SQL FILE, THEN YOUR DEFAULT TABLE*/
/*NAME SHOULD BE 'userv2' AND YOU DO NOT NEED TO CHANGE ANYTHING, BUT IF YOU MADE YOUR OWN TABLE,*/
/*CHANGE THIS VARIABLE.*/
$tableName = "usersv2";

//Post all of the users information (md5 Encrypt the password)
$username = $_POST['username'];
$password = md5($_POST['password']);
$passwordsend = ($_POST['password']);
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];

//Custom function to check to see if email domain is equal to ".pnn.police.uk"
//phpfreaks.com rules!
function check_email($email) {
      return (substr(trim($email), -14) == '.pnn.police.uk');
}

//Generate confKey (this is used to determine which user it is when the user forget's their password.
function createConfKey() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$key = '';
while ($i <= 31) {
	$num = rand() % 33;
	$tmp = substr($chars, $num, 1);
	$key = $key . $tmp;
	$i++;
}
return $key;
}
if(!check_email($email)) { //Start check email
$thekey = createConfKey();
//$theKey is the random 32 character string and then $confKey is the random 32 character string with md5 encryption.
$confKey = md5($thekey);
//grab all the usernames in the table
$sql1 = mysql_query("SELECT * FROM $tableName WHERE username = '$username'");
//grab all the emails in the table
$sql2 = mysql_query("SELECT * FROM $tableName WHERE email = '$email'");
//get number of results from both queries
$row1 = mysql_num_rows($sql1);
$row2 = mysql_num_rows($sql2);
//if there is a result it will be either 1 or higher
if($row1 > 0 || $row2 > 0) {
//echo username or email is already in use and deny registration.
echo "&msgText=Username or email already in use!";
} else {
//if there was no existing username or email, insert all their information into the database.
$insert = mysql_query("INSERT INTO $tableName (username,password,firstName,lastName,email,phone,address,city,state,zip,confKey) VALUES ('$username','$password','$firstName','$lastName','$email','$phone','$address','$city','$state','$zip','$confKey')") or die(mysql_error());
//This is required for and HTML email to be sent through PHP.
$headers = "From: admin@redwebsecurity.com\r\n";
$headers.= "Subject: RedWeb Security Group Registration Details\r\n";
$headers.= "Content-Type: text/html; charset=ISO-8859-1 ";
$headers .= "MIME-Version: 1.0 ";
/******HERE YOU CAN EDIT WHAT YOU WANT THE EMAIL TO SAY WHEN THEY FORGET THEIR PASSWORD******/
/*																							*/
/*PHP Explained:                                                                            */
/*$msg are all the same variable, however, when you set the first one to just '=' and the   */
/*second one to '.=' it basically concatinates the two variables. For example:              */
/*																							*/
/*																							*/
/*										$a = 1;												*/
/*										$a .= 2;											*/
/*										$a .= 3;											*/
/*										echo $a;											*/
/*																							*/
/*										This will echo: 123									*/
/*																							*/
/*																							*/
/*	Be sure to include $firstName & $lastName somewhere in the message so the user knows 	*/
/*  what the message is																		*/
/*																							*/
/*																							*/
/*																							*/
/********************************************************************************************/
$msg = "Hello $firstName $lastName,<br/>";
$msg .= "We would like to thank you for joining our web site.<br/><br>";
$msg .= "Your Username is: $username<br/>";
$msg .= "Your Password is: $passwordsend<br/><br>";
$msg .= "Please keep these safe and if you have any questions, contact us at <br><br>";
$msg .= "<a href=\"mailto:admin@redwebsecurity.com\">admin@redwebsecurity.com</a>.";
mail($email,"Thanks for Registering!",$msg,$headers);


//and echo "Successfully registered!" and take them to a "thanks for registering" frame in flash
echo "&msgText=Successfully registered!";
echo "&nameText=$firstName";
    }
} else {
echo "Email does not match!"; //error message to display if $email doesnot contain ".pnn.police.uk"
}
?>

[craigtolputt]

Sorry,

 

that don't seem to work either, it now lets me register with say just an f in the email field....

 

This is very hard for such a simple thing i wish it was as easy as if ( email ends in .pnn.police.uk ) goto and play():  lmao  I WISH!

[Guest Xanza]

Realistically you're probably having so many problems because you're using flash... But ehh, it can't be helped. Sorry I can't help you out more.

[craigtolputt]

thats cool man cheers for the help and trying ill keep trying to find an answer   

[the shig]

hi,

 

you've got the check email the wrong way round 

 

<?php
if( ! check_email($email))

// should be

if(check_email($email))
?>

[craigtolputt]

Ah thanks to all of you i finallay have it working and i really appreciate all the help and advice you have all given

 

cheers again