Jump to content

[SOLVED] Registration/Adding members to database


RitchieGunz

Recommended Posts

Ok, So I've been reading an awful lot on php and Im ready to create my own mmorpg. I feel pretty comfortable on how Im gonna go about making the site and feel I'll be able to make it with little intervention from anybody.

 

But one thing the tutorial didnt really explain well (or I couldnt really understand) was adding members to the mysql database. I don't wanna be a freeloader or such, but I just need help with this one thing then I'll be outta your hair, lol.

 

If possible, I just need someone to post up the html and php script (I know the html, I just feel like I'll mess it up in conjuction with the php, lol) for registration while adding them to the mysql db.

 

Also, for security purposes, would it be smart to use htmlentities on all my pages?

 

Thanks in advance.

 

 

(btw, I've already have done the search and couldnt find a suitable answer)

Link to comment
Share on other sites

  • Replies 100
  • Created
  • Last Reply

Ok, well I won't get into securing the code, as I am still not to sure about that myself, however here is your basic code to register a user and add it to a database. Hope that helps.

 

register.php

<html>
<head></head>
<body>

<?
if(isset($_POST['register']))
{

//connect to your database
$dbhost = 'localhost';
$dbuser = 'user';
$dbpass = 'pass';
$dbname = 'dbname';

$conn = @mysql_connect($dbhost, $dbuser, $dbpass) or die("Error: Can't connect to server");
$db = @mysql_select_db($dbname, $conn) or die("Error: Can't connect to databse");

$name = $_POST['name'];
$email= $_POST['email'];
$age = $_POST['age'];

$query = "INSERT INTO table_name (name, email, age) VALUES ('$name', '$email', '$age)";
mysql_query($query) or die('Error, insert query failed');

mysql_close($conn);
echo "Thank you for registering!";
}
else
{
?>
<form method="post">
<table border="0" cellspacing="1" cellpadding="2">
<tr> 
<td><b>Name:</b></td>
<td><input name="name" type="text" id="name"></td>
</tr>

<tr> 
<td><b>E-Mail:</b></td>
<td><input name="email" type="text" id="email"></td>
</tr>

<tr> 
<td><b>Age:</b></td>
<td><input name="age" type="text" id="age"></td>
</tr>

<tr> 
<td> </td>
<td><input name="register" type="submit" id="register" value="Submit"></td>
</tr>
</table>
</form>
<?
}
?>

</body>
</html>

 

Regards,

eRott

Link to comment
Share on other sites

How much detail do you want? There are many aspects to this...

You want to check to see if they entered in the info.

You want to make sure they aren't trying to hack you.

You want to tell them what they did wrong if the check failed.

 

Those are the most basic parts of the task at hand. I can explain them all to you if you want, but I will have to show you examples...

 

Tell me what you want, and I'll get you what you need.

Link to comment
Share on other sites

Well, with nothing to do (Sigh*) I typed this up for you... I hope it isn't to much. I know you didn't want the whole thing so I did my best to make it more like a tutorial than a sign up script... Also, I didn't fill in the whole thing so you can't just copy and paste. :)

 

I think it will be nothing short of beneficial for you!

 

You need to first create a table in your database for your new users.

 

I recommend at least these fields:

username

password

email

id - This should auto increment!

-------------------

You will only need a basic html form. Ask them for there username, password and email address.

A small example:

<form action="check.php" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
Verify Password: <input type="password" name="varpassword" /><br />
E-mail: <input type="text" name="email" /><br />
<input type="submit" value="Sign Up" />
</form>

 

 

The first thing you should do with your php is make sure they entered all the fields. You can do that like this:

if (strlen($_POST['username']) < 4)
{
//There username contains less than 4 characters

//Set a session variable so that you can tell the user how they screwed up
$_SESSION['short_username'] = TRUE;

//Tell the script that something went wrong
$pass = FALSE;
{
//Do that for all the fields.
//You should change the "4" to an "8" for the email address.
//No email address will have less than 8 characters!

 

 

Next you want to make sure they aren't trying to hack you. You can do this by limiting what they can enter to alphanumeric characters. Do this with:

if (preg_match("/[^a-zA-Z0-9_-]/", $_POST['username']))
{
   	//There username contains invalid characters
//They me be trying to hack you...

//Set a session variable so that you can tell the user how they screwed up
$_SESSION['bad_username'] = TRUE;

//Tell the script that something went wrong
$pass = FALSE;
}
//Again, do that for all the fields.
//You should use preg_match("/[^a-zA-Z0-9]/", $_POST['password']) for the password.
//You should use preg_match("/[^a-zA-Z0-9_-.@]/", $_POST['email']) for the email!

 

 

Now you need to check there two passwords against each other to make sure they match. This is very simple. I don't mean to insult you, but this is probably the best way to do it:

//I do this part to make sure they don't do anything stupid.
//Like if they put "2+2" for the password and "4" for the varpassword,
//Then this would stop that from proving true!
$password = md5($_POST['password']);
$varpassword = md5($_POST['varpassword']);
if ($password != $varpassword)
{
//There passwords did not match

//Set a session variable so that you can tell the user how they screwed up
$_SESSION['match_password'] = TRUE;

//Tell the script that something went wrong
$pass = FALSE;
}

 

 

OK now we need to finish this thing off!

if ($pass == FALSE)
{
//They failed the exam!
//For some reason they have failed or check system.

//You will need to send the back to fix the problem before we continue
echo "<meta http-equiv=/"refresh/" content=/"1;url=signup.htm/">";

//I like to kill the script at this point.
die();
}
else
{
//Hey they past our test!
//Looking at all this, I don't know how! lol
//You can now change their password into something unreadable.
//I do it again to make sure nothing happened to it on the way...
$password = md5($_POST['password']);

//Now that you have all their info, you can put them into the database

//Connect to the database
$connect = mysql_connect('localhost',$username,$password) or die(mysql_error());

//Select your database
mysql_select_db($database) or die(mysql_error());

//Insert new user
$query = mysql_query("INSERT INTO users ('username', 'password', 'email')
          VALUES ($_POST['username'], $password, $_POST['email'])") or die(mysql_error());

//Close mysql
mysql_close();

//Now they have an account!
}

 

 

OK, you know have one last thing to do. You need to let them know what they did wrong. You remember all the sessions we made above? In order to do this we will need to update our basic form to this:

<form action="check.php" method="post">
if ($_SESSION['short_username'] == TRUE)
{
echo "Your username was too short!<br />";
}

if ($_SESSION['bad_username'] == TRUE)
{
echo "Usernames may only contain alphanumeric characters, dashes (-) and underscores (_)<br />";
}
Username: <input type="text" name="username" /><br />

if ($_SESSION['short_password'] == TRUE)
{
echo "Your password was too short!<br />";
}

if ($_SESSION['bad_password'] == TRUE)
{
echo "Passwords may only contain alphanumeric characters<br />";
}
Password: <input type="password" name="password" /><br />

if ($_SESSION['match_password'] == TRUE)
{
echo "Your passwords did not match!<br />";
}
Verify Password: <input type="password" name="varpassword" /><br />

if ($_SESSION['bad_email'] == TRUE)
{
echo "You have entered an invalid E-mail address<br />";
}
E-mail: <input type="text" name="email" /><br />
<input type="submit" value="Sign Up" />
</form>

 

I hope this helps you out!

Link to comment
Share on other sites

And I thought I was gonna be able to do this with no problems lol

 

I've downlaoded php from php.net (don't know if I had too). Right now, Im using justfree.com to prep the site before I get a domain and real host.

 

I've downloaded NaviCat to manage my mysql. Problem is, it won't connect me. I created a database "ritchiegunz_main". Would local host be ritchiegunz.justfree.com .They have a phpMyAdmin panel. I used that to create tables (i think). When I trying running http://ritchiegunz.justfree.com/index45.html .. I click on submit and it just goes to check.php (Which I was supposed to create in that directory, right?)

 

Anyone wanna point me in the right direction of a common mysql manager? and a common free host that wont cause problems?

 

 

I think once I get myself setup, I'll be good to go. But that isnt happening  :'( lol

 

Thanks in advance

Link to comment
Share on other sites

Oh shoot! I forgot one vital step!

 

Change this:

<form action="check.php" method="post">
if ($_SESSION['short_username'] == TRUE)
{
echo "Your username was too short!<br />";
}

if ($_SESSION['bad_username'] == TRUE)
{
echo "Usernames may only contain alphanumeric characters, dashes (-) and underscores (_)<br />";
}
Username: <input type="text" name="username" /><br />

if ($_SESSION['short_password'] == TRUE)
{
echo "Your password was too short!<br />";
}

if ($_SESSION['bad_password'] == TRUE)
{
echo "Passwords may only contain alphanumeric characters<br />";
}
Password: <input type="password" name="password" /><br />

if ($_SESSION['match_password'] == TRUE)
{
echo "Your passwords did not match!<br />";
}
Verify Password: <input type="password" name="varpassword" /><br />

if ($_SESSION['bad_email'] == TRUE)
{
echo "You have entered an invalid E-mail address<br />";
}
E-mail: <input type="text" name="email" /><br />
<input type="submit" value="Sign Up" />
</form>

 

 

-------------------

To this:

<form action="check.php" method="post">
if ($_SESSION['short_username'] == TRUE)
{
echo "Your username was too short!<br />";
$_SESSION['short_username'] = FALSE;
}

if ($_SESSION['bad_username'] == TRUE)
{
echo "Usernames may only contain alphanumeric characters, dashes (-) and underscores (_)<br />";
$_SESSION['bad_username'] = FALSE;
}
Username: <input type="text" name="username" /><br />

if ($_SESSION['short_password'] == TRUE)
{
echo "Your password was too short!<br />";
$_SESSION['short_password'] = FALSE;
}

if ($_SESSION['bad_password'] == TRUE)
{
echo "Passwords may only contain alphanumeric characters<br />";
$_SESSION['bad_password'] = FALSE;
}
Password: <input type="password" name="password" /><br />

if ($_SESSION['match_password'] == TRUE)
{
echo "Your passwords did not match!<br />";
$_SESSION['match_password'] = FALSE;
}
Verify Password: <input type="password" name="varpassword" /><br />

if ($_SESSION['bad_email'] == TRUE)
{
echo "You have entered an invalid E-mail address<br />";
$_SESSION['bad_email'] = FALSE;
}
E-mail: <input type="text" name="email" /><br />
<input type="submit" value="Sign Up" />
</form>

 

If you do not end that session, your users will constantly get that same error regardless of what they enter. You must end the session after the problem proves true, other wise it will never prove true....

 

lol, how do you forget something like that!?

Link to comment
Share on other sites

The install for XAMPP is a little difficult I found... Nice program though.

 

I think you should get some help from the XAMPP forum. This forum is more for php help...

--------------------------------

 

You mentioned that you had already downloaded php, phpmyadmin and other things?

 

If you attempted to install them then you will have to unistall XAMPP and the other software. PHP, phpMyAdmin, apache and anything you tried to install before XAMPP that is related to apache.

 

If you are running windows, chances are, you have a service running that is takeing up that port. Probably apache.

 

You will probably have to check your services and possible even delete that service. Be very carefull though, you could totally scew up your computer...

 

------------

I think you should get some help from the XAMPP forum. This forum is more for php help...

Link to comment
Share on other sites

So I've created the database called "members" .. I put in username, password, email and id tables in. I made the id primary and set it to auto-increment.

 

Now how do I go about actually viewing and editing php files? I tried looking at one through internet explorer but it just came up blank  :-[

Link to comment
Share on other sites

Also, where should I be placing these files to view them?

 

Once I can get all setup and start editing, I'll be good to go  ;)

 

I love tweaking scripts to make them just right and I love the feeling that I've done it mostly myself, but I still can't even get to that point. lol.

Link to comment
Share on other sites

I went to xampp/htdocs and tried viewing the index file. This is what I got:

 

 

 

<?php

if (!empty($_SERVER['HTTPS']) && ('on' == $_SERVER['HTTPS'])) {

$uri = 'https://';

} else {

$uri = 'http://';

}

$uri .= $_SERVER['HTTP_HOST'];

header('Location: '.$uri.'/xampp/');

exit;

?>

Something is wrong with the XAMPP Lite installation :-(

 

 

 

And when I view it in firefox, I just get:

"Something is wrong with the XAMPP Lite installation :-("

 

 

Do I gotta edit httpd.conf ??

 

 

 

 

What could be wrong?

Link to comment
Share on other sites

Now how do I go about actually viewing and editing php files? I tried looking at one through internet explorer but it just came up blank  :-[

 

When you set up XAMPP (or WAMP), you have to choose a localhost directory. Bascially, this folder becomes your web root. If you hit localhost through your browser, you should see the files in that directory which you have chosen as your doc root. At this point, editing those files is identical to how you would do it on a live server. As you make changes and save, the changes will be reflected within the browser.

Link to comment
Share on other sites

Ok, I found the directory. Sorry about all the questions, just better to ask since Im on a slow computer.

 

Problem Now. I've made signup.html and thats working fine. What exactly should I be putting in check.php?

 

 

 

Because this is what I get when I press the signup button:

 

if ($_SESSION['short_username'] == TRUE) { echo "Your username was too short!

"; } if ($_SESSION['bad_username'] == TRUE) { echo "Usernames may only contain alphanumeric characters, dashes (-) and underscores (_)

"; } Username:

if ($_SESSION['short_password'] == TRUE) { echo "Your password was too short!

"; } if ($_SESSION['bad_password'] == TRUE) { echo "Passwords may only contain alphanumeric characters

"; } Password:

if ($_SESSION['match_password'] == TRUE) { echo "Your passwords did not match!

"; } Verify Password:

if ($_SESSION['bad_email'] == TRUE) { echo "You have entered an invalid E-mail address

"; } E-mail:

?>

 

 

And just incase I've done anything wrong, this is what I got in signup.html:

 

 

 


<html>
<body>



<form action="check.php" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
Verify Password: <input type="password" name="varpassword" /><br />
E-mail: <input type="text" name="email" /><br />
<input type="submit" value="Sign Up" />
</form>

<?php

if (strlen($_POST['username']) < 4)
{



//There username contains less than 4 characters



//Set a session variable so that you can tell the user how they screwed up



$_SESSION['short_username'] = TRUE;



//Tell the script that something went wrong



$pass = FALSE;
{
//Do that for all the fields.
//You should change the "4" to an "8" for the email address.
//No email address will have less than 8 characters!

if (preg_match("/[^a-zA-Z0-9_-]/", $_POST['username']))
{
   



//There username contains invalid characters



//They me be trying to hack you...



//Set a session variable so that you can tell the user how they screwed up



$_SESSION['bad_username'] = TRUE;



//Tell the script that something went wrong



$pass = FALSE;
}
//Again, do that for all the fields.
//You should use preg_match("/[^a-zA-Z0-9]/", $_POST['password']) for the password.
//You should use preg_match("/[^a-zA-Z0-9_-.@]/", $_POST['email']) for the email!

//I do this part to make sure they don't do anything stupid.
//Like if they put "2+2" for the password and "4" for the varpassword,
//Then this would stop that from proving true!
$password = md5($_POST['password']);
$varpassword = md5($_POST['varpassword']);
if ($password != $varpassword)
{



//There passwords did not match



//Set a session variable so that you can tell the user how they screwed up



$_SESSION['match_password'] = TRUE;



//Tell the script that something went wrong



$pass = FALSE;
}

if ($pass == FALSE)
{



//They failed the exam!



//For some reason they have failed or check system.



//You will need to send the back to fix the problem before we continue







//I like to kill the script at this point.



die();
}
else
{



//Hey they past our test!



//Looking at all this, I don't know how! lol



//You can now change their password into something unreadable.



//I do it again to make sure nothing happened to it on the way...



$password = md5($_POST['password']);



//Now that you have all their info, you can put them into the database



//Connect to the database



$connect = mysql_connect('localhost',$username,$password) or die(mysql_error());



//Select your database



mysql_select_db($database) or die(mysql_error());



//Insert new user



$query = mysql_query("INSERT INTO users ('username', 'password', 'email')
          VALUES ($_POST['username'], $password, $_POST['email'])") or die(mysql_error());



//Close mysql



mysql_close();



//Now they have an account!
}


?>

</body>
</html>


 

 

 

 

And this is in check.php, Which I know is probably wrong, lol

 

 


<html>
<body>


<?php

<form action="check.php" method="post">
if ($_SESSION['short_username'] == TRUE)
{



echo "Your username was too short!<br />";
}

if ($_SESSION['bad_username'] == TRUE)
{



echo "Usernames may only contain alphanumeric characters, dashes (-) and underscores (_)<br />";
}
Username: <input type="text" name="username" /><br />

if ($_SESSION['short_password'] == TRUE)
{



echo "Your password was too short!<br />";
}

if ($_SESSION['bad_password'] == TRUE)
{



echo "Passwords may only contain alphanumeric characters<br />";
}
Password: <input type="password" name="password" /><br />

if ($_SESSION['match_password'] == TRUE)
{



echo "Your passwords did not match!<br />";
}
Verify Password: <input type="password" name="varpassword" /><br />

if ($_SESSION['bad_email'] == TRUE)
{



echo "You have entered an invalid E-mail address<br />";
}
E-mail: <input type="text" name="email" /><br />
<input type="submit" value="Sign Up" />
</form>

?>

</body>
</html>



Link to comment
Share on other sites

Now, to fix the codes. I see I have confused you slightly... You need to use the updated form for the sign up process....

 

For signup.php

<html>
<head>
	<title>Sign Up</title>
</head>

<body>
	<?php
		echo "<form action=/"check.php/" method=/"post/">"
			if ($_SESSION['short_username'] == TRUE)
			{
				echo "Your username was too short!<br />";
				$_SESSION['short_username'] = FALSE;
			}

			if ($_SESSION['bad_username'] == TRUE)
			{
				echo "Usernames may only contain alphanumeric characters, dashes (-) and underscores (_)<br />";
				$_SESSION['bad_username'] = FALSE;
			}
			echo "Username: <input type=/"text/" name=/"username/" /><br />"

			if ($_SESSION['short_password'] == TRUE)
			{
				echo "Your password was too short!<br />";
				$_SESSION['short_password'] = FALSE;
			}

			if ($_SESSION['bad_password'] == TRUE)
			{
				echo "Passwords may only contain alphanumeric characters<br />";
				$_SESSION['bad_password'] = FALSE;
			}
			echo "Password: <input type=/"password/" name=/"password/" /><br />

			if ($_SESSION['match_password'] == TRUE)
			{
				echo "Your passwords did not match!<br />";
				$_SESSION['match_password'] = FALSE;
			}
			echo "Verify Password: <input type=/"password/" name=/"varpassword/" /><br />"

			if ($_SESSION['bad_email'] == TRUE)
			{
				echo "You have entered an invalid E-mail address<br />";
				$_SESSION['bad_email'] = FALSE;
			}
			echo "E-mail: <input type=/"text/" name=/"email/" /><br />"
			<input type=/"submit/" value=/"Sign Up/" />
		</form>
	?>
</body>
</html>

 

 

 

Then to check the the sign up, you need to use the rest of it. You will still need to configure the code to get it to work right though... ;)

The first thing you should do with your php is make sure they entered all the fields. You can do that like this:
if (strlen($_POST['username']) < 4)
{
//There username contains less than 4 characters

//Set a session variable so that you can tell the user how they screwed up
$_SESSION['short_username'] = TRUE;

//Tell the script that something went wrong
$pass = FALSE;
{
//Do that for all the fields.
//You should change the "4" to an "8" for the email address.
//No email address will have less than 8 characters!

 

 

Next you want to make sure they aren't trying to hack you. You can do this by limiting what they can enter to alphanumeric characters. Do this with:

if (preg_match("/[^a-zA-Z0-9_-]/", $_POST['username']))
{
   	//There username contains invalid characters
//They me be trying to hack you...

//Set a session variable so that you can tell the user how they screwed up
$_SESSION['bad_username'] = TRUE;

//Tell the script that something went wrong
$pass = FALSE;
}
//Again, do that for all the fields.
//You should use preg_match("/[^a-zA-Z0-9]/", $_POST['password']) for the password.
//You should use preg_match("/[^a-zA-Z0-9_-.@]/", $_POST['email']) for the email!

 

 

Now you need to check there two passwords against each other to make sure they match. This is very simple. I don't mean to insult you, but this is probably the best way to do it:

//I do this part to make sure they don't do anything stupid.
//Like if they put "2+2" for the password and "4" for the varpassword,
//Then this would stop that from proving true!
$password = md5($_POST['password']);
$varpassword = md5($_POST['varpassword']);
if ($password != $varpassword)
{
//There passwords did not match

//Set a session variable so that you can tell the user how they screwed up
$_SESSION['match_password'] = TRUE;

//Tell the script that something went wrong
$pass = FALSE;
}

 

 

OK now we need to finish this thing off!

if ($pass == FALSE)
{
//They failed the exam!
//For some reason they have failed or check system.

//You will need to send the back to fix the problem before we continue
echo "<meta http-equiv=/"refresh/" content=/"1;url=signup.htm/">";

//I like to kill the script at this point.
die();
}
else
{
//Hey they past our test!
//Looking at all this, I don't know how! lol
//You can now change their password into something unreadable.
//I do it again to make sure nothing happened to it on the way...
$password = md5($_POST['password']);

//Now that you have all their info, you can put them into the database

//Connect to the database
$connect = mysql_connect('localhost',$username,$password) or die(mysql_error());

//Select your database
mysql_select_db($database) or die(mysql_error());

//Insert new user
$query = mysql_query("INSERT INTO users ('username', 'password', 'email')
          VALUES ($_POST['username'], $password, $_POST['email'])") or die(mysql_error());

//Close mysql
mysql_close();

//Now they have an account!
}

 

 

 

Sorry about the wait, I had to go to school.... bah!

Link to comment
Share on other sites

Oh and one other thing. If you click on the "Quote" button at the top of my last post, it will place the whole thing into a text box.

 

If you copy the text while it's in the text box, you won't get all the ugly spaces when you post it over to you php editor.

 

 

Also, do you have a php editor? The syntax highlighting is a huge blessing!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.