hi friends
Anybody here criticize this funny code? It is working but I need someone criticize it.
BHL.php
<?php
class BHL_DB {
protected $DB_SERVER;
protected $DB_USER;
protected $DB_PASS ;
protected $DB_NAME;
protected $connection;
function __construct($DB_SERVER = "localhost", $DB_USER = "root", $DB_PASS = "", $DB_NAME = "bahala"){
$this->DB_SERVER = $DB_SERVER;
$this->DB_USER = $DB_USER;
$this->DB_PASSS = $DB_PASS;
$this->DB_NAME = $DB_NAME;
$this->connection = $connection;
}
public function DBConnection(){
$this->connection = mysql_connect($this->DB_SERVER, $this->DB_USER, $this->DB_PASS) or die('Can not connect to BHL, try again' . mysql_error());
mysql_select_db($this->DB_NAME) or die(mysql_error());
}
}
$transaction = new BHL_DB();
$transaction->DBConnection();
?>
reginfo.php
<?php
class RegistrationInfo {
public $username;
public $password;
public $email;
public $DB_TBL;
public $ip;
function __construct($username, $password, $email, $DB_TBL, $ip){
$this->username = $username;
$this->password = $password;
$this->email = $email;
$this->DB_TBL = $DB_TBL;
$this->ip = $ip;
}
function DBuserTBL($DB_TBL){
$this->DB_TBL = "users";
}
function UserInfo($username, $password, $email, $DB_TBL, $ip){
if (isset($_POST['submit'])){
if($_POST['username'] != "" && strlen($_POST['username']) >= 4 && $_POST['password'] != "" && strlen($_POST['password']) >= 4 && $_POST['password'] == $_POST['password2'] && $_POST['email'] != "" && eregi("^([[:alnum:]]|_|\.|-)+@([[:alnum:]]|\.|-)+(\.)([a-z]{2,4})$", $_POST['email'])){
if(getenv('HTTP_X_FORWARDED_FOR')){
$this->ip = getenv('HTTP_X_FORWARDED_FOR');
if($this->ip == ""){
$this->ip = getenv('REMOTE_ADDR');
}
}else{
$this->ip = getenv('REMOTE_ADDR');
}
$date = DATE('Y-m-d');
$this->username = $_POST['username'];
$check = mysql_query("SELECT username FROM `$this->DB_TBL` WHERE username = '$this->username'") or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 != 0){
die('<font color = blue>Sorry, the <strong><font color = red>'.$this->username.'</font></strong> is already in use.!</font>');
}
$this->password = $_POST['password'];
$this->email = $_POST['email'];
}else{
die("<font color = blue>Please, <strong><font color = red>CHECK IT AGAIN</font></strong>there is something wrong!</font>");
}
$q = mysql_query ("INSERT INTO `$this->DB_TBL` (`username`, `password`, `email`, `ip`, `regdate`) VALUES ('".mysql_real_escape_string($_POST['username'])."', '".mysql_real_escape_string(md5($_POST['password']))."', '".mysql_real_escape_string($_POST['email'])."','".$this->ip."','".$date."')");
$result = mysql_query($q);
}
}
function getUserInfo(){
echo "<font color = blue>hi <font color = red>" . $this->username."</font></br> Thank you for your membership with us. Plz check it out and feel free to access our website</font>";
}
}
$person = new RegistrationInfo($username, $password, $email, $DB_TBL, $ip);
$person->DBuserTBL($DB_TBL);
$person->UserInfo($username, $password, $email, $DB_TBL, $ip);
echo $person->getUserInfo();
?>
registration.php
<?php
include('BHL.php');
include('reginfo.php') ;
include ('regform.html');
?>
regform.html
<body>
<h2>REGISTER</h2>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<table width="60%" border="1" cellspacing="2" cellpadding="2">
<tr>
<td>USER NAME: </td>
<td><input type="text" name="username" size="15" maxlength="30"
value="<?php if (isset($_POST['username'])) echo $_POST['username'];
?>" /></td>
</tr>
<tr>
<td>PASSWORD: </td>
<td><input type="password" name="password" size="10" maxlength="20"
/></td>
</tr>
<tr>
<td>VERIFY PASSWORD: </td>
<td><input type="password" name="password2" size="10" maxlength="20"
/></td>
</tr>
<tr>
<td>EMAIL ADDRESS: </td>
<td><input type="text" name="email" size="20" maxlength="40"
value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="REGISTER" /></td>
</tr>
</table>
<p>
<input type="hidden" name="submitted" value="TRUE" />
</p>
</form>
</body>
