registration

[runrunforest]

hi,

can you check if something wrong with my registration system.

connection.php:

Code PHP:

<?php
 
// 1. Create a database connection
$connect = mysql_connect("localhost","root","");
if (!$connect) {
	die("Database connection failed: " . mysql_error());
}
 
// 2. Select a database to use 
$db_select = mysql_select_db("onestar",$connect);
if (!$db_select) {
	die("Database selection failed: " . mysql_error());
}
 
?>

register.php:

Code PHP:

<?php
 
//textfield will apply function mysql_real_escapse_string to eleminate potential dangerous characters.
//for textfield password, MD5 will be used to encrypt password.
//select/menu/radio button wont apply any functions.
 
	$email = mysql_real_escape_string($_POST['email']);
	$password = MD5($_POST['password']);
	$username = mysql_real_escape_string($_POST['username']);
	$first_name= mysql_real_escape_string($_POST['first_name']);
	$sex=($_POST['sex']);
	$date=($_POST['date']);
	$month=($_POST['month']);
	$year=($_POST['year']);
	$land_line= mysql_real_escape_string($_POST['land_line']);
	$mobile= mysql_real_escape_string($_POST['mobile']);
	$address= mysql_real_escape_string($_POST['address']);
	$city= mysql_real_escape_string($_POST['city']);
	$region=($_POST['region']);
	$joindate=($_POST['joindate']);
 
//checking username and password if there are familiarities in database.
//function count will count if there is any id that had the username or password same as the ones being submited.
 
$username_check = mysql_query("SELECT COUNT(id) FROM user WHERE username = '" . $username . "' ") 
	or 	die(mysql_error());
$email_check = mysql_query("SELECT COUNT(id) FROM user WHERE email = '" . $email . "' ") 
	or 	die(mysql_error());
 
//function list will add numerical result from mysql_fetch_row function to $count.
//If result is greater than 0, meaning either username or password has been already registered. submitter should use another ones.
 
		list($count1) = mysql_fetch_row($username_check);
		list($count2) = mysql_fetch_row($email_check);
 
		if($count1== 0 && $count2==0) {
			mysql_query("INSERT INTO user
					(email,password,username,first_name,sex,date,month,year,land_line,mobile,address,city,region)
					VALUES
					('" . $email . "', '" . $password . "', '" . $username . "', '" . $first_name . "', '" . $sex . "', '" . $day . "', '" . $month . "', '" . $year . "', '" . $land_line . "', '" . $mobile . "', '" . $address . "', '" . $city . "', '" . $region . "')
					") 
					or die(mysql_error());
 
			header("location:thank_you.html");
 		} 
 
		if($count1 !=0){
			echo 'Username has been already taken';
		}
 
		if($count2 !=0){
			echo 'Username has been already taken';
		}
 
?>

I include those 2 files in the top of my document, which is registration.php.
when open registration.php. I've got this message

Code:

Warning: require(constants.php) [function.require]: failed to open stream: No such file or directory in C:\wamp\www\onestar\account\connection.php on line 3

Fatal error: require() [function.require]: Failed opening required 'constants.php' (include_path='.;C:\php5\pear') in C:\wamp\www\onestar\account\connection.php on line 3

[TeNDoLLA]

At least you should do intval() for all number input you put in to database for security. And as the error says it cannot find the file constants.php. So the path for this require file is wrong.

[runrunforest]

It works now.

just further question, what is intval() ? and how can i do that ?

[LatecomerX]

ttp://sg.php.net/intval (SitePoint thinks I'm a spammer, so I can't post full URLs yet)

It basically returns an integer based on the value you feed in, thereby ensuring that the result is always an integer regardless of the type of input given.

[runrunforest]

ttp://sg.php.net/intval (SitePoint thinks I'm a spammer, so I can't post full URLs yet)

It basically returns an integer based on the value you feed in, thereby ensuring that the result is always an integer regardless of the type of input given.

thanks.

base on what i have now, how can I generate an activation code and send it to user to activate, therefor, they can log in user panel. otherewise they can log in but going nowhere.

[LatecomerX]

For that, you need two extra columns in your user database table like "verified" and "verification_key" and an additional script called "verify.php". So when you're doing those INSERT INTO during user registration, set verified to 0 (you can consider using a default key instead) and a random value generated using md5() or sha1() to serve as the verification key. You'll then need to send the new user an e-mail which contains a link like "http://example.com/verify.php?key=[verification key]". On receiving the key, verify.php will check and see if it's a valid key. If so, update the corresponding "verified" column to 1.

So, on your user panel, if you need to disable your unverified users from tinkering around your website, you may do something like SELECT users WHERE ... AND user_id = 1234 AND verified = 1. So if there's no row found, you will tell him to back off and get verified now.

[TeNDoLLA]

For example do something like this:
1. add to your users mysql table two fields: activated(true/false) and activation_code
2. create script that creates activation code
3. send this activation code to user when he/she registers and add it to the database for this user
4. when this user tries to login check if user has been activated or not. And if not dont let him/her to login.

edit: LatecomerX was faster :-P

I think you can get also good examples and tutorials for registration by searching in google.

[runrunforest]

[QUOTE= (you can consider using a default key instead) [/QUOTE]

can you tell me how to use default key ?

[LatecomerX]

I meant a default value, sorry. And since columns containing numerical values are 0 by default, you don't really have to do anything but leave it out in the INSERT INTO query.

[runrunforest]

can you give an example of how to use verify.php and md5 to make verification code ?

[LatecomerX]

Regarding the verification keys, you can use the registrant's username concatenated with a salt and hash it with sha1 or md5, like:

$verification_key = sha1($username . 'runrunforest'); // in this case, "runrunforest" is used as a salt

in the above statement, $verification_key will contain a hash which is a 40-character hexadecimal string.

As for verify.php, when your users loads the script while passing the verification key via the URL (GET), you just need to perform a database lookup to see if a row containing the given verification key can be found. If so, update the same row by setting "verified" to 1 so that your user will be able to gain full access to your site.