Jump to content

SQL Validation From Input Box

Matt01

By Matt01
in PHP Coding Help

 Share

Recommended Posts

Matt01 Newbie

Matt01

Posted
Posted

I have a simple register script with a bunch of text box fields...

Username:

Password:

Confirm Password:

Email Address:

Registration Key:

 

The idea is for the user to put an email address into a box on another page to request a registration key.

A script will then generate a random key, insert this into the database and also email it to the email address inside the box.

The key will be inserted into the database along with the email address, so maybe it will be ID, email address, key, ipaddress as an example of some database fields.

 

Once the user has got this key from the email and also inserted into the database I can then let the user proceed to the 2nd page (the register page).

 

Now the problem i have on the register page is that I cannot figure out howto validate whats entered in the Registration Key box to the value of the key inside the database.

 

The idea is to stop the user from registering if the key in the input box is not the same as the key / email address inside the database.

 

Is this possible?

 

I look at php code, understand it and then change things to create my own scripts.

I do not have the experience / knowledge to create something new so thats why I decided to post on here.

 

Regards

 

Matt01 - Newbie PHP Coder

Link to comment
https://forums.phpfreaks.com/topic/119372-sql-validation-from-input-box/
Share on other sites
Matt01 Newbie

Matt01

Posted
  • Author
Posted

<?php

// Connects to your Database

mysql_connect("localhost", "username", "password") or die(mysql_error());

mysql_select_db("database") or die(mysql_error());

 

//This code runs if the form has been submitted

if (isset($_POST['submit'])) {

 

//This makes sure they did not leave any fields blank

if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] | !$_POST['email'] | !$_POST['passkey'] ) {

die('You did not complete all of the required fields');

}

 

// checks if the username is in use

if (!get_magic_quotes_gpc()) {

$_POST['username'] = addslashes($_POST['username']);

}

$usercheck = $_POST['username'];

$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")

or die(mysql_error());

$check2 = mysql_num_rows($check);

 

//if the name exists it gives an error

if ($check2 != 0) {

die('Sorry, the username '.$_POST['username'].' is already in use.');

}

 

// checks if the emailaddress is in use

if (!get_magic_quotes_gpc()) {

$_POST['email'] = addslashes($_POST['email']);

}

$emailcheck = $_POST['email'];

$checkemail = mysql_query("SELECT username FROM users WHERE email = '$emailcheck'")

or die(mysql_error());

$check3 = mysql_num_rows($checkemail);

 

//if the email is registered it gives an error

if ($check3 != 0) {

die('Sorry, '.$_POST['email'].' is already in use.');

}

 

// checks for the passkey

if (!get_magic_quotes_gpc()) {

$_POST['passkey'] = addslashes($_POST['passkey']);

}

$passkeycheck = $_POST['passkey'];

$checkpasskey = mysql_query("SELECT username FROM users WHERE passkey = '$passkeycheck'")

or die(mysql_error());

$check4 = mysql_num_rows($checkpasskey);

 

//if the email is registered it gives an error

if ($check4 != 0) {

die('Sorry, the passkey: '.$_POST['passkey'].' is already in use.');

}

 

// this makes sure both passwords entered match

if ($_POST['pass'] != $_POST['pass2']) {

die('Your passwords did not match. ');

}

 

// here we encrypt the password and add slashes if needed

$_POST['pass'] = md5($_POST['pass']);

if (!get_magic_quotes_gpc()) {

$_POST['pass'] = addslashes($_POST['pass']);

$_POST['username'] = addslashes($_POST['username']);

$_POST['email'] = addslashes($_POST['email']);

}

 

// now we insert it into the database

$ip = $HTTP_SERVER_VARS['REMOTE_ADDR'];

$client = $_SERVER['HTTP_USER_AGENT'];

$isp = gethostbyaddr($_SERVER['REMOTE_ADDR']);

$time = $time = time();

$insert = "INSERT INTO users (username, password, email, passkey, ipaddress, client, isp, time)

VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['email']."', '".$_POST['passkey']."', '".$ip."', '".$client."', '".$isp."', '".$time."')";

$add_member = mysql_query($insert);

?>

 

 

<h1>Registered</h1>

<p>Thank you, you have registered - you may now login</a>.</p>

<?php

}

else

{

?>

 

<html>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

  Username:  <input type="text" name="username" maxlength="20"><br>

  Password:   <input type="password" name="pass" maxlength="60"><br>

  Confirm Password:  <input type="password" name="pass2" maxlength="60"><br>

  Email Address: <input type="text" name="email" maxlength="60"><br>

  Registration Key: <input type="text" name="passkey" maxlength="20"><br><br>

  <input type="submit" name="submit" value="Register">

</form>

</html>

 

<?php

}

?>

budimir Advanced Member

budimir

Posted
Posted

So what exactly do you want to do? As I can see, you have preventions here:

 

//if the email is registered it gives an error
if ($check3 != 0) {
die('Sorry, '.$_POST['email'].' is already in use.');
}

// checks for the passkey
if (!get_magic_quotes_gpc()) {
$_POST['passkey'] = addslashes($_POST['passkey']);
}
$passkeycheck = $_POST['passkey'];
$checkpasskey = mysql_query("SELECT username FROM users WHERE passkey = '$passkeycheck'")
or die(mysql_error());
$check4 = mysql_num_rows($checkpasskey);

//if the email is registered it gives an error
if ($check4 != 0) {
die('Sorry, the passkey: '.$_POST['passkey'].' is already in use.');
}

 

You are checking for the email and for the Registration key.

 

Can you repeat what you want?

Matt01 Newbie

Matt01

Posted
  • Author
Posted

O yeah sorry, i was doing some testing, ignore the checks for passkey.

 

So what I need is for a user to enter the passkey in that box, it then checks the passkey and email address.

If both are correct then it allows the script to register the user.

 

So for now a simple example will do.

 

1) keyrequest.php

- this script will be a basic text box, user enters a valid email address in it then clicks "send key" button.

- script will then generate a random key, this key gets sent in an email to the email addy entered in the box and also enter that email addy + the random key into a database (prob same table as the register one)

 

2) register.php

- this script has the fields needed for registration + some additional info for security / whois.

- the script makes sure all fields are entered + checks username, password, email, passkey to make sure there not used.

- the script needs to be changed so it checks the "email + passkey" from keyrequest.php to A) make sure both values are the same and B) the "email + passkey" entered in the boxes on register.php are the same as the ones in the database.

If they are not the same then it doesnt allow the script to register the user.

 

It might sound abit complicated but its designed to make sure the email address used when registering is valid and accessable and not some random "insert any email here".

 

*Edit*

Im not to sure on the sql database tho, maybe if the keyrequest.php edits the sql table but only fills in the email and passkey fields while leaving the other fields empty.

My problem with that is the auto increasement on the register script since at the moment it will just add a ID2 after the keyrequest.php has added ID1 with the email + passkey field's.

 

I think I will have to figure this out in stages, first of all is validation of the boxes to the database.

budimir Advanced Member

budimir

Posted
Posted

OK, so you need to do this:

 

<?php

$email = $_GET['email'];
$passkey = $_GET['passkey'];

$sql = "SELECT * FROM dbtable WHERE email = '$email' AND passkey='$passkey'";
$result = mysql_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);

if ($num > '0'){
echo "Go on!";
} esle {
echo "STOP! Something is wrong.";
}

 

So this is very basic peace of code for the thing you need. Hope it helps?

Matt01 Newbie

Matt01

Posted
  • Author
Posted

if ($num > '0'){

this means if the value is more than 0 then it brings up a STOP

if the value is 0 then it allows the script to Go on.

 

Is there any code in there that checks the value of the input box, what the user has entered during the registration.

 

So lets say I edited passkey field in myphpadmin and put 12345, then I typed 12345 in the passkey box and it lets me register, if another value is entered it doesnt.

Matt01 Newbie

Matt01

Posted
  • Author
Posted

I decided to look at on the web for an activation script, I came across a site where a guy has coded the whole thing.

 

http://biorust.com/tutorials/detail/115/en/

 

Thanks for helping me out, I think ill use his process of registering then activating rather than requesting code first then letting you register later on.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.