Jump to content

help with registration script

duncan222

By duncan222
in PHP Coding Help

 Share

Recommended Posts

duncan222 Newbie

duncan222

Posted
Posted

Ive been working on the login/registration script found here

 

http://www.evolt.org/article/PHP_Login_Script_with_Remember_Me_Feature/17/60265/index.html

 

With the registration form if you make a mistake the page does the checks and then uses die statements. Is there a way to give an error message and add this to the top of the registration form instead? Just makes it a bit more user friendly

 

the code for register.php is below

 

<?

session_start();

include("database.php");

 

/**

* Returns true if the username has been taken

* by another user, false otherwise.

*/

function usernameTaken($username){

  global $conn;

  if(!get_magic_quotes_gpc()){

      $username = addslashes($username);

  }

  $q = "select username from users where username = '$username'";

  $result = mysql_query($q,$conn);

  return (mysql_numrows($result) > 0);

}

 

/**

* Inserts the given (username, password) pair

* into the database. Returns true on success,

* false otherwise.

*/

function addNewUser($username, $password){

  global $conn;

  $q = "INSERT INTO users VALUES ('$username', '$password')";

  return mysql_query($q,$conn);

}

 

/**

* Displays the appropriate message to the user

* after the registration attempt. It displays a

* success or failure status depending on a

* session variable set during registration.

*/

function displayStatus(){

  $uname = $_SESSION['reguname'];

  if($_SESSION['regresult']){

?>

 

<h1>Registered!</h1>

<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>

 

<?

  }

  else{

?>

 

<h1>Registration Failed</h1>

<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>

Please try again at a later time.</p>

 

<?

  }

  unset($_SESSION['reguname']);

  unset($_SESSION['registered']);

  unset($_SESSION['regresult']);

}

 

if(isset($_SESSION['registered'])){

/**

* This is the page that will be displayed after the

* registration has been attempted.

*/

?>

 

<html>

<title>Registration Page</title>

<body>

 

<? displayStatus(); ?>

 

</body>

</html>

 

<?

  return;

}

 

/**

* Determines whether or not to show to sign-up form

* based on whether the form has been submitted, if it

* has, check the database for consistency and create

* the new account.

*/

if(isset($_POST['subjoin'])){

  /* Make sure all fields were entered */

  if(!$_POST['user'] || !$_POST['pass']){

      die('You didn\'t fill in a required field.');

 

  }

 

  /* Spruce up username, check length */

  $_POST['user'] = trim($_POST['user']);

  if(strlen($_POST['user']) > 30){

      die("Sorry, the username is longer than 30 characters, please shorten it.");

  }

 

  /* Check if username is already in use */

  if(usernameTaken($_POST['user'])){

      $use = $_POST['user'];

      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");

  }

 

  /* Add the new account to the database */

  $md5pass = md5($_POST['pass']);

  $_SESSION['reguname'] = $_POST['user'];

  $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);

  $_SESSION['registered'] = true;

  echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">";

  return;

 

}

else{

/**

* This is the page with the sign-up form, the names

* of the input fields are important and should not

* be changed.

*/

?>

 

<html>

<title>Registration Page</title>

<body>

<h1>Register</h1>

<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">

<table align="left" border="0" cellspacing="0" cellpadding="3">

<tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>

<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>

<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>

</table>

</form>

</body>

</html>

 

 

<?

}

?>

 

Link to comment
Share on other sites
xyn Advanced Member

xyn

Posted
Posted

1. make your registration form a separate file (so it can be included)

2. id use a code like this

if(!isset($_POST['field']))
{
$error[] = "error message";
}

if(is_array($error))
{
echo("there was errors\n");
foreach($error as $fault)
{
echo("- $fault");
}
include("your_form.html");
exit;
}

 

3. i would then run this before anything on your submit php.

 

Link to comment
Share on other sites
AdRock Advanced Member

AdRock

Posted
Posted

I have a user registration/login script which uses captcha images to prevent auto signups and it also has form validation if you are interested.

 

If you are just PM me so i know.

 

BTW th e login encrypts the user details in the sessions for added security

Link to comment
Share on other sites
xyn Advanced Member

xyn

Posted
Posted

I have a user registration/login script which uses captcha images to prevent auto signups and it also has form validation if you are interested.

 

If you are just PM me so i know.

 

BTW th e login encrypts the user details in the sessions for added security

 

why would be the point in encrypting SESSIONS?

for user authentication there is no need for any

sensitive data therefor rendering encryption pointless...

 

@duncan222

But what is the problem?

Link to comment
Share on other sites
duncan222 Newbie

duncan222

Posted
  • Author
Posted

alas the problem is im a front end designer that likes to get lost in php from time to time!!!!!!!!

 

i get what you mean with the form in a separate file but im unsure how to structure the new register.php. My understanding is i replace the line

 

if(isset($_POST['subjoin'])){

 

with the code you gave me

 

Then do i replace the all error messages with something like

 

if(!$_POST['user'] || !$_POST['pass']){

      $error = "'You didn\'t fill in a required field";

   

  }

 

then i just do another form include at the bottom??

 

 

 

 

 

Link to comment
Share on other sites
AdRock Advanced Member

AdRock

Posted
Posted
why would be the point in encrypting SESSIONS?

for user authentication there is no need for any

sensitive data therefor rendering encryption pointless...

 

The point on encrypting the username and password in the sessions is that you set a session with the original username and password if if they don't match the encrypted username/password, someone has made changes so you don't allow them access to certain areas of a site......i read this in an article somewhere

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.