Unholy Prayer Posted March 10, 2007 Share Posted March 10, 2007 I need help with my registration script. I got this code off of a tutorial on tutorialized.com and it didn't have a password confirmation input. I added another input but I can't figure out how to make it encrypted with the md5 thing. This is my code: <?php require("config.php"); require("functions.php"); $action = $_GET['action']; if($action == '') { if(empty($_POST['register'])) { echo "<form action='register.php' method='POST'> <table align='center' cellspacing='1' cellpadding='1' border='0'> <tr> <td align='center' colspan='2'>Clan Member Registration</td> </tr><tr> <td align='right'>Username: </td> <td align='left'><input type='text' name='username'></td> </tr><tr> <td align='right'>Email Address:</td> <td align='left'><input type='text' name='email'></td> </tr><tr> <td align='right'>Password: </td> <td align='left'><input type='password' name='password'></td> </tr><tr> <td align='right'>Confirm Password: </td> <td align='left'><input type='text' name='password_conf'></td> </tr><tr> <td align='center' colspan='2'><input type='submit' name='register' value='Register'></td> </form>"; } elseif(isset($_POST['register'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $password_conf = md5($_POST['password_conf']); if($password != $password_conf) { echo "Your passwords did not match. Please go back and change them."; } $email = mysql_real_escape_string($_POST['email']); $activation_code = generateCode(25); $userq = "SELECT username FROM members WHERE username = '$username' LIMIT 1"; $emailq = "SELECT email FROM members WHERE email = '$email' LIMIT 1"; //put errors into an array $errors = array(); if(empty($username)) { $errors[] = "The username field was blank! <br />"; } if(mysql_num_rows(mysql_query($userq)) > 0) { $errors[] = "The username given is already in use! Please try another one! <br />"; } if(empty($password)) { $errors[] = "The password field was blank! <br />"; } if(empty($email)) { $errors[] = "The email field was blank! <br />"; } if(mysql_num_rows(mysql_query($emailq)) > 0) { $errors[] = "The email given is already in use! Please try another one! <br />"; } if(count($errors) > 0) { foreach($errors as $err) { echo $err; } } else { $sqlq = "INSERT INTO members (username, password, email, is_activated, activation_code)"; $sqlq .= "VALUES ('$username', '$password', '$email', '0', '$activation_code')"; mysql_query($sqlq) or die(mysql_error()); echo "Thanks for registering! You will recieve an email shortly containing your validation code, and a link to activate your account!"; mail($email, "New Registration, www.death-on-demand.com", " Thanks for registering on Death On Demand's official clan website. Here are your login details: Username: ".$username." Password: ".$password." In order to login and gain full access, you must validate your account. Click here to validate: http://www.dev.mtechdev.com/deathondemand/register.php?action=activate&user=".$username."&code=".$activation_code." Thanks, Unholy Prayer, Webmaster. "); } } } Link to comment https://forums.phpfreaks.com/topic/42156-help-with-member-system/ Share on other sites More sharing options...
JasonLewis Posted March 11, 2007 Share Posted March 11, 2007 try adding the mysql_real_escape_string() around the $_POST['password_conf'] as well. because the $password variable ahas that. Link to comment https://forums.phpfreaks.com/topic/42156-help-with-member-system/#findComment-204592 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.