Home arrow PHP arrow Building Site Registration for Web Application Security

Building Site Registration for Web Application Security

In this article we will be exploring the registration script of our site. This script is responsible for registering new users for the website. We will also be looking at database security; since the registration script also uses a database table, we will implement some of the concepts that we will be discussing. This article is the sixth part of an eight-part series on web application security.

TABLE OF CONTENTS:
  1. Building Site Registration for Web Application Security
  2. The Code Explained
  3. Username and Password
  4. The HTML Form continued
By: David Web
Rating: starstarstarstarstar / 5
October 27, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

The Registration Script

The registration script is responsible for registering new users to our website. Any user that wants access to our website will have to go through this registration process. The script presents the user with an HTML form that requires a username, a password and an email address. The script takes these credentials and adds them to the database. Below is the code that makes all of this happen:


<?php

$errmsg=

$error=false;


if(isset($_POST['key'])){

//NEED TO CHECK IF FIELDS ARE FILLED IN

if( empty($_POST['name']) && (empty($_POST['email']))){

echo "Please enter your username and email.";

$comb="Please enter your username and email.";

exit;

}

if( empty($_POST['pw1']) && (empty($_POST['pw2']))){

print "Please enter your password.";

$pw="Please enter your password.";

exit;

}


//check that the username and password is string

if( is_numeric($_POST['name']) && (is_numeric($_POST['pw1']))){

print "Please enter a valid username and password.";

$errmsg=" Please enter a valid username and password.";

$error=true;

}


if( is_numeric($_POST['pw2'])){

print "Please enter a valid confirmation password.";

$errmsg=" Please enter a valid confirmation password.";

$error=true;

}


//Check if email address has correct format

if(!eregi("^[a-z0-9]+[a-z0-9_-]*(.[a-z0-9_-]+)*@[a-z0-9_-]+(.[a-z0-9_-]+)*.(

[a-z]+){2,}$", $_POST['email'])) {

$errmsg=" Please enter a valid email address.";

$error=true;

}




if(!$error){

$name=$_POST['name'];

$email=$_POST['email'];


$pw1=$_POST['pw1'];

$pw2=$_POST['pw2'];


if("$pw1" !== "$pw2" ){

print "your confirmation password has been mistyped or is empty,please try again";

$conf="your confirmation password has been mistyped or is empty,please try again";

exit;

}



//connect to the db server , check if uname exist

include('../config.php');

$query=("Select * from user where uname='$name'");

$result= mysql_query($query);

$num=mysql_num_rows($result);

if ($num > 0) {//Username already exist

print "The username is already taken,please try again";

$taken="The username is already taken,please try again";

print "<p><a href=http://localhost/loginscript/register.php>Click here to try again.</a></p>";

exit;

}else{

//if username does not exist insert user details

$query=( "INSERT INTO users (uname, pw,email) VALUES ('$name',password('$pw1'),'$email')");

if (@mysql_query ($query)) {

//print "Your details have been added";

header("location:login.php?reg=1");

exit;

}

}

}

}

?>



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/primary/Templates/was.dwt.php" codeOutsideHTMLIsLocked="false" -->

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->

<title>WebSecure::Registration</title>

<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" -->

<!-- InstanceEndEditable -->

<link href="Templates/was.css" rel="stylesheet" type="text/css" />

<script language="javascript" type="text/javascript">

function checkform(pform1){

if(pform1.uname.value==""){

alert("Please enter a username")

pform1.uname.focus()

return false

}


if(pform1.pw.value==""){

alert("Please enter a password")

pform1.pw.focus()

return false

}


if(pform1.email.value==""){

alert("Please enter a email address")

pform1.email.focus()

return false

}



if(pform1.pw.value=="" && pform1.uname.value==""&& pform1.email.value==""){

alert("Please make sure that you have entered all the information that is required")

return false

}

return true

}


</script>

</head>


<body>

<table width="99%" border="1">

<tr>

<td bgcolor="#333333" class="header">Web Secure</td>

</tr>

 

 

<tr>

<td><!-- InstanceBeginEditable name="main" -->

<form name="form1" action=" register.php " method="post" onSubmit="return checkform(this)" >

<table width="657" border="0">

<tr>

<td width="122"><div align="left">Name</div></td>

<td width="525"><input name="name" type="text" size="40"></td>

</tr>

<tr>

<td><div align="left">Email</div></td>

<td><input name="email" type="text" size="40"></td>

</tr>

<tr>

<td><div align="left">Password</div></td>

<td><input name="pw1" type="password" size="40"></td>

</tr>

<tr>

<td ><div align="left">Confirm Password </div></td>

<td><input name="pw2" type="password" size="40">

<input type="hidden" name="key" /></td>

</tr>

<tr>

<td></td>

<td> <input name="submit" type="submit"></td>

</tr>

</table>

</form><!-- InstanceEndEditable --></td>

</tr>

<tr>

<td class="copy">&copy;2008</td>

</tr>

</table>

</body>

<!-- InstanceEnd --></html>





 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: