[PHP][SOURCE] User System
Rhys requested a user system to be coded when I released the Guestbook script, so I did it.
Anyway, EVERYTHING you will need is below.
There are no images, css, js sheets or anything like that.
config.php
PHP Code:
<?php
//mysql connection stuff
$db[name] = 'usersys';
$db[pass] = 'hello123';
$db[user] = 'root';
$db[host] = 'localhost';
$db[conn] = @mysql_connect($db[host], $db[user], $db[pass]) or die ('Sorry, I can not connect to your MySQL Database!');
mysql_select_db($db[name]) or die ('Sorry, I can not open your MySQL Database!');
//mysql connection stuff
//check if user is logged in
$uc = mysql_query("SELECT * FROM users WHERE `id` = '$_COOKIE[simp_id]'");
if(mysql_num_rows($uc) == 0){
setcookie("simp_id", "", time() + 10800);
setcookie("simp_pass", "", time() + 10800);
setcookie("simp_sec", "", time() + 10800);
}else{
$r = mysql_fetch_array($uc);
if($r["id"]){
if($_COOKIE['simp_pass'] == $r["pass"]){
if($_COOKIE['simp_sec'] == md5($r["ip"])){
$in = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE `id` = '$_COOKIE[simp_id]'"));
}
}
}
}
//check if user is logged in
//site configuration
$site[title] = 'm0nsta. Usersystem';
$site[maintenance] = '0'; //0 = no maintenance || 1 = in maintenance mode
$admin = 'Mark Eriksson'; //your name!
$reg_email = '1'; //if set to '1', the system will send an email to the the user registering when they have completed the registration process, if set to '0', it wont!
//site configuration
?>
index.php
PHP Code:
<?php
ob_start();
include 'config.php';
?>
<html>
<head>
<title><?php echo $site[title]; ?> - Home</title>
<style type="text/css">
body, input, select, table, tr, td, textarea {
font-family: Verdana;
font-size: 11px;
}
h1, h2, h3 {
font-family: Verdana;
}
a {
color: #000000;
font-weight: bold;
text-decoration: none;
}
label {
font-family: Verdana;
font-size: 11px;
font-weight: bold;
}
a:hover {
text-decoration: underline;
}
form {
padding: 0;
margin: 0;
}
</style>
</head>
<body>
<h1>Welcome to <?php echo $site[title]; ?>!</h1>
<?php
if($in[username]){
echo 'Hello <b>'.$in[username].'</b>
<ul>
<li><a href="profile.php?user='.$in[username].'">My Profile</a></li>
<li><a href="members.php">Members List</a></li>
<li><a href="edit.php?do=pass">Edit Password</a></li>
<li><a href="edit.php?do=email">Edit E-Mail</a></li>
<li><a href="edit.php?do=details">Edit Details</a></li>
<li><a href="logout.php">Logout</a></li>';
}else{
echo 'It appears you are not logged in!<br />Why not <a href="login.php">login</a> or <a href="register.php">register</a> an account?';
}
?>
</html>
<?php
ob_flush();
?>
login.php
PHP Code:
<?php
ob_start();
include 'config.php';
?>
<html>
<head>
<title><?php echo $site[title]; ?> - Login</title>
<style type="text/css">
body, input, select, table, tr, td, textarea {
font-family: Verdana;
font-size: 11px;
}
h1, h2, h3 {
font-family: Verdana;
}
a {
color: #000000;
font-weight: bold;
text-decoration: none;
}
label {
font-family: Verdana;
font-size: 11px;
font-weight: bold;
}
a:hover {
text-decoration: underline;
}
form {
padding: 0;
margin: 0;
}
</style>
</head>
<body>
<h1>Welcome to <?php echo $site[title]; ?>!</h1>
<?php
if($in[username]){
echo 'You are already logged in as <b>'.$in[username].'</b><br /><a href="index.php">Home</a>';
}elseif($_POST['login']){
$user = strip_tags($_POST['user']);
$pass = md5(strip_tags($_POST['pass']));
if(!$user || !$pass){
echo 'All fields are required!<br /><a href="login.php">Back</a>';
}else{
$check = mysql_query("SELECT * FROM users WHERE `username` = '$user'");
if(mysql_num_rows($check) == 0){
echo 'Sorry, the user <b>'.$user.'</b> does not exist!<br /><a href="login.php">Back</a>';
}else{
$r = mysql_fetch_array($check);
if($pass !== $r["pass"]){
echo 'The password does not match the one attached to the account!<br /><a href="login.php">Back</a>';
}else{
$ip = $_SERVER['REMOTE_ADDR'];
setcookie("simp_id", $r["id"], time() + 10800);
setcookie("simp_pass", $r["pass"], time() + 10800);
setcookie("simp_sec", md5($ip), time() + 10800);
echo 'You have successfully logged in as <b>'.$user.'</b>, go <a href="index.php">home</a>.';
}
}
}
}else{
echo '<form method="post">
<table>
<tr>
<td><label>Username:</label></td>
<td><input type="text" name="user" size="40" maxlength="30"></td>
</tr>
<tr>
<td><label>Password:</label></td>
<td><input type="password" name="pass" size="40" maxlength="40"></td>
</tr>
</table>
<input type="submit" name="login" value="Login!">
</form>
Don\'t have an account? <a href="register.php">Register</a> one now!';
}
?>
</html>
<?php
ob_flush();
?>
register.php
PHP Code:
<?php
ob_start();
include 'config.php';
?>
<html>
<head>
<title><?php echo $site[title]; ?> - Register</title>
<style type="text/css">
body, input, select, table, tr, td, textarea {
font-family: Verdana;
font-size: 11px;
}
h1, h2, h3 {
font-family: Verdana;
}
a {
color: #000000;
font-weight: bold;
text-decoration: none;
}
label {
font-family: Verdana;
font-size: 11px;
font-weight: bold;
}
a:hover {
text-decoration: underline;
}
form {
padding: 0;
margin: 0;
}
</style>
</head>
<body>
<h1>Welcome to <?php echo $site[title]; ?>!</h1>
<?php
if($in[username]){
echo 'It appears you are already logged in as <b>'.$in[username].'</b>!<br /><a href="index.php">Home</a>';
}elseif($_POST['register']){
$user = strip_tags($_POST['user']);
$pass1 = md5(strip_tags($_POST['pass1']));
$pass2 = md5(strip_tags($_POST['pass2']));
$email1 = strip_tags($_POST['email1']);
$email2 = strip_tags($_POST['email2']);
$joindate = date("F jS Y");
$ip = $_SERVER['REMOTE_ADDR'];
if(!$user || !$pass1 || !$pass2 || !$email1 || !$email2){
echo 'All fields are required!<br /><a href="register.php">Back</a>';
}else{
if($pass1 != $pass2){
echo 'The two passwords do not match!<br /><a href="register.php">Back</a>';
}else{
if($email1 != $email2){
echo 'The two E-Mail addresses do not match!<br /><a href="register.php">Back</a>';
}else{
if(strpos($email1, ".") == false || strpos($email1, "@") == false || strpos($email2, ".") == false || strpos($email2, ".") == false){
echo 'You must enter a valid E-Mail!<br /><a href="register.php">Back</a>';
}else{
$check_user = mysql_query("SELECT * FROM users WHERE `username` = '$user'");
$check_email = mysql_query("SELECT * FROM users WHERE `email` = '$email1'");
if(mysql_num_rows($check_user) == 1){
echo 'The user <b>'.$user.'</b> already exists!<br /><a href="register.php">Back</a>';
}else{
if(mysql_num_rows($check_email) == 1){
echo 'A user has already registered with the email <b>'.$email1.'</b><br /><a href="register.php">Back</a>';
}else{
mysql_query("INSERT INTO `users` (`username`, `pass`, `email`, `ip`, `joindate`) VALUES ('$user', '$pass1', '$email1', '$ip', '$joindate');");
echo 'You have successfully registered as <b>'.$user.'</b>!';
if($reg_email == '1'){
mail($email1, 'Registration at '.$site[title], 'You have registered at '.$site[title].' as '.$user.'!', 'From: '.$admin.' <no.reply@'.$_SERVER['SERVER_NAME'].'>') or die('We could not send an E-Mail to '.$email1.'!');
}
}
}
}
}
}
}
}else{
echo '<form method="post">
<table>
<tr>
<td><label>Username:</label></td>
<td><input type="text" name="user" size="40" maxlength="30"></td>
</tr>
<tr>
<td><label>Password:</label></td>
<td><input type="password" name="pass1" size="40" maxlength="40"></td>
</tr>
<tr>
<td><label>Confirm Password:</label></td>
<td><input type="password" name="pass2" size="40" maxlength="40"></td>
</tr>
<tr>
<td><label>E-Mail Address:</label></td>
<td><input type="text" name="email1" size="40" maxlength="150"></td>
</tr>
<tr>
<td><label>Confirm E-Mail Address:</label></td>
<td><input type="text" name="email2" size="40" maxlength="150"></td>
</tr>
</table>
<input type="submit" name="register" value="Register!">
</form>';
}
?>
</html>
<?php
ob_flush();
?>
members.php
PHP Code:
<?php
ob_start();
include 'config.php';
?>
<html>
<head>
<title><?php echo $site[title]; ?> - Members List</title>
<style type="text/css">
body, input, select, table, tr, td, textarea {
font-family: Verdana;
font-size: 11px;
}
h1, h2, h3 {
font-family: Verdana;
}
a {
color: #000000;
font-weight: bold;
text-decoration: none;
}
label {
font-family: Verdana;
font-size: 11px;
font-weight: bold;
}
a:hover {
text-decoration: underline;
}
form {
padding: 0;
margin: 0;
}
</style>
</head>
<body>
<h1>Welcome to <?php echo $site[title]; ?>!</h1>
<?php
if($in[username]){
echo '<h2>Members list.</h2>';
$users = mysql_query("SELECT * FROM users ORDER BY `id`");
if(mysql_num_rows($users) == 0){
echo 'Sorry, there are no users registered!<br /><a href="index.php">Home</a>';
}else{
echo '<table><tr><th>username</th><th>user id</th><th>location</th><th>email</th></tr>';
while($r = mysql_fetch_array($users)){
$username = $r["username"];
$id = $r["id"];
$location = $r["location"];
$email = $r["email"];
echo '<tr><td><a href="profile.php?user='.$username.'" target="_blank">'.$username.'</a></td><td>'.$id.'</td><td>'.$location.'</td><td>'.$email.'</td></tr>';
}
echo '</table>';
}
}else{
echo 'You are not logged in so you can not view the members list!<br /><a href="login.php">Login</a>, <a href="register.php">register</a> or go <a href="index.php">home</a>.';
}
?>
</html>
<?php
ob_flush();
?>
profile.php
PHP Code:
<?php
ob_start();
include 'config.php';
?>
<html>
<head>
<title><?php echo $site[title]; ?> - Profile Page</title>
<style type="text/css">
body, input, select, table, tr, td, textarea {
font-family: Verdana;
font-size: 11px;
}
h1, h2, h3 {
font-family: Verdana;
}
a {
color: #000000;
font-weight: bold;
text-decoration: none;
}
label {
font-family: Verdana;
font-size: 11px;
font-weight: bold;
}
a:hover {
text-decoration: underline;
}
form {
padding: 0;
margin: 0;
}
</style>
</head>
<body>
<h1>Welcome to <?php echo $site[title]; ?>!</h1>
<?php
if($in[username]){
if(isset($_GET['user']) && strlen($_GET['user']) > 0){
$n = strip_tags($_GET['user']);
$check = mysql_query("SELECT * FROM users WHERE `username` = '$n'");
if(mysql_num_rows($check) == 0){
echo 'The user <b>'.$n.'</b> does not exist!';
}else{
$r = mysql_fetch_array($check);
echo '<h1>Profile of '.$r["username"].'</h1>
<table>
<tr>
<td><label>Username:</label></td>
<td>'.$r["username"].'</td>
</tr>
<tr>
<td><label>User ID:</label></td>
<td>'.$r["id"].'</td>
</tr>
<tr>
<td><label>E-Mail:</label></td>
<td>'.$r["email"].'</td>
</tr>
<tr>
<td><label>Location:</label></td>
<td>'.$r["location"].'</td>
</tr>
<tr>
<td><label>Biography:</label></td>
<td>'.$r["bio"].'</td>
</tr>
</table>';
if($n == $in[username]){
echo '<br /><br /><br /><br /><a href="edit.php">Edit your profile</a>';
}
}
}else{
echo 'No username has been set!<br />Go to the <a href="members.php">members</a> page or go <a href="index.php">home</a>';
}
}else{
echo 'You are not logged in so you can not view user profiles!<br /><a href="index.php">Home</a>';
}
?>
</html>
<?php
ob_flush();
?>
edit.php
PHP Code:
<?php
ob_start();
include 'config.php';
?>
<html>
<head>
<title><?php echo $site[title]; ?> - Edit your Profile</title>
<style type="text/css">
body, input, select, table, tr, td, textarea {
font-family: Verdana;
font-size: 11px;
}
h1, h2, h3 {
font-family: Verdana;
}
a {
color: #000000;
font-weight: bold;
text-decoration: none;
}
label {
font-family: Verdana;
font-size: 11px;
font-weight: bold;
}
a:hover {
text-decoration: underline;
}
form {
padding: 0;
margin: 0;
}
</style>
</head>
<body>
<h1>Welcome to <?php echo $site[title]; ?>!</h1>
<?php
if($in[username]){
if(isset($_GET['do']) && strlen($_GET['do']) > 0){
$do = strip_tags($_GET['do']);
if($do == 'pass'){
if($_POST['save']){
$old = md5(strip_tags($_POST['old']));
$new1 = md5(strip_tags($_POST['new1']));
$new2 = md5(strip_tags($_POST['new2']));
if(!$old || !$new1 || !$new2){
echo 'All fields are required!<br /><a href="edit.php?do=pass">Back</a>';
}else{
if($new1 !== $new2){
echo 'The two new passwords do not match!<br /><a href="edit.php?do=pass">Back</a>';
}else{
if($old !== $in["pass"]){
echo 'The password you entered does not match the one attached to your account.<br /><a href="edit.php?do=pass">Back</a>';
}else{
mysql_query("UPDATE `users` SET `pass` = '$new1' WHERE `username` = '$in[username]'");
echo 'Your password has been changed!<br /><b>YOU MAY BE ASKED TO LOG IN AGAIN!</b><a href="index.php">Home</a>';
}
}
}
}else{
echo '<form method="post">
<table>
<tr>
<td><label>Old Password:</label></td>
<td><input type="password" name="old" size="40" maxlength="40"></td>
</tr>
<tr>
<td><label>New Password:</label></td>
<td><input type="password" name="new1" size="40" maxlength="40"></td>
</tr>
<tr>
<td><label>Confirm New Password:</label></td>
<td><input type="password" name="new2" size="40" maxlength="40"></td>
</tr>
</table>
<input type="submit" name="save" value="Update Password">
</form>';
}
}elseif($do == 'email'){
if($_POST['save']){
$old = strip_tags($_POST['old']);
$new1 = strip_tags($_POST['new1']);
$new2 = strip_tags($_POST['new2']);
if(!$old || !$new1 || !$new2){
echo 'All fields are required!<br /><a href="edit.php?do=email">Back</a>';
}else{
if($new1 !== $new2){
echo 'The two new emails do not match!<br /><a href="edit.php?do=email">Back</a>';
}else{
if(strpos($new1, ".") == false || strpos($new1, "@") == false || strpos($new2, ".") == false || strpos($new2, "@") == false){
echo 'You must enter valid emails!<br /><a href="edit.php?do=email">Back</a>';
}else{
mysql_query("UPDATE `users` SET `email` = '$new1' WHERE `username` = '$in[username]'");
echo 'Your email been saved!<br />Go to <a href="profile.php?user='.$in[username].'">my profile</a> or go <a href="index.php">home</a>';
}
}
}
}else{
echo '<form method="post">
<table>
<tr>
<td><label>Old E-Mail Address:</label></td>
<td><input type="text" name="old" size="40" size="150"></td>
</tr>
<tr>
<td><label>New E-Mail Address:</label></td>
<td><input type="text" name="new1" size="40" size="150"></td>
</tr>
<tr>
<td><label>Confirm New E-Mail Address:</label></td>
<td><input type="text" name="new2" size="40" size="150"></td>
</tr>
</table>
<input type="submit" name="save" value="Update E-Mail Address">
</form>';
}
}elseif($do == 'details'){
if($_POST['save']){
$location = strip_tags($_POST['location']);
$bio = strip_tags($_POST['bio']);
$bio = str_replace('
', '<br />', $bio);
if(!$location || !$bio){
echo 'All fields are required!<br /><a href="edit.php?do=details">Back</a>';
}else{
mysql_query("UPDATE `users` SET `location` = '$location', `bio` = '$bio' WHERE `username` = '$in[username]'");
echo 'Your details have been saved!<br />Go to <a href="profile.php?user='.$in[username].'">my profile</a> or go <a href="index.php">home</a>';
}
}else{
echo '<form method="post">
<table>
<tr>
<td><label>Location:</label></td>
<td><input type="text" name="location" size="40" maxlength="90" value="'.$r["location"].'"></td>
</tr>
<tr>
<td><label>Biography:</label></td>
<td><textarea cols="30" rows="5" name="bio">'.$r["bio"].'</textarea></td>
</tr>
</table>
<input type="submit" name="save" value="Update Details">
</form>';
}
}else{
echo '<ul><li><a href="edit.php?do=pass">Edit Password</a></li><li><a href="edit.php?do=email">Edit E-Mail</a></li><li><a href="edit.php?do=details">Edit Details</a></li></ul>';
}
}else{
echo '<ul><li><a href="edit.php?do=pass">Edit Password</a></li><li><a href="edit.php?do=email">Edit E-Mail</a></li><li><a href="edit.php?do=details">Edit Details</a></li></ul>';
}
}else{
echo 'You are not logged in so you can not edit anything!<br /><a href="login.php">Login</a> or <a href="register.php">register</a>!';
}
?>
</html>
<?php
ob_flush();
?>
logout.php
PHP Code:
<?php
ob_start();
include 'config.php';
?>
<html>
<head>
<title><?php echo $site[title]; ?> - Logout</title>
<style type="text/css">
body, input, select, table, tr, td, textarea {
font-family: Verdana;
font-size: 11px;
}
h1, h2, h3 {
font-family: Verdana;
}
a {
color: #000000;
font-weight: bold;
text-decoration: none;
}
label {
font-family: Verdana;
font-size: 11px;
font-weight: bold;
}
a:hover {
text-decoration: underline;
}
form {
padding: 0;
margin: 0;
}
</style>
</head>
<body>
<h1>Welcome to <?php echo $site[title]; ?>!</h1>
<?php
if($in[username]){
if($_POST['yes']){
setcookie("simp_id", "", time() + 10800);
setcookie("simp_pass", "", time() + 10800);
setcookie("simp_sec", "", time() + 10800);
echo 'You have successfully logged out!<br /><a href="index.php">Home</a>';
}elseif($_POST['no']){
header("Location: index.php");
}else{
echo 'Are you sure you want to logout?<form method="post"><input type="submit" name="yes" value="Yes"> <input type="submit" name="no" value="No"></form>';
}
}else{
echo 'You are not logged in!<br />Go <a href="index.php">home</a> or <a href="login.php">login</a>.';
}
?>
</html>
<?php
ob_flush();
?>
MySQL.sql
PHP Code:
-- phpMyAdmin SQL Dump
-- version 3.2.0.1
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Aug 31, 2009 at 03:36 PM
-- Server version: 5.1.37
-- PHP Version: 5.3.0
SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
--
-- Database: `usersys`
--
-- --------------------------------------------------------
--
-- Table structure for table `users`
--
CREATE TABLE IF NOT EXISTS `users` (
`id` int(90) NOT NULL AUTO_INCREMENT,
`username` varchar(30) NOT NULL,
`pass` varchar(700) NOT NULL,
`ip` varchar(90) NOT NULL,
`email` varchar(150) NOT NULL,
`joindate` varchar(90) NOT NULL,
`location` varchar(90) NOT NULL,
`bio` longtext NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
--
-- Dumping data for table `users`
--
INSERT INTO `users` (`id`, `username`, `pass`, `ip`, `email`, `joindate`, `location`, `bio`) VALUES
(1, 'Demo', '91017d590a69dc49807671a51f10ab7f', '127.0.0.1', 'demo@site.com', 'August 31st 2009', 'Earth', 'Hello there!\r\n\r\nUsersystem script by m0nsta.');
Feeling lazy? Download the ZIP Archive.
Screenshots
http://i30.tinypic.com/xeenwg.png
http://i30.tinypic.com/1rd6i8.png
http://i31.tinypic.com/33kwsi8.png
http://i27.tinypic.com/wuf7z4.png
The least you could do is add credits :)
- m0nsta.
PLEASE VOTE ON THE POLL!
Re: [PHP][SOURCE] User System
You should use a style sheet, rather then posting the css on every single page. Other than that, the script is simple, and effective.
Re: [PHP][SOURCE] User System
Why that strip tags at password? And indeed, external stylesheet is imo a need.
Re: [PHP][SOURCE] User System
Quote:
Originally Posted by
foxx
Why that strip tags at password? And indeed, external stylesheet is imo a need.
When I was learning PHP, I got told to use strip_tags(); on every user-editable field when inputting to mysql, so yeah, what ever.
Re: [PHP][SOURCE] User System
Help!!
Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/London' for '0.0/no DST' instead in C:\xampp\htdocs\simple_usersystem\register.php on line 46
You have successfully registered as Jack!
Warning: mail() [function.mail]: Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set() in C:\xampp\htdocs\simple_usersystem\register.php on line 71
We could not send an E-Mail to [MY EMAIL ADRESS]
on register.php
Re: [PHP][SOURCE] User System
Quote:
Originally Posted by
Monsta.
When I was learning PHP, I got told to use strip_tags(); on every user-editable field when inputting to mysql, so yeah, what ever.
Only use that, when the field is a message field, or you can enter in more than one word.
ALSO your code is insecure, you need to use the mysql_real_escape_string function in order to prevent SQL Injections!!!!! The strip_tags function is NOT enough!
Quote:
Originally Posted by
Hablake
Help!!
Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/London' for '0.0/no DST' instead in C:\xampp\htdocs\simple_usersystem\register.php on line 46
You have successfully registered as Jack!
Warning: mail() [function.mail]: Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set() in C:\xampp\htdocs\simple_usersystem\register.php on line 71
We could not send an E-Mail to [MY EMAIL ADRESS]
on register.php
1. You'll need to suppress the warning for the date function. In order to do that, you'll need to apply an @ sign to each of the date functions.
Example:
Replace
Code:
$joindate = date("F jS Y");
With
Code:
$joindate = @date("F jS Y");
2. PHP cannot connect to your mail port, which probably means you configured it incorrectly or your host has blocked port 25 (Many do in order to prevent spam). You'll either need to fix yoru configuration to a workable port or simply disable the emailing (Comment out the lines with the mail function).
~Shadow14l
Re: [PHP][SOURCE] User System
Quote:
Originally Posted by
Shadow14l
Only use that, when the field is a message field, or you can enter in more than one word.
ALSO your code is insecure, you need to use the mysql_real_escape_string function in order to prevent SQL Injections!!!!! The strip_tags function is NOT enough!
~Shadow14l
+1 on this.
Code:
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
Above is example code of how to use the mysql_real_escape_string.
Below I have updated your code for the registration page. I did not test it, didn't have time to install the script and test it. It should work, and should protect the registration script from SQL injection. You will need to do this on the rest of your pages that interact with the SQL server.
Code:
<?php
ob_start();
include 'config.php';
?>
<html>
<head>
<title><?php echo $site[title]; ?> - Register</title>
<style type="text/css">
body, input, select, table, tr, td, textarea {
font-family: Verdana;
font-size: 11px;
}
h1, h2, h3 {
font-family: Verdana;
}
a {
color: #000000;
font-weight: bold;
text-decoration: none;
}
label {
font-family: Verdana;
font-size: 11px;
font-weight: bold;
}
a:hover {
text-decoration: underline;
}
form {
padding: 0;
margin: 0;
}
</style>
</head>
<body>
<h1>Welcome to <?php echo $site[title]; ?>!</h1>
<?php
if($in[username]){
echo 'It appears you are already logged in as <b>'.$in[username].'</b>!<br /><a href="index.php">Home</a>';
}elseif($_POST['register']){
$user = strip_tags($_POST['user']);
$pass1 = md5(strip_tags($_POST['pass1']));
$pass2 = md5(strip_tags($_POST['pass2']));
$email1 = strip_tags($_POST['email1']);
$email2 = strip_tags($_POST['email2']);
$joindate = @date("F jS Y");
$ip = $_SERVER['REMOTE_ADDR'];
if(!$user || !$pass1 || !$pass2 || !$email1 || !$email2){
echo 'All fields are required!<br /><a href="register.php">Back</a>';
}else{
if($pass1 != $pass2){
echo 'The two passwords do not match!<br /><a href="register.php">Back</a>';
}else{
if($email1 != $email2){
echo 'The two E-Mail addresses do not match!<br /><a href="register.php">Back</a>';
}else{
if(strpos($email1, ".") == false || strpos($email1, "@") == false || strpos($email2, ".") == false || strpos($email2, ".") == false){
echo 'You must enter a valid E-Mail!<br /><a href="register.php">Back</a>';
}else{
$check_user = mysql_query("SELECT * FROM users WHERE `username` = '$user'",
mysql_real_escape_string($user));
$check_email = mysql_query("SELECT * FROM users WHERE `email` = '$email1'",
mysql_real_escape_string($email1));
if(mysql_num_rows($check_user) == 1){
echo 'The user <b>'.$user.'</b> already exists!<br /><a href="register.php">Back</a>';
}else{
if(mysql_num_rows($check_email) == 1){
echo 'A user has already registered with the email <b>'.$email1.'</b><br /><a href="register.php">Back</a>';
}else{
mysql_query("INSERT INTO `users` (`username`, `pass`, `email`, `ip`, `joindate`) VALUES ('$user', '$pass1', '$email1', '$ip', '$joindate');",
mysql_real_escape_string($user),
mysql_real_escape_string($pass1),
mysql_real_escape_string($email1),
mysql_real_escape_string($ip),
mysql_real_escape_string($joindate);
echo 'You have successfully registered as <b>'.$user.'</b>!';
if($reg_email == '1'){
mail($email1, 'Registration at '.$site[title], 'You have registered at '.$site[title].' as '.$user.'!', 'From: '.$admin.' <no.reply@'.$_SERVER['SERVER_NAME'].'>') or die('We could not send an E-Mail to '.$email1.'!');
}
}
}
}
}
}
}
}else{
echo '<form method="post">
<table>
<tr>
<td><label>Username:</label></td>
<td><input type="text" name="user" size="40" maxlength="30"></td>
</tr>
<tr>
<td><label>Password:</label></td>
<td><input type="password" name="pass1" size="40" maxlength="40"></td>
</tr>
<tr>
<td><label>Confirm Password:</label></td>
<td><input type="password" name="pass2" size="40" maxlength="40"></td>
</tr>
<tr>
<td><label>E-Mail Address:</label></td>
<td><input type="text" name="email1" size="40" maxlength="150"></td>
</tr>
<tr>
<td><label>Confirm E-Mail Address:</label></td>
<td><input type="text" name="email2" size="40" maxlength="150"></td>
</tr>
</table>
<input type="submit" name="register" value="Register!">
</form>';
}
?>
</html>
<?php
ob_flush();
?>
EDIT: Also, the correct date function was updated in this, should remove the error Hablake mentioned.