Jump to content

Register / Login script.

Dunkthefunk

By Dunkthefunk
in Third Party Scripts

 Share

Recommended Posts

Dunkthefunk Newbie

Dunkthefunk

Posted
Posted

Hiya,

 

I'm fairly new to PHP and MySQL but I’ve toyed around with a Register and login script and i can now get most of it too work, however I’m having trouble with the passwords. When a user registers the password changes and comes up as jargon in my database. I can't really see much wrong with the script but i expect that’s due to my amateur PHP abilities. Here is the code relating to the Password. It stored as an array and as a cookie and the cookie is deleted upon log out.

 

(I'm also aware i havn't uncluded MySQL connect infomation... for obvious reasons  :))

 

Kind regards

 

 

<?php
mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error()); 

if (isset($_POST['submit'])) { 


if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
		die('You did not complete all of the required fields');

 

 

- Here is infomation about the Username.. that's working fine and dandy -

 

 

 	if ($_POST['pass'] != $_POST['pass2']) {
		die('Your passwords did not match. ');
	}


	$_POST['pass'] = md5($_POST['pass']);
	if (!get_magic_quotes_gpc()) {
		$_POST['pass'] = addslashes($_POST['pass']);
		$_POST['username'] = addslashes($_POST['username']);
			}


	$insert = "INSERT INTO users (username, password)
			VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
	$add_member = mysql_query($insert);
	?>

 

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

The password isn't changing and coming up as jargon. It's being hashed by the MD5() function, and the resulting value of that hash is being stored in the database. That is the correct way to deal with passwords, however I'd have chosen a stronger hashing algorithm, and added a salt.

 

There's a problem or two here:

// if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { All of the | should be ||
//     die('You did not complete all of the required fields');
// The above would be better written as:
if ( empty(trim($_POST['username'])) || empty(trim($_POST['pass'])) || empty(trim($_POST['pass2'])) ) {
     $error = 'Username, password and password confirmation fields are mandatory.';
}

 

Then you would check to see if $error is empty, and if not, present the error message. You could also validate each field separately, and store each error in an $error[] array element, then loop through the array to display specific errors. Using die() for form field validation errors is a horrible way to do it.

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

No, killing the script is like slamming the door in the user's face. You should store validation errors, then display them along with the form again, so the user has an opportunity to correct the errors and proceeding without using the back button or anything like that. I'll put up an example later that will illustrate basically how to do that.

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

Now that I have a few minutes, here is a basic illustration of what I was talking about. This is a basic jumping off point for validation and input error handling methods, and can be built upon to include placing the messages next to the field to which it applies, etc. Look through it, and if you have questions, please ask.

 

<?php
if( $_POST['submitted'] == 'true' ) { // if the hidden field's value is present, the form has been submitted. This caters to some browsers weaknesses in handling submit buttons.
$errors = array(); // initialize an array to hold error messages
if( empty($_POST['user_name']) ) {
	$errors[] = 'Username may not be blank';
}
if( empty($_POST['password']) || empty($_POST['password_conf']) ) {
	$errors[] = 'Password and password confirmation fields are both required.';
} else {
	if( $_POST['password'] != $_POST['password_conf'] ) {
		$errors[] = 'Password and password confirmation fields must match.';
	}
}
if( empty($errors) ) {
	// Here is the code that is processed if the form has been submitted and there are no validation errors. Database insert, update, whatever.
}
}
?>
<html>
<head>
<title>Test page for field validation</title>
</head>
<body>
<?php
if( !empty($errors) ) {  // starts the display process if the $errors array is not empty.
$num = count($errors);
$i = 1;
foreach( $errors as $value ) { // Loops through the $errors array, and displays each error for the user.
	echo "<font color=\"red\">$value</font>";
	if( $i < $num ) {  // This conditional inserts a <br /> unless it's the last error message.
		echo '<br />';
	}
$i++;
}
}
?>
<form action="" method="post">
Username: <input type="text" name="user_name" /><br />
Password: <input type="password" name="password" /><br />
Re-type Password: <input type="password" name="password_conf" /><br />
<input type="hidden" name="submitted" value="true" />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.