Creating a register.php

Bonecrusher · #1 (**permalink**) 04-27-10, 10:17 AM

I am trying to create a register.php, but I stuck while doing that.
I will be glad if you check the codes.

These are my steps for the page.

1) Creating a register.php and making a form with html

PHP Code:


			
<?php



    $feedback = '';



$php_self = $_SERVER['PHP_SELF'];

print "<font color=\"red\">$feedback</font>"; ?>

<P CLASS="left"><B>REGISTER</B><BR>

Fill out this form and a confirmation email will be sent to you.

Once you click on the link in the email your account will be

confirmed and you can begin to contribute to the community.</P>

<FORM ACTION="<?php $php_self ?>" METHOD="POST">

<TABLE>

<TR>

<P CLASS="bold"><TD align="right">Username: </TD>

<TD><INPUT TYPE="TEXT" NAME="username" VALUE="" SIZE="25"

MAXLENGTH="25"></TD></P>

</TR>

<TR>

<P CLASS="bold"><TD align="right">First Name: </TD>

<TD><INPUT TYPE="TEXT" NAME="firstname" VALUE=""

SIZE="25" MAXLENGTH="25"></TD></P>

</TR>

<TR>

<P CLASS="bold"><TD align="right">Last Name: </TD>

<TD><INPUT TYPE="TEXT" NAME="lastname" VALUE="" SIZE="25" MAXLENGTH="25"></TD></P>

</TR>

<TR>

<P CLASS="bold"><TD align="right">Password: </TD>

<TD><INPUT TYPE="password" NAME="password1" VALUE="" SIZE="15" MAXLENGTH="25"></TD></P>

</TR>

<TR>

<P CLASS="left"><TD align="right">Password: <B>(repeat)</B> </TD>

<TD><INPUT TYPE="password" NAME="password2" VALUE="" SIZE="15" MAXLENGTH="25"></TD></P>

</TR>

<TR>

<P CLASS="left"><TD align="right">Email: </TD>

<TD><INPUT TYPE="TEXT" NAME="email" VALUE="" SIZE="25" MAXLENGTH="50"></TD></P>

</TR>

<TR>

<P>

<TD align="right"><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Submit"></TD>

<TD><INPUT TYPE="RESET" NAME="reset" VALUE="Reset"></TD>

</P>

</TR>

</TABLE>

</FORM>

The form layout seems ok.

2) A function will check if all the necessary fields in the form is correct or not.
Then it will prepare these informations for the database with a query. This function is in the function.php. If the user don't enter correct information to the fields, the function will return a feedback.

PHP Code:


			
<?php

function user_register() {



    // This function will only work with superglobal arrays,

    // because I'm not passing in any values or declaring globals



    global $supersecret_hash_padding;

    

    // Prepare required variables

    

    $displayname = trim($_POST['username']);

    $username = strtolower($displayname);

    $password1 = trim($_POST['password1']);

    $password2 = trim($_POST['password2']);

    $email = trim($_POST['email']);

    

    // Check if variable are present

    

    if (strlen($username) >= 3 && strlen($username) <= 25)

    {

        if (validate_name($username))

        {

            if (strlen($password1) >= 6 && strlen($password1) <=25)

            {

                if ($password1 == $password2)

                {

                    if (validate_email($email) && strlen($email) <= 50)

                    {

                        $query = "SELECT userid

                                FROM user

                                WHERE username = '$username'

                                AND email = '$email'";

                        $result = mysql_query($query);

                        if ($result && mysql_num_rows($result) > 0)

                        {

                        $feedback = 'ERROR: Username or email address is already exists.';

                        return $feedback;

                        }

                        else

                        {

                            

                            // Prepare other variables

                            

                            $firstname = $_POST['firstname'];

                            $lastname = $_POST['lastname'];

                            $password = md5($_POST['password1']);

                            $userip = $_SERVER['REMOTE_ADDR'];

                            

                            // Create a new hast to insert into the db

                            // and the confirmation email

                            

                            $hash = md5 ($email.$supersecret_hash_padding);

                            

                            $query = "INSERT INTO user (username, firstname, lastname, password, email, userip, confirm_hash, is_confirmed, date_created)

                                    VALUES ('$username', '$firstname', '$lastname', '$password', '$email', '$userip', '$hash', '0', NOW())";

                            $result = mysql_query($query);

                            if (!$result)

                            {

                                $feedback = 'ERROR: Database error, please contact site administrator.';

                            }

                            else

                            {

                                $encodedemail = urlencode($email);

                                $mailbody = 'Thank you for registering at our site. Please click this link for confirmation: http://localhost/confirm.php?hash='. $hash .'&email='. $encoded_email;

                                mail($email, 'Registration Confirmation', $mailbody, 'From: noreply@noreply.com');

                                

                                $register_message = 'You have successfully registered. You will receive a confirmation email.';

                                return $register_message;

                            }

                            

                        }

                    }

                    else

                    {

                        $feedback = 'ERROR: Enter your e-mail address in a proper form.';

                        return $feedback;

                    }

                }

                else

                {

                    $feedback = 'ERROR: You must write the same password to both password fields.';

                    return $feedback;

                }

            }

            else

            {

                $feedback = 'ERROR: Your password must be at least 6 and at most 25 characters.';

                return $feedback;

            }

        }

        else

        {

            $feedback = 'ERROR: Account name is invalid.';

            return $feedback;

        }

    

    }

    else

    {

        $feedback = 'ERROR: Username must be at least 3 and at most 25 characters.';

        return $feedback;

    }

}

?>

3) Directing the form to the function. I am using isset function to call the function when the user hit submit button. I am writing this code block before my form in the register.php.

PHP Code:


			
<?php

if (isset($_POST['submit']))

{

user_register();

}

?>

4) after user_register function called with the submit button and the function controls if every field filled correctly, it will send user's email a confirmation link.

PHP Code:


			
<?php



// Function for validating account name



function validate_name()

{



// parameter for use with strspan



$span_str == "abcdefghijklmnopqrstuvwxyz" . "ABCDEFGHIJKLMNOPQRSTUVWXYZ" . "0123456789-";



// must have at least one character



    if (strspn($displayname, $span_str) == 0)

    {

        return false;

    }



    // must contain all legal characters



    if (strspn($displayname, $span_str) != strlen($displayname));

    {

        return false;

    }



    // illegal names

    if

    (eregi("^((anoncvs_)|(root)|(bin)|(daemon)|(adm)|(lp)|(sync)|(shutdown)|

    (halt)|(mail)|(news)|(uucp)|(operator)|(games)|(mysql)|

    (httpd)|(nobody)|(dummy)|(www)|(cvs)|(shell)|(ftp)|(irc)|

    (debian)|(ns)|(download))$", $username)) 

    {

    return false;

    }

    

    $username = strtolower($displayname);

    return true;

}



// Function for validating email



function validate_email()

{

return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+' . '@' . '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email));

}



function user_confirm()

{



    global $supersecret_hash_padding;



    // Verify that they didn't tamper with the email address



    $new_hash = md5($_GET['email'].$supersecret_hash_padding);

    if ($new_hash && ($new_hash == $_GET['hash']))

    {

        $query = "SELECT username

                FROM user

                WHERE confirm_hash = '$new_hash'";

        $result = mysql_query($query);

        if (!$result || mysql_num_rows($result) < 1)

        {

            $feedback = 'ERROR: Hash not found.';

            return $feedback;

        }

        else

        {

            

            // Confirm the email and set account to active

            

            $email = $_GET['email'];

            $hash = $_GET['hash'];

            $query = "UPDATE user

                    SET email='$email', is_confirmed='1'

                    WHERE confirm_hash='$hash'";

            $result = mysql_query($query);

            return 1;

        }

    }

    else

    {

        $feedback = 'ERROR: Values do not match';

        return $feedback;

    }

}

?>

My problems with these codes are:

- Are these steps/methods (except the mistakes in the codes) good for creating a registering system?

- When I hit submit button, it doesn't return a feedback (error) message on the page.

- What are the mistakes in the code blocks?

Thanks.

Bonecrusher · #2 (**permalink**) 05-06-10, 01:37 PM

It also gives "Notice: Undefined variable:" errors.

Bonecrusher · #3 (**permalink**) 05-06-10, 04:41 PM

I've seen some of my errors today, and corrected them.

no variable inside the function parentheses,
ereg is deprecated,
some parse errors,
span str extra =,
i solved all these things.

one thing that i can't solve was returning the feedback back to the page,
i used echoing the feedback, instead of trying to return it to the page,
it's a cheap method, but worked.

I think the register.php page works very well.

But it leads to another question.
I prepared the system with a e-mail verification,
because of that, the page gives me this error:

Quote:

Warning: mail() [function.mail]: Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set() in C:\Program Files (x86)\wamp\www\site\includes\functions.php on line 78

Probably hosting servers have their own SMTP servers,
but i want to try this on my computer with wamp.
how can I adjust the SMTP?
does a free hotmail/gmail account use for this?