- This topic is empty.
-
AuthorPosts
-
March 26, 2009 at 12:19 pm #24427mdgrechMember
This is my first time creating a user login system from scratch, I was hoping you guys could look over my register.php script and tell me if its secure. I’m using <?php echo $PHP_SELF; ?> as the form action, the script below is my register.php which I have included on the form page at the very top using include("register.php"), and for the form method I used post. Thanks guys :D
<?php
if (strlen($_POST) > 1)
{
$email = mysql_real_escape_string($_POST);
$password = md5(mysql_real_escape_string($_POST));
$reenterpassword = md5(mysql_real_escape_string($_POST));# database connect
$connection = mysql_connect("localhost","root","password");
mysql_select_db("Sporometer", $connection);
$matchemail = mysql_query("SELECT * FROM Members WHERE Email=’".$email."’");# Setup email checks
function checkemail($email){
return eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $email);}# Setup email check
$passwordlength = strlen($_POST);# Start validating user input
if (!$connection)
{
$message = "<p class=’stop’>Could not connect to database.</p>";
}
elseif (!(checkemail($email)))
{
$message = "<p class=’stop’>Invalid email</p>";
}
elseif (mysql_num_rows($matchemail) == 1)
{
$message = "<p class=’stop’>Email already registered.</p>";
}
elseif ($passwordlength < 5)
{
$message = "<p class=’stop’>Password to short.</p>";
}
elseif (!($password==$reenterpassword))
{
$message = "<p class=’stop’>Passwords must match.</p>";
}
else
{
mysql_query("INSERT INTO Members (Email, Password)
VALUES (‘$email’, ‘$password’)");mysql_close($connection);
$message = "<p class=’go’>Successfully registered.</p>";
echo ‘<meta http-equiv="REFRESH" content="0;url=providers.php">’;
}
}?>
-
AuthorPosts
- The forum ‘Back End’ is closed to new topics and replies.