Unholy Prayer Posted March 10, 2007 Share Posted March 10, 2007 I need help with my registration script. I got this code off of a tutorial on tutorialized.com and it didn't have a password confirmation input. I added another input but I can't figure out how to make it encrypted with the md5 thing. This is my code: <?php require("config.php"); require("functions.php"); $action = $_GET['action']; if($action == '') { if(empty($_POST['register'])) { echo "<form action='register.php' method='POST'> <table align='center' cellspacing='1' cellpadding='1' border='0'> <tr> <td align='center' colspan='2'>Clan Member Registration</td> </tr><tr> <td align='right'>Username: </td> <td align='left'><input type='text' name='username'></td> </tr><tr> <td align='right'>Email Address:</td> <td align='left'><input type='text' name='email'></td> </tr><tr> <td align='right'>Password: </td> <td align='left'><input type='password' name='password'></td> </tr><tr> <td align='right'>Confirm Password: </td> <td align='left'><input type='text' name='password_conf'></td> </tr><tr> <td align='center' colspan='2'><input type='submit' name='register' value='Register'></td> </form>"; } elseif(isset($_POST['register'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $password_conf = md5($_POST['password_conf']); if($password != $password_conf) { echo "Your passwords did not match. Please go back and change them."; } $email = mysql_real_escape_string($_POST['email']); $activation_code = generateCode(25); $userq = "SELECT username FROM members WHERE username = '$username' LIMIT 1"; $emailq = "SELECT email FROM members WHERE email = '$email' LIMIT 1"; //put errors into an array $errors = array(); if(empty($username)) { $errors[] = "The username field was blank! <br />"; } if(mysql_num_rows(mysql_query($userq)) > 0) { $errors[] = "The username given is already in use! Please try another one! <br />"; } if(empty($password)) { $errors[] = "The password field was blank! <br />"; } if(empty($email)) { $errors[] = "The email field was blank! <br />"; } if(mysql_num_rows(mysql_query($emailq)) > 0) { $errors[] = "The email given is already in use! Please try another one! <br />"; } if(count($errors) > 0) { foreach($errors as $err) { echo $err; } } else { $sqlq = "INSERT INTO members (username, password, email, is_activated, activation_code)"; $sqlq .= "VALUES ('$username', '$password', '$email', '0', '$activation_code')"; mysql_query($sqlq) or die(mysql_error()); echo "Thanks for registering! You will recieve an email shortly containing your validation code, and a link to activate your account!"; mail($email, "New Registration, www.death-on-demand.com", " Thanks for registering on Death On Demand's official clan website. Here are your login details: Username: ".$username." Password: ".$password." In order to login and gain full access, you must validate your account. Click here to validate: http://www.dev.mtechdev.com/deathondemand/register.php?action=activate&user=".$username."&code=".$activation_code." Thanks, Unholy Prayer, Webmaster. "); } } } Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted March 11, 2007 Share Posted March 11, 2007 try adding the mysql_real_escape_string() around the $_POST['password_conf'] as well. because the $password variable ahas that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.