TalkPHP - View Single Post

StevenF · 02-14-2008, 09:57 PM

I think I'm nearly done now, thanks everyone for your input so far:

PHP Code:


			
<?php

    //Database Structure
        //Setting username and password
        $username="";
        $password="";
        $database="scotlandbands";
        
        //Start connection to database
        $connection = mysql_connect($localhost, $username, $password) or die ('<strong>MySQL Error:</strong>'.mysql_error());
        mysql_select_db($database) or die ('<strong>MySQL Error:</strong>'.mysql_error());
        
    
    //setting variables 
    $reg_username = mysql_real_escape_string($_POST['reg_username']);
    $md5reg_password = mysql_real_escape_string($_POST['reg_password']);
    $reg_pass_conf = mysql_real_escape_string($_POST['reg_pass_conf']);
    $reg_email = mysql_real_escape_string($_POST['reg_email']);

    
    //Error array
    $errors = array();
        //Check if the following exist
        
        //If no username display error
        if(!$reg_username) {
            $errors[] = "Username is not defined!";
        }
        
        //If no password display error
        if(!$reg_password) {
            $errors[] = "Password is not defined!";
        }
        
        //if no password and no password comfirmation display error
        if($reg_password) {
            if(!$reg_pass_conf) {
                $errors[] = "Confirmation password is not defined!";
            }
        }
        
        //if no email display error
        if(!$reg_email) {
            $errors[] = "Email is not defined!";
        }
        
        //If passwords do not mach display error
        if ($reg_password && $reg_pass_conf) {
            if ($reg_password != $reg_pass_conf) {
                $errors[] = "Passwords do not match!";
            }
        }
        
        //Split errors up and show them
        if (count($errors) > 0) {
            foreach($errors AS $error) {
                echo $error . "<br>\n";
            }
        } else {
            
    //creating a query that inserts the data into the database
    $query = 'INSERT INTO users SET        user_name = "'.($reg_username).'",
                                        email = "'.($reg_email).'",
                                        user_pass = "'.md5($reg_password).'",
                                        user_pass_conf = "'.($reg_pass_conf).'"';
    
    //execcute a query on a MySQL database
    $result = mysql_query($query);
    
    //Message
    echo "Thank you for registering, you can now log in";
    }
    
?>

I'm still having problems with MD5 encryption. Could someone please look over that and check that I'm using it properly?

Also, would I have to create a piece of code on every page the user visits, checking if they are logged in or not? Otherwise they could visit the page if they knew the URL, without logging in.

02-14-2008, 09:57 PM	#21 (permalink)
StevenF The Contributor Join Date: Jan 2008 Posts: 87 Thanks: 49	I think I'm nearly done now, thanks everyone for your input so far: PHP Code: <?php //Database Structure //Setting username and password $username=""; $password=""; $database="scotlandbands"; //Start connection to database $connection = mysql_connect($localhost, $username, $password) or die ('<strong>MySQL Error:</strong>'.mysql_error()); mysql_select_db($database) or die ('<strong>MySQL Error:</strong>'.mysql_error()); //setting variables $reg_username = mysql_real_escape_string($_POST['reg_username']); $md5reg_password = mysql_real_escape_string($_POST['reg_password']); $reg_pass_conf = mysql_real_escape_string($_POST['reg_pass_conf']); $reg_email = mysql_real_escape_string($_POST['reg_email']); //Error array $errors = array(); //Check if the following exist //If no username display error if(!$reg_username) { $errors[] = "Username is not defined!"; } //If no password display error if(!$reg_password) { $errors[] = "Password is not defined!"; } //if no password and no password comfirmation display error if($reg_password) { if(!$reg_pass_conf) { $errors[] = "Confirmation password is not defined!"; } } //if no email display error if(!$reg_email) { $errors[] = "Email is not defined!"; } //If passwords do not mach display error if ($reg_password && $reg_pass_conf) { if ($reg_password != $reg_pass_conf) { $errors[] = "Passwords do not match!"; } } //Split errors up and show them if (count($errors) > 0) { foreach($errors AS $error) { echo $error . "<br>\n"; } } else { //creating a query that inserts the data into the database $query = 'INSERT INTO users SET user_name = "'.($reg_username).'", email = "'.($reg_email).'", user_pass = "'.md5($reg_password).'", user_pass_conf = "'.($reg_pass_conf).'"'; //execcute a query on a MySQL database $result = mysql_query($query); //Message echo "Thank you for registering, you can now log in"; } ?> I'm still having problems with MD5 encryption. Could someone please look over that and check that I'm using it properly? Also, would I have to create a piece of code on every page the user visits, checking if they are logged in or not? Otherwise they could visit the page if they knew the URL, without logging in. __________________ My Personal and Photo Blog Last edited by StevenF : 02-15-2008 at 01:03 AM.