Hallo,
Ik ben een beginner in php en heb de onderstaande registratie pagina gemaakt, Nu wou ik even aan de wat ervaren gebruikers vragen of zij nog tips hebben voor mij en eventuele verbeteringen willen/kunnen laten zien, Beveiliging etc.
Alvast bedankt!
<?php
//Set error reporting
error_reporting(E_ALL);
//Include database connection
include('includes/settings.php');
//Include authorisation
include('includes/auth.php');
//See if server request post
if($_SERVER['REQUEST_METHOD'] == 'POST'){
//Check if the required fields are all entered
if(empty($_POST['username']) || empty($_POST['password']) empty($_POST['password_confirm']) empty($_POST['email']) empty($_POST['email_confirm'])){
$out['body'].='Please make sure that all required fields marked with a astrix symbol are filled.<br><input type="submit" value="<< Back" onClick="javascript:history.back()">';
}
//See if the passwords match
if($_POST['password'] != $_POST['password_confirm']){
$out['body'].='The entered passwords do not match.<br><input type="submit" value="<< Back" onClick="javascript:history.back()">';
}
//See if the e-mail addresses match
if($_POST['email'] != $_POST['email_confirm']){
$out['body'].='The entered e-mail addresses do not match.<br><input type="submit" value="<< Back" onClick="javascript:history.back()">';
}
//Check if username has min 4 chars
if(strlen($_POST['username']) <= '3'){
$out['body'].='The entered username is to short.<br><input type="submit" value="<< Back" onClick="javascript:history.back()">';
}
//Check if password has min 4 chars
if(strlen($_POST['password']) <= '3'){
$out['body'].='The entered password is to short.<br><input type="submit" value="<< Back" onClick="javascript:history.back()">';
}
//Check in database if the username is already in use
$query = 'SELECT username FROM members WHERE username = '.mysql_real_escape_string($_POST['username']).'';
$res = mysql_query($query);
if(mysql_num_rows($res) == 1){
$out['body'].='The username is already in use.<br><input type="submit" value="<< Back" onClick="javascript:history.back()">';
}
//Check in database if the e-mail address is already in use
$query = 'SELECT email FROM members WHERE email = '.mysql_real_escape_string($_POST['email']).'';
$res = mysql_query($query);
if(mysql_num_rows($res) == 1){
$out['body'].='The e-mail address is already in use.<br><input type="submit" value="<< Back" onClick="javascript:history.back()">';
}
//Check in database if the ip address is already in use
$query = 'SELECT ip FROM members WHERE ip = '.$_SERVER['REMOTE_ADDR'].'';
$res = mysql_query($query);
if(mysql_num_rows($res) == 1){
$out['body'].='The ip address is already in use.<br><input type="submit" value="<< Back" onClick="javascript:history.back()">';
}
//Generate a activation key
function ActKey($length){
for ($i = 1; $i <= $length; $i++){
if ($i == 1)
$randnum = rand(0, 9);
else
$randnum .= rand(0, 9);
}
return $randnum;
}
//Output the activation key
$activationkey = ActKey(15);
//Insert member into database
$query = "INSERT INTO members
(
username,
password,
email,
ip,
activationkey
)
VALUES
(
'".mysql_real_escape_string($_POST['username'])."',
'".mysql_real_escape_string(md5($_POST['password']))."',
'".mysql_real_escape_string($_POST['email'])."',
'".$_SERVER['REMOTE_ADDR']."',
'$activationkey'
)";
if(!$res = mysql_query($query)){
trigger_error(mysql_error().'<br />On Query: '.$sql);
}
else{
//Prepair e-mail to sent to user with his information
$to = $_POST['email'];
$from = $leagues_email;
$headers = "From: $from";
$subject = "Account Registration";
$message = "Hello ".$_POST['username'].",\n\n";
$message .= "Your account has succesfully been created!\n\n";
$message .= "<b>Account Information:</b>\n";
$message .= "Username: ".$_POST['username'].".\n";
$message .= "Password: ".$_POST['password'].".\n";
$message .= "Ip: ".$_SERVER['REMOTE_ADDR'].".\n";
$message .= "Activation Key: $activationkey.\n\n";
$message .= "The last step is activation your account, This can be done by clicking the URL below.\n";
$message .= "<a href='$leagues_domain/?mode=activate&username=".$_POST['username']."&activationkey=$activationkey'>Activate Now!</a>\n";
$message .= "\n";
$message .= "Best Regards,\n";
$message .= "$leagues_name\n";
$message .= "$leagues_domain";
//Sent away the e-mail with activation information
if(mail($to,$subject,$message,$headers)){
$out['body'].='Welcome '.$_POST['username'].',<br>Your account has succesfully created!<br><br>In order to play battles on $leagues_name you need to activate your account, This can be done by clicking the URL thats inside the e-mail we sended to you.<br><br>Best Regards,<br>$leagues_name <br>$leagues_domain';
}
else{
$out['body'].='We were unable to sent you a e-mail with activation details, Please contact a staff member.<br><br>Best Regards,<br>$leagues_name <br>$leagues_domain';
}
}
}
else{
?>
<!-- Register Form -->
<form action="<? $_SERVER['PHP_SELF']; ?>" method="post" name="register">
<table width="50%" border="0" cellspacing="2" cellpadding="0">
<tr>
<td colspan="2" align="left">All field marked with an astrix* are required.</td>
</tr>
<tr>
<td align="left">E-Mail Address:*</td>
<td align="center"><input type="text" name="email"></td>
</tr>
<tr>
<td align="left">Confirm E-Mail Address:*</td>
<td align="center"><input type="text" name="email_confirm"></td>
</tr>
<tr>
<td align="left">Password:*</td>
<td align="center"><input type="password" name="password"></td>
</tr>
<tr>
<td align="left">Confirm Password:*</td>
<td align="center"><input type="password" name="password_confirm"></td>
</tr>
<tr>
<td align="left">Username:*</td>
<td align="center"><input type="text" name="username"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="button" value="Register Account" name="submit"><input type="reset" name="reset" value="Reset Information"></td>
</tr>
</table>
</form>
<?php
}
?>
911 views
