Register Pagina
Ik ben pas begonnen met php en ben benieuwd of er nog iemand tips of verbeter punten heeft op mijn register pagina. Hij is nog niet helemaal klaar.
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<?php
//Enable error reporting and start session
ini_set('display_errors', 1);
error_reporting(E_ALL);
session_start();
//Convert get variable
$action = $_GET['act'];
//Open action switch
switch($action)
{
//Add user switch
case'add':
add();
break;
//Edit user switch
case'edit':
echo'edit user';
break;
//Delete user switch
case'del':
echo'delete user';
break;
//Lock/Unlock user switch
case'loc':
echo'lock/unlock user';
break;
//Default switch
default:
include('main.php');
break;
//Close action switch
}
//Function add user
function add()
{
//Check if the form has been sent
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
//Check username
if(!trim($_POST['username']))
{
$error = 'You have to enter a Username.';
}
//Check password
if(!trim($_POST['password']))
{
$error = 'You have to enter a Password.';
}
//Check password confirm
if(!trim($_POST['passwordc']))
{
$error = 'You have to enter your Password twice.';
}
//Check e-mail
if (((preg_match('/^\w[-.\w]*@(\w[-._\w]*\.[a-zA-Z]{2,}.*)$/', $_POST['email'])) ? '0' : '1') == '1')
{
$error = 'You have to enter a valid E-mail address.';
}
//Check e-mail confirm
if (((preg_match('/^\w[-.\w]*@(\w[-._\w]*\.[a-zA-Z]{2,}.*)$/', $_POST['emailc'])) ? '0' : '1') == '1')
{
$error = 'You have to enter a valid E-mail address twice.';
}
//Check if the username is in use
if (!get_magic_quotes_gpc())
{
$_POST['username'] = addslashes($_POST['username']);
}
$usernamecheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usernamecheck'")or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0)
{
$error = 'Sorry, the username '.$_POST['username'].' is already in use.';
}
//Check if the email is in use
if (!get_magic_quotes_gpc())
{
$_POST['email'] = addslashes($_POST['email']);
}
$emailcheck = $_POST['email'];
$check = mysql_query("SELECT email FROM users WHERE email = '$emailcheck'")or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the email exists it gives an error
if ($check2 != 0)
{
$error = 'Sorry, the e-mail address '.$_POST['email'].' is already in use.';
}
//Check if the ip is in use
$ipcheck = $_SERVER['REMOTE_ADDR'];
$check = mysql_query("SELECT ip FROM users WHERE ip = '$ipcheck'")or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the ip exists it gives an error
if ($check2 != 0)
{
$error = 'Sorry, the ip '.$_SERVER['REMOTE_ADDR'].' is already in use.';
}
// this makes sure both passwords entered match
if ($_POST['password'] != $_POST['passwordc'])
{
$error = 'Your passwords did not match. ';
}
// this makes sure both email addresses entered match
if ($_POST['email'] != $_POST['emailc'])
{
$error = 'Your e-mail addresses did not match. ';
}
// here we encrypt the password and add slashes if needed
$_POST['pass'] = sha1($_POST['password']);
if (!get_magic_quotes_gpc())
{
$_POST['password'] = addslashes($_POST['password']);
$_POST['username'] = addslashes($_POST['username']);
}
// now we insert it into the database
$insert = "INSERT INTO users (username, password, email, ip) VALUES ('".$_POST['username']."', '".$_POST['password']."', '".$_POST['email']."', '".$_SERVER['REMOTE_ADDR']."')";
$add_member = mysql_query($insert);
//Errors
if (empty($error))
{
echo'GELUKT!';
}
else
{
echo '<script language="javascript">alert("'.$error.'");</script>';
}
}
else
{
?>
//Enable error reporting and start session
ini_set('display_errors', 1);
error_reporting(E_ALL);
session_start();
//Convert get variable
$action = $_GET['act'];
//Open action switch
switch($action)
{
//Add user switch
case'add':
add();
break;
//Edit user switch
case'edit':
echo'edit user';
break;
//Delete user switch
case'del':
echo'delete user';
break;
//Lock/Unlock user switch
case'loc':
echo'lock/unlock user';
break;
//Default switch
default:
include('main.php');
break;
//Close action switch
}
//Function add user
function add()
{
//Check if the form has been sent
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
//Check username
if(!trim($_POST['username']))
{
$error = 'You have to enter a Username.';
}
//Check password
if(!trim($_POST['password']))
{
$error = 'You have to enter a Password.';
}
//Check password confirm
if(!trim($_POST['passwordc']))
{
$error = 'You have to enter your Password twice.';
}
//Check e-mail
if (((preg_match('/^\w[-.\w]*@(\w[-._\w]*\.[a-zA-Z]{2,}.*)$/', $_POST['email'])) ? '0' : '1') == '1')
{
$error = 'You have to enter a valid E-mail address.';
}
//Check e-mail confirm
if (((preg_match('/^\w[-.\w]*@(\w[-._\w]*\.[a-zA-Z]{2,}.*)$/', $_POST['emailc'])) ? '0' : '1') == '1')
{
$error = 'You have to enter a valid E-mail address twice.';
}
//Check if the username is in use
if (!get_magic_quotes_gpc())
{
$_POST['username'] = addslashes($_POST['username']);
}
$usernamecheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usernamecheck'")or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0)
{
$error = 'Sorry, the username '.$_POST['username'].' is already in use.';
}
//Check if the email is in use
if (!get_magic_quotes_gpc())
{
$_POST['email'] = addslashes($_POST['email']);
}
$emailcheck = $_POST['email'];
$check = mysql_query("SELECT email FROM users WHERE email = '$emailcheck'")or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the email exists it gives an error
if ($check2 != 0)
{
$error = 'Sorry, the e-mail address '.$_POST['email'].' is already in use.';
}
//Check if the ip is in use
$ipcheck = $_SERVER['REMOTE_ADDR'];
$check = mysql_query("SELECT ip FROM users WHERE ip = '$ipcheck'")or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the ip exists it gives an error
if ($check2 != 0)
{
$error = 'Sorry, the ip '.$_SERVER['REMOTE_ADDR'].' is already in use.';
}
// this makes sure both passwords entered match
if ($_POST['password'] != $_POST['passwordc'])
{
$error = 'Your passwords did not match. ';
}
// this makes sure both email addresses entered match
if ($_POST['email'] != $_POST['emailc'])
{
$error = 'Your e-mail addresses did not match. ';
}
// here we encrypt the password and add slashes if needed
$_POST['pass'] = sha1($_POST['password']);
if (!get_magic_quotes_gpc())
{
$_POST['password'] = addslashes($_POST['password']);
$_POST['username'] = addslashes($_POST['username']);
}
// now we insert it into the database
$insert = "INSERT INTO users (username, password, email, ip) VALUES ('".$_POST['username']."', '".$_POST['password']."', '".$_POST['email']."', '".$_SERVER['REMOTE_ADDR']."')";
$add_member = mysql_query($insert);
//Errors
if (empty($error))
{
echo'GELUKT!';
}
else
{
echo '<script language="javascript">alert("'.$error.'");</script>';
}
}
else
{
?>
Gewijzigd op 28/06/2010 21:30:49 door Robin Peters
Ik denk dat je beter dit kan doen:
En gebruik gewoon mysql_real_escape_string ....
Maar het is volgens mij niet de bedoeling om je code te "showen" en te vragen of er tips zijn (of heb ik dit fout?).
Gewijzigd op 28/06/2010 21:50:14 door Arjan -
Code (php)
1
2
3
4
2
3
4
if ($check2 != 0)
{
$error = 'Sorry, the ip '.$_SERVER['REMOTE_ADDR'].' is already in use.';
}
{
$error = 'Sorry, the ip '.$_SERVER['REMOTE_ADDR'].' is already in use.';
}
Waar slaat dit op? Wat als mijn zusje zich ook wil registeren als ik lid ben.
Of wil je gewoon minder leden trekken?
Oh ja, en je script is zo lek als een zeef, omdat SQL injection mogelijk is. Een waar feest voor de hacker.
Gewijzigd op 28/06/2010 22:15:36 door - Ariën -