FRIHOSTFORUMSSEARCHFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

Registeration System (Nice Error Logging) Please feedback

   Frihost Forum Index -> Scripting -> Php and MySQL
 


imagefree
Here is a registeration script. Use it and tell me how do u like it.

Please also review the code and tell me about the secrity backholes.

I totally wrote it myself and its my first attempt to log the errors that usually occure while runtime.
Tell me AM I SUCCESSFUL?

Code:
<?php
session_start();
include("database.php");
$registeration_errors=array();
$running_errors=array();
$input_errors=array();
$registeration_success=0;
$username=trim($_POST['user']);
$password=$_POST['pass'];

if(isset($_POST['subjoin']))
{
   if( $_POST['pass'] && trim($_POST['user']))
   {
      /* Check for Length of the Input.*/
      
      //echo "registered";
      //$username=trim($_POST['user']);
      //$password=$_POST['pass'];
      if(strlen($username) >= 5 && strlen($username) < 17 && strlen($password) > 7  && strlen($password) <31)
      {
         /* Username and Password Validation*/
         $secure_username = addslashes($username);
         $secure_password=md5($password);
         $usercheck_query = "SELECT username FROM users WHERE username = '$secure_username'";
         //$registeration_errors[]="Error occured while checking database for availability of " . $username;
         If($usercheck_result = mysql_query($usercheck_query))
         {
            if(mysql_num_rows($usercheck_result) > 0)
            {
               $registeration_errors[]="The username " . $username." is already in use. Please choose another one.";
            }
            else
            {
               $registeration_query="INSERT INTO users ( id , username , password ) VALUES ( NULL , '$secure_username' , '$secure_password' )";
               If($registeration_result = mysql_query($registeration_query))
                  $registeration_success=1;
               else
                  $registeration_errors[]="Nothing is wrong with the input, but an error occured when registering the info. Please try later.";
               
            }
      
         }
         else   $registeration_errors[]="Error occured while checking database for availability of " . $username;
            

      }
      else
      {
         /*Error Message that username or password is not of appropriate length*/
         if(strlen($username) < 5) $input_errors[]="username " . $username ." is shorter than 5 keywtrokes. Please increase its size.";
         if(strlen($username) >= 17 ) $input_errors[]="username ". $username ." is too long to remember. Please shorter its length.";
         if(strlen($password) <=7 ) $input_errors[]="Password is too short and very insecure. Please upsize it.";
         if(strlen($password) >= 31 ) $input_errors[]="Password is too long to remember. Please cut short it.";
      }
   }
   else if(!trim($_POST['user']))
   {
      $input_errors[]="You have not entered username. Please fill in the form completely.";
   }
   else if(!$_POST['pass'])
   {
      $input_errors[]="You have not entered password. Please fill in the form completely.";
   }
   else if(!trim($_POST['user']) && !$_POST['pass'])
   {
      $input_errors[]="Your username and password both are missing. Please fill in the form completely.";
   }
}
?>

<html>
<title><?php echo 'WebsiteName - ',$website_title; ?></title>
<body>
<h1>Registeration <?php if($registeration_success) { echo 'Successful'; } ?></h1>
<?php
if(!$registeration_success)
{
   if(count($running_errors))
   {
      echo "<h2> Some Errors occured on the running of Registeration Program. </h2>\n<ul>";
      for($counter=0;$counter<count($running_errors); $counter++)
      {
         echo '<li>'.$running_errors[$counter].'</li>';
      }
      echo "</ul>";
   }
   if(!count($running_errors) && (count($registeration_errors) || count($input_errors)))
   {
      echo "<h2> Some Registeration and Input Errors occured. </h2>\n<ul>";
      for($counter=0;$counter<count($registeration_errors); $counter++)
      {
         echo '<li>'.$registeration_errors[$counter].'</li>';
      }
      for($counter=0;$counter<count($input_errors); $counter++)
      {
         echo '<li>'.$input_errors[$counter].'</li>';
      }
      echo '</ul>';
   }

?>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" value="<?php echo $username; ?>" maxlength="16"></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>

<?php
}
else
{
?>
<p> Click <a href="login.php" > here </a> to login. </p>
<h2> Thank you for Registeration</h2>
<?php
}
?>
</body>
</html>





Please Ignore sessions.

Database.php just contains database info. Nothing special is required to understand this script.
Feedback Please
alalex
It looks good Wink

Now some things you could improve to offer a PRO service would be, add a config.php file, make it work for multiple fields other than username/password, for login using a CAPTCHA code for example...
The only thing that I'm not sure about is how do you log the errors? You probably mean that errors are displayed or something, but not logged, as it looks like...

Anyway, it is a cool registration script Wink you could send it to php script sharing sites, like hotscripts or something like that, although there are literally thousands of registration scripts out there Sad already
imagefree
alalex wrote:
It looks good Wink

Now some things you could improve to offer a PRO service would be, add a config.php file, make it work for multiple fields other than username/password, for login using a CAPTCHA code for example...
The only thing that I'm not sure about is how do you log the errors? You probably mean that errors are displayed or something, but not logged, as it looks like...

Anyway, it is a cool registration script Wink you could send it to php script sharing sites, like hotscripts or something like that, although there are literally thousands of registration scripts out there Sad already



Oh yes! By logging i meant that the errors are recorded in a beautiful way and then are displayed to user. Thanks for suggestions. I will definitly try to implement a logging system too.
alalex
If you wish to implement some sort of logging system, let me suggest the one I did Wink if you like it of course...
You can visit the php class here: http://urbanoalvarez.es/blog/2008/03/21/php-logging-class/

As you'll see it is very very easy to implement, and to use too! All it requires is a mysql database and you're up and running!

If you wish to use it and you run into any problems contact me!
Related topics

Frontpage error please help
Detected SPYware! System error #384
Why isn't this working
poll system please
(official) IE 7 Topic
[Resolved] Does she still have feelings for her ex?
Funny errors of IE
Relatively Secure Session Management System for PHP
The Unofficial Jokes Thread
The Dark Markets :D (closed)
What kind of opreating system do you use?
A problem.. please help
Custom Error Pages
HTTP 500 - Internal server error in my frihost forum
Ubuntu 9.04's New Themes
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.