TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Script Giveaway (http://www.talkphp.com/script-giveaway/)
-   -   User system (http://www.talkphp.com/script-giveaway/1608-user-system.html)

Swordbeta 12-04-2007 09:46 PM
User system
 
Nothing special but it's much for me :P


HTML Code:
<?php
$dbname = 'DBNAME';
$dbuser = 'DBPUSER';
$dbpass = 'DBPASS';
mysql_connect("localhost", $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());
?>
HTML Code:
<?php
include('config.php');
mysql_query("CREATE TABLE users (
id int(10) unsigned NOT NULL auto_increment,
Username varchar(15) default NULL,
Password_MD5 varchar(250) default NULL,
Email varchar(42) default NULL,
Join_date varchar(25) default NULL,
IP varchar(35) default NULL,
PRIMARY KEY (id)
)")or die(mysql_error()); 
?>
HTML Code:
<?php
include("config.php");
if(isset($_COOKIE['Username']) && isset($_COOKIE['login']) && isset($_COOKIE['id'])){
echo "<div class='error_msg'>ERROR: You have already a account.</div>";
}else{
if(!isset($_GET['act'])){
?>
<b>Fill in your account details to register.</b><br>
<form action='register.php?act=reg' method='post'>
<p>Username:<input type='text' name='user'></p>
<p>Password: <input type='password' name='pass'></p>
<p>Confirm Password: <input type='password' name='pass2'></p>
<p>E-Mail: <input type='text' name='email'></p>
<script> document.write("<p><input type='submit' value='Register'></p>"); </script><p><noscript><div class='error_msg'>ERROR: Please enable javascript to register.</div></noscript></p>
</form>
<?
}
if($_GET['act']=='reg'){
$a = $_POST['user'];
$b = $_POST['pass'];
$c = $_POST['pass2'];
$d = $_POST['email'];
$e = 0;
if($a==''){
echo "<div class='error_msg'>ERROR: Please fill in your username.</div>";
$e = 1;
}
if(strlen($a)>15 || strlen($a)<5 && $e!=1){
echo "<div class='error_msg'>ERROR: Your username must be between 5-15 characters.</div>";
$e=1;
}
if($b=='' && $e!=1){
echo "<div class='error_msg'>ERROR: Please fill in your password.</div>";
$e = 1;
}
if(strlen($b)>20 || strlen($b)<5 && $e!=1){
echo "<div class='error_msg'>ERROR: Your password must be between 5-20 characters.</div>";
$e = 1;
}
if($b!=$c && $e!=1){
echo "<div class='error_msg'>ERROR: Passwords didn't matched.</div>";
$e = 1;
}
if(!strstr($d, "@") && !strstr($d, ".") && $e!=1){
echo "<div class='error_msg'>ERROR: Please enter a real email address in.</div>";
$e = 1;
}
if($e==0){
$query = "SELECT * FROM users WHERE Username = '$a'";
$result = mysql_query($query) or die(mysql_error($query));
$checkdone = mysql_num_rows($result);
if($checkdone==1){
echo "<div class='error_msg'>ERROR: Username is already taken.</div>";
}else{
$username = mysql_real_escape_string($a);
$password = md5(mysql_real_escape_string($b));
$email = mysql_real_escape_string($d);
$join_date = date('dS \of F Y');
$ip = $_SERVER['REMOTE_ADDR'];
mysql_query("INSERT INTO users
(Username, Password_MD5, Email, Join_date, IP) VALUES('$username', '$password', '$email', '$join_date', '$ip' ) ")
or die(mysql_error());
echo "<b>Registration was successful!</b>";
}}
}}
?>
HTML Code:
<?php
include("config.php");
if(isset($_COOKIE['Username']) && isset($_COOKIE['login']) && isset($_COOKIE['id'])){
echo "ERROR: Your already logged in.";
}else{
if(!isset($_GET['act'])){
?>
<b>Fill in your account details to login.</b><br>
<form action='login.php?act=login' method='post'>
<p>Username: <input type='text' name='user'></p>
<p>Password: <input type='password' name='pass'></p>
<p><input type='checkbox' name='stay_logged'> Do you want to be remembered?</p>
<script> document.write("<p><input type='submit' value='Login'></p>"); </script><p><noscript>ERROR: Please enable javascript to login.</noscript></p>
</form>
<?
}
if($_GET['act']=='login'){
$a = $_POST['user'];
$b = $_POST['pass'];
$c = $_POST['stay_logged'];
$d = 0;
if($a==''){
echo "<div class='error_msg'>ERROR: Please fill in your username.</div>";
$d = 1;
}
if(strlen($a)>15 || strlen($a)<5 && $d!=1){
echo "<div class='error_msg'>ERROR: Your username is always between 5-15 characters.</div>";
$d = 1;
}
if($b=='' && $d!=1){
echo "<div class='error_msg'>ERROR: Please fill in your password.</div>";
$d = 1;
}
if(strlen($b)>20 || strlen($b)<5 && $d!=1){
echo "<div class='error_msg'>ERROR: Your password is always between 5-15 characters.</div>";
$d = 1;
}
$query = "SELECT * FROM users WHERE Username = '$a'";
$result = mysql_query ($query) or die(mysql_error());
$row = mysql_num_rows($result);
if($row==0 && $d!=1){
echo "<div class='error_msg'>ERROR: There is no user with this username.</div>";
$d = 1;
}
$result2 = mysql_query("SELECT * FROM users WHERE Username='$a'") or die(mysql_error());
$row2 = mysql_fetch_array($result2);
if($row2['Password_MD5']!=md5($b) && $d!=1){
echo "<div class='error_msg'>ERROR: Wrong password,please try again.</div>";
$d = 1;
}
if($d==0){
echo "<noscript><div class='error_msg'>You'll see a message that your logged in but you aren't,please enable javascript!</div></noscript>";
if(isset($c)){
echo "<script>document.cookie = 'Username=".base64_encode($a)."; expires=Thu, 14 Feb 2666 20:00:00 UTC';</script><script>document.cookie = 'login=".$row2['Password_MD5']."; expires=Thu, 14 Feb 2666 20:00:00 UTC';</script><script>document.cookie = 'id=".$row2['id'].";expires=Thu, 14 Feb 2666 20:00:00 UTC';</script><b>Login Successful!</b>";
}else{
echo "<script>document.cookie = 'Username=".base64_encode($a).";';</script><script>document.cookie = 'login=".$row2['Password_MD5']."';</script><script>document.cookie = 'id=".$row2['id']."';</script><b>Login Successful!</b>";
}}}}
?>
HTML Code:
<script>
d = new Date();
document.cookie = "Username=1;expires=" + d.toGMTString() + ";" + ";";
document.cookie = "login=1;expires=" + d.toGMTString() + ";" + ";";
document.cookie = "id=1;expires=" + d.toGMTString() + ";" + ";";
alert("You are now logged out!");
window.location = "index.php";
</script>
<noscript><div class='error_msg'>ERROR: Please enable Javascript!</div></noscript>

Wildhoney 12-04-2007 09:59 PM
I like how you've added the registration submit button via Javascript. I'm guessing you've done it like so that spam-bots will have a much more difficult time finding the submit button. Although, I wonder, if they scan the entire pages, with the Javascript intact, which they do, would any regular expression be able to pull it out of there and use it? I think it's definitely possible that it would grab the submit button without even trying to. Perhaps you should use the Javascript to construct the button using concatenation, that way you would break the regular expression that's hot on the heels of patterns.

javascript Code:
<script type="text/javascript">document.write("<p><input" + " type='submit' v" + "alue='Register'></p>"); </script><p><noscript><div class='error_msg'>ERROR: Please enable javascript to register.</div></noscript></p>

Basically just adding in some " + " in random places.

Swordbeta 12-04-2007 10:01 PM
That's a good idea :) And it was to prevent bots :D

Salathe 12-04-2007 10:36 PM
By adding the submit button via JavaScript, as you have, you've broken rule number one of usability. If you want to prevent bots exploiting your script, great, but don't do it at the expense of normal users!

Wildhoney 12-04-2007 10:45 PM
One way I like, as I dislike captcha images these days, is to add a hidden text box to your form, but don't apply any hidden attributes to it, rather set the background colour and borders to the background colour of the form, and set the font size to 0. That way a spam-bot will fill in the text box with its usual junk, but a user won't be able to see it to enter anything, so if the text-box has content in it, prevent them from proceeding.


All times are GMT. The time now is 11:03 PM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0