Thread: Beautiful and secure register system

Page 1 of 3 123 LastLast
Results 1 to 10 of 25
  1. #1 Beautiful and secure register system 
    Registered Member
    Join Date
    Aug 2012
    Posts
    50
    Thanks given
    25
    Thanks received
    3
    Rep Power
    11
    Deleted.
    Reply With Quote  
     

  2. #2  
    Registered Member
    Join Date
    Aug 2008
    Posts
    2,420
    Thanks given
    721
    Thanks received
    594
    Rep Power
    1233
    I would not call this beautiful at all, actually.
    [Only registered and activated users can see links. ]
    Reply With Quote  
     

  3. Thankful user:


  4. #3  
    Old Webdeveloper
    Dondxon's Avatar
    Join Date
    Aug 2011
    Posts
    1,142
    Thanks given
    207
    Thanks received
    107
    Rep Power
    65
    Considering about it. the codes are pretty messy
    your not using a format. or whatever youve gotta call it. like tabs in front of a code.
    Do you need any PHP work done? Or are you looking for RSPS integrations? click [Only registered and activated users can see links. ].

    [Only registered and activated users can see links. ]

    Reply With Quote  
     

  5. #4  
    Da Bawz.

    Zerak's Avatar
    Join Date
    Jul 2011
    Age
    22
    Posts
    1,007
    Thanks given
    689
    Thanks received
    174
    Rep Power
    200
    Why do you use so many <?php & ?> ?
    Reply With Quote  
     

  6. #5  
    puts "Hi "+name+
    Ruby's Avatar
    Join Date
    Apr 2012
    Age
    25
    Posts
    346
    Thanks given
    42
    Thanks received
    135
    Rep Power
    66
    Your conventions are fucking hideous, well, non existent. Also, since you're learning I'd suggest using more OOP than procedural code since it's generally a tonne better. I'd then move on to say PDO instead of MySQLi, PDO offers multi driveral support and is generally a little more stable and if you're a beginner it's a tonne better since you don't need to worry about sqlinjection.

    Just some pointers.
    Professional website developer
    Almost a decade experience
    Bespoke website templates
    CMS & forum themes
    Future proof & secure scripts
    We should chat...
    Reply With Quote  
     

  7. #6  
    Registered Member
    Join Date
    Sep 2012
    Posts
    23
    Thanks given
    0
    Thanks received
    10
    Rep Power
    20
    what???????

    @Ruby: The point of object oriented programming is for reusability. Procedural is fine in most cases (this isn't one of them), and a lot of the time OOP code requires way more lines.
    Reply With Quote  
     

  8. #7  
    Old Webdeveloper
    Dondxon's Avatar
    Join Date
    Aug 2011
    Posts
    1,142
    Thanks given
    207
    Thanks received
    107
    Rep Power
    65
    Everyone replace it with:
    Code:
    <?php
    #######Coded by espadian/Yadinho from HF and Rune-Server######
    error_reporting(0);
    require 'inc/db.php';
    	$username = sanitize($_POST['username']);
    	$password = sanitize($_POST['password']);
    	$pagain = sanitize($_POST['pagain']);
    	$email = sanitize($_POST['email']);
    	$usernamenotempty=TRUE;
    	$usernamevalidate=TRUE;
    	$usernamenotduplicate=TRUE;
    	$emailnotempty=TRUE;
    	$emailnotduplicate=TRUE;
    	$passwordnotempty=TRUE;
    	$passwordmatch=TRUE;
    	$passwordvalidate=TRUE;
    		
    		
    		function HashPassword($input) {
    				$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); 
    				$hash = hash("sha256", $salt . $input); 
    				$final = $salt . $hash; 
    			return $final;
    		}
    		
    		function sanitize($data){
    				$data = htmlspecialchars($data);
    				$data = mysql_real_escape_string($data);
    				$data = addslashes($data);
    			return $data;
    		}
    		
    			$hashedpassword= HashPassword($password);
    			$checkusername = mysql_query("SELECT * FROM users WHERE username='$username'");
    			$query_username = mysql_num_rows($checkusername);
    			$checkemail = mysql_query("SELECT * FROM users WHERE email='$email'");
    			$query_email = mysql_num_rows($checkemail);
    			
    				if(isset($_POST['register'])){
    					if(empty($username)){
    						$usernamenotempty = FALSE;
    					} else { 
    						$usernamenotempty = TRUE;
    				}	
    				
    				if($query_username > 0){
    						$usernamenotduplicate = FALSE;
    					} else { 
    						$usernamenotduplicate = TRUE;
    				}
    				
    				if ((!(ctype_alnum($username))) || ((strlen($username)) >12)) {
    						$usernamevalidate=FALSE;
    					} else {
    						$usernamevalidate=TRUE;
    				}
    				
    				if(empty($email)){
    						$emailnotempty = FALSE;
    					} else { 
    						$emailnotempty = TRUE;
    				}
    				
    				if($query_email > 0){
    						$emailnotduplicate = FALSE;
    					} else { 
    						$emailnotduplicate = TRUE;
    						setcookie(email, $email);
    				}
    				
    				$_SESSION['email'] = $email;
    				if ($password != $pagain){
    						$passwordmatch = FALSE;
    					} else { 
    						$passwordmatch = TRUE;
    					}
    				}
    				
    				if(isset($_POST['register'])){
    					if(empty($password)){
    						$passwordnotempty = FALSE;
    					} else { 
    						$passwordnotempty = TRUE;
    					}
    				}
     
    				if ((!(ctype_alnum($password))) || ((strlen($password)) < 6)) {
    						$passwordvalidate=FALSE;
    					} else {
    						$passwordvalidate=TRUE;
    				}
     
    				if($password != $pagain){
    						$passwordmatch = FALSE;
    					} else { 
    						$passwordmatch = TRUE;
    				}
     
    				if(($usernamenotduplicate ==TRUE)
    					&& ($usernamenotempty==TRUE)
    					&& ($usernamevalidate==TRUE)
    					&& ($passwordmatch==TRUE)
    					&& ($passwordnotempty==TRUE)
    					&& ($passwordvalidate==TRUE)
    					&& ($emailnotduplicate==TRUE)
    					&& ($emailnotempty==TRUE)){
    						mysql_query("INSERT INTO `users` (`Username`, `Password`, `Email`) VALUES ('$username', '$hashedpassword', '$email')") or die(mysql_error());
    								echo '<div class="alert alert-success">
    									<b>Done!</b> You are now a member, you will be redirected to the mainpage shortly.
    								</div>';  
    								echo "<meta http-equiv=\"refresh\" content=\"3;index.php\">";
     
    				}
    ?>
    <h1><center><b>Register an account!</b></center></h1>
    <form method="POST">
    <input type="text" class="input-xlarge" name="username" maxlength="12" placeholder="Username"></br>
    <input type="password" class="input-xlarge" name="password" placeholder="Password(min 6 chars)"></br>
    <input type="password" class="input-xlarge" name="pagain" placeholder="Password Again"></br>
    <input type="text" class="input-xlarge" name="email" placeholder="E-mail Address"></br>
    <button class="btn btn-large btn-block btn-success" name="register" type="submit">REGISTER</button>
    <?php if ($usernamenotempty==FALSE) echo '<div class="alert alert-alert">
      <b>Error!</b> You have entered an empty username
    </div>';
    if ($usernamevalidate==FALSE) echo '<div class="alert alert-alert">
      <b>Error!</b> Your username should be alphanumeric and maximum of 12 characters
    </div>';
    if ($emailnotduplicate==FALSE) echo '<div class="alert alert-alert">
      <b>Error!</b> Email already exists by one of our users
    </div>';
    if ($emailnotempty==FALSE) echo '<div class="alert alert-alert">
      <b>Error!</b> You haven\'t filled in your E-mail addres
    </div>';
    if ($usernamenotduplicate==FALSE) echo '<div class="alert alert-alert">
      <b>Error!</b> Your username already exists, please choose a diferent one
    </div>';
    if ($passwordnotempty==FALSE) echo '<div class="alert alert-alert">
      <b>Error!</b> Your password is empty
    </div>';
    if ($passwordmatch==FALSE) echo '<div class="alert alert-alert">
      <b>Error!</b> Passwords did not match eachother
    </div>';
    if ($passwordvalidate==FALSE) echo '<font color="red"><div class="alert alert-alert">
      Your password should be atleast 6 characters long
    </div>';?>
    </form>
    Do you need any PHP work done? Or are you looking for RSPS integrations? click [Only registered and activated users can see links. ].

    [Only registered and activated users can see links. ]

    Reply With Quote  
     

  9. #8  
    puts "Hi "+name+
    Ruby's Avatar
    Join Date
    Apr 2012
    Age
    25
    Posts
    346
    Thanks given
    42
    Thanks received
    135
    Rep Power
    66
    Quote Originally Posted by Haifa View Post
    what???????

    @Ruby: The point of object oriented programming is for reusability. Procedural is fine in most cases (this isn't one of them), and a lot of the time OOP code requires way more lines.
    You clearly don't generally know the point in fully using OOP. For example:

    Code for someClass.php:
    Code:
    class Foo {
            public $someVar;
            public $someVar2;
            public $someVar3;
            public function __construct() {}
    
            $this->someVar = "Test Variable";
     
            $this->someVar2 = "Test Variable";
     
            $this->someVar3 = "Test Variable";
     
    }
    Example usage:
    Code:
    include("someClass.php"); 
    $foo = new Foo();
     
    echo $foo->someVar;
     
    echo $foo->someVar2;
    If you're adding on and on to this system which you should be then OOP would be a lot better since you'll be reusing that hideous load of variables you have. If you're learning you'd be better practiced to use OOP over procedural.

    It'd also clean up your terribly formatted programming.

    And finally it helps with security as well, for example:

    Code for security.php
    Code:
    class Security {
     
    public $email;
    public function __construct() {}
    $this->email = "[email protected]";
    Public function setEmail($val) {
     
    if($val  != NULL) $this->email = $val;
     
    } else {
          die("You must insert a email address!");
        } 
      } 
    }
    Example usage:
    Code:
    include("security.php);
     
    $security = new Security();
     
    $security->setEmail($_GET["email"]);
     
    echo $security->Email;
    Or something along those lines, I'm just throwing examples.
    Professional website developer
    Almost a decade experience
    Bespoke website templates
    CMS & forum themes
    Future proof & secure scripts
    We should chat...
    Reply With Quote  
     

  10. #9  
    Registered Member
    Join Date
    Aug 2008
    Posts
    2,420
    Thanks given
    721
    Thanks received
    594
    Rep Power
    1233
    Something like this would be better(only re-wrote a small part of it).

    [code=php]<?php
    /**
    * @author Joshua F <[email protected]>
    *
    * Based on @link http://www.rune-server.org/programming/website-development/tutorials/453417-beautyful-secure-register-system.html#post3710496
    */

    $SETTINGS = array(
    "database_host" => "localhost",
    "database_user" => "user",
    "database_pass" => "password",
    "database_name" => "database"
    );

    $mysqli = new mysqli( $SETTINGS['database_host'], $SETTINGS['database_user'], $SETTINGS['database_pass'], $SETTINGS['database_name'] );

    $errors = array();

    if ( $_SERVER['REQUEST_METHOD'] == "POST" ) {
    if ( empty( $_POST['username'] ) ) {
    $errors[] = "Username can not be left blank.";
    }

    if ( !count( $errors ) ) {
    $mysqli->query( "INSERT INTO `users` (`username`) VALUES ('{$_POST['username']}');" ); // TODO Sanatize
    }
    }

    ?>
    <h1>
    <center>
    <b>Register an account!</b>
    </center>
    </h1>
    <?php
    if ( count( $errors ) ) {
    echo "<ul>";
    foreach ( $errors as $error ) {
    echo "<li>{$error}</li>";
    }
    echo "</ul>";
    }
    ?>
    <form method="POST">
    <input type="text" class="input-xlarge" name="username" maxlength="12" placeholder="Username"></br>
    <button class="btn btn-large btn-block btn-success" name="register" type="submit">REGISTER</button>
    </form>[/code]
    [Only registered and activated users can see links. ]
    Reply With Quote  
     

  11. Thankful users:


  12. #10  
    Registered Member
    Join Date
    Aug 2012
    Posts
    50
    Thanks given
    25
    Thanks received
    3
    Rep Power
    11
    Guys, i don't care about OOP.

    I'm not going to learn OOP yet, while i haven't even yet learned the normal PHP for 50%.
    I find it hard to understand OOP, and i will do it later on.

    @ Zerak, for why i use many <?php ?>, i could also do it the way donxdon did it,but in eclipse it would be much more organized if i did it with <?php ?>.

    @ Joshua : I find this beautyfull in my own way, it fits my website template.
    Reply With Quote  
     

Page 1 of 3 123 LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Good looking and secure contact system
    By Yadinho in forum Tutorials
    Replies: 18
    Last Post: 11-16-2012, 11:37 AM
  2. vb.net Login system :D with register
    By scootersam in forum Tutorials
    Replies: 11
    Last Post: 10-11-2011, 11:08 PM
  3. Secure Jail System
    By iMac in forum Snippets
    Replies: 3
    Last Post: 09-03-2010, 02:56 AM
  4. [Login/Register] Need a WORKING Login and register script.
    By Tom Sawyer in forum Website Development
    Replies: 4
    Last Post: 09-10-2009, 08:17 AM
  5. Need help with my register system
    By Warmly in forum Help
    Replies: 2
    Last Post: 09-08-2009, 06:29 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •