[MySQL][PHP] Small Usersystem

[XCON]

Hello, my name is XCON, this is my seconth post (on this account, my previous account, X1M!, I forgot the password to) on this forum.

I coded this small usersystem today, nothing too fancy, I just needed a small project to "get me back in the loop" so to speak, I haven't coded PHP for a while and I started to forget it, so I needed to code this.

It is coded in PHP (not OOP), using MySQL for storage.
This includes one of my personal designs, while I don't find it "sexy", I do find it quite compact and nice, fitting most of my needs.

Features:

Spoiler:

1. Logging In/Registering
2. Editing your settings
3. Rank system

Things I forgot to code:

1. Administration center

Printscreens:

Spoiler:

Virus scan: VirusTotal.com
Download: MediaFire.com

Updates:

Spoiler:

http://pastebin.com/R48z4Hjj - Register.php (Password encryption)
http://pastebin.com/9wpmxTsq - Login.php (Password encryption)

This is not something I plan to continue on (maybe the design), but rather use as a base for future projects, and I'd gladly take any suggestions, tips and improvements you could give.

[MentaL]

[Ron]

Maybe post some of your code here / on pastebin so we can look at it without having to download anything?

[XCON]

Yes, maybe.
Or, you download the 44.55kb file and check it out.
But sure, I could post some codes on pastebin.

http://pastebin.com/DbXzbdQK - Configuration.php
http://pastebin.com/GywNxX3u - Index.php

[NubPro]

Wow very simple and I like it!

[XCON]

Thank you.

EDIT: I coded password encryption now, you can find the updates in the spoiler I added in the first post.

[Hexadecimal]

I don't like that you've been capitalizing your syntax commands, if I can input, but nice code, I suppose.

Good luck. I stopped my development since I'm working on more priority things.

[XCON]

I always capitalize my functions and classes. But thanks for your comment.

[Ron]

Using IF statements and switches like that isn't really the best way to return errors.

[XCON]

I know, but I couldn't be assed to create a custom exception handler at the time.

[Ron]

If you're coding this to be reused in your later projects you might not want to half-ass it lol.

The way I do it is just set up a class array variable to store errors. If an error occurs, $this->errorlist .= "your error";.

Then just do

PHP Code:

if($object->errorlist != ""){
// errors
echo $object->errorlist;
} else {
// no errors, display successful result
} 


There are probably better ways but I've found this to work great for me.

[Hexadecimal]

I use arrays for my error handling.

PHP Code:

<?php
$Errors = array();
if($Password != $Repeat_Password)
$Errors[] = 'The two passwords you entered do not match!';

if(empty($Errors))
{
//successful. No errors.
}
else
{
echo '<div class="alert-message warning">';
foreach($Errors AS $Error)
echo $Error.'<br />';
echo '</div>';
}
?>

Of course, I just wrote this, hence why indention is completely off. Oh well.

[NubPro]

Encrypt it with SALT

[XCON]

I've never actually used SALTs because I think they dont actually make anything safer if you have double md5 encryptions, but rather safe than sorry right?

I'm going to rewrite the whole usersystem into my new version of this design, the alert system wasn't the smartest way of making pages.

[Hexadecimal]

I've never actually used SALTs because I think they dont actually make anything safer if you have double md5 encryptions, but rather safe than sorry right?

I'm going to rewrite the whole usersystem into my new version of this design, the alert system wasn't the smartest way of making pages.

It makes it safer because if you had a password: "horse". The password would be encrypted as: "!@R!TYGHHN()!GGH)@Gmnvfu8`1horse" if your salt was "!@R!TYGHHN()!GGH)@Gmnvfu8`1". That makes it more than 100x harder to crack your passwords.

Double encryption is what vBulletin does. md5(md5($Password), $UserSalt);

[XCON]

I'll consider using SALTs in the future, but wouldn't it be safer to have a salt on each side of the password? Otherwise, you could just use SubStr on the password until you have removed the salt.

Code:

<?php

$salt = "ABBBCBCBCBBCBCBCBCB0109293839299292920902";
function enc($in) { return sha1($salt.md5($in).$salt); }

?>

That would be a much safer alternative.