Quick question...

Aureole · August 14, 2007

Would someone mind if I posted the code for a single file, I doubt it's more than a hundred lines. Then someone could maybe look at it?

Basically I'm knew to the whole PHP thing and I just want to see if I'm going in the right direction 'cause I'm finally trying to make something from scratch.

I won't get into the habit of doing this with every file I ever make don't worry.

PhaZZed · August 14, 2007

Post it..

MadTechie · August 14, 2007

in code tags

Aureole · August 14, 2007

Don't worry I always use code tags MadTechie.

Ok here goes, thanks a lot.

<?php

/*--------------------------*\
@File: register.php
@Author: Joe
@Created: 11/August/07 5:54 AM
@Modified: 13/August/07 12:00 PM
@Revision: 2
\*--------------------------*/

if(isset($_POST['submit'])) {

  $a = "":
  $b = "";
  $c = "";
  $d = "";

include ("connect.php");

$connect = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die ();
mysql_select_db (DB_NAME) OR die();

  if (empty($_POST['mem_name'])) {
  die('You didn\'t enter a Username.'); }
  else {
  $a = mysql_real_escape_string($_POST['mem_name']); }


  $query = mysql_query("SELECT * FROM `gs_mem` WHERE `mem_name` = '".$a."'");
  $fetch = mysql_fetch_object($query);
   
  if($fetch->mem_name == $a) {
  die('The Username you chose is already taken.'); }

  md5($a);

  if (empty($_POST['mem_pass'])) {
  die('You didn\'t enter a Password.'); }
  else {
  $b = mysql_real_escape_string($_POST['mem_pass']); }


  if (empty($_POST['mem_vpass'])) {
  die('You didn\'t verify your Password.'); }
  else {
  $c = mysql_real_escape_string($_POST['mem_vpass']); }


  if($b != $c) { 
  die('The Passwords you entered do not match.'); }


  if(strlen($b) < 8 ) {
  die('Your Password must consist of at least 8 characters.'); }

  md5($b);

  if (empty($_POST['mem_email'])) {
  die('You didn\'t enter an Email Address.'); }
  else {

  $d = mysql_real_escape_string($_POST['mem_email']); }

  $e = md5(uniqid(rand(),1));

if ($a && $b && $d) {

  $insert = "INSERT INTO `gs_mem` (mem_name, mem_pass, mem_email, mem_active, mem_validate) VALUES ('".$a."', 

'".$b."', '".$d."', '0', '".$e."')";

  $insert = mysql_query($insert);
  if(!$insert) die(mysql_error());

  $getvalcode = "SELECT mem_validate FROM gs_mem ORDER BY mem_id DESC LIMIT  1";
  $result = mysql_query($getvalcode) or die(mysql_error());
  while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
  $valcode = $row['mem_validate']; }

  $to = $d;
  $subject = "GameSpaces - Validation Code";
  $body = "You need to activate your GameSpaces account, to do so please copy the following code and enter it on the page you were taken to after registering. Your code: $valcode";

  mail($to, $subject, $body, $from_header);

  echo('Your Account has been created.'); } }

  else {

  echo('You may not access this file directly.'); }

?>

MadTechie · August 14, 2007

OK MD5 + salt we talked about

Use of $a $b $c, will cause you problems later use names like $mName it save scrolling up look for what the $a was set to..

the code itself looks ok

maybe a few changes

$insertSQL = "INSERT INTO `gs_mem` (mem_name, mem_pass, mem_email, mem_active, mem_validate) VALUES ('".$a."', 

'".$b."', '".$d."', '0', '".$e."')";

  $insert = mysql_query($insertSQL);
mysql_query($insertSQL);
$uID = mysql_insert_id();

  if(!$insert) die(mysql_error());

  $getvalcode = "SELECT mem_validate FROM gs_mem WHERE mem_id = $uID";

Aureole · August 14, 2007

Ok thanks a lot it's just nice to get clarification from someone who knows what they're talking about.

MadTechie · August 14, 2007

readup on

mysql insert id

and see edited post above

only real problem

had to guess that mem_id is unique

Aureole · August 14, 2007

I have an id row in the database and it is set to auto increment so do I not need to do what you said?

Wait I see what you did now...it's to make sure if two people register at the same time they don't get the wrong validation code right? Like the insert id will always be same as the mem_id that is set to auto increment so there is no chance of them getting the wrong code?

MadTechie · August 14, 2007

correct

quick update

comments and where

  $insert = mysql_query($insertSQL);
$uID = mysql_insert_id(); //<--gets the auto increment

  if(!$insert) die(mysql_error());

  $getvalcode = "SELECT mem_validate FROM gs_mem WHERE id = $uID";//Finds the user

Aureole · August 14, 2007

Ok thanks a lot for that, I knew that there could be problems with how I had it before but I wasn't show how I could change it. Thanks again.

uwannadonkey · August 14, 2007

did you md5 the password?

Aureole · August 14, 2007

Look after the strlen when I check the length of the Password...

<?php
  if(strlen($b) < 8 ) {
  die('Your Password must consist of at least 8 characters.'); }

  md5($b);
?>

MadTechie · August 14, 2007

ahh

well spotted

change to

$b = md5($b);

Aureole · August 14, 2007

Don't they both do the same thing? ???

Meh I guess not. Thanks again.

Sign In

Quick question...

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information