Signup page is the page that users submit their username and passwords , so that they would be registered users and they can login again in the future.
For the appearance of the signup page we need a form with input fields and buttons to input the data:
Make a page with "signup.php" name and enter these simple codes in it , it contains a verification field that you can find out about it in : http://webprogram4beginners.blogspot.com/2011/02/how-to-make-verification-text-field.html
code:
<?php
session_start();
include ("funcs.php");
if($_SESSION["repeated_usr"] == 1){
// to show that the entered username has been selected before by an other user so it's not available to choose.
echo "please choose an other username , this is repeative";
}
if($_SESSION["Security_code_error"] == 1){
// to show that the security code has not been entered correctly
echo "please enter the secuity code correctly";
}
create_code(); // see it in the post about verification field
?>
<br>
PLease enter username and passwords contain only numbers, Capital and Small letters and space
<BR>
<BR>
<FORM ACTION="mysql_1.php" METHOD=POST>
user NAME:
<INPUT TYPE="TEXT" NAME="usr" SIZE="30" >
<BR>
<BR>
password:
<INPUT TYPE="PASSWORD" NAME="pasw" SIZE="30" >
<BR>
<BR>
<INPUT TYPE="TEXT" NAME="SecCode" SIZE="30" >
<BR>
<img src="security_image.php">
<BR>
<BR>
<INPUT TYPE="SUBMIT" NAME="BUTTON2" VALUE="sign up">
</FORM>
When a user click on the submit button he is directed in to "mysql_1.php" page that analyzes the entered username , password and security code.
The Following codes are contents of this page ("mysql_1.php").
code:
<?php
session_start();
$_SESSION["Security_code_error"]=0; // a session element to check the security code (verification text) that should be entered correctly by user
$_SESSION["repeated_usr"] = 0; // a session element to check if the entered username has already been selected by an other user , or not?
include ("funcs.php"); // functions look like connect (to connect to the database) and creatcode (for verification text) can be put in a file and then we included that file wherever it is required.
if(!$_POST["usr"] or !$_POST["pasw"]){
// if the username or password field is empty the browser is redirected to "signup.php" page.
header("Location: signup.php");
exit;
}
$UserSecCode = strtolower($_POST["SecCode"]); // change all of the letters in to lower case
$SysSecCopde = strtolower($_SESSION["SecImageStr"]);
if($UserSecCode != $SysSecCopde){
// if security code is not entered correctly , the browser is redirected to "signup.php" page.
$_SESSION["Security_code_error"] = 1; // this variable is sent to signup page to show the appropriate message.
header("Location: signup.php");
exit;
}
// these are some processes that you can do over the enteries to prevent from database injection (hacking)
$entered_usr=$_POST["usr"];
$entered_pass=$_POST["pasw"];
$entered_usr=trim($entered_usr); // omit the space characters from the begin and end of the word
$entered_pass=trim($entered_pass);
$entered_usr = htmlspecialchars($entered_usr); // change any entery in to non-html characters (hackers may enter html characters in to your system)
$entered_pass = htmlspecialchars($entered_pass);
if(ereg("[^a-zA-z0-9\ ]",$entered_usr)){
// this condition checks the configuration of the entered username. The username should contain only capital and small letters and numbers.
$_SESSION["repeated_usr"] = 1; // we redirect the user to signup page , but I haven't used any new session element to show this issue.
header("Location: signup.php");
exit;
}
// an other series of processes over data to prevent database injection (hacking) , I'm too much cautious , you can omit them.
$entered_usr = str_replace("'", "", $entered_usr);
$entered_pass = str_replace("'", "", $entered_pass);
$entered_usr = str_replace("\\", "", $entered_usr);
$entered_pass = str_replace("\\", "", $entered_pass);
// first we check if the entered username is repeative , or not?
$Sql = "SELECT COUNT(*) FROM users WHERE username='$entered_usr' ";
connect();
$Result = mysql_query($Sql) or die(mysql_error() . "<br>SQL: " . $Sql);
if(mysql_result($Result, 0) > 0 ){
$_SESSION["repeated_usr"] = 1;
header("Location: signup.php");
exit;
}else{
// if the entered username has no problem now we can enter username , password and date in to our database
$Today = date("Ymd");
$salt = "qw";
$entered_pass = crypt($entered_pass,$salt); // we crypt the password not to be recovered easily.
$sql = "INSERT INTO users (username,password,joindate) VALUES ('$entered_usr','$entered_pass','$Today')";
mysql_query($sql);
$_SESSION["auth_usr"]=$entered_usr; // this session shows that the user has been registered and he is now loged in.
$dd = $_SESSION["d"]; // this session element contains the page (address) that the user has been redirected from it.
header("Location: $dd");
exit;
}
?>
If you couldn't understand about the codes here go to the following posts to read more about the orders I have used here:
http://webprogram4beginners.blogspot.com/2011/02/redirect-user-to-login-page-sessions.html
http://webprogram4beginners.blogspot.com/2011/02/php-orders-to-work-with-database-and.html
Just one more case about crypt function:
The crypted text result = crypt ( the text that we want to encrypt , $salt );
This function encrypt words by use of the variable $salt. if you use a two characters salt then the two first characters of the encrypted result always would be your salt.
for example :
code:
$pass = "v1" ;
$salt = "qw";
$result = crypt($pass,$salt);
Then "$result" would be :
$result = "qwbw9k/vI9OlY"
As you can see , you can extract $salt from the encrypted data over your database just by selecting the first two characters of $result.
No comments:
Post a Comment