Jump to content

PHP registration / login

macross

By macross
in PHP Coding Help

 Share

Recommended Posts

macross Newbie

macross

Posted
Posted

Functions.php

<?php
include 'Database.php';


//New user registration
function register_user($username, $password, $email){

//Prevent mysql injection TODO: Implement "stripslashes" 
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);


//Check if passwords where correct
if ($_POST['password'] != $_POST['confirm']){
//If not send error message
$reg_error = "Passwords did not match!";
include 'regform.php';
exit;
}else if ($username =='' || $password =='' || $email ==''){
//Check if all fields are filled
$reg_error = "Please fill in all fields!";
include 'regform.php';
exit;
}

//Check is the username already in the database
$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
$result = mysql_num_rows($check);

//Check if the email is already in the database
$check2 = mysql_query("SELECT * FROM users WHERE email = '$email'");
$result2 = mysql_num_rows($check2);

//If username exists throw and error
if($result > 0){

$reg_error = "This username is already taken!";
include 'regform.php';
exit;
}
//If email exists throw an error
else if ($result2 > 0){

$reg_error = "This email is already taken!";
include 'regform.php';
exit;
}

//encrypt password with md5
$encrypt = md5($password);


//Register user
mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$encrypt', '$email')");


}

//Login user
function log_user($username, $password){
session_start();


//Prevent mysql injection

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$decrypt = md5($password);


//Do a query against the DB
$checking = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$decrypt'");
$count = mysql_num_rows($checking);
//User found set session
if ($count == 1){
$_SESSION['logged'] = 1;
header("location: main.php");
}
//User not found
else{
$log_error = "Incorect username or password";
include 'login.php';
exit;
}

}
?>

 

Regform.php

<?php include 'functions.php'; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>User registration</title>
</head>
<body>

<form action="regform.php" method="POST">
<b>Username:</b><input type="text" name="username"/><br/>
<b>Password:</b><input type="password" name="password"/><br/>
<b>Confirm password:</b><input type="password" name="confirm"/><br/>
<b>Email:</b><input type="text" name="email"/><br/>
<input type="submit" value="submit"/>
</form>
<?php
if (isset($reg_error)){
echo $reg_error;
}
?>
<a href="login.php">Or login</a>


</body>

</html>

<?php
if (isset($_POST['Submit'])){
register_user($username, $password, $email);
}

?>

 

So as you can see i am developing a registration / login script. I've had looked at numerous tutorials for registration and login scripts but all of them uses external .php file for data handling (action="whateverfile.php"). And i want to do it all in one file (regform.php). So i've made two functions one for login and other for registration but if i try to call my function in regform.php nothing happends... So what im doing wrong?

Link to comment
Share on other sites
jamesxg1 Advanced Member

jamesxg1

Posted
Posted

Functions.php

<?php
include 'Database.php';


class register {
function register_user($username, $password, $email){

//Prevent mysql injection TODO: Implement "stripslashes" 
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);


//Check if passwords where correct
if ($_POST['password'] != $_POST['confirm']){
//If not send error message
$reg_error = "Passwords did not match!";
include 'regform.php';
exit;
}else if ($username =='' || $password =='' || $email ==''){
//Check if all fields are filled
$reg_error = "Please fill in all fields!";
include 'regform.php';
exit;
}

//Check is the username already in the database
$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
$result = mysql_num_rows($check);

//Check if the email is already in the database
$check2 = mysql_query("SELECT * FROM users WHERE email = '$email'");
$result2 = mysql_num_rows($check2);

//If username exists throw and error
if($result > 0){

$reg_error = "This username is already taken!";
include 'regform.php';
exit;
}
//If email exists throw an error
else if ($result2 > 0){

$reg_error = "This email is already taken!";
include 'regform.php';
exit;
}

//encrypt password with md5
$encrypt = md5($password);


//Register user
mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$encrypt', '$email')");


}

//Login user
function log_user($username, $password){
session_start();


//Prevent mysql injection

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$decrypt = md5($password);


//Do a query against the DB
$checking = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$decrypt'");
$count = mysql_num_rows($checking);
//User found set session
if ($count == 1){
$_SESSION['logged'] = 1;
header("location: main.php");
}
//User not found
else{
$log_error = "Incorect username or password";
include 'login.php';
exit;
}

}
}
?>

 

Regform.php

<?php

include 'functions.php';
$register = new register();

if (isset($_POST['Submit'])){
$register->register_user($_POST['username'], $_POST['password'], $_POST['email']);
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>User registration</title>
</head>
<body>

<form action="#" method="POST">
<b>Username:</b><input type="text" name="username"/><br/>
<b>Password:</b><input type="password" name="password"/><br/>
<b>Confirm password:</b><input type="password" name="confirm"/><br/>
<b>Email:</b><input type="text" name="email"/><br/>
<input type="submit" value="submit"/>
</form>
<?php
if (isset($reg_error)){
echo $reg_error;
}
?>
<a href="login.php">Or login</a>


</body>

</html>

Link to comment
Share on other sites
jamesxg1 Advanced Member

jamesxg1

Posted
Posted

All in one page.

<?php

if(isset($_POST['submit']))
{
register_user($_POST['username'], $_POST['password'], $_POST['email']);
function register_user($username, $password, $email){

//Prevent mysql injection TODO: Implement "stripslashes" 
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$email = mysql_real_escape_string($email);


//Check if passwords where correct
if ($password != $_POST['confirm']){
//If not send error message
$reg_error = "Passwords did not match!";
include 'regform.php';
exit;
}else if ($username =='' || $password =='' || $email ==''){
//Check if all fields are filled
$reg_error = "Please fill in all fields!";
include 'regform.php';
exit;
}

//Check is the username already in the database
$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
$result = mysql_num_rows($check);

//Check if the email is already in the database
$check2 = mysql_query("SELECT * FROM users WHERE email = '$email'");
$result2 = mysql_num_rows($check2);

//If username exists throw and error
if($result > 0){

$reg_error = "This username is already taken!";
include 'regform.php';
exit;
}
//If email exists throw an error
else if ($result2 > 0){

$reg_error = "This email is already taken!";
include 'regform.php';
exit;
}

//encrypt password with md5
$encrypt = md5($password);


//Register user
mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$encrypt', '$email')");


}

//Login user
function log_user($username, $password){
session_start();


//Prevent mysql injection

$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$decrypt = md5($password);


//Do a query against the DB
$checking = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$decrypt'");
$count = mysql_num_rows($checking);
//User found set session
if ($count == 1){
$_SESSION['logged'] = 1;
header("location: main.php");
}
//User not found
else{
$log_error = "Incorect username or password";
include 'login.php';
exit;
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>User registration</title>
</head>
<body>

<form action="#" method="POST">
<b>Username:</b><input type="text" name="username"/><br/>
<b>Password:</b><input type="password" name="password"/><br/>
<b>Confirm password:</b><input type="password" name="confirm"/><br/>
<b>Email:</b><input type="text" name="email"/><br/>
<input type="submit" value="submit" name="submit" />
</form>
<?php
if (isset($reg_error)){
echo $reg_error;
}
?>
<a href="login.php">Or login</a>


</body>

</html>

 

Link to comment
Share on other sites
ignace Advanced Member

ignace

Posted
Posted 

if (isset($_POST['Submit'])){

 

Does not exist as you wrote:

 

<input type="submit" value="submit"/>

 

Add name="Submit" and it should work. I always want to point out that your functions are tightly coupled to your code and it will be quite hard to use them elsewhere. For example a registration form that uses some different name's then username and password wouldn't work. Or if you would ever use something different then mysql then this wouldn't work either due to mysql_real_escape_string.

Link to comment
Share on other sites
macross Newbie

macross

Posted
  • Author
Posted 

if (isset($_POST['Submit'])){

 

Does not exist as you wrote:

 

<input type="submit" value="submit"/>

 

Add name="Submit" and it should work. I always want to point out that your functions are tightly coupled to your code and it will be quite hard to use them elsewhere. For example a registration form that uses some different name's then username and password wouldn't work. Or if you would ever use something different then mysql then this wouldn't work either due to mysql_real_escape_string.

Thanks for pointing that out. I will definitely change some stuff around.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.