Printable View
Okay I've decided to try and make a simple log-in system because I'm newer to PHP and want to get it down.
I'm setting registration restrictions and my problem is like take for example
It echos that on the next page but it still registers the user. Can somebody give me a script or function to stop the registration after a restriction is 'infracted?'PHP Code:if ($password != $password2)
{
echo "Passwords don't match";
}
I think that this will workPHP Code:<?php
if (!$password = $password2)
{
echo "Passwords don't match";
} else {
// code to be executed if the password are the same
}
?>
Quote:
Originally Posted by Airon
exit(); will end the script at that point.
Or if you want to do it a better way (IMO) use $error arrays, They would work like...PHP Code:if($password != $password2)
{
echo 'Passwords don\'t match';
exit();
}
PHP Code:if($_POST['some_info']) {
// Create empty array
$errors = array();
// Set password variables
$password = $_POST['password'];
$password2 = $_POST['password2'];
// Check them
if($password != $password2)
{
$errors[] = 'Passwords do not match';
}
// Check if errors are empty, If so, Register...
if(!strlen($errors))
{
// Registration part as errors array is empty
}
else
{
// Echo the error text
echo '<font color = "red">There seems to have been an error</font>';
// List errors from the array
foreach ($errors as $error)
{
echo $error . '<br />';
}
// Line breaks to drop this part from the main form
echo '<br /><br />';
}
}
// The registration form here.
Make a boolean called $valid, set it to true, once something is incorrect set it to false. Then in the end, check if its true. If so, execute any code that will process the data, else exit. This will display all errors, instead of 1.Quote:
Originally Posted by Airon
PHP Code:$valid = true;
if ($password != $password2)
{
echo 'Passwords do not match.';
$valid = false;
}
// do more checking here
if ($valid)
{
// process data
}
else
{
// do not process data
}
Nope, that is wrong. If you didQuote:
Originally Posted by AngryCat
it would've been correct.PHP Code:if (!($password == $password2))
Okay thanks Daev that worked until I added in checking the password part. I will post my whole file here for you or someone else to check. The problem that I'm having is that no matter what it says the passwords are incorrect! So if you guys could help that would be great.
PHP Code:<?
/* File name: reg_process.php */
/* File desc: Registers users under certain conditions */
/* Created by: VoilACMS Team */
//Require the database connector
require_once("../includes/db_fns.php");
//Start session
session_start();
//Set variables
$username = $_POST['username'];
$password = sha1($_POST['password']);
$passwordconf = $_POST['passwordconf'];
$email = $_POST['email'];
$emailconf = $_POST['emailconf'];
//Set Boolean
$valid = true;
/* This is where we set our registration restrictions */
/* Such as username length, password length, etc, etc */
{
//Check if form has been submitted first
if(isset($_POST['submit']))
//Check if all forms are filled out next
{ if(empty($_POST['username']) || empty($_POST['password']) || empty($_POST['passwordconf']) || empty($_POST['email']) || empty($_POST['emailconf']))
{
$valid = false;
echo "Not all forms are filled out. Please go back and try again.";
}
}
//Check if username is the right length
{ if (strlen($username)<1 || strlen($username) >16)
{
$valid = false;
echo "Username must be between 1 and 16 characters. Please go back and try again";
}
}
//Check if username is taken
{
$checkuser = mysql_query("SELECT username FROM user WHERE username='$username'");
$username_exist = mysql_num_rows($checkuser);
if($username_exist > 0)
{
$valid = false;
echo "I'm sorry but the username you specified has already been taken. Please pick another one.";
unset($username);
include 'index.php';
exit();
}
}
//Check if passwords match
{ if ($password != $passwordconf)
{
echo 'Passwords do not match.';
$valid = false;
}
}
//Check if emails match
{ if ($email != $emailconf)
{
$valid = false;
echo "I'm sorry but your Emails do not match. Please go back and try again.";
}
}
}
//If everything is correct register it!
if ($valid)
{
// Create a variable containing the SQL query.
$query = "INSERT INTO `user` (username, password, email) VALUES ('$username', '$password', '$email')";
// Perform the SQL query on the database.
$result = mysql_query($query);
}
else
{
exit();
}
?>
Perfect if you just want a page that dies and doesnt tell them the error(s) they made, Hence while i suggested to create an error array, Which would display all their errors for them to fix when they get returned to the registration part.Quote:
Originally Posted by Airon
If you leave this script up, I will edit it tonight when i get home to be in error arrays and you will see what i mean. Would do it now, But with england having decent weather (for once!), Im outside with the bbq and beers =]
Actually this does tell them the errors they made. I'm just saying the password check isn't working correctly and I don't know why. It says the passwords don't match even if they do.
Edit: I have found the problem.
It was comparing a encrypted password to a non-encrypted password. Silly mistake. Thanks to everyone who helped me out on this issue though. I learned a more effective way to code it.PHP Code:$password = sha1($_POST['password']);
$passwordconf = $_POST['passwordconf'];
Sorry, a little off topic, but thanks fook3d for that error array idea, I'm gonna commit that to memory and probably use it in future projects. =]
You could also use cases for error handling, just to let you know. :P
Oh damn, Your right. I should learn to not skim read when im thinking about doing something else. I apologise =]Quote:
Originally Posted by Airon
* Makes mental note to pay more attention in future *
On another note, Not saying much is wrong with this code already, But read through the comments and you may just see how you could use a form better and make it user friendly, Instead of exit(); if they get some errors in the input, Show them their errors, Give them the form again with all input already in there (Example given) and let them try a second time without having to complete the whole form again.
Note: There may be an error in the above, But the general idea is there, Its 3:24am, So any errors can be blamed on that i hope :)PHP Code:<?
/* File name: reg_process.php */
/* File desc: Registers users under certain conditions */
/* Created by: VoilACMS Team */
//Require the database connector
require_once("../includes/db_fns.php");
//Start session
session_start();
//Set variables
$username = $_POST['username'];
$password = sha1($_POST['password']);
$passwordconf = $_POST['passwordconf'];
$email = $_POST['email'];
$emailconf = $_POST['emailconf'];
//Set array
$errors = array();
/* This is where we set our registration restrictions */
/* Such as username length, password length, etc, etc */
//Check if form has been submitted first
if(isset($_POST['submit']))
{
//Check if all forms are filled out next
if(empty($_POST['username']) || empty($_POST['password']) || empty($_POST['passwordconf']) || empty($_POST['email']) || empty($_POST['emailconf']))
{
$errors[] = 'You did not fill in all the fields.';
}
//Check if username is the right length
if (strlen($username) < 1 || strlen($username) > 16)
{
$errors[] = 'Username needs to be between 1 and 16 characters in length.';
}
//Check if username is taken
$checkuser = mysql_query("SELECT username FROM user WHERE username='$username'");
$username_exist = mysql_num_rows($checkuser);
if($username_exist > 0)
{
$errors[] = 'Username is already taken, Please choose another.';
}
//Check if passwords match
if ($password != $passwordconf)
{
$errors[] = 'The passwords you entered did not match.';
}
//Check if emails match
if ($email != $emailconf)
{
$errors[] = 'The emails you entered did not match.';
}
//If everything is correct register it!
if (!strlen($errors))
{
// Create a variable containing the SQL query.
$query = "INSERT INTO `user` (username, password, email) VALUES ('$username', '$password', '$email')";
// Perform the SQL query on the database.
$result = mysql_query($query);
// Echo a result here...
echo 'Your account has been created, Click <a href = "new_page.php">here</a> to login.';
// Now you exit(); out so the form at the bottom doesnt show
exit();
}
else
{
// Count the errors..
$count = count($errors);
// Start the text to tell them they have error(s)
echo 'There seems to have been ' . $count . ' error';
// If the count() is above one, Add the s to make the errors plural
if($count > 1)
{
echo 's';
}
// Continue the message
echo ' in your registration.<br />';
// Start the list block
echo '<ul>';
// Loop all errors to show them what error(s) there are
foreach ($errors as $error)
{
echo '<li>' . $error . '</li>';
}
// End list block
echo '</ul>';
// Give a few lines, Because the form will show again...
echo '<br /><br />';
}
}
// Here is where you make it user friendly, By Giving them the form again, Not killing the whole page so they have to input it all again.
echo '<form action = "' . $_SERVER['PHP_SELF'] . '" method = "post">
<input type = "text" name = "username" value ="';
// Watch this space..
if(strlen($_POST['username']))
{
echo $_POST['username'];
}
// Continue with the form
echo '">
<input type = "submit" name = "submit" value = "Submit">
</form>';
?>
No problem, Glad i could help =]Quote:
Originally Posted by Schfoo
Never used a case (I dont think), Will look into it. Thanks
Well, I'm not sure that's the real name for the system, but the function is called switch();
Thanks for the feed back fook3d. I will deffenitly look into that. I think I will go ahead and use error arrays as well. After that I'm onto my next task. The logging in system :S
@Airon login system is not that hard !
mine :
just edit a bit and you will be fine !PHP Code:<?php
session_start();
include('config.php');
if($_POST['submit']){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "select `id` from `users` where `username`='$username' and `password`=MD5('$password') limit 1";
$query = mysql_query($sql);
if(mysql_num_rows($query) == 1){
// inloggen oke..
$_SESSION['username'] = "$username";
header("location: index2.php");
} else {
$error = '<font color="red">Error : Wrong username/password please try agian later.</font>';
}
}
?>
<html>
<body>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<input name="username" type="text" value="username">
<input name="password" type="password" value="password">
<p>
<input type="submit" name="submit" value="Submit">
</p>
</form>
</body>
</html>
Your script has no security, you should atleast try to escape the username string. The password input in perfectly safe as it is encrypted into MD5.Quote:
Originally Posted by passie
Also, you might want to add perl-like regex to give better warnings to the user.
See http://nl3.php.net/regex
Quote:
Originally Posted by Daevius
preg_replace() works well too, See below code:-
Edit: Note, This is my opinion only, But i see no use for anything other than numbers, letters, underscores and hyphens in a name. Anything else if just pointless, Again, Thats my opinionPHP Code:<?php
session_start();
include('config.php');
if($_POST['submit'])
{
// Preg_replace() will strip everything but alphanumeric values, Underscores and hythens.
$allowed = "/[^a-z0-9\\-\\_]/i";
$username = preg_replace($allowed, "", $_POST['username']);
// md5() the string for password and thats enough sanitation, md5 will return alpha numeric, Which is safe for input.
$password = md5($_POST['password']);
// sprintf() is always a good function
// Reference:- http://uk.php.net/sprintf
$sql = sprintf('select `id` from `users` where `username` = ("%s") and `password` = ("%s") limit 1', $username, $password);
// Mysql_error() reporting is always good for development stages.
$query = mysql_query($sql) or die (mysql_error());
if(mysql_num_rows($query) == 1)
{
// inloggen oke..
$_SESSION['username'] = "$username";
header("location: index2.php");
}
else
{
$error = '<font color="red">Error : Wrong username/password please try agian later.</font>';
}
}
?>
<html>
<body>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<?
// Dont let anything but alphanumeric values, Underscores and hythens... see preg_replace() in the above code.
?>
Enter username below<br />
<input name="username" type="text" value="username">
<input name="password" type="password" value="password">
<p>
<input type="submit" name="submit" value="Submit">
</p>
</form>
</body>
</html>
its bit off-topic but how i change if email got a @ and a . ?Quote:
Originally Posted by Daevius
sorry :$
Change to what? You can use regex to check the validity of the email-adress if thats what you want...Quote:
Originally Posted by passie