[Bonecrusher]

I am trying to create a register.php, but I stuck while doing that.
I will be glad if you check the codes.

These are my steps for the page.

1) Creating a register.php and making a form with html

<?php

	$feedback = '';

$php_self = $_SERVER['PHP_SELF'];
print "<font color=\"red\">$feedback</font>"; ?>
<P CLASS="left"><B>REGISTER</B><BR>
Fill out this form and a confirmation email will be sent to you.
Once you click on the link in the email your account will be
confirmed and you can begin to contribute to the community.</P>
<FORM ACTION="<?php $php_self ?>" METHOD="POST">
<TABLE>
<TR>
<P CLASS="bold"><TD align="right">Username: </TD>
<TD><INPUT TYPE="TEXT" NAME="username" VALUE="" SIZE="25"
MAXLENGTH="25"></TD></P>
</TR>
<TR>
<P CLASS="bold"><TD align="right">First Name: </TD>
<TD><INPUT TYPE="TEXT" NAME="firstname" VALUE=""
SIZE="25" MAXLENGTH="25"></TD></P>
</TR>
<TR>
<P CLASS="bold"><TD align="right">Last Name: </TD>
<TD><INPUT TYPE="TEXT" NAME="lastname" VALUE="" SIZE="25" MAXLENGTH="25"></TD></P>
</TR>
<TR>
<P CLASS="bold"><TD align="right">Password: </TD>
<TD><INPUT TYPE="password" NAME="password1" VALUE="" SIZE="15" MAXLENGTH="25"></TD></P>
</TR>
<TR>
<P CLASS="left"><TD align="right">Password: <B>(repeat)</B> </TD>
<TD><INPUT TYPE="password" NAME="password2" VALUE="" SIZE="15" MAXLENGTH="25"></TD></P>
</TR>
<TR>
<P CLASS="left"><TD align="right">Email: </TD>
<TD><INPUT TYPE="TEXT" NAME="email" VALUE="" SIZE="25" MAXLENGTH="50"></TD></P>
</TR>
<TR>
<P>
<TD align="right"><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Submit"></TD>
<TD><INPUT TYPE="RESET" NAME="reset" VALUE="Reset"></TD>
</P>
</TR>
</TABLE>
</FORM>

The form layout seems ok.

2) A function will check if all the necessary fields in the form is correct or not.
Then it will prepare these informations for the database with a query. This function is in the function.php. If the user don't enter correct information to the fields, the function will return a feedback.

<?php
function user_register() {

	// This function will only work with superglobal arrays,
	// because I'm not passing in any values or declaring globals

	global $supersecret_hash_padding;
	
	// Prepare required variables
	
	$displayname = trim($_POST['username']);
	$username = strtolower($displayname);
	$password1 = trim($_POST['password1']);
	$password2 = trim($_POST['password2']);
	$email = trim($_POST['email']);
	
	// Check if variable are present
	
	if (strlen($username) >= 3 && strlen($username) <= 25)
	{
		if (validate_name($username))
		{
			if (strlen($password1) >= 6 && strlen($password1) <=25)
			{
				if ($password1 == $password2)
				{
					if (validate_email($email) && strlen($email) <= 50)
					{
						$query = "SELECT userid
								FROM user
								WHERE username = '$username'
								AND email = '$email'";
						$result = mysql_query($query);
						if ($result && mysql_num_rows($result) > 0)
						{
						$feedback = 'ERROR: Username or email address is already exists.';
						return $feedback;
						}
						else
						{
							
							// Prepare other variables
							
							$firstname = $_POST['firstname'];
							$lastname = $_POST['lastname'];
							$password = md5($_POST['password1']);
							$userip = $_SERVER['REMOTE_ADDR'];
							
							// Create a new hast to insert into the db
							// and the confirmation email
							
							$hash = md5 ($email.$supersecret_hash_padding);
							
							$query = "INSERT INTO user (username, firstname, lastname, password, email, userip, confirm_hash, is_confirmed, date_created)
									VALUES ('$username', '$firstname', '$lastname', '$password', '$email', '$userip', '$hash', '0', NOW())";
							$result = mysql_query($query);
							if (!$result)
							{
								$feedback = 'ERROR: Database error, please contact site administrator.';
							}
							else
							{
								$encodedemail = urlencode($email);
								$mailbody = 'Thank you for registering at our site. Please click this link for confirmation: http://localhost/confirm.php?hash='. $hash .'&email='. $encoded_email;
								mail($email, 'Registration Confirmation', $mailbody, 'From: noreply@noreply.com');
								
								$register_message = 'You have successfully registered. You will receive a confirmation email.';
								return $register_message;
							}
							
						}
					}
					else
					{
						$feedback = 'ERROR: Enter your e-mail address in a proper form.';
						return $feedback;
					}
				}
				else
				{
					$feedback = 'ERROR: You must write the same password to both password fields.';
					return $feedback;
				}
			}
			else
			{
				$feedback = 'ERROR: Your password must be at least 6 and at most 25 characters.';
				return $feedback;
			}
		}
		else
		{
			$feedback = 'ERROR: Account name is invalid.';
			return $feedback;
		}
	
	}
	else
	{
		$feedback = 'ERROR: Username must be at least 3 and at most 25 characters.';
		return $feedback;
	}
}
?>

3) Directing the form to the function. I am using isset function to call the function when the user hit submit button. I am writing this code block before my form in the register.php.

<?php
if (isset($_POST['submit']))
{
user_register();
}
?>

4) after user_register function called with the submit button and the function controls if every field filled correctly, it will send user's email a confirmation link.

<?php

// Function for validating account name

function validate_name()
{

// parameter for use with strspan

$span_str == "abcdefghijklmnopqrstuvwxyz" . "ABCDEFGHIJKLMNOPQRSTUVWXYZ" . "0123456789-";

// must have at least one character

	if (strspn($displayname, $span_str) == 0)
	{
		return false;
	}

	// must contain all legal characters

	if (strspn($displayname, $span_str) != strlen($displayname));
	{
		return false;
	}

	// illegal names
	if
	(eregi("^((anoncvs_)|(root)|(bin)|(daemon)|(adm)|(lp)|(sync)|(shutdown)|
	(halt)|(mail)|(news)|(uucp)|(operator)|(games)|(mysql)|
	(httpd)|(nobody)|(dummy)|(www)|(cvs)|(shell)|(ftp)|(irc)|
	(debian)|(ns)|(download))$", $username)) 
	{
	return false;
	}
	
	$username = strtolower($displayname);
	return true;
}

// Function for validating email

function validate_email()
{
return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+' . '@' . '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email));
}

function user_confirm()
{

	global $supersecret_hash_padding;

	// Verify that they didn't tamper with the email address

	$new_hash = md5($_GET['email'].$supersecret_hash_padding);
	if ($new_hash && ($new_hash == $_GET['hash']))
	{
		$query = "SELECT username
				FROM user
				WHERE confirm_hash = '$new_hash'";
		$result = mysql_query($query);
		if (!$result || mysql_num_rows($result) < 1)
		{
			$feedback = 'ERROR: Hash not found.';
			return $feedback;
		}
		else
		{
			
			// Confirm the email and set account to active
			
			$email = $_GET['email'];
			$hash = $_GET['hash'];
			$query = "UPDATE user
					SET email='$email', is_confirmed='1'
					WHERE confirm_hash='$hash'";
			$result = mysql_query($query);
			return 1;
		}
	}
	else
	{
		$feedback = 'ERROR: Values do not match';
		return $feedback;
	}
}
?>

---

My problems with these codes are:

- Are these steps/methods (except the mistakes in the codes) good for creating a registering system?

- When I hit submit button, it doesn't return a feedback (error) message on the page.

- What are the mistakes in the code blocks?

Thanks.

[jrm402]

First, you're on the right track with using the trim() function to sanitize input. Read a little on SQL Injection attacks: http://www.codeproje...ionAttacks.aspx If you need more search google for 'preventing sql injections'.

Next, if $feedback = ''; is below your functions that set $feedback to something else, $feedback will be empty no matter what you set it to because you will just set it to '' again afterwards. I recommend putting $feedback = ''; at the very top of the file, before the functions.

I didn't really look at your validate functions yet but hopefully that will get you started on your register page so at least you will be able to see what part is failing.

Let us know how it goes.

[Arenlor]

I'm not sure exactly where your problem is, but if I recall correctly submit buttons don't get passed along so if (isset($_POST['submit'])) will always be false. I may be wrong, but see if changing that to another of your inputs helps.

[sam_benne]

@Arenlor You are wrong about

if (isset($_POST['submit']))

not working. I know this to be a fact since this is what I have used in the past and has always worked for me.

My first tip is to use lower case in your tags upper case is bad.

The first error that I can see for why it might not be working is in the HTML section. For your action you have put a PHP variable inside it but you have not done anything with it. What you need to do is echo the variable in there. What I would do is put the PHP_SELF into it not putting it into a variable as that is just wasting resources.

But if I was you I would actually send the posted data to another page and not the one you are on and redirect back to that page if it is wrong.

If you are still having problems just post again and I can help if there are any errors just put them here.

[jrm402]

I don't see any problems with using the same page. If you use a different page and the data is wrong then you redirect back, you would have to load a second page and pass all the form data back if you wanted to repopulate the form fields.

[Bonecrusher]

when i hit the submit button, nothing happens.
i couldn't solve that problem.

if i write anything to username field then submit,
it gives me this error (or warning)

Notice: Undefined variable: span_str in C:\Program Files (x86)\wamp\www\site\includes\functions.php on line 124

Notice: Undefined variable: displayname in C:\Program Files (x86)\wamp\www\site\includes\functions.php on line 128

Notice: Undefined variable: span_str in C:\Program Files (x86)\wamp\www\site\includes\functions.php on line 128

[JackOfAllTrades]

$span_str == "abcdefghijklmnopqrstuvwxyz" . "ABCDEFGHIJKLMNOPQRSTUVWXYZ" . "0123456789-";

Should be = not ==

$displayname is obviously not visible inside the function. Your validate_name function should be taking an argument, based on how you're calling it:

if (validate_name($username))

but it's not:

function validate_name()

that variable will contain the $displayname

[Bonecrusher]

great, thanks, I've seen some of my errors today, and corrected them.

no variable inside the function parentheses,
ereg is deprecated,
some parse errors,
span str extra =,
i solved all these things.

one thing that i can't solve was returning the feedback back to the page,
i used echoing the feedback, instead of trying to return it to the page,
it's a cheap method, but worked.

I think the register.php page works very well.

But it leads to another question.
I prepared the system with a e-mail verification,
because of that, the page gives me this error:

Quote

Warning: mail() [function.mail]: Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set() in C:\Program Files (x86)\wamp\www\site\includes\functions.php on line 78

Probably hosting servers have their own SMTP servers,
but i want to try this on my computer with wamp.
how can I adjust the SMTP?
does a free hotmail/gmail account use for this?

[jrm402]

Read up on setting up your php.ini file for sending mail:
http://articles.tech...11-5272345.html