REG + LOGIN + MEMBER AREA (MYSQL) help and use
Posted: Wed Nov 09, 2005 11:18 am
I hope i didnt forgot anythink
I wrote this 1yr ago, this is register (email msg confim), login, and members area (logout).
Does anyone have sugestions for securyte and etc.
SPAMYBOY.COM 2003 - 2005 (Lithuania, Gajus Kuzinas - spamyboy@gmail.com)
REGISTER.PHP
LOGIN.PHP
MEBERS.PHP
CONFIRM.PHP
CONFIG.PHP
LOGOUT.PHP
Does anyone have sugestions for securyte and etc.
SPAMYBOY.COM 2003 - 2005 (Lithuania, Gajus Kuzinas - spamyboy@gmail.com)
REGISTER.PHP
Code: Select all
<?
include("data/config.php");
if($_POST[passwd] == $_POST[passwd2])
{
$result = @mysql_query("select * from reg where name = '" .
$_POST[name] . "' and confirmed = '1'");
if(strlen($_POST['name']) > 0)
{
if($_POST[name] != @mysql_result($result, 0, "name"))
{
$number = $_POST['txtNumber'];
if (md5($number) == $_SESSION['image_random_value']) {
$md = md5(time().$_POST['name']);
mysql_query("insert into reg set name = '" .
$_POST['name'] . "',
email = '" . $_POST['email'] . "', password = '" .
crypt($_POST['passwd']) . "', md = '" . $md . "'");
mail($_POST['email'], 'confirm', '<a
href="http://spamyboy.com/data/confirm.php?' . $md . '">press
cia..</a>', 'FROM:some@one.com');
} else {
$errorMessage = 'error';
}
print ' Pleas chack e-mail field';
}
else
{
print ' username already in use';
}
}
}
else
{
print ' Done';
}
?>
<form action="" method=post>
<table width="150" border="0" cellspacing="0" cellpadding="0">
<tr>
<td> </td>
</tr>
</table>
<table width="590" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="92"> </td>
</tr>
<tr>
<td><span class="style1">login * </span></td>
<td width="190"><input name="name" type=text class="text_field" /></td>
<td width="362" align="left" valign="middle">
</td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><span class="style1">e-mail</span> * </td>
<td><input name="email" type=text class="text_field" /></td>
<td><table width="349" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="92"><span class="style1">enter what u see in picture </span></td>
<td width="150"><input type="text" class="text_field" /></td><td width="107"><img src="data/image.php" alt="kraunasi" align="left" /></td>
</tr>
</table></td>
</tr> <tr>
<td> </td>
</tr>
<tr>
<td><span class="style1">password * </span></td>
<td><input name="passwd" type=password class="text_field" /></td>
<td><table width="238" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="92"><span class="style1">re-password *</span></td>
<td width="146"><input name="passwd2" type="password" class="text_field" /></td>
</tr>
</table></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
</table>
<p><input type=submit class="button" value="go">
</p>
</form>Code: Select all
<?
include("data/config.php");
session_start();
if(strlen($_POST['name']) > 0)
{
$res = mysql_query("select * from reg where name = '" . $_POST['name'] . "'
and confirmed = '1'") or die(mysql_error());
$arr = mysql_fetch_array($res);
if(crypt($_POST['password'], $arr['password'] ) == $arr['password'] )
{
$_SESSION['auth'] = true;
}
}
if($_SESSION['auth'] == true)
{
print 'Wellcome <br><a href="?open=members">members</a>';
}
?>
<form action="" method=post>
<table width="150" border="0" cellspacing="0" cellpadding="0">
<tr>
<td> </td>
</tr>
</table>
<table width="641" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="286" align="left" valign="top"><table width="575" border="0" cellspacing="0" cellpadding="0">
<tr>
<td> </td>
</tr>
<tr>
<td width="92"><span class="style4">login:</span></td>
<td width="195"><input name=name type=text class="text_field" /></td>
<td width="278" align="left" valign="middle"> </td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><span class="style4">passwords:</span></td>
<td><input name=password type=password class="text_field" /></td>
</tr>
</table></td>
</tr>
</table>
<p><input type=submit class="button" value="go">
</p>
</form>MEBERS.PHP
Code: Select all
<?php
session_start();
if($_SESSION['auth'] == true){
echo "wellcome";
}else{
echo "Pleas login";
}
?>Code: Select all
<?
include("config.php");
mysql_query("update reg set confirmed = '1' where md = '" . $_SERVER['QUERY_STRING'] . "'");
print 'Confirmed';
?>CONFIG.PHP
Code: Select all
<?
$localhost = "localhost";
$user = "user";
$password = "pass";
$database = "DB";
mysql_connect("$localhost", "$user", "$password");
mysql_select_db("$database");
?>Code: Select all
<?
session_unset();
session_destroy();
header("Location: ". $_SERVER['HTTP_REFERER' ] ."");
?>