help with registration script

[duncan222]

Ive been working on the login/registration script found here

 

http://www.evolt.org/article/PHP_Login_Script_with_Remember_Me_Feature/17/60265/index.html

 

With the registration form if you make a mistake the page does the checks and then uses die statements. Is there a way to give an error message and add this to the top of the registration form instead? Just makes it a bit more user friendly

 

the code for register.php is below

 

<?

session_start();

include("database.php");

 

/**

* Returns true if the username has been taken

* by another user, false otherwise.

*/

function usernameTaken($username){

  global $conn;

  if(!get_magic_quotes_gpc()){

      $username = addslashes($username);

  }

  $q = "select username from users where username = '$username'";

  $result = mysql_query($q,$conn);

  return (mysql_numrows($result) > 0);

}

 

/**

* Inserts the given (username, password) pair

* into the database. Returns true on success,

* false otherwise.

*/

function addNewUser($username, $password){

  global $conn;

  $q = "INSERT INTO users VALUES ('$username', '$password')";

  return mysql_query($q,$conn);

}

 

/**

* Displays the appropriate message to the user

* after the registration attempt. It displays a

* success or failure status depending on a

* session variable set during registration.

*/

function displayStatus(){

  $uname = $_SESSION['reguname'];

  if($_SESSION['regresult']){

?>

 

<h1>Registered!</h1>

<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>

 

<?

  }

  else{

?>

 

<h1>Registration Failed</h1>

<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>

Please try again at a later time.</p>

 

<?

  }

  unset($_SESSION['reguname']);

  unset($_SESSION['registered']);

  unset($_SESSION['regresult']);

}

 

if(isset($_SESSION['registered'])){

/**

* This is the page that will be displayed after the

* registration has been attempted.

*/

?>

 

<html>

<title>Registration Page</title>

<body>

 

<? displayStatus(); ?>

 

</body>

</html>

 

<?

  return;

}

 

/**

* Determines whether or not to show to sign-up form

* based on whether the form has been submitted, if it

* has, check the database for consistency and create

* the new account.

*/

if(isset($_POST['subjoin'])){

  /* Make sure all fields were entered */

  if(!$_POST['user'] || !$_POST['pass']){

      die('You didn\'t fill in a required field.');

 

  }

 

  /* Spruce up username, check length */

  $_POST['user'] = trim($_POST['user']);

  if(strlen($_POST['user']) > 30){

      die("Sorry, the username is longer than 30 characters, please shorten it.");

  }

 

  /* Check if username is already in use */

  if(usernameTaken($_POST['user'])){

      $use = $_POST['user'];

      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");

  }

 

  /* Add the new account to the database */

  $md5pass = md5($_POST['pass']);

  $_SESSION['reguname'] = $_POST['user'];

  $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);

  $_SESSION['registered'] = true;

  echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">";

  return;

 

}

else{

/**

* This is the page with the sign-up form, the names

* of the input fields are important and should not

* be changed.

*/

?>

 

<html>

<title>Registration Page</title>

<body>

<h1>Register</h1>

<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">

<table align="left" border="0" cellspacing="0" cellpadding="3">

<tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>

<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>

<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>

</table>

</form>

</body>

</html>

 

 

<?

}

?>

 

[xyn]

1. make your registration form a separate file (so it can be included)

2. id use a code like this

if(!isset($_POST['field']))
{
$error[] = "error message";
}

if(is_array($error))
{
echo("there was errors\n");
foreach($error as $fault)
{
echo("- $fault");
}
include("your_form.html");
exit;
}

 

3. i would then run this before anything on your submit php.

 

[AdRock]

I have a user registration/login script which uses captcha images to prevent auto signups and it also has form validation if you are interested.

 

If you are just PM me so i know.

 

BTW th e login encrypts the user details in the sessions for added security

[duncan222]

thanks guys! cant find a way to PM tells me im not allowed. Im sure im doing something silly wrong. Do you mind if i email instead?

[xyn]

I have a user registration/login script which uses captcha images to prevent auto signups and it also has form validation if you are interested.

 

If you are just PM me so i know.

 

BTW th e login encrypts the user details in the sessions for added security

 

why would be the point in encrypting SESSIONS?

for user authentication there is no need for any

sensitive data therefor rendering encryption pointless...

 

@duncan222

But what is the problem?

[duncan222]

alas the problem is im a front end designer that likes to get lost in php from time to time!!!!!!!!

 

i get what you mean with the form in a separate file but im unsure how to structure the new register.php. My understanding is i replace the line

 

if(isset($_POST['subjoin'])){

 

with the code you gave me

 

Then do i replace the all error messages with something like

 

if(!$_POST['user'] || !$_POST['pass']){

      $error = "'You didn\'t fill in a required field";

   

  }

 

then i just do another form include at the bottom??

 

 

 

 

 

[AdRock]

why would be the point in encrypting SESSIONS?

for user authentication there is no need for any

sensitive data therefor rendering encryption pointless...

 

The point on encrypting the username and password in the sessions is that you set a session with the original username and password if if they don't match the encrypted username/password, someone has made changes so you don't allow them access to certain areas of a site......i read this in an article somewhere

[nathanmaxsonadil]

why don't you make your own membership system?

 

[nathanmaxsonadil]

cant find a way to PM tells me im not allowed.

that's to prevent spam "n00bies" are not allowed to pm