User registration systems.

Smeep

ok, your in for a short story here, I'm gunna keep it as short and sweet as possible.

Basically, I'm setting about my first "big" project. I hope to loose my "newbie" status as a php coder with this one. I'm still treading on uneven ground, and by the time I finish this, I hope to be a level headed PHPer.

I'm starting, from scratch, a user registration system for a website that I am starting. (No, I won't spamvertise here, hehe)

What I'm looking for, is great places to read about this kind of thing, so that I can make a start.

What I already can do, with a little recaping, is create a form that writes to a database, Create a "logged in" cookie and create log in fields. Very primitive basic things, and that's the problem right there.

This database will be storing passwords. I need to think heavily about security, so that I can ensure my future users safe harbour.

So, links to projects, read ups and and info you want to.

Things I have to get done include, the registration page, the ability to register as two different types of user or both and create the logged in cookie. I'll keep this thread updated, hopefully I can find some help here.

Roger_Ramjet

Search these forums and you'll find umpteen threads that discuss registration and login systems, password hashing and site security in detail.

Smeep

Ay, I did. And I found many different topics too. However - all of these topics seemed to be more specific problems, along the lines of "I got this far, what now?" or "I can't get email verifcation to work!" etc, (which I will no doubt be readinging through very soon.

This is why I said "from scratch" because I'm looking for an introduction to this, (if such thing exists) rather than a solution to this.

Thank you very much for your reply, though 🙂

Dada78

Since I have asked for alot of help here I will try to return the favor since I have and am in the middle of such a project as well. The first thing I would do and I did do is if you are familiar with HTML then go ahead and build your actually registration page. Now you can include your php in the file or you can create a seperate php file and add include statements in the HTML to call the php page, that's what I did. If you choose to include the php statements in the HTML, then build it out first then go back and fill in the php codes. Also build your database for the registration page. After you have that completed and you have your registration page built and inputing data into the DB properly. Then you can go back and start adding security features and what not and start building the pages that you will be acessing while signed in etc. First you need a foundation and building the registration page and the DB for it is a good start. If you need more further information about how to get a registration page started I'll do the best I can to help. I am sure thier might be other methods to do this, but I am just offereing the suggestion of what I did and has seemed to work so far. You might receive some other knowledgeable replies on this if anyone cares to respond.

Good Luck

Roger_Ramjet

'From scratch' then

basics of php and mysql
managing users: includes good code

But, you are after help on storing passwords and general site security: so search here for 'password hashing', md5, sha1, site security and you will, as I said, come up with many threads that cover the whole topic in detail.

Smeep

Thanks for the linkage 🙂

I'm at the stage now, where I have created a (Very primitive) registration page and I am trying to get it to write to the database. Having a little difficulty with that. It's not giving an error message, it's kida like it's not doing anything at all. must get good at proof reading own code

Here's what me has so far

<html>
<head>
<title>Registration</title>
</head>
<body>

<table height="100%" width="100%">
<tr>
<td valign="top" bgcolor="#000000" width="20%">
<font color="#FFFFFF">

<p align="left">

<? include("menutable.php"); ?> 
</p>
</td>
<td valign="top">

<img src="http://www.webfriends.biz/images/banner2.gif" alt="WebFriends!" border="0" >

<form action="registering.php" method="post">
<select name="usertype"><br />
<option value="customer">Register as a Customer</option>
<option value="webfiends">Register as a WebFriend</option>
<option value="both">Register as both</option>
</select><br />
Enter your prefered username: <input type="text" name="username" /><br />
Enter your first name: <input type="text" name="firstname" /><br />
Enter your surname: <input type="text" name="surname" /><br />
Enter your prefered password: <input type="password" name="password" /><br />
Confirm password: <input type="password" name="passconfirm"><br />
Enter your email address: <input type="text" name="email"><br />
Confirm email: <input type="text" name="emailconfirm"><br />
Enter your Date of Birth: <input type="date" name ="dob"><br />
Enter the first line of your address: <input type="text" name="alone"><br />
Enter the second line of your address: <input type="text" name="altwo"><br />
Enter the third line of your address: <input type="text" name="althree"><br />
Enter your county:
<select name="location"><br />
<option value="Birmingham">Birmingham</option>
<option value="Manchester">Manchester</option>
<option value="Leeds">Leeds</option>
<option value="London">London</option>
<option value="North Yorkshire">North Yorkshire</option>
</select><br />
Enter your postcode: <input type="text" name="postcode"><br />
Enter your daytime telephone number: <input type="text" name="daytime"><br />
Enter your evening telephone number: <input type="text" name="evening"><br />
Enter your mobile number: <input type="text" name="mobile"><br />
<input type="submit" value="Register!"/>
</form>

</p>
</td>
</tr>

</table>
</body>
</head>

<html>
<head>
<title>Register!</title>
</head>
<body>

<table height="100%" width="100%">
<tr>
<td valign="top" bgcolor="#000000" width="20%">
<font color="#FFFFFF">

<p align="left">

<? include("menutable.php"); ?> 
</p>
</td>
<td valign="top">

<img src="http://www.webfriends.biz/images/banner2.gif" alt="WebFriends!" border="0" >

<?php 
$dbcnx = @mysql_connect('info', 'info', 'info');
if (!$dbcnx) {
 echo 'Unable to connect to the ' .
     'database server at this time.' ;
 exit();
}



// Select the database
if (!@mysql_select_db('info')) {
 exit('Unable to locate the ' .
     'database at this time.');
} 

// Write to the fields


 		$usertype= addslashes(htmlentities($_POST['usertype']));
		$username= addslashes(htmlentities($_POST['username']));
		$firstname= addslashes(htmlentities($_POST['firstname'])); 
		$surename= addslashes(htmlentities($_POST['surname']));
		$password= addslashes(htmlentities($_POST['password']));
		$passconfirm= addslashes(htmlentities($_POST['passconfirm']));
		$email= addslashes(htmlentities($_POST['email']));
		$emailconfirm= addslashes(htmlentities($_POST['emailcomfirm']));
		$dob= addslashes(htmlentities($_POST['dob']));
		$alone= addslashes(htmlentities($_POST['alone']));
		$altwo= addslashes(htmlentities($_POST['altwo']));
		$althree= addslashes(htmlentities($_POST['althree']));
		$location= addslashes(htmlentities($_POST['location']));
		$postcode= addslashes(htmlentities($_POST['postcode']));
		$daytime= addslashes(htmlentities($_POST['daytime']));
		$evening= addslashes(htmlentities($_POST['evening']));
		$mobile= addslashes(htmlentities($_POST['mobile']));


if ( $usertype == "webfriends" ) {		
$sql = "INSERT INTO webfriends (username, firstname, surname, password, alone, altwo, althree, county, country, daytime, evening, mobile, dob, email, postcode) VALUES ('$username', '$firstname', '$surname', '$password', '$alone', '$altwo', '$althree', '$county', '$country', '$alone', '$daytime', '$evening', '$mobile', '$dob', '$email')";
   if (@mysql_query($sql)) {
     echo 'registration sucsefull!';
}
}		 
else if ( $usertype == "customer" ) {
$sql = "INSERT INTO customer (username, firstname, surname, password, alone, altwo, althree, county, country, daytime, evening, mobile, dob, email, postcode) VALUES ('$username', '$firstname', '$surname', '$password', '$alone', '$altwo', '$althree', '$county', '$country', '$alone', '$daytime', '$evening', '$mobile', '$dob', '$email')";
   if (@mysql_query($sql)) {
     echo 'registration sucsefull!';
		 }
		 }
else if ( $usertype == "both" ) {
$sql = "INSERT INTO webfriends (username, firstname, surname, password, alone, altwo, althree, county, country, daytime, evening, mobile, dob, email, postcode) VALUES ('$username', '$firstname', '$surname', '$password', '$alone', '$altwo', '$althree', '$county', '$country', '$alone', '$daytime', '$evening', '$mobile', '$dob', '$email')";
   if (@mysql_query($sql)) {
     echo 'registration sucsefull!';
$sql = "INSERT INTO customer(username, firstname, surname, password, alone, altwo, althree, county, country, daytime, evening, mobile, dob, email, postcode) VALUES ('$username', '$firstname', '$surname', '$password', '$alone', '$altwo', '$althree', '$county', '$country', '$alone', '$daytime', '$evening', '$mobile', '$dob', '$email')";
   if (@mysql_query($sql)) {
     echo 'registration sucsefull!';

	 }
   } else {
     echo '<p>Error adding submitted review: ' .
        mysql_error() . '</p>';
   }
 }





// Query All entries
 $result = @mysql_query('SELECT * FROM webfriends');
 if (!$result) {
   echo ('<p>Error performing query: ' .
       mysql_error() . '</p>');
 }
?>


</p>
</td>
</tr>

</table>
</body>
</head>

EDIT: Been at this one for a while now, it looks like the "usertype" isn't being passed from the form, Hense, it's ignoring all the if's and exiting. I don't know why. God I'm such a newb.

Smeep

anyone got an idea what's going on?

Roger_Ramjet

Debugging 101 for Newbies

1 When you send POST or GET data, use the following code at the top of the target script to check what is being received (remove it when you are sure you have the correct data being sent and received)

foreach ($_POST as $key=>$val) {
   echo  $key . ' = ' . $val . '<br />';
}
// or $_GET as the case may be

Place an echo at the beginning of every control structure (while, switch, if/else) that displays the value being tested, will allow you to track executiion paths. Remove when finished debugging.

3 Echo all query string BEFORE executing them so that you can see the syntax errors.

4 Worry about layout once you have got the content right.

Smeep

Ok! Thanks so much for the help. Now I'm having a rather odd little problem. Though I have a susected solution - I'm not sure how to do it. The problem is that when I submit a user of a particular type, then try to submit another user, again of the same type, it simply won't do it. My guess is that I may need to clear the variable, but I don't know if that is possible.
Here's my code.

<html>
<head>
<title>Register!</title>
</head>
<body>

<table height="100%" width="100%">
<tr>
<td valign="top" bgcolor="#000000" width="20%">
<font color="#FFFFFF">

<p align="left">

<? include("menutable.php"); ?> 
</p>
</td>
<td valign="top">

<img src="http://www.webfriends.biz/images/banner2.gif" alt="WebFriends!" border="0" >

<?php 
$dbcnx = @mysql_connect('info', 'info', 'info');
if (!$dbcnx) {
 echo 'Unable to connect to the ' .
     'database server at this time.' ;
 exit();
}



// Select the database
if (!@mysql_select_db('info')) {
 exit('Unable to locate the ' .
     'database at this time.');
} 

// Write to the fields

foreach ($_POST as $key=>$val) {
   echo  $key . ' = ' . $val . '<br />';
}
// or $_GET as the case may be 


 		$usertype= addslashes(htmlentities($_POST['usertype']));
		$username= addslashes(htmlentities($_POST['username']));
		$firstname= addslashes(htmlentities($_POST['firstname'])); 
		$surename= addslashes(htmlentities($_POST['surname']));
		$password= addslashes(htmlentities($_POST['password']));
		$passconfirm= addslashes(htmlentities($_POST['passconfirm']));
		$email= addslashes(htmlentities($_POST['email']));
		$emailconfirm= addslashes(htmlentities($_POST['emailcomfirm']));
		$dob= addslashes(htmlentities($_POST['dob']));
		$alone= addslashes(htmlentities($_POST['alone']));
		$altwo= addslashes(htmlentities($_POST['altwo']));
		$althree= addslashes(htmlentities($_POST['althree']));
		$location= addslashes(htmlentities($_POST['location']));
		$postcode= addslashes(htmlentities($_POST['postcode']));
		$daytime= addslashes(htmlentities($_POST['daytime']));
		$evening= addslashes(htmlentities($_POST['evening']));
		$mobile= addslashes(htmlentities($_POST['mobile']));

echo $usertype . '<br />';

if ( $usertype == "webfriends" ) {	
echo 'wf '.$usertype . '<br />';	
$sql = "INSERT INTO webfriends (username, firstname, surname, password, alone, altwo, althree, county, country, daytime, evening, mobile, dob, email, postcode) VALUES ('$username', '$firstname', '$surname', '$password', '$alone', '$altwo', '$althree', '$county', '$country', '$daytime', '$evening', '$mobile', '$dob', '$email', '$postcode')";
   if (@mysql_query($sql)) {
     echo 'registration successful!';

}
}		


else if ( $usertype == "customer" ) {
 echo 'cx '.$usertype . '<br />';
$sql = "INSERT INTO customers (username, firstname, surname, password, alone, altwo, althree, county, country, daytime, evening, mobile, dob, email, postcode) VALUES ('$username', '$firstname', '$surname', '$password', '$alone', '$altwo', '$althree', '$county', '$country', '$daytime', '$evening', '$mobile', '$dob', '$email', '$postcode')";
   if (@mysql_query($sql)) {
     echo 'registration successful!';

	 }
	 }


else if ( $usertype == "both" ) {
 echo 'both'.$usertype . '<br />';
$sql = "INSERT INTO webfriends (username, firstname, surname, password, alone, altwo, althree, county, country, daytime, evening, mobile, dob, email, postcode) VALUES ('$username', '$firstname', '$surname', '$password', '$alone', '$altwo', '$althree', '$county', '$country', '$daytime', '$evening', '$mobile', '$dob', '$email', '$postcode')";
   if (@mysql_query($sql)) {
     echo 'registration successful!';

	 }
$sql = "INSERT INTO customers(username, firstname, surname, password, alone, altwo, althree, county, country, daytime, evening, mobile, dob, email, postcode) VALUES ('$username', '$firstname', '$surname', '$password', '$alone', '$altwo', '$althree', '$county', '$country', '$alone', '$daytime', '$evening', '$mobile', '$dob', '$email')";
   if (@mysql_query($sql)) {
     echo 'registration successful!';

	 }


   } else {
     echo '<p>Error registering: ' .
        mysql_error() . '</p>';
   }






// Query All entries
 $result = @mysql_query('SELECT * FROM webfriends');
 if (!$result) {
   echo ('<p>Error performing query: ' .
       mysql_error() . '</p>');
 }
?>


</p>
</td>
</tr>

</table>
</body>
</head>