Jump to content

Need help with login/user registration system please.


laniyar

Recommended Posts

I'm trying to make a simple but secure login/user registration for this site I'm building. I'm new to php, so I followed some tutorials from www.newthinktank.com.

 

http://www.newthinktank.com/2011/01/php-security-pt-2/

http://www.newthinktank.com/2011/01/php-security-pt-4-set-up-captcha//

http://www.newthinktank.com/2011/01/web-design-and-programming-pt-21-secure-login-script/

 

But I'm having a couple of problems. On the registration.php file, whenever I type in wrong information, the validation error messages don't display and also whenever I click the submit button, the form doesn't do anything. It doesn't insert information into my database. It just shows the empty form. On my login.php file, again the validation errors don't display and I can't tell if I'm logged in or not. The form redirects to my index page, but the user box that shows the different menus depending on whether or not someone is logged in stays in guest mode. I don't get any php error messages on either file. Here's my code:

 

register.php file:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled</title>
<link href="_css/page_layout.css" rel="stylesheet" type="text/css" />
<link href="_css/page_text.css" rel="stylesheet" type="text/css" />
<link href="_css/sidebarLeft.css" rel="stylesheet" type="text/css" />
</head>

<body>
<div id="wrapper">
<?php include('_includes/template/header.php'); ?>
<?php include('_includes/template/nav.php'); ?>
<?php include('_includes/template/sidebar_left.php'); ?>
    <div id="mainContent">
    	<div class="content">
<?php
require_once('_includes/connectvars.php');

if (isset($_POST['submitted'])) {
	if (preg_match ('%^[A-Za-z\.\' \-]{2,20}$%', stripslashes(trim($_POST['first_name'])))) {
		$firstname = escape_data($_POST['first_name']);
		} else {
			$firstname = FALSE;
			echo '<p><font color="red" size="+1″>Please enter a valid first name!</font></p>';
			}
	if (preg_match ('%^[A-Za-z\.\' \-]{2,40}$%', stripslashes(trim($_POST['last_name'])))) {
		$lastname = escape_data($_POST['last_name']);
		} else {
			$lastname = FALSE;
			echo '<p><font color="red" size="+1″>Please enter a valid last name!</font></p>';
			}
	if (preg_match ('%^(0?[1-9]|[12][0-9]|3[01])[-/. ](0?[1-9]|1[0-2])[-/.](19|20)\d{2}$%', stripslashes(trim($_POST['birth_date'])))) {
		$birthdate = escape_data($_POST['birth_date']);
		} else {
			$birthdate = FALSE;
			echo '<p><font color="red" size="+1″>Please enter a valid date of birth!</font></p>';
			}
	$gender = escape_data($_POST['gender']);		
	if (preg_match ('%^[0-9]{5}$%', stripslashes(trim($_POST['zip_code'])))) {
		$zipcode = escape_data($_POST['zip_code']);
		} else {
			$zipcode = FALSE;
			echo '<p><font color="red" size="+1″>Please enter a valid 5 digit zip code!</font></p>';
			}
	if (preg_match ('%^[A-Za-z0-9._\%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$%', stripslashes(trim($_POST['email'])))) {
		$email = escape_data($_POST['email']);
		} else {
			$email = FALSE;
			echo '<p><font color="red" size="+1″>Please enter a valid email address!</font></p>';
			}
	if (preg_match ('%^[a-z\d_]{2,20}$%', stripslashes(trim($_POST['username'])))) {
		$username = escape_data($_POST['username']);
		} else {
			$username = FALSE;
			echo '<p><font color="red" size="+1″>Please enter a valid username!</font></p>';
			}
	if (preg_match ('%\A(?=[-_a-zA-Z0-9]*?[A-Z])(?=[-_a-zA-Z0-9]*?[a-z])(?=[-_a-zA-Z0-9]*?[0-9])\S{6,}\z%', stripslashes(trim($_POST['password1'])))) {
		if (($_POST['password1'] == $_POST['password2']) && ($_POST['password1'] != $_POST['username'])) {
			$password = escape_data($_POST['password1']);
			} elseif ($_POST['password1'] == $_POST['username']) {
				$password = FALSE;
				echo '<p><font color="red" size="+1″>Your password cannot be the same as the username!</font></p>';
			} else {
				$password = FALSE;
				echo '<p><font color="red" size="+1″>Your password did not match the confirmed password!</font></p>';
				}
				} else {
					$password = FALSE;
					echo '<p><font color="red" size="+1″>Please enter a valid password!</font></p>';
					}
					$captchchk = 1;
					require_once('_includes/recaptchalib.php');
					$privatekey = "My private key goes here...i know";
					$resp = recaptcha_check_answer ($privatekey,
					$_SERVER["REMOTE_ADDR"],
					$_POST["recaptcha_challenge_field"],
					$_POST["recaptcha_response_field"]);
					if (!$resp->is_valid) {
						echo '<p><font color="red" size="+1″>The CAPTCHA Code wasn\'t entered correctly!
						</font></p>';
						$captchchk = 0;
						}
			if ($firstname && $lastname && $birthdate && $gender && $zipcode && $email && $username && $password) {
				$query = "SELECT user_id FROM users WHERE username='$username'";

				$result = mysql_query($query) or trigger_error("Sorry, that username is taken");

				if(mysql_num_rows($result) == 0) {
					$a = md5(uniqid(rand(), true));
					$query = "INSERT INTO users(zip_code, username, first_name, password, activation_code, join_date, last_name, gender, birth_date, email) VALUES ('$zipcode', '$username', '$firstname', SHA('$password'), '$a', NOW(), '$lastname', '$gender', '$birthdate', '$email')";

					$result = mysql_query($query) or trigger_error("Sorry an error happened");

					if(mysql_affected_rows() == 1) {
						$body = "Thanks for registering. Activate account by clicking this link: <br />";

						$body .= "http://localhost/activate.php?x=" . mysql_insert_id() . "&y=$activationcode";

						mail($email, 'Registration Confirmation', '$body', 'From: admin@mysite.com');
						echo '<br /><br /><h1>Thank you for registering! A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</h1>';
						}
						exit();
						} else {
							echo '<p><font color="red" size="+1″>You could not be registered due to a system error. We apologize for any inconvenience.</font></p>';
							}
							} else {
								echo '<p><font color="red" size="+1″>That email address has already been registered. If you have forgotten your password, use the link to have your password sent to you.</font></p>';
								}
								mysql_close();
								}
?>
		    <h1>Register</h1>
    <br />
    <p>Please fill out the form below. All fields required.</p>
    <br />
<center><form action="register.php" method="POST" id="regform">
        	<table width="550" border="0">
  <tr>
    <td width="200"><p>First Name:</p></td>
    <td width="200"><label for="first_name"></label>
      <input name="first_name" type="text" id="first_name" maxlength="20" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>"/></td>
    <td width="200"> </td>
  </tr>
  <tr>
    <td><p>Last Name:</p></td>
    <td><label for="last_name"></label>
      <input name="last_name" type="text" id="last_name" maxlength="45" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>"/></td>
    <td> </td>
  </tr>
  <tr>
    <td><p>Birthdate:</p></td>
    <td><label for="birth_date"></label>
      <input name="birth_date" type="text" id="birth_date" maxlength="10" value="<?php if (isset($_POST['birth_date'])) echo $_POST['birth_date']; ?>"/></td>
    <td><p>(Format: MM/DD/YYYY)</p></td>
  </tr>
  <tr>
    <td><p>Gender</p></td>
    <td><p>
      <label>
        <input type="radio" name="gender" value="F" id="gender_0" />
        F
      </label>
      <label>
        <input type="radio" name="gender" value="M" id="gender_1" />
        M
       </label>
       <input name="gender" type="hidden" value="" />
      <br />
    </p></td>
    <td> </td>
  </tr>
  <tr>
    <td><p>Zip Code</p></td>
    <td><label for="zip_code"></label>
      <input name="zip_code" type="text" id="zip_code" maxlength="5" value="<?php if (isset($_POST['zip_code'])) echo $_POST['zip_code']; ?>"/></td>
    <td> </td>
  </tr>
  <tr>
    <td><p>Email:</p></td>
    <td><label for="email"></label>
      <input name="email" type="text" id="email" maxlength="255" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></td>
    <td> </td>
  </tr>
  <tr>
    <td><p>Username:</p></td>
    <td><label for="username"></label>
      <input name="username" type="text" id="username" maxlength="60" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>"/></td>
    <td> </td>
  </tr>
  <tr>
    <td><p>Choose New Password:</p></td>
    <td><label for="password1"></label>
      <input name="password1" type="password" id="password1" maxlength="40" /></td>
    <td> </td>
  </tr>
  <tr>
    <td><p>Confirm New Password:</p></td>
    <td><label for="password2"></label>
      <input name="password2" type="password" id="password2" maxlength="40" /></td>
    <td> </td>
  </tr>
</table>
</br>
	<?php
		require_once('_includes/recaptchalib.php');
		$publickey = "my public key goes here...i know"; // you got this from the signup page
		echo recaptcha_get_html($publickey);
	?>
	<br />
         <input type="submit" name="submit_signup" id="submit_signup" value="Sign Up" />
         <input type="hidden" name="submitted" value="TRUE" />
  </form></center>
        <br />
        <br />
         </div>
    </div>
<?php include('_includes/template/sidebar_right.php'); ?>
<?php include('_includes/template/footer.php'); ?>
</div>
</body>
</html>

 

login.php file:

<?php
session_start();
require_once('_includes/connectvars.php');
?>
<?php
if (isset($_POST['submitLogin'])) {
if (preg_match ('%^[A-Za-z0-9]\S{6,20}$%', stripslashes(trim($_POST['username'])))) {
	$username = escape_data($_POST['username']); 
	} else {
		$username = FALSE;
		echo '<p><font color="red" size="+1″>Please enter a valid username!</font></p>';
		}
if (preg_match ('%^[A-Za-z0-9]\S{6,20}$%', stripslashes(trim($_POST['password'])))) {
	$password = escape_data($_POST['password']); 
	} else {
		$password = FALSE;
		echo '<p><font color="red" size="+1″>Please enter a valid password!</font></p>';
		}
if ($username && $password) {
	$query = "SELECT user_id, level_access, username, password, join_date, first_name, last_name, birth_date, gender, zip_code, email, activation_code FROM users WHERE username='$username' AND password=SHA('$password')";
	$result = mysql_query ($query) or trigger_error("Either the Username or Password are incorrect");
	if (mysql_affected_rows() == 1) {
		$row = mysql_fetch_array ($result, MYSQL_NUM);
		mysql_free_result($result);
		$_SESSION['first_name'] = $row[5];
		$_SESSION['username'] = $row[2];

		$tokenId = rand(10000, 9999999);
		$query2 = "update users set tokenid = $tokenId where username = '$_SESSION[username]'";
		$result2 = mysql_query ($query2);
		$_SESSION['token_id'] = $tokenId;

		session_regenerate_id();

		header("Location: http://localhost/mysite/index.php");
		mysql_close();
		exit();
	}
	} else {
		echo '<br><br><p><font color="red" size="+1″>Either the Username or Password are incorrect</font></p>';
		mysql_close();
		exit();
		}
		echo '<br><br><p><font color="red" size="+1″>Either the Userid or Password are incorrect</font></p>';
		mysql_close();
		exit();
		}						
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled</title>
<link href="_css/page_layout.css" rel="stylesheet" type="text/css" />
<link href="_css/page_text.css" rel="stylesheet" type="text/css" />
<link href="_css/sidebarLeft.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<?php include('_includes/template/header.php'); ?>
<?php include('_includes/template/nav.php'); ?>
<?php include('_includes/template/sidebar_left.php'); ?>
    <div id="mainContent">
    	<div class="content">
   		  <h1>Login</h1>
            <form action="login.php" method="post" name="login" id="login">
            <table width="200" border="0">
            <tr>
            <td><p>Username:</p></td>
            <td><label for="username"></label>
            <input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>"/></td>
            </tr>
            <tr>
            <td><p>Password:</p></td>
            <td><label for="password"></label>
            <input type="password" name="password" id="password" /></td>
            </tr>
            </table>
            <br />
            <p>
            <label>
            <input type="radio" name="remember_me" value="radio" id="remember_me_0" />
            Keep me logged in
      		</label>
      		<br />
    		</p>
    		<br />
    		<input type="submit" name="submitLogin" value="Login" />
            <input type="hidden" name="submitted" value="TRUE" />
      		</form>
    <br />
    		<p>Not a member? <a href="register.php">Create an account!</a></p>
    		<br />
    		<p>Forgot password?</p>
        </div>
    </div>
<?php include('_includes/template/sidebar_right.php'); ?>
<?php include('_includes/template/footer.php'); ?>
</div>
</body>
</html>

 

Here's the code that shows the different menus depending on if someone is logged in or not.

    <div class="login">
<?php
echo '<p>';
echo 'Welcome ';
if (isset($_SESSION['first_name'])) {
	echo " {$_SESSION['first_name']}!</br></br>";
	} else { 
	echo 'Guest!';
	}
	if (isset($_SESSION['username']) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) 
	{
		echo '<a href="add_event.php">Add an Event</a></br>
		<a href="my_profile.php">My Profile</a></br>
		<a href="logout.php"><p>Logout</a></br>';
		} else {
			echo '</br>  
			<a href="register.php">Register</a></br> 
			<a href="login.php">Login</a></br>';
			}
echo'</p>';
?>
    </div>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.