Register logic

[GameYin]

Ok so I'm trying to understand sessions..I'm going to hand write a register script RIGHT HERE, please point out anything you notice.

 

----DO NOT WORRY ABOUT SECURITY----

Here is my database SQL..

 

CREATE TABLE users (
id INT(11) NOT NULL AUTO_INCREMENT,
username VARCHAR(30) NOT NULL,
password CHAR(40) NOT NULL,
email VARCHAR(70),
active CHAR(32),
PRIMARY KEY(id)
); 

 

 

Register.html

 

<html>
<head>
<title>register</title>
</head>
<body> 
<form action="register.php" method="post">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="text" name="email" />
</form>
</body>
</html>

 

register.php

 

<?php
$host=localhost;
$user=gameyinc;
$pass=******;
$DB=gameyinc_members;
$table=users;

$connect = @mysql_connect ($host, $user, $pass) or die ('Could not connect to MySQL because ' . mysql_error());

@mysql_select_db ($DB) OR die('Could not select the database because ' . mysql_error() );  

$querycheck = "SELECT username FROM users WHERE username = '$user'";
       $resultcheck = @mysql_query($querycheck);
       $num = @mysql_num_rows($resultcheck);
       
       if ($num> 0) {
           echo '<font color="red">The username you have chosen has already been taken, please try again.</font>';
       } else {
           $username = $_POST['username'];
       }
   } else {
       echo '<font color="red">Please provide a valid username between 4 and 30 characters.</font>';
   } 
$password = $_POST['password'];
$email = $_POST['email'];

$query = "INSERT INTO $table (username, email, password) VALUES ('$username', '$email', '$password')";

       $result = @mysql_query($query);
       
       if (mysql_affected_rows() == 1) {
           echo '<h3>Thank You!</h3>
           You have been registered as $username.';
       } else {
           echo '<font color="red">You could not be registered, please contact us about the problem and we will fix it as soon as we can.</font>';
       } 
?>

 

Assuming the user won't try to bypass anything, and they enter everything correctly, will this script work?

[trq]

Can't see why not. Thought about trying it?

[pocobueno1388]

You never define $username before you do your query to check if it's already taken. Instead you use the variable $user which is defined for your database connection.

 

<?php
$username = $_POST['username'];
$querycheck = "SELECT username FROM users WHERE username = '$username'";

[unsider]

Can't see why not. Thought about trying it?

 

Same, didn't test it, but it looks fine.

[GameYin]

pocobueno1388, do I just need to change the spot I define the variable?

 

To everyone else, I just wrote this in homeroom, I'm trying to stay away from free script stuff and write my own. Soon I will be moving onto a session login thing based off of this.  :D

[pocobueno1388]

pocobueno1388, do I just need to change the spot I define the variable?

 

The code I posted is exactly what you need to do. Just add the first line, and replace your current query with the second line.

[GameYin]

Thanks

[GameYin]

Eh didn't work ;o.

[pocobueno1388]

Whats the problem?

[GameYin]

I forget now, I fixed it

 

www.gameyin.com/register.php

 

Working on stylesheet now for it..

[unsider]

HAHA, wtf?

 

/../resend.php

 

 

Ok, so your activation email didn't get sent? DAMN S**T C*H(#@ ((@J no, stop swearing, put that bottle down. You don't need it. We need each other. I'm here to resend your email, so enter your email address, and I will send the validation link to that email, provided you have registered ofcourse, if you are trying to hack me, what a sad guy, taking advantage of my emotions like that... jeez.

[GameYin]

dont be jealous.