hello fellow sitepointers,
Right i am current re-programing one of my sites as it has being hacked and there was lots of stuff entered into the database that should not be there.
Anyway here is my code for the registration section of the site, is this secure code ???
Kind RegardsPHP Code:// Empty all the required variables
$username = '';
$account_type = '';
$password = '';
$password2 = '';
$email = '';
$email2 = '';
if(isset($_POST['username']) && $_POST['username']!="")
$username = $_POST['username'];
if(isset($_POST['password']) && $_POST['password']!="")
$password = $_POST['password'];
if(isset($_POST['password2']) && $_POST['password2']!="")
$password2 = $_POST['password2'];
if(isset($_POST['email']) && $_POST['email']!="")
$email = $_POST['email'];
if(isset($_POST['email2']) && $_POST['email2']!="")
$email2 = $_POST['email2'];
if(isset($_POST['account_type']) && $_POST['account_type']!="")
$account_type = $_POST['account_type'];
$username = mysql_real_escape_string( $username );
$password = mysql_real_escape_string( $password );
$password2 = mysql_real_escape_string( $password2 );
$account_type = mysql_real_escape_string( $account_type );
// Check the email address against the database to see if they have registered befor.
$email_check = mysql_query("SELECT * FROM users WHERE `email`='$email'");
if(($num = mysql_num_rows($email_check)) >1){
errorHandling('Registration Error : More than one of the same email already exsists, Please go back and enter a new one');
}elseif($num == 1){
errorHandling('Registration Error : This email address already exsists, Please go back and enter a new one');
}else{
// Do Nothing, There email address is not in the Database.
}
// Check the username against the database to see if they have registered befor.
$username_check = mysql_query("SELECT * FROM users WHERE `username`='$username'");
if(($num = mysql_num_rows($username_check)) >1){
errorHandling('Registration Error : More than one of the same username already exsists, Please go back and enter a new one');
}elseif($num == 1){
errorHandling('Registration Error : This username already exsists, Please go back and enter a new one');
}else{
// Do Nothing, There username is not in the Database.
}
// Check the two email addresses to see if they match.
$email_double_check = if(($email == $email2) && ($email2 == $email)) {
// No errors, the email addresses match.
}else{
errorHandling('Registration Error : The two email addresses did not match, Please go back and correct them.');
}
// Check the two passwords to see if they match.
$password_double_check = if(($password == $password2) && ($password2 == $password)) {
// No errors, the passwords match.
}else{
errorHandling('Registration Error : The two passwords did not match, Please go back and correct them.');
}
// Validate email addresses and check there in the correct format.
$validate = validate_email($email);
if($validate == NULL){
errorHandling('Registration Error : The email address you entered does not validate.');
}else{
// Do Nothing, There email address validated.
}
$validate = validate_email($email2);
if($validate == NULL){
errorHandling('Registration Error : The second email you entered does not validate.');
}else{
// Do Nothing, There second email address validated.
}
// Time to make a random code for account activation.
$unique_code = makeUniqueCode();
$unique_code_db = md5($unique_code);
Chris
Originally Posted by bainsy
Bookmarks