Andrew789123

So if I need to use variables from register.php in my class file how would I do it? Thanks again.

Hi again, here is the code: <?php /* .---------------------------------------------------------------------------. | Software: PHP Login System - PHP logSys | | Version: 0.3 | | Contact: http://github.com/subins2000/logsys (also subinsb.com) | | Info: http://github.com/subins2000/logsys | | Support: http://subinsb.com/ask/php-logsys | | ------------------------------------------------------------------------- | | Author: Subin Siby (project admininistrator) | | Copyright (c) 2014, Subin Siby. All Rights Reserved. | | ------------------------------------------------------------------------- | | License: Distributed under the General Public License (GPL) | | http://www.gnu.org/licenses/gpl-3.0.html | | This program is distributed in the hope that it will be useful - WITHOUT | | ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | | FITNESS FOR A PARTICULAR PURPOSE. | '---------------------------------------------------------------------------' */ include "register.php"; ini_set("display_errors", "on"); class LoginSystem { /* Start Config */ private $dbhost private $dbport private $dbuser private $dbpass private $dbname private $dbtable //db credentials here ^^ private $secureKey private $passwordSalt private $company //more stuff here which i assume you don't need to know. var $phpsessionstart = true; // Should I Start A PHP Session var $emailLogin = true; // Make Login With Username & E-Mail Possible var $rememberMe = true; // Add Remember Me Feature. var $blockBruteForce = true; // Deny login for $LS->bfTime seconds after incorrect login tries of 5 /* Extra Settings*/ // Set the following variables only if you're going to use $LS->init() private $staticPages = array( "/ls", "/ls/reset.php" ); // Pages that doesn't require logging in (exclude login page) private $loginPage = "/ls/login.php"; // The login page. ex : /login.php or /accounts/login.php private $homePage = "/ls/home.php"; // The home page. The main page for logged in users. Redirects to here when logs in public $bfTime = 300; // The time IN SECONDS for which block from login action should be done after 5 incorrect login attempts. Use http://www.easysurf.cc/utime.htm#m60s for converting minutes to seconds. Default : 5 minutes /* End Config */ public $loggedIn = false; public $db = true; public $user = false; private $initCalled = false; private $cookie; private $session; private $remCook; private $dbh; public function __construct(){ if($this->phpsessionstart == true){ session_start(); } /* Try connecting to Database Server */ try{ /* Merge the login page to the pages array that doesn't need logging in */ array_push($this->staticPages, $this->loginPage); $this->dbh = new PDO("mysql:dbname={$this->dbname};host={$this->dbhost};port={$this->dbport}", $this->dbuser, $this->dbpass); $this->db = true; $this->cookie = isset($_COOKIE['logSyslogin']) ? $_COOKIE['logSyslogin'] : false; $this->session = isset($_SESSION['logSyscuruser']) ? $_SESSION['logSyscuruser'] : false; $this->remCook = isset($_COOKIE['logSysrememberMe']) ? $_COOKIE['logSysrememberMe'] : false; $encUserID = hash("sha256", "{$this->secureKey}{$this->session}{$this->secureKey}"); $this->loggedIn = $this->cookie == $encUserID ? true : false; /* If there is a Remember Me Cookie and the user is not logged in, then log in the user with the ID in the remember cookie, if it matches with the secure hashed value in logSyslogin cookie */ if($this->rememberMe === true && isset($this->remCook) && $this->loggedIn === false){ $encUserID = hash("sha256", "{$this->secureKey}{$this->remCook}{$this->secureKey}"); $this->loggedIn = $this->cookie == $encUserID ? true : false; if($this->loggedIn === true){ $_SESSION['logSyscuruser'] = $this->remCook; } } $this->user = $this->session; return true; }catch( PDOException $e ) { return false; } } /* A function that will automatically redirect user according to his/her login status */ public function init() { if( $this->loggedIn && array_search($this->curPage(), $this->staticPages) !== false ){ $this->redirect($this->homePage); }elseif( !$this->loggedIn && array_search($this->curPage(), $this->staticPages) === false ){ $this->redirect($this->loginPage); } $this->initCalled = true; } /* A function to login the user with the username and password given. */ public function login($username, $password, $cookies = true){ if($this->db === true){ /* We Add LIMIT to 1 in SQL query because we need to just get an array of data with key as the column name. Nothing else. */ if($this->emailLogin === true){ $query = "SELECT `id`, `password`, `password_salt`, `attempt` FROM `{$this->dbtable}` WHERE `username`=:login OR `email`=:login ORDER BY `id` LIMIT 1"; }else{ $query = "SELECT `id`, `password`, `password_salt`, `attempt` FROM `{$this->dbtable}` WHERE `username`=:login ORDER BY `id` LIMIT 1"; } $sql = $this->dbh->prepare($query); $sql->bindValue(":login", $username); $sql->execute(); if($sql->rowCount() == 0){ // No such user like that return false; }else{ /* Get the user details */ $rows = $sql->fetch(PDO::FETCH_ASSOC); $us_id = $rows['id']; $us_pass = $rows['password']; $us_salt = $rows['password_salt']; $status = $rows['attempt']; $saltedPass = hash('sha256', "{$password}{$this->passwordSalt}{$us_salt}"); if(substr($status, 0, 2) == "b-"){ $blockedTime = substr($status, 2); if(time() < $blockedTime){ $block = true; return array( "status" => "blocked", "minutes" => round(abs($blockedTime - time()) / 60, 0), "seconds" => round(abs($blockedTime - time()) / 60*60, 2) ); }else{ // remove the block, because the time limit is over $this->updateUser(array( "attempt" => "" // No tries at all ), $us_id); } } if(!isset($block) && ($saltedPass == $us_pass || $password == "")){ if($cookies === true){ $_SESSION['logSyscuruser'] = $us_id; setcookie("logSyslogin", hash("sha256", $this->secureKey.$us_id.$this->secureKey), time()+3600*99*500, "/"); if( isset($_POST['remember_me']) && $this->rememberMe === true ){ setcookie("logSysrememberMe", $us_id, time()+3600*99*500, "/"); } $this->loggedIn = true; // Update the attempt status $this->updateUser(array( "attempt" => "" // No tries ), $us_id); // Redirect if( $this->initCalled ){ $this->redirect($this->homePage); } } return true; }else{ // Incorrect password if($this->blockBruteForce === true){ // Checking for brute force is enabled if($status == ""){ // User was not logged in before $this->updateUser(array( "attempt" => "1" // Tried 1 time ), $us_id); }else if($status == 5){ $this->updateUser(array( "attempt" => "b-" . strtotime("+{$this->bfTime} seconds", time()) // Blocked, only available for re-login at the time in UNIX timestamp ), $us_id); }else if(substr($status, 0, 2) == "b-"){ // Account blocked }else if($status < 5){ // If the attempts are less than 5 and not 5 $this->updateUser(array( "attempt" => $status + 1 // Tried current tries + 1 time ), $us_id); } } return false; } } } } /* A function to register a user with passing the username, password and optionally any other additional fields. */ public function register( $id, $password, $other = array() ){ if( $this->userExists($id) && (isset($other['email']) && $this->userExists($other['email'])) ){ return "exists"; }else{ $randomSalt = $this->rand_string(20); $saltedPass = hash('sha256', "{$password}{$this->passwordSalt}{$randomSalt}"); if( count($other) == 0 ){ /* If there is no other fields mentioned, make the default query */ //old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)"); //new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)"); $sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)"); }else{ /* if there are other fields to add value to, make the query and bind values according to it */ //old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)"); //new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)"); $keys = array_keys($other); $columns = implode(",", $keys); $colVals = implode(",:", $keys); //l= $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)"); //INSERT INTO MyGuests (firstname, lastname, email)cLUES ('John', 'Doe', 'john@example.com') $sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (username,email,password,password_salt,name,lastname,created,gender,country,DOB) VALUES ('$username2','$email2','$pass2','$saltedPass','$firstname2','$lastname2','$created2','$gender2','$country2','$birthdate2')"); print($sql); foreach($other as $key => $value){ $value = htmlspecialchars($value); $sql->bindValue(":$key", $value); } } /* Bind the default values */ $sql->bindValue(":username", $id); $sql->bindValue(":password", $saltedPass); $sql->bindValue(":passwordSalt", $randomSalt); $sql->execute(); return true; } } /* Logout the current logged in user by deleting the cookies and destroying session */ public function logout(){ session_destroy(); setcookie("logSyslogin", "", time()-3600, "/"); setcookie("logSysrememberMe", "", time()-3600, "/"); $this->redirect($this->loginPage); return true; } /* A function to handle the Forgot Password process */ public function forgotPassword(){ $curStatus = "initial"; // The Current Status of Forgot Password process $identName = $this->emailLogin === false ? "Username" : "Username / E-Mail"; if( !isset($_POST['logSysforgotPass']) && !isset($_GET['resetPassToken']) && !isset($_POST['logSysforgotPassRePass']) ){ $html='<form action="'.$_SERVER['PHP_SELF'].'" method="POST">'; $html.="<label>$identName<br/><input type='text' id='loginSysIdentification' placeholder='Enter your $identName' size='25' name='identification'/></label>"; $html.="<br/><button name='logSysforgotPass' type='submit'>Reset Password</button>"; $html.="</form>"; echo $html; $curStatus = "resetPasswordForm"; // The user had moved to the reset password form ie she/he is currently seeing the forgot password form. }elseif( isset($_GET['resetPassToken']) && !isset($_POST['logSysforgotPassRePass']) ){ /* The user gave the password reset token. Check if the token is valid. */ $_GET['resetPassToken'] = urldecode($_GET['resetPassToken']); $sql = $this->dbh->prepare("SELECT `uid` FROM `resetTokens` WHERE `token` = ?"); $sql->execute(array($_GET['resetPassToken'])); if( $sql->rowCount() == 0 || $_GET['resetPassToken'] == "" ){ echo "<h3>Error : Wrong/Invalid Token</h3>"; $curStatus = "invalidToken"; // The token user gave was not valid }else{ /* The token is valid, display the new password form */ $html = "<p>The Token key was Authorized. Now, you can change the password</p>"; $html .= "<form action='{$_SERVER['PHP_SELF']}' method='POST'>"; $html .= "<input type='hidden' name='token' value='{$_GET['resetPassToken']}'/>"; $html .= "<label>New Password<br/><input type='password' name='password'/></label><br/>"; $html .= "<label>Retype Password<br/><input type='password' name='password2'/></label><br/>"; $html .= "<button name='logSysforgotPassRePass'>Reset Password</button>"; $html .= "</form>"; echo $html; $curStatus = "changePasswordForm"; // The token was correct, displayed the change/new password form. } }elseif( isset($_POST['logSysforgotPassRePass']) ){ $_POST['token'] = urldecode($_POST['token']); $sql = $this->dbh->prepare("SELECT `uid` FROM `resetTokens` WHERE `token` = ?"); $sql->execute(array($_POST['token'])); if( $sql->rowCount()==0 || $_POST['token']=="" ){ echo "<h3>Error : Wrong/Invalid Token</h3>"; $curStatus = "invalidToken"; // The token user gave was not valid }else{ if( $_POST['password'] != $_POST['password2'] || $_POST['password']=="" || $_POST['password2']=="" ){ echo "<h3>Error : Passwords Don't Match Or Passwords Left Blank</h3>"; $curStatus = "passwordDontMatch"; // The new password and retype password submitted didn't match }else{ $_POST['newPassword'] = $_POST['password2']; $this->user = $sql->fetchColumn(); $this->loggedIn = true; // We must create a fake assumption that the user is logged in to change the password as $LS->changePassword() requires the user to be logged in. if( $this->changePassword($this->secureKey) ){ $this->user = false; $this->loggedIn = false; $sql = $this->dbh->prepare("DELETE FROM resetTokens WHERE token=?"); $sql->execute(array($_POST['token'])); echo "<h3>Success : Password Reset Successful</h3><p>You may now login with your new password.</p>"; $curStatus = "passwordChanged"; // The password was successfully changed } } } }else{ /* Check if username/email is provided and if it's valid and exists */ $identification = isset($_POST['identification']) ? $_POST['identification']:""; if($identification == ""){ echo "<h3>Error : $identName not provided</h3>"; $curStatus = "identityNotProvided"; // The identity was not given }else{ $sql = $this->dbh->prepare("SELECT `email`, `id` FROM `{$this->dbtable}` WHERE `username`=:login OR `email`=:login"); $sql->bindValue(":login", $identification); $sql->execute(); if($sql->rowCount() == 0){ echo "<h3>Error : User Not Found</h3>"; $curStatus = "userNotFound"; // The user with the identity given was not found in the users database }else{ $rows = $sql->fetch(PDO::FETCH_ASSOC); $email = $rows['email']; $uid = $rows['id']; $token = $this->rand_string(40); $sql = $this->dbh->prepare("INSERT INTO `resetTokens` (`token`, `uid`, `requested`) VALUES (?, ?, NOW())"); $sql->execute(array($token, $uid)); $encodedToken = urlencode($token); /* Prepare the email to be sent */ $subject = "Reset Password"; $body = "You requested for resetting your password on {$this->company}. For this, please click the following link : <blockquote> <a href='{$this->curPageURL()}?resetPassToken={$encodedToken}'>Reset Password : {$token}</a> </blockquote>"; $this->sendMail($email, $subject, $body); /* Change mail() function to something else if you like */ echo "<p>An email has been sent to your email inbox with instructions. Check Your Mail Inbox and SPAM Folders.</p><p>You can close this window.</p>"; $curStatus = "emailSent"; // E-Mail has been sent } } } return $curStatus; } /* A function that handles the logged in user to change her/his password */ public function changePassword($parent = ""){ $curStatus = "initial"; // The Current Status of Change Password action if($this->loggedIn){ if( $parent == $this->secureKey && isset($_POST['newPassword']) && $_POST['newPassword'] != "" ){ $randomSalt = $this->rand_string(20); $saltedPass = hash('sha256',$_POST['newPassword'].$this->passwordSalt.$randomSalt); $sql = $this->dbh->prepare("UPDATE `{$this->dbtable}` SET `password` = ?, `password_salt` = ? WHERE `id` = ?"); $sql->execute(array($saltedPass, $randomSalt, $this->user)); return true; }elseif( !isset($_POST['logSysChangePassword']) ){ $html = "<form action='".$_SERVER['PHP_SELF']."' method='POST'>"; $html .= "<label>Current Password<br/><input type='password' name='curpass'/></label><br/>"; $html .= "<label>New Password<br/><input type='password' name='newPassword'/></label><br/>"; $html .= "<label>Retype New Password<br/><input type='password' name='newPassword2'/></label><br/>"; $html .= "<button name='logSysChangePassword' type='submit'>Change Password</button>"; $html .= "</form>"; echo $html; $curStatus = "changePasswordForm"; // The form for changing password is shown now }elseif(isset($_POST['logSysChangePassword'])){ if( isset($_POST['newPassword']) && $_POST['newPassword']!="" && isset($_POST['newPassword2']) && $_POST['newPassword2']!="" && isset($_POST['curpass']) && $_POST['curpass']!="" ){ $curpass = $_POST['curpass']; $newPassword = $_POST['newPassword']; $newPassword2 = $_POST['newPassword2']; $sql = $this->dbh->prepare("SELECT username FROM `{$this->dbtable}` WHERE id=?"); $sql->execute(array($this->user)); $curuserUsername = $sql->fetchColumn(); if($this->login($curuserUsername, $curpass, false)){ if($newPassword != $newPassword2){ echo "<h3>Error : Password Mismatch</h3>"; $curStatus = "newPasswordMismatch"; // The Password's don't match (New Password & Retype Password field) }else{ $this->changePassword($this->secureKey); echo "<h3>Success : Password Changed Successful</h3>"; $curStatus = "passwordChanged"; // Password changed } }else{ echo "<h3>Error : Current Password Was Wrong</h3>"; $curStatus = "currentPasswordWrong"; // The current password entered was wrong } }else{ echo "<h3>Error : Password Fields was blank</h3>"; $curStatus = "newPasswordFieldsBlank"; // Blank new password field } } }else{ echo "<h3>Error : Not Logged In</h3>"; $curStatus = "notLoggedIn"; // Not logged In } return $curStatus; } /* Check if user exists with ther username/email given */ public function userExists($username){ if($this->emailLogin === true){ $query = "SELECT `id` FROM `{$this->dbtable}` WHERE `username`=:login OR `email`=:login ORDER BY `id` LIMIT 1"; }else{ $query = "SELECT `id` FROM `{$this->dbtable}` WHERE `username`=:login ORDER BY `id` LIMIT 1"; } $sql = $this->dbh->prepare($query); $sql->execute(array( ":login" => $username )); return $sql->rowCount() == 0 ? false : true; } /* Fetches data of user in database. Returns a single value or an array of value according to parameteres given to the function */ public function getUser($what = "*", $user = null){ if($user == null){ $user = $this->user; } if( is_array($what) ){ $columns = implode("`,`", $what); $columns = "`{$columns}`"; }else{ $columns = $what != "*" ? "`$what`" : "*"; } $sql = $this->dbh->prepare("SELECT {$columns} FROM `{$this->dbtable}` WHERE `id`=? ORDER BY `id` LIMIT 1"); $sql->execute(array($user)); $data = $sql->fetch(PDO::FETCH_ASSOC); if( !is_array($what) ){ $data = $what == "*" ? $data : $data[$what]; } return $data; } /* Updates the user data */ public function updateUser($toUpdate = array(), $user = null){ if( is_array($toUpdate) && !isset($toUpdate['id']) ){ if($user == null){ $user = $this->user; } $columns = ""; foreach($toUpdate as $k => $v){ $columns .= "`$k` = :$k, "; } $columns = substr($columns, 0, -2); // Remove last "," $sql = $this->dbh->prepare("UPDATE `{$this->dbtable}` SET {$columns} WHERE `id`=:id"); $sql->bindValue(":id", $user); foreach($toUpdate as $key => $value){ $value = htmlspecialchars($value); $sql->bindValue(":$key", $value); } $sql->execute(); }else{ return false; } } /* Returns a string which shows the time since the user has joined */ public function timeSinceJoin($user = null){ if($user == null){ $user = $this->user; } $created = $this->getUser("created"); $timeFirst = strtotime($created); $timeSecond = strtotime("now"); $memsince = $timeSecond - strtotime($created); $regged = date("n/j/Y", strtotime($created)); if($memsince < 60) { $memfor = $memsince . "Seconds"; }else if($memsince < 3600 && $memsince > 60){ $memfor = floor($memsince / 60) . " Minutes"; }else if($memsince < 86400 && $memsince > 60){ $memfor = floor($memsince / 3600) . " Hours"; }else if($memsince < 604800 && $memsince > 3600){ $memfor = floor($memsince / 86400) . " Days"; }else if($memsince < 2592000 && $memsince > 86400){ $memfor = floor($memsince / 604800) . " Weeks"; }else if($memsince > 604800){ $memfor = floor($memsince / 2592000) . " Months"; } return (string) $memfor; } /* Extra Tools/Functions */ /* Check if valid E-Mail */ public function validEmail($email = ""){ return filter_var($email, FILTER_VALIDATE_EMAIL); } /* Get the current page URL */ public function curPageURL() { $pageURL = 'http'; if(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on"){$pageURL .= "s";} $pageURL .= "://"; if($_SERVER["SERVER_PORT"] != "80") { $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; }else{ $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; } return $pageURL; } /* Generate a Random String */ public function rand_string($length) { $str=""; $chars = "subinsblogabcdefghijklmanopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $size = strlen($chars); for($i = 0;$i < $length;$i++) { $str .= $chars[rand(0,$size-1)]; } return $str; } /* Get the current page path */ public function curPage(){ $parts = parse_url($this->curPageURL()); return $parts["path"]; } /* Do a redirect */ public function redirect($url, $status=302){ header("Location: $url", true, $status); } /* Any mails need to be snt by logSys goes to here. */ public function sendMail($email, $subject, $body){ mail($email, $subject, $body); /* Change this to something else if you don't like PHP's mail() */ } /* End Extra Tools/Functions */ } ?> Register.php code: <?php include "config.php"; ?> And: <?php if( isset($_POST['submit']) ){ $firstname2 = $_POST['firstname']; $lastname2 = $_POST['lastname']; $user2 = $_POST['username']; $sex2 = $_POST['sex']; $country2 = $_POST['strCountryChoice']; $email2 = $_POST['email']; $pass2 = $_POST['pass']; $pass3 = $_POST['pass2']; $birthdate2 = $_POST['birthdate']; $created2 = date("Y-m-d H:i:s"); //need to add a lot more validation functions.. AKA Check if email exists and username. Password > 5 chars if( $user2=="" || $email2=="" || $pass2=='' || $pass3=='' || $firstname2=='' || $lastname2=='' || $sex2=='' || $country2=='' || $birthdate2=='' ){ echo "Fields Left Blank","Some Fields were left blank. Please fill up all fields."; exit; } if( !$LS->validEmail($email2) ){ echo "E-Mail Is Not Valid", "The E-Mail you gave is not valid"; exit; } if( !ctype_alnum($user2) ){ echo "Invalid Username", "The Username is not valid. Only ALPHANUMERIC characters are allowed and shouldn't exceed 10 characters."; exit; } if($pass2 != $pass3){ echo "Passwords Don't Match","The Passwords you entered didn't match"; exit; } $createAccount2 = $LS->register($user2, $pass2, array( "email" => $email2, "name" => $firstname2, "lastname" => $lastname2, "gender" => $sex2, "country" => $country2, "DOB" => $birthdate2, "created" => date("Y-m-d H:i:s") // Just for testing ) ); //$createAccount = $LS->register($firstname,$lastname,$user,$sex,$country,$email,$pass,$birthdate,$created); if($createAccount2 === "exists"){ echo "User Exists."; }elseif($createAccount2 === true){ echo "Success. Created account."; } } ?> Config.php: <?php require "class.loginsys.php"; $LS=new LoginSystem(); ?> If you need any more code, please ask. Thanks again.

Hi, Thanks for the replies. I already tried making the max memory -1, still errors. I am going to try the time limit and report back. I am going to code the rest of the game myself this is just a login system and I wanted something that was secure. It would really help if someone could point me in the right direction to whether it is a good system, or whether I should code my own or use another. I would also like to know whether I should use a framework. Should I upload the class file and the register.php file or paste all the code from them in code tags? Thanks again.

Hi, I am trying to create a login system in PHP, but I am not the greatest at PHP so I am using a source code which I found online as I found it to be more secure as it uses things like salted passwords. Anyway I am trying to add more fields to the register system so it adds them to the mysql, the source has a way to do this with arrays, but it is quite complicated so I am just using variables from the original file. There are 2 files: register.php and class.loginsys.php which contains all the functions. At first the query syntax was incorrect so I decided to use the variables created in register.php in the class.loginsys, but now it's giving me an out of memory error: Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 28672 bytes) in C:\xampp\htdocs\ls\class.loginsys.php on line 34 Which I am unsure of how to fix. I have tried using different variable names, checking the line, checking the whole register.php file for anything rogue. Here is the code: Top part of register.php <?php include "config.php"; ?> Config.php: <?php require "class.loginsys.php"; $LS=new LoginSystem(); ?> Then actual register part from register.php: <?php if( isset($_POST['submit']) ){ $firstname2 = $_POST['firstname']; $lastname2 = $_POST['lastname']; $user2 = $_POST['username']; $sex2 = $_POST['sex']; $country2 = $_POST['strCountryChoice']; $email2 = $_POST['email']; $pass2 = $_POST['pass']; $pass3 = $_POST['pass2']; $birthdate2 = $_POST['birthdate']; $created2 = date("Y-m-d H:i:s"); //need to add a lot more validation functions.. AKA Check if email exists and username. Password > 5 chars if( $user2=="" || $email2=="" || $pass2=='' || $pass3=='' || $firstname2=='' || $lastname2=='' || $sex2=='' || $country2=='' || $birthdate2=='' ){ echo "Fields Left Blank","Some Fields were left blank. Please fill up all fields."; exit; } if( !$LS->validEmail($email2) ){ echo "E-Mail Is Not Valid", "The E-Mail you gave is not valid"; exit; } if( !ctype_alnum($user2) ){ echo "Invalid Username", "The Username is not valid. Only ALPHANUMERIC characters are allowed and shouldn't exceed 10 characters."; exit; } if($pass2 != $pass3){ echo "Passwords Don't Match","The Passwords you entered didn't match"; exit; } $createAccount2 = $LS->register($user2, $pass2, array( "email" => $email2, "name" => $firstname2, "lastname" => $lastname2, "gender" => $sex2, "country" => $country2, "DOB" => $birthdate2, "created" => date("Y-m-d H:i:s") // Just for testing ) ); //$createAccount = $LS->register($firstname,$lastname,$user,$sex,$country,$email,$pass,$birthdate,$created); if($createAccount2 === "exists"){ echo "User Exists."; }elseif($createAccount2 === true){ echo "Success. Created account."; } } ?> And the function from the class: /* A function to register a user with passing the username, password and optionally any other additional fields. */ public function register( $id, $password, $other = array() ){ if( $this->userExists($id) && (isset($other['email']) && $this->userExists($other['email'])) ){ return "exists"; }else{ $randomSalt = $this->rand_string(20); $saltedPass = hash('sha256', "{$password}{$this->passwordSalt}{$randomSalt}"); if( count($other) == 0 ){ /* If there is no other fields mentioned, make the default query */ //old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)"); //new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)"); $sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)"); }else{ /* if there are other fields to add value to, make the query and bind values according to it */ //old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)"); //new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)"); $keys = array_keys($other); $columns = implode(",", $keys); $colVals = implode(",:", $keys); //l= $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)"); //INSERT INTO MyGuests (firstname, lastname, email)cLUES ('John', 'Doe', 'john@example.com') $sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (username,email,password,password_salt,name,lastname,created,gender,country,DOB) VALUES ('$username2','$email2','$pass2','$saltedPass','$firstname2','$lastname2','$created2','$gender2','$country2','$birthdate2')"); print($sql); foreach($other as $key => $value){ $value = htmlspecialchars($value); $sql->bindValue(":$key", $value); } } /* Bind the default values */ $sql->bindValue(":username", $id); $sql->bindValue(":password", $saltedPass); $sql->bindValue(":passwordSalt", $randomSalt); $sql->execute(); return true; } } Thanks for your help. I am doing this because for a hobby I am trying to create a browser based game in which I use this login system to login the user to a main page then code all of the other pages myself. I have posted on stackoverflow and someone on their suggested that I should use a framework. If this is the case, can someone point me in the right direction? Thanks again, if you need any info ask.