Skip to main content


The forums ran from 2008-2020 and are now closed and viewable here as an archive.

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
  • #24427

    This is my first time creating a user login system from scratch, I was hoping you guys could look over my register.php script and tell me if its secure. I’m using <?php echo $PHP_SELF; ?> as the form action, the script below is my register.php which I have included on the form page at the very top using include("register.php"), and for the form method I used post. Thanks guys :D

    if (strlen($_POST) > 1)
    $email = mysql_real_escape_string($_POST);
    $password = md5(mysql_real_escape_string($_POST));
    $reenterpassword = md5(mysql_real_escape_string($_POST));

    # database connect
    $connection = mysql_connect("localhost","root","password");
    mysql_select_db("Sporometer", $connection);
    $matchemail = mysql_query("SELECT * FROM Members WHERE Email=’".$email."’");

    # Setup email checks
    function checkemail($email){
    return eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $email);}

    # Setup email check
    $passwordlength = strlen($_POST);

    # Start validating user input

    if (!$connection)
    $message = "<p class=’stop’>Could not connect to database.</p>";
    elseif (!(checkemail($email)))
    $message = "<p class=’stop’>Invalid email</p>";
    elseif (mysql_num_rows($matchemail) == 1)
    $message = "<p class=’stop’>Email already registered.</p>";
    elseif ($passwordlength < 5)
    $message = "<p class=’stop’>Password to short.</p>";
    elseif (!($password==$reenterpassword))
    $message = "<p class=’stop’>Passwords must match.</p>";
    mysql_query("INSERT INTO Members (Email, Password)
    VALUES (‘$email’, ‘$password’)");

    $message = "<p class=’go’>Successfully registered.</p>";
    echo ‘<meta http-equiv="REFRESH" content="0;url=providers.php">’;


Viewing 1 post (of 1 total)
  • The forum ‘Back End’ is closed to new topics and replies.