Deleted.
Printable View
Deleted.
I would not call this beautiful at all, actually.
Considering about it. the codes are pretty messy
your not using a format. or whatever youve gotta call it. like tabs in front of a code.
Why do you use so many <?php & ?> ?
Your conventions are fucking hideous, well, non existent. Also, since you're learning I'd suggest using more OOP than procedural code since it's generally a tonne better. I'd then move on to say PDO instead of MySQLi, PDO offers multi driveral support and is generally a little more stable and if you're a beginner it's a tonne better since you don't need to worry about sqlinjection.
Just some pointers.
what???????
@Ruby: The point of object oriented programming is for reusability. Procedural is fine in most cases (this isn't one of them), and a lot of the time OOP code requires way more lines.
Everyone replace it with:
Code:<?php
#######Coded by espadian/Yadinho from HF and Rune-Server######
error_reporting(0);
require 'inc/db.php';
$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);
$pagain = sanitize($_POST['pagain']);
$email = sanitize($_POST['email']);
$usernamenotempty=TRUE;
$usernamevalidate=TRUE;
$usernamenotduplicate=TRUE;
$emailnotempty=TRUE;
$emailnotduplicate=TRUE;
$passwordnotempty=TRUE;
$passwordmatch=TRUE;
$passwordvalidate=TRUE;
function HashPassword($input) {
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$hash = hash("sha256", $salt . $input);
$final = $salt . $hash;
return $final;
}
function sanitize($data){
$data = htmlspecialchars($data);
$data = mysql_real_escape_string($data);
$data = addslashes($data);
return $data;
}
$hashedpassword= HashPassword($password);
$checkusername = mysql_query("SELECT * FROM users WHERE username='$username'");
$query_username = mysql_num_rows($checkusername);
$checkemail = mysql_query("SELECT * FROM users WHERE email='$email'");
$query_email = mysql_num_rows($checkemail);
if(isset($_POST['register'])){
if(empty($username)){
$usernamenotempty = FALSE;
} else {
$usernamenotempty = TRUE;
}
if($query_username > 0){
$usernamenotduplicate = FALSE;
} else {
$usernamenotduplicate = TRUE;
}
if ((!(ctype_alnum($username))) || ((strlen($username)) >12)) {
$usernamevalidate=FALSE;
} else {
$usernamevalidate=TRUE;
}
if(empty($email)){
$emailnotempty = FALSE;
} else {
$emailnotempty = TRUE;
}
if($query_email > 0){
$emailnotduplicate = FALSE;
} else {
$emailnotduplicate = TRUE;
setcookie(email, $email);
}
$_SESSION['email'] = $email;
if ($password != $pagain){
$passwordmatch = FALSE;
} else {
$passwordmatch = TRUE;
}
}
if(isset($_POST['register'])){
if(empty($password)){
$passwordnotempty = FALSE;
} else {
$passwordnotempty = TRUE;
}
}
if ((!(ctype_alnum($password))) || ((strlen($password)) < 6)) {
$passwordvalidate=FALSE;
} else {
$passwordvalidate=TRUE;
}
if($password != $pagain){
$passwordmatch = FALSE;
} else {
$passwordmatch = TRUE;
}
if(($usernamenotduplicate ==TRUE)
&& ($usernamenotempty==TRUE)
&& ($usernamevalidate==TRUE)
&& ($passwordmatch==TRUE)
&& ($passwordnotempty==TRUE)
&& ($passwordvalidate==TRUE)
&& ($emailnotduplicate==TRUE)
&& ($emailnotempty==TRUE)){
mysql_query("INSERT INTO `users` (`Username`, `Password`, `Email`) VALUES ('$username', '$hashedpassword', '$email')") or die(mysql_error());
echo '<div class="alert alert-success">
<b>Done!</b> You are now a member, you will be redirected to the mainpage shortly.
</div>';
echo "<meta http-equiv=\"refresh\" content=\"3;index.php\">";
}
?>
<h1><center><b>Register an account!</b></center></h1>
<form method="POST">
<input type="text" class="input-xlarge" name="username" maxlength="12" placeholder="Username"></br>
<input type="password" class="input-xlarge" name="password" placeholder="Password(min 6 chars)"></br>
<input type="password" class="input-xlarge" name="pagain" placeholder="Password Again"></br>
<input type="text" class="input-xlarge" name="email" placeholder="E-mail Address"></br>
<button class="btn btn-large btn-block btn-success" name="register" type="submit">REGISTER</button>
<?php if ($usernamenotempty==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> You have entered an empty username
</div>';
if ($usernamevalidate==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> Your username should be alphanumeric and maximum of 12 characters
</div>';
if ($emailnotduplicate==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> Email already exists by one of our users
</div>';
if ($emailnotempty==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> You haven\'t filled in your E-mail addres
</div>';
if ($usernamenotduplicate==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> Your username already exists, please choose a diferent one
</div>';
if ($passwordnotempty==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> Your password is empty
</div>';
if ($passwordmatch==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> Passwords did not match eachother
</div>';
if ($passwordvalidate==FALSE) echo '<font color="red"><div class="alert alert-alert">
Your password should be atleast 6 characters long
</div>';?>
</form>
You clearly don't generally know the point in fully using OOP. For example:
Code for someClass.php:
Example usage:Code:class Foo {
public $someVar;
public $someVar2;
public $someVar3;
public function __construct() {}
$this->someVar = "Test Variable";
$this->someVar2 = "Test Variable";
$this->someVar3 = "Test Variable";
}
If you're adding on and on to this system which you should be then OOP would be a lot better since you'll be reusing that hideous load of variables you have. If you're learning you'd be better practiced to use OOP over procedural.Code:include("someClass.php");
$foo = new Foo();
echo $foo->someVar;
echo $foo->someVar2;
It'd also clean up your terribly formatted programming.
And finally it helps with security as well, for example:
Code for security.php
Example usage:Code:class Security {
public $email;
public function __construct() {}
$this->email = "[email protected]";
Public function setEmail($val) {
if($val != NULL) $this->email = $val;
} else {
die("You must insert a email address!");
}
}
}
Or something along those lines, I'm just throwing examples.Code:include("security.php);
$security = new Security();
$security->setEmail($_GET["email"]);
echo $security->Email;
Something like this would be better(only re-wrote a small part of it).
[code=php]<?php
/**
* @author Joshua F <[email protected]>
*
* Based on @link http://www.rune-server.org/programming/website-development/tutorials/453417-beautyful-secure-register-system.html#post3710496
*/
$SETTINGS = array(
"database_host" => "localhost",
"database_user" => "user",
"database_pass" => "password",
"database_name" => "database"
);
$mysqli = new mysqli( $SETTINGS['database_host'], $SETTINGS['database_user'], $SETTINGS['database_pass'], $SETTINGS['database_name'] );
$errors = array();
if ( $_SERVER['REQUEST_METHOD'] == "POST" ) {
if ( empty( $_POST['username'] ) ) {
$errors[] = "Username can not be left blank.";
}
if ( !count( $errors ) ) {
$mysqli->query( "INSERT INTO `users` (`username`) VALUES ('{$_POST['username']}');" ); // TODO Sanatize
}
}
?>
<h1>
<center>
<b>Register an account!</b>
</center>
</h1>
<?php
if ( count( $errors ) ) {
echo "<ul>";
foreach ( $errors as $error ) {
echo "<li>{$error}</li>";
}
echo "</ul>";
}
?>
<form method="POST">
<input type="text" class="input-xlarge" name="username" maxlength="12" placeholder="Username"></br>
<button class="btn btn-large btn-block btn-success" name="register" type="submit">REGISTER</button>
</form>[/code]
Guys, i don't care about OOP.
I'm not going to learn OOP yet, while i haven't even yet learned the normal PHP for 50%.
I find it hard to understand OOP, and i will do it later on.
@ Zerak, for why i use many <?php ?>, i could also do it the way donxdon did it,but in eclipse it would be much more organized if i did it with <?php ?>.
@ Joshua : I find this beautyfull in my own way, it fits my website template.