Home arrow PHP arrow Page 2 - Building Site Registration for Web Application Security

The Code Explained - PHP

In this article we will be exploring the registration script of our site. This script is responsible for registering new users for the website. We will also be looking at database security; since the registration script also uses a database table, we will implement some of the concepts that we will be discussing. This article is the sixth part of an eight-part series on web application security.

TABLE OF CONTENTS:
  1. Building Site Registration for Web Application Security
  2. The Code Explained
  3. Username and Password
  4. The HTML Form continued
By: David Web
Rating: starstarstarstarstar / 5
October 27, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

The script first checks to see if the form has been submitted:


if(isset($_POST['key'])){


If the form has been submitted, then the form data is filtered. The process of filtering starts by checking to see if the submitted form data actually contains any values:


//NEED TO CHECK IF FIELDS ARE FILLED IN


if( empty($_POST['name']) && (empty($_POST['email']))){

print "Please enter your username and email.";

$comb="Please enter your username and email.";

}

First the username and email is checked to see if they contain any values, then the passwords are tested to see if they contain any values:

if( empty($_POST['pw1']) && (empty($_POST['pw2']))){

print "Please enter your password.";

$pw="Please enter your password.";

}


Next, the type of data is tested. We expect only string values for the name, password and email values:


//check that the username and password is string

if( is_numeric($_POST['name']) && (is_numeric($_POST['pw1']))){

print "Please enter a valid username and password.";

$errmsg=" Please enter a valid username and password.";

$error=true;

}

We test the confirmation password to see if it contains a string or integer:  

if( is_numeric($_POST['pw2'])){

print "Please enter a valid confirmation password.";

$errmsg=" Please enter a valid confirmation password.";

$error=true;

}

We then test the email address to see if it has the correct format, and then set the error values accordingly:

//Check if email address has correct format

if(!eregi("^[a-z0-9]+[a-z0-9_-]*(.[a-z0-9_-]+)*@[a-z0-9_-]+(.[a-z0-9_-]+)*.(

[a-z]+){2,}$", $_POST['email'])) {

$errmsg=" Please enter a valid email address.";

$error=true;

}

Using the $error variable, we check to see if everything checks out okay:

if(!$error){

Then we transfer the form variables to shorter variable names:

$name=$_POST['name'];

$email=$_POST['email'];


$pw1=$_POST['pw1'];

$pw2=$_POST['pw2'];



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: