Jump to content

[Request Review] Account Creation & Login Script


livethedead

Recommended Posts

Hey guys, I'm sure you've seen me around the help board recently asking a lot of quests haha. I started learning PHP 3 weeks ago and I finally finished something that well, does something useful. I'd appreciate it if you guys could take the time to look at the code and give me any pointers where I can improve, if there's security issues, etc. While this isn't for production, I still can use it to learn.  Also, is there anything specific you would recommend me to study at this point in my skill. Thanks guys!

 

Account Creation

<?php
session_start();
require_once 'app_config.php';

$username = trim($_POST['accname']);
$passwrd = trim($_POST['passwrd']);
$passwrd_check = trim($_POST['passwrd_check']);
$email = mysql_real_escape_string(trim($_POST['email']));

if ($passwrd == $passwrd_check) {
	$passwrd = mysql_real_escape_string(md5($passwrd));
}	else {
		echo "Passwords do not match.";
		die();
	}

if (ctype_alnum($username)) {
	$username = mysql_real_escape_string($username);
}	else {
		echo "Usernames may only contain (a-z 0-9).";
		die();
	}

$sql = "INSERT INTO accounts (username, passwrd, email) VALUES 
('{$username}', '{$passwrd}', '{$email}')";

$sql = mysql_query($sql);
if (!$sql) {
	echo "Error executing the query" . mysql_error();
}	else {
		$resource = mysql_query("SELECT id, username, email FROM 
		accounts WHERE username = '{$username}'");

		$array = mysql_fetch_array($resource);

		$_SESSION['logged_in'] = true;
		$_SESSION['id'] = $array['id'];
		$_SESSION['email'] = $array['email'];

		header("Location: home.html");
		die();

	}
?>]

 

Login

<?php
session_start();
require_once 'app_config.php';

if ($_SESSION['logged_in']) {
	$_SESSION['redirected'] = true;
	header("Location: home.html");
	die();
}

$username = mysql_real_escape_string($_POST['accname']);
$passwrd = mysql_real_escape_string(md5($_POST['passwrd']));

$query = "SELECT id, username, email FROM accounts WHERE username = 
'{$username}' AND passwrd = '{$passwrd}'";

$resource = mysql_query($query);

if (!mysql_num_rows($resource)) {
	echo "Account or password is incorrect";
}	else {
		$array = mysql_fetch_array($resource);

		$_SESSION['logged_in'] = true;
		$_SESSION['id'] = $array['id'];
		$_SESSION['email'] = $array['email'];

		header("Location: home.html");
		die();
	}
?>]

 

I plan to do some things like email verifacation, and some other redirection soon.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.