[RESOLVED] Registration form with passcode

Gnuff

Hi, Im making a registration form, and I want to have a litle security feature so that you have to enter a passcode(that people get from me) for the registration to be aproved. i copyed a feature to check if you have entered enoguh charaters to aprove a persons password. but Im not sure how to modyfi it.

here is the code: (where it says "somthing", that is where i want to have the passcode, alternativly i could have it in a database, but I`m not sure if there is a point in it, but if it is easy to do it, it could be a cool feature.)

if(strlen($_POST['passcode']) <= somthing)
{
 $errors = 1;
 $emessage .= "<li>Sorry, you din't use the <strong>right</strong> passcode.</li>";
}

I hope someone can help me, thank you!

Popcorn

A better idea would be to let them register without a passcode but register them in a "inactive" state. You would then get an email to say a person has registered and then you can accept or reject their registration.

Gnuff

Yeah, that system is in place, the passcode feature is to avoid registrations from people that shouldnt register, so I dont get loads of emails with registrations. but thank you for your input.

Xager

I don't reallt get:

if(strlen($_POST['passcode']) <= somthing)

I mean, is number of chars of the entered code is less then the passcode?

Why don't you just do:

if($_POST['passcode'] !== $the_real_passcode){
    doStuff();
}
else{
    doOtherStuff();
}

Gnuff

yeah, I was looking for somthing like that, the number thing was because i copy`d it from a check to see if there is enough characters in the password. But didnt know how do change it.

I made these changes, but dont seem to do annything, I'm sure I did it wrong.

if($_POST['passcode'] !== $somthing){
$errors = 0;
}
else{
 $errors = 1;
 $emessage .= "<li>Sorry, you din't use the <strong>right</strong> passcode.</li>";
}

if It's not clear what I'm trying to do, I want the script to report an error if the passcode isnt correct. And to do nothing if it is correct.

I run this after the one above:

if($errors != 0)
{
 $emessage .= "</font></center>";
 die("$emessage");
}

Popcorn

if($_POST['passcode'] === 'passcode')
{
    echo 'They have entered the correct passcode';
}
else
{
   echo 'Wrong Passcode';
}

That should get you started.

Gnuff

I'm not sure how that helps me.

To make things clear, I'l post the entire script.
Hope that help, sorry if I'm unclear, I'm not very proficient in php.

<?php
ob_start();
session_start();
?>
<?php include("header.php"); ?>

<?php
/* wrriten: 10-04-08 */
if(isset($_POST['register']))
{
//variables from the form
$username = $_POST['username'];
$password = $_POST['password'];
//hash password
$password = md5($password);
$email = $_POST['email'];
$passcode = $_POST['passcode'];
$date = date("F j Y");
//check that user have filled in everything
$errors = 0;
$emessage = "<center>Sorry, we enounctered the following errors when processing your registration:<br /><ul>";

if(empty($username) || empty($password) || empty($email) || empty($passcode))
{
 $errors = 1;
 $emessage .= "<li>Sorry, you must fill in <strong>all</strong> fields.  Please go back and try again.</li>";
}
if(strlen($_POST['password']) <= 5)
{
 $errors = 1;
 $emessage .= "<li>Sorry, your password must be <strong>atleast</strong> six characters.</li>";
}
if($_POST['passcode'] !== $somthing){
$errors = 0;
}
else{
 $errors = 1;
 $emessage .= "<li>Sorry, you din't use the <strong>right</strong> passcode.</li>";
}


//if the user made errors, show messages
if($errors != 0)
{
 $emessage .= "</font></center>";
 die("$emessage");
}


//connect to the database
mysql_connect("localhost", "******_admin", "*****") or die(mysql_error());
mysql_select_db("*****_lodge") or die(mysql_error());

//perform query, inseting user submitted data
mysql_query("INSERT INTO users (username, password, email, passcode, date) VALUES ('$username', '$password', '$email', '$passcode', '$date')") or die(mysql_error());
//message if everything went well.
echo("<center>Thanks for registering.  You may now log in by clicking <a href=\"/lodge/login.php\">here</a>.</font></center>");
}
?>

<?php include("footer.php"); ?>
<?php
ob_end_flush();
?>

Xager

Gnuff wrote:
I made these changes, but dont seem to do annything, I'm sure I did it wrong.
if($_POST['passcode'] !== $somthing){
$errors = 0;
}
else{
 $errors = 1;
 $emessage .= "<li>Sorry, you din't use the <strong>right</strong> passcode.</li>";
}

Now your setting $errors to 0 when the passcode is CORRECT, should be:

if($_POST['passcode'] == $somthing){
$errors = 0;
}
else{
 $errors = 1;
 $emessage .= "<li>Sorry, you din't use the <strong>right</strong> passcode.</li>";
}

Gnuff

thanks all, that fixed it, also i forgot to make a refference to the passcode. All is well!

Xager

Gnuff wrote:
thanks all, that fixed it, also i forgot to make a refference to the passcode. All is well!

Hehe, glad to hear. Best of luck =)