Aureole Posted August 14, 2007 Share Posted August 14, 2007 Would someone mind if I posted the code for a single file, I doubt it's more than a hundred lines. Then someone could maybe look at it? Basically I'm knew to the whole PHP thing and I just want to see if I'm going in the right direction 'cause I'm finally trying to make something from scratch. I won't get into the habit of doing this with every file I ever make don't worry. Quote Link to comment Share on other sites More sharing options...
PhaZZed Posted August 14, 2007 Share Posted August 14, 2007 Post it.. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 14, 2007 Share Posted August 14, 2007 in code tags Quote Link to comment Share on other sites More sharing options...
Aureole Posted August 14, 2007 Author Share Posted August 14, 2007 Don't worry I always use code tags MadTechie. Ok here goes, thanks a lot. <?php /*--------------------------*\ @File: register.php @Author: Joe @Created: 11/August/07 5:54 AM @Modified: 13/August/07 12:00 PM @Revision: 2 \*--------------------------*/ if(isset($_POST['submit'])) { $a = "": $b = ""; $c = ""; $d = ""; include ("connect.php"); $connect = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die (); mysql_select_db (DB_NAME) OR die(); if (empty($_POST['mem_name'])) { die('You didn\'t enter a Username.'); } else { $a = mysql_real_escape_string($_POST['mem_name']); } $query = mysql_query("SELECT * FROM `gs_mem` WHERE `mem_name` = '".$a."'"); $fetch = mysql_fetch_object($query); if($fetch->mem_name == $a) { die('The Username you chose is already taken.'); } md5($a); if (empty($_POST['mem_pass'])) { die('You didn\'t enter a Password.'); } else { $b = mysql_real_escape_string($_POST['mem_pass']); } if (empty($_POST['mem_vpass'])) { die('You didn\'t verify your Password.'); } else { $c = mysql_real_escape_string($_POST['mem_vpass']); } if($b != $c) { die('The Passwords you entered do not match.'); } if(strlen($b) < 8 ) { die('Your Password must consist of at least 8 characters.'); } md5($b); if (empty($_POST['mem_email'])) { die('You didn\'t enter an Email Address.'); } else { $d = mysql_real_escape_string($_POST['mem_email']); } $e = md5(uniqid(rand(),1)); if ($a && $b && $d) { $insert = "INSERT INTO `gs_mem` (mem_name, mem_pass, mem_email, mem_active, mem_validate) VALUES ('".$a."', '".$b."', '".$d."', '0', '".$e."')"; $insert = mysql_query($insert); if(!$insert) die(mysql_error()); $getvalcode = "SELECT mem_validate FROM gs_mem ORDER BY mem_id DESC LIMIT 1"; $result = mysql_query($getvalcode) or die(mysql_error()); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $valcode = $row['mem_validate']; } $to = $d; $subject = "GameSpaces - Validation Code"; $body = "You need to activate your GameSpaces account, to do so please copy the following code and enter it on the page you were taken to after registering. Your code: $valcode"; mail($to, $subject, $body, $from_header); echo('Your Account has been created.'); } } else { echo('You may not access this file directly.'); } ?> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 14, 2007 Share Posted August 14, 2007 OK MD5 + salt we talked about Use of $a $b $c, will cause you problems later use names like $mName it save scrolling up look for what the $a was set to.. the code itself looks ok maybe a few changes $insertSQL = "INSERT INTO `gs_mem` (mem_name, mem_pass, mem_email, mem_active, mem_validate) VALUES ('".$a."', '".$b."', '".$d."', '0', '".$e."')"; $insert = mysql_query($insertSQL); mysql_query($insertSQL); $uID = mysql_insert_id(); if(!$insert) die(mysql_error()); $getvalcode = "SELECT mem_validate FROM gs_mem WHERE mem_id = $uID"; Quote Link to comment Share on other sites More sharing options...
Aureole Posted August 14, 2007 Author Share Posted August 14, 2007 Ok thanks a lot it's just nice to get clarification from someone who knows what they're talking about. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 14, 2007 Share Posted August 14, 2007 readup on mysql insert id and see edited post above only real problem had to guess that mem_id is unique Quote Link to comment Share on other sites More sharing options...
Aureole Posted August 14, 2007 Author Share Posted August 14, 2007 I have an id row in the database and it is set to auto increment so do I not need to do what you said? Wait I see what you did now...it's to make sure if two people register at the same time they don't get the wrong validation code right? Like the insert id will always be same as the mem_id that is set to auto increment so there is no chance of them getting the wrong code? Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 14, 2007 Share Posted August 14, 2007 correct quick update comments and where $insert = mysql_query($insertSQL); $uID = mysql_insert_id(); //<--gets the auto increment if(!$insert) die(mysql_error()); $getvalcode = "SELECT mem_validate FROM gs_mem WHERE id = $uID";//Finds the user Quote Link to comment Share on other sites More sharing options...
Aureole Posted August 14, 2007 Author Share Posted August 14, 2007 Ok thanks a lot for that, I knew that there could be problems with how I had it before but I wasn't show how I could change it. Thanks again. Quote Link to comment Share on other sites More sharing options...
uwannadonkey Posted August 14, 2007 Share Posted August 14, 2007 did you md5 the password? Quote Link to comment Share on other sites More sharing options...
Aureole Posted August 14, 2007 Author Share Posted August 14, 2007 Look after the strlen when I check the length of the Password... <?php if(strlen($b) < 8 ) { die('Your Password must consist of at least 8 characters.'); } md5($b); ?> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 14, 2007 Share Posted August 14, 2007 ahh well spotted change to $b = md5($b); Quote Link to comment Share on other sites More sharing options...
Aureole Posted August 14, 2007 Author Share Posted August 14, 2007 Don't they both do the same thing? ??? Meh I guess not. Thanks again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.