Grow your CSS skills. Land your dream job.

Is my registraition process secure?

  • # March 26, 2009 at 12:19 pm

    This is my first time creating a user login system from scratch, I was hoping you guys could look over my register.php script and tell me if its secure. I’m using <?php echo $PHP_SELF; ?> as the form action, the script below is my register.php which I have included on the form page at the very top using include("register.php"), and for the form method I used post. Thanks guys :D

    <?php
    if (strlen($_POST) > 1)
    {
    $email = mysql_real_escape_string($_POST);
    $password = md5(mysql_real_escape_string($_POST));
    $reenterpassword = md5(mysql_real_escape_string($_POST));

    # database connect
    $connection = mysql_connect("localhost","root","password");
    mysql_select_db("Sporometer", $connection);
    $matchemail = mysql_query("SELECT * FROM Members WHERE Email=’".$email."’");

    # Setup email checks
    function checkemail($email){
    return eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $email);}

    # Setup email check
    $passwordlength = strlen($_POST);

    # Start validating user input

    if (!$connection)
    {
    $message = "<p class=’stop’>Could not connect to database.</p>";
    }
    elseif (!(checkemail($email)))
    {
    $message = "<p class=’stop’>Invalid email</p>";
    }
    elseif (mysql_num_rows($matchemail) == 1)
    {
    $message = "<p class=’stop’>Email already registered.</p>";
    }
    elseif ($passwordlength < 5)
    {
    $message = "<p class=’stop’>Password to short.</p>";
    }
    elseif (!($password==$reenterpassword))
    {
    $message = "<p class=’stop’>Passwords must match.</p>";
    }
    else
    {
    mysql_query("INSERT INTO Members (Email, Password)
    VALUES (‘$email’, ‘$password’)");

    mysql_close($connection);
    $message = "<p class=’go’>Successfully registered.</p>";
    echo ‘<meta http-equiv="REFRESH" content="0;url=providers.php">';
    }
    }

    ?>

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".