SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Thread: signup script

  1. #1
    One website at a time mmj's Avatar
    Join Date
    Feb 2001
    Location
    Melbourne Australia
    Posts
    6,282
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Hi there I've written a signup script where users can log on, signup, edit their profile and change their password.

    http://www.mostlyamphigory.com/articlemanager/signup/

    It's just a shell sofar, you can picture this being placed into a table on a main page. You can signup to test it out and if you see security gaps let me know.

    The thing is, the code is really ugly.

    All four sections are programmed quite differently and if I ever wanted to add more fields to the user profile, I'd have to manually edit the 'signup' form, the 'edit profile' form, and the scripts that processed those forms.

    For instance, if I wanted to add a "homepage" field where each user could enter their hompage address when they sign up or edit their profile, I'd have to reprogram four bits of code.

    Any hint or tips on an easier way?

  2. #2
    SitePoint Addict
    Join Date
    Nov 2000
    Location
    London, UK
    Posts
    223
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is just speculative, but..
    You might want to make an include file that had a couple of arrays in it. One could be the names of forms fields, and the other their corresponding names in your db. Then, you could just have your PHP scripts go through the form fields array, and take the info from the forms and add it to the mysql fields with the same index as the corresponding form. you'd get something like this:
    fields.inc --
    Code:
    $formfields = array("username", "password", "email", "fullname"); 
    $sqlfields = array("uname", "upass", "uemail", "ufullname");
    $sqltable = "usertable";
    Then you could just make you php script use a for loop (so that it has the index value) to go through the $formfields array, and build an sql statement with the values of the $sqlfields array.
    If you wanted to, you could even think up a special symbol like _REQ_ or something to append to required fields in the $formfields array, and then in your for loop search for that symbol. If you find, check to make sure something's in that form field, and if there isn't give an error.

    Ther's all sorts of things you can do with this method, and although I'm sure there's a better way, this has worked for me.

    (( I edited my php .. vB was displaying html line breaks between my lines. very annoying. ))
    Last edited by FatPiper; Mar 23, 2001 at 03:13.

    ... what's the world coming to?

  3. #3
    SitePoint Columnist Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    FatPiper - that's a really interesting idea. Have you ever seen this done in a full application or is it just a concept?

    I've been having exactly the same problems as mmj with a lot of code that I've written and I'm shortly starting work on my biggest project to date. Something like this could really help out...

    Thanks for the tip

  4. #4
    One website at a time mmj's Avatar
    Join Date
    Feb 2001
    Location
    Melbourne Australia
    Posts
    6,282
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Yes I was also thinking of doing something like this.

    It'd be a lot of work to implement it, but I could have an array that contains this info as well as the type of control required to use it (ie. a third array).

    For example, to add a checkbox that says "Sign me up to the whatever newsletter" you'd add

    $formfields = array{..., "Sign me up to the newsletter"};
    $fieldtypes = array{..., "checkbox"}
    $sqlfields = array{..., "OptIn"};

    and then when creating this form it would have to parse all this info and place the right control into the html. It'd also have to be reasonably intelligent about fitting it into a table as it couldn't just sprawl out across the page...

    It could be done,...

  5. #5
    SitePoint Addict
    Join Date
    Nov 2000
    Location
    London, UK
    Posts
    223
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, I haven't used this before in exactly this way, but I've done something similar:

    I made a mysql table that had the same column names as all of my form fields (say a text box called name, and a mysql field called name as well.) For example:
    Code:
               .:Users:.
    uname -- pass -- fname -- email
    and my form would be something like:
    Code:
    <form action="blah.php" method="POST">
    Username:<input type="text" name="uname><br />
    Password:<input type="password" name="pass"> <br />
    Full Name:<input type="text" name="fname"><br />
    Email:<input type="text" name="email"><br />
    <input type="hidden" name="required" value="uname,pass,email">
    <input type="submit" name="submit">
    Then I just made a foreach loop to go through the $HTTP_POST_VARS array, and get each thing, then stick it into the mysql field with the name of that value's key. It would also check to make sure that the required fields had values.

    If you want to, although I didn't do this, you could even write a function that checks the name to see if it contains pass or email. If it's got pass, it could check for something that had the same name with "2" (or anything else) at the end, and make sure they're the same. If it had email, you could get it to use some RegExp to make sure its a valid address (do a search on email validation in this forum. You'll find tons..)

    What I just described is an alternative way of doing it, which doesn't require any hard-coding of values at all. However, its a lot of work to program...
    Last edited by FatPiper; Mar 23, 2001 at 10:47.

    ... what's the world coming to?

  6. #6
    One website at a time mmj's Avatar
    Join Date
    Feb 2001
    Location
    Melbourne Australia
    Posts
    6,282
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    ok I see..

    good idea.

    I'd still have to update both the forms, but it would automate some of the other processes.

    I might do a combination of both. I might have an array or table or something containing:
    name - description - type - defvalue

    Where name would be the name of the form object and of the table column, description would be the question or prompt shown on the form, type would be "text" "textarea" "checkbox" "password" or something like that.

    I encrypt my passwords when in the database, so even though they are sent as http vars in plain text, I have no access to users' passwords. I reckon if somebody might use the same password for more than one service, and the admin could view their password, that admin could use the password to break into other services on the internet that that user uses.

  7. #7
    SitePoint Addict
    Join Date
    Nov 2000
    Location
    London, UK
    Posts
    223
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, this is true ... One of my friends had that happen to him a couple of days ago. Nothing got deleted or anything, but still, its a nasty prank.

    Your idea for doing it seems sound. The only reason I suggested that second method is because it requires no files whatsoever ..
    It gets all the info it needs from the column names in the database, and the form fields that are passed in. This way, you NEVER need to change the script .. just an html file.

    Still though, if you want your script to output the form as well as do the db stuff, then your idea is probably sound.

    Good luck implementing all that!

    ... what's the world coming to?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •