Naming a folder by email address

[jmituzas]

ok i have create a login script and registration but I want it to create a new user root directory. All i need to add on to it is how to make a directory and naming it after what the user puts into the Email section of the form? How is this done, so it grabs the email and also writes it to the name for mkdir().

 

Heres my form:

<table border="0" width="225" align="center">
    <tr>
        <td width="219" bgcolor="#999999">
            <p align="center"><font color="white"><span style="font-size:12pt;"><b>Registration</b></span></font></p>
        </td>
    </tr>
    <tr>
        <td width="219">
            <table border="0" width="282" align="center">
                    <tr>
                        <td width="116"><span style="font-size:10pt;">Name:</span></td>
                        <td width="156"><input type="text" name="name" maxlength="100"></td>
                    </tr>
                    <tr>
                        <td width="116"><span style="font-size:10pt;">Email:</span></td>
                        <td width="156"><input type="text" name="email" maxlength="100"></td>
                    </tr>
                <tr>
                    <td width="116"><span style="font-size:10pt;">Username:</span></td>
                    <td width="156"><input type="text" name="username"></td>
                </tr>
                <tr>
                    <td width="116"><span style="font-size:10pt;">Password:</span></td>
                    <td width="156"><input type="password" name="password"></td>
                </tr>
                <tr>
                    <td width="116"> </td>
                        <td width="156">
                            <p align="right"><input type="submit" name="submit" value="Submit"></p>
                        </td>
                </tr>
            </table>

Thanks in advance,

[mikesta707]

mkdir($_POST['email']);... have you tried that?

[jmituzas]

That easy? If I only would have known...  thanks

[mikesta707]

basically thats the bulk of what you have to do, but you probably want to check that the dir doesn't exist before hand, among other stuff. but yeah thats about it

[The14thGOD]

is the @ allowed in folder names on a server? even if it is, would that cause link problems?

[roopurt18]

is the @ allowed in folder names on a server?

It depends on the OS.

 

I would be inclined to argue against naming directories after your users' e-mail addresses for security reasons.  I have no idea what you plan to store in them, but let's say I'm an attacker and I gain access to your file system.

 

Here I am on your file system:

> ls
public_html   user_data

 

Oh look!  A user_data directory; I wonder what's in there.

 

> cd user_data
> ls
[email protected]   [email protected]   [email protected]

 

Cool!  I've just farmed some valid e-mail addresses.  Let's see what else I can find.

 

> ls [email protected]
recent.orders   secret.question   friends
> cat recent.orders
order id: 10392
date: 2009-11-20
time: 11:00:00
products: 10x widget, 20x bar, 5x foo
payment: visa

 

Well, now I know that [email protected] has made an order recently with his Visa card.  I'm going to send [email protected] an e-mail and tell him something happened to his order, we're very sorry, but he'll need to provide us with his credit card information again to complete the order.

 

You should not put any information on the file system that could be used to compromise your users or their data.  You never know when someone is going to archive your home directory and walk away with it.  Likewise if someone steals one of your backups.

 

I'd suggest naming the directories after the user's ID column in the database.