My Sign up script:
Code: Select all
<?php
session_start();
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = 'password;
$mysql_database = 'database';
$mysql_table = 'USERS';
$success_page = './thank_you_page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
$newusername = $_POST['username'];
$newemail = $_POST['email'];
$newpassword = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$website = $_SERVER['HTTP_HOST'];
$script = $_SERVER['SCRIPT_NAME'];
$timestamp = time();
$code = md5($website.$timestamp.rand(100000, 999999));
if ($newpassword != $confirmpassword)
{
$error_message = 'Password and Confirm Password are not the same!';
}
else
if (!ereg("^[A-Za-z][a-z_.]{3,25}[a-z0-9]$", $newusername))
{
$error_message = 'Username is not valid, please check and try again!';
}
else
if (!ereg("^[a-z0-9]{5,50}$", $newpassword))
{
$error_message = 'Password is not valid, please check and try again!';
}
else
if (!ereg("^[A-Za-z0-9\.|-|_]*[@]{1}[A-Za-z0-9\.|-|_]*[.]{1}[a-z]{2,5}$", $newemail))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
if (empty($error_message))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>'.mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>'.mysql_error());
$sql = "SELECT username FROM ".$mysql_table." WHERE username = '".$newusername."'";
$result = mysql_query($sql, $db);
if ($data = mysql_fetch_array($result))
{
$error_message = 'Username already used. Please select another username.';
}
}
if (empty($error_message))
{
$crypt_pass = md5($newpassword);
$newusername = mysql_real_escape_string($newusername);
$newemail = mysql_real_escape_string($newemail);
$newfullname = mysql_real_escape_string($newfullname);
$sql = "INSERT `".$mysql_table."` (`username`, `password`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newemail', 1, '$code')";
$result = mysql_query($sql, $db);
mysql_close($db);
$subject = 'Email confirmation';
$message = 'Hi! Thanks for creating an account on our site. Click the link below to confirm your email address:';
$message .= "\r\nUsername: ";
$message .= $newusername;
$message .= "\r\nPassword: ";
$message .= $newpassword;
$message .= "\r\n";
$message .= "\r\nhttp://".$website.$script."?user=".$newusername."&code=$code";
$message .= "\r\n\r\nThis is an automated message - please do not reply";
$header = "From: webmaster@myhoo22.com"."\r\n";
$header .= "Reply-To: webmaster@myhoo22.com"."\r\n";
$header .= "MIME-Version: 1.0"."\r\n";
$header .= "Content-Type: text/plain; charset=utf-8"."\r\n";
$header .= "Content-Transfer-Encoding: 8bit"."\r\n";
$header .= "X-Mailer: PHP v".phpversion();
mail($newemail, $subject, $message, $header);
header('Location: '.$success_page);
exit;
}
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>'.mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>'.mysql_error());
$sql = "SELECT * FROM ".$mysql_table." WHERE username = '".$_GET['user']."' AND code = '".$_GET['code']."'";
$data = mysql_query($sql);
if(!$data) {
die("There was an error in the following sql statement :<hr>$sql");
}
mysql_close($db);
header("refresh:5;url=log_in.php");
echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
exit;
}
?>Code: Select all
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'loginform')
{
$success_page = './index.php';
$error_page = './error_page.html';
$mysql_server = 'localhost';
$mysql_username = 'myhoo22c_blade';
$mysql_password = 'opinci23';
$mysql_database = 'myhoo22c_bladesdb';
$mysql_table = 'USERS';
$crypt_pass = md5($_POST['password']);
$found = false;
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>'.mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>'.mysql_error());
$sql = "SELECT password, active FROM ".$mysql_table." WHERE username = '".mysql_real_escape_string($_POST['username'])."'";
$result = mysql_query($sql, $db);
if ($data = mysql_fetch_array($result))
{
if ($crypt_pass == $data['password'] && $data['active'] != 0)
{
$found = true;
}
}
mysql_close($db);
if($found == false)
{
header('Location: '.$error_page);
exit;
}
else
{
session_start();
$_SESSION['username'] = $_POST['username'];
$rememberme = isset($_POST['rememberme']) ? true : false;
if ($rememberme)
{
setcookie('username', $_POST['username'], time() + 3600*24*30);
setcookie('password', $_POST['password'], time() + 3600*24*30);
}
header('Location: '.$success_page);
exit;
}
}
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$password = isset($_COOKIE['password']) ? $_COOKIE['password'] : '';
?>