livethedead Posted February 17, 2012 Share Posted February 17, 2012 Hey guys, I'm sure you've seen me around the help board recently asking a lot of quests haha. I started learning PHP 3 weeks ago and I finally finished something that well, does something useful. I'd appreciate it if you guys could take the time to look at the code and give me any pointers where I can improve, if there's security issues, etc. While this isn't for production, I still can use it to learn. Also, is there anything specific you would recommend me to study at this point in my skill. Thanks guys! Account Creation <?php session_start(); require_once 'app_config.php'; $username = trim($_POST['accname']); $passwrd = trim($_POST['passwrd']); $passwrd_check = trim($_POST['passwrd_check']); $email = mysql_real_escape_string(trim($_POST['email'])); if ($passwrd == $passwrd_check) { $passwrd = mysql_real_escape_string(md5($passwrd)); } else { echo "Passwords do not match."; die(); } if (ctype_alnum($username)) { $username = mysql_real_escape_string($username); } else { echo "Usernames may only contain (a-z 0-9)."; die(); } $sql = "INSERT INTO accounts (username, passwrd, email) VALUES ('{$username}', '{$passwrd}', '{$email}')"; $sql = mysql_query($sql); if (!$sql) { echo "Error executing the query" . mysql_error(); } else { $resource = mysql_query("SELECT id, username, email FROM accounts WHERE username = '{$username}'"); $array = mysql_fetch_array($resource); $_SESSION['logged_in'] = true; $_SESSION['id'] = $array['id']; $_SESSION['email'] = $array['email']; header("Location: home.html"); die(); } ?>] Login <?php session_start(); require_once 'app_config.php'; if ($_SESSION['logged_in']) { $_SESSION['redirected'] = true; header("Location: home.html"); die(); } $username = mysql_real_escape_string($_POST['accname']); $passwrd = mysql_real_escape_string(md5($_POST['passwrd'])); $query = "SELECT id, username, email FROM accounts WHERE username = '{$username}' AND passwrd = '{$passwrd}'"; $resource = mysql_query($query); if (!mysql_num_rows($resource)) { echo "Account or password is incorrect"; } else { $array = mysql_fetch_array($resource); $_SESSION['logged_in'] = true; $_SESSION['id'] = $array['id']; $_SESSION['email'] = $array['email']; header("Location: home.html"); die(); } ?>] I plan to do some things like email verifacation, and some other redirection soon. Link to comment https://forums.phpfreaks.com/topic/257199-request-review-account-creation-login-script/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.