Snooble Posted March 4, 2007 Share Posted March 4, 2007 Hello everyone, I have a register form, posting to a checkregister form which then goes to a completed form. Forms on register page: Username Password Password Again Email -------------------------- Can someone tell me some security i can implement on my checkregister page. Such as to stop blank entries, to tell the user if they have entered a username that's already in the db, no duplicate entries for email or username. make sure the passwords match otherwise tell them. Thanks, Bit lost here, Snooble Link to comment https://forums.phpfreaks.com/topic/41125-register-check/ Share on other sites More sharing options...
simcoweb Posted March 4, 2007 Share Posted March 4, 2007 Here's an example: <?php // input error checking if ($username=="") { $err.= "Please provide a username<br/>"; } if (!$email) { $err.= "Please provide your email address<br>"; } if ($email) { if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { $err.= $email. " is not a valid email address.<br/>"; } } if ($password=="") { $err.= "Please provide password<br/>"; } if ($confirmPass=="") { $err.= "Please confirm your password.<br/>"; } if ($confirmPass != $password) { $err.= "Your passwords do not match. Please re-enter your passwords."; } if (!$secure) { $err.= "No security code entered<br/>"; } if (($secure!=$match) && ($secure!="")) { $err.= "Security code mismatch<br/>"; } if ($err=="") { If no errors then all the code between these brackets would execute } ?> Link to comment https://forums.phpfreaks.com/topic/41125-register-check/#findComment-199200 Share on other sites More sharing options...
Orio Posted March 4, 2007 Share Posted March 4, 2007 Take a look at this registration page I made for the mmorpg contest, I hope it'll help you: <?php if(!isset($_POST['submit'])) die_form(); elseif(empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) die_form("Please fill in all of the fields!"); //else{... //validation register_valid(); //get data $user = sql_quote(html_convert(trim($_POST['username']))); $email = sql_quote(html_convert(trim($_POST['email']))); $pass = md5(md5(sql_quote($_POST['password'])).$config['salt']); //Check if exists already $query = "SELECT * FROM `users` where username='$user' OR email='$email' LIMIT 1"; $result = mysql_query($query); if(mysql_num_rows($result) != 0) die_form("The chosen username/email is already in use."); //I've removed the actual registration part: //The part that inserts data to database function register_valid() { if (strlen(stripslashes($_POST['password'])) > 15 || strlen(stripslashes($_POST['password'])) < 4) die_form("Invalid Password. Password must have between 4 to 15 charaters!"); if($_POST['password'] != $_POST['ppassword']) die_form("Password fields don't match"); if(preg_match("/^[a-zA-Z0-9\_]+$/", $_POST['username']) == 0) die_form("Invalid Username. Username may only contain alphanumeric charaters and underscores!"); if(strlen($_POST['username']) > 15 || strlen($_POST['username']) < 3) die_form("Invalid Username. Username must be between 3 to 15 charaters long!"); if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $_POST['email'])) die_form("Illeagal email address!"); } function die_form($err="") { if(!empty($err)) echo "<font color=\"red\"><b>".$err."</b></font><br>"; $restore=array(); $restore['user'] = (isset($_POST['username'])) ? html_convert($_POST['username']) : ""; $restore['email'] = (isset($_POST['email'])) ? html_convert($_POST['email']) : ""; die("<form name=\"login\" method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n <table width=\"60%\" border=\"0\" cellpadding=\"5px\">\n <tr><td width=\"40%\"></td><td width=\"70%\"></td></tr>\n <tr><td>Username:</td><td><input name=\"username\" type=\"text\" value=\"".$restore['user']."\">\n</td></tr> <tr><td>Password:</td><td><input name=\"password\" type=\"password\">\n</td></tr> <tr><td>Retype Password:</td><td><input name=\"ppassword\" type=\"password\">\n</td></tr> <tr><td>Email:</td><td><input name=\"email\" type=\"text\" value=\"".$restore['email']."\"> (Must be valid!)\n</td></tr> </table><br> <input name=\"submit\" type=\"submit\" value=\"Register!\">\n</form>"); } ?> Orio. Link to comment https://forums.phpfreaks.com/topic/41125-register-check/#findComment-199203 Share on other sites More sharing options...
Snooble Posted March 4, 2007 Author Share Posted March 4, 2007 both, BRILLIANT examples of what i'm looking for. Will take what i need from them, should work fine. Are there any suggestions of a good captcha to use? I've never used one before. Not after any SSL encrypted thing, Just want to know the basics. Thank you SNooble Link to comment https://forums.phpfreaks.com/topic/41125-register-check/#findComment-199221 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.