Hi,
I am trying to complete a membership registration script however the email part allows for any email address to be entered such as "emailmehere" instead of "emailme@here.com"
Can anyone advise how can ensure only a correct format email address is entered
Code:$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); if (!$email) { $error = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com'; }
Code:<?php $_SESSION['userLoggedIn'] = 0; $_SESSION['userEmail'] = ''; $_SESSION['userID'] = ''; // Reset errors and success messages $errors = array(); $success = array(); // Login attempt if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true') { $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL); $loginPassword = trim($_POST['password']); if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12) { $errors['loginPassword'] = 'Your password must be between 6-12 characters.'; } if(count($errors) === 0) { $query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . mysql_real_escape_string($loginPassword) . '") LIMIT 1'; $result = mysql_query($query); if (!$result) { die('Invalid query: ' . mysql_error()); } if(mysql_num_rows($result) === 1) { $row = mysql_fetch_assoc($result); $_SESSION['userLoggedIn'] = 1; $_SESSION['userEmail'] = $loginEmail; $_SESSION['userID'] = $row['id']; header('Location: index.php'); exit; } else { $errors['login'] = 'No user was found with the details provided.'; } } } /* The rest of your login page code */ // Reset errors and success messages $errors = array(); $success = array(); // Login attempt if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){ $loginEmail = trim($_POST['email']); $loginPassword = trim($_POST['password']); $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); if (!$email) { $error = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com'; } if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12) $errors['loginPassword'] = 'Your password must be between 6-12 characters.'; if(!$errors){ $query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . $loginPassword . '") LIMIT 1'; $result = mysql_query($query); if(mysql_num_rows($result) == 1){ $user = mysql_fetch_assoc($result); $query = 'UPDATE users SET session_id = "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1'; mysql_query($query); header('Location: index.php'); exit; }else{ $errors['login'] = 'No user was found with the details provided.'; } } } // Register attempt if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){ $firstname = mysql_real_escape_string(trim($_POST['firstname'])); $surname = mysql_real_escape_string(trim($_POST['surname'])); $registerEmail = trim($_POST['email']); $registerPassword = trim($_POST['password']); $registerConfirmPassword = trim($_POST['confirmPassword']); if(!isset($firstname) || empty($firstname)) { $errors['firstname'] = "Please enter your First Name."; } if(!isset($surname) || empty($surname)) { $errors['surname'] = "Please enter your Surname."; } if ($loginEmail === false) { $errors['loginEmail'] = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com'; } if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12) $errors['registerPassword'] = 'Your password must be between 6-12 characters.'; if($password != $confirmPassword && !$error) { $error = "The passwords you entered did not match."; } $Email = filter_var($_POST['registerEmail'], FILTER_VALIDATE_EMAIL); if (!registerEmail) { $errors['registerEmail'] = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com'; } if($registerPassword != $registerConfirmPassword) $errors['registerConfirmPassword'] = 'Your passwords did not match.'; // Check to see if we have a user registered with this email address already if(!$errors){ $query = "INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), NOW())"; $result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error if($result){ $success['register'] = 'Thank you for registering. You can now log in on the left.'; }else{ $errors['register'] = 'There was a problem registering you. Please check your details and try again.'; } } } $query = mysql_query("SELECT id FROM users WHERE email = '".$email."' LIMIT 1"); if(mysql_num_rows($query) > 0 && !$error) { $error = "Sorry, that email is already in use!"; } if(!$error) { $query = mysql_query("INSERT INTO users (email) VALUES ('".$password."', '".$password."', '".mysql_real_escape_string(md5($password))."', '".$email."')"); if($query) { $message = "Hello ".$_POST['email'].",\r\n\r\nThanks for registering with .com! We hope you enjoy your stay.\r\n\r\n Many Thanks,\r\n.com"; $headers = "From: ".$website['name']." <".$website['email'].">\r\n"; mail($_POST['email'], "Welcome", $message, $headers); setcookie("user", mysql_insert_id(), $time); setcookie("pass", mysql_real_escape_string(md5($password)), $time); header("Location: users.php"); } else { $error = "There was a problem with the registration. Please try again."; } } ?>
Reply With Quote
Bookmarks