How Can I Restrict The User ?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
saqib389
Forum Commoner
Posts: 44
Joined: Wed Nov 30, 2005 2:13 am

How Can I Restrict The User ?

Post by saqib389 »

Hello
How Can I Restrict User that after registration a mail send to that user.... and he/she click on activate link and then user account has been activate .. how can i do this ?


Next Question:

how can i handle that... if user name "test" is already registered then how can i handle that other user cannot registered with "TEST"



Next question

user cannot registerd more than 1 time with one email...
supposed first he registered with abc@hotmail.com.. and after this he want to registered again. then if he enter abc@hotamil.com.. then there would must b error come that .... "this email has been already registerd

Index.php

Code: Select all

<?
session_start();

if (isset($_SESSION['userid'])) 
{
echo "Hello ".$_SESSION['userid'];

}

else
{

echo "<b>Hello Guest</b>";

?>
<html>
<body>
<h2><center>:: Registration :: </h2></center>
<center>
<table border=1 width=200 height=100 align=center>
<tr><td >
<form action="login.php" method="post"> 
Username: <input type="text" name="username" size="10"><br> 
Password: <input type="password" name="password" size="10"> <br>
<input type="submit" value="submit" name="submit"> 
<tr><td align=center>
<br>
<a href="register.php">
<font size=3 face=arial>
Register Now</a></font>
</form>
</tr></td>
</tr></td></table>
</center>
<?
}
?>
</html>
</body>

register.php

Code: Select all

<html>
<body>


<table border=0  width=200 height=100 align=center>
<tr><td>
<h2>:: Registration :: </h2>
<form name="form1" method="post" action="register2.php">
Username: <input type="text" name="username">
<br>
Password: <input type="password" name="password">
<br>
Email Address: <input type="text" name="email">
<br>
About You: <textarea name="biography"></textarea>
<br>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Submit2" value="Reset">
</form>
</tr></td></table>
</html>
</body>

register2.php

Code: Select all

<html>
<body>

<?php 

// Connect to the database

$server = "localhost";

$dbuser = "dbuser";

$dbpass = "dbpass";

$dbname = "dbnamel";

mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection

mysql_select_db($dbname); // select database



// convert posted info to easy to use variables

$user = $_REQUEST['username'];//get username from form

$pass = $_REQUEST['password'];//get password from form

$email = $_REQUEST['email'];// get email from form

$biography = $_REQUEST['biography'];// get biography from form



// strip away any dangerous tags

$user=strip_tags($user);

$pass=strip_tags($pass);

$email=strip_tags($email);

$biography=strip_tags($biography);



// remove spaces from variables

$user=str_replace(" ","",$user);

$pass=str_replace(" ","",$pass);

$email=str_replace(" ","",$email);



// remove escaped spaces

$user=str_replace("%20","",$user);

$pass=str_replace("%20","",$pass);

$email=str_replace("%20","",$email);



// add slashes to stop hacking

$user=addslashes($user);

$pass=addslashes($pass);

$email=addslashes($email);

$biography=addslashes($biography);



// minimum lengths

$minuser_len = 6; //username minimum length

$minpass_len = 6; //password minimum length



if(strlen($user) < $minuser_len || strlen($pass) < $minpass_len)

{

die("User/password was not long enough!");

}



// encrypt users password for security (32 chars random)

$pass=md5($pass);



// create the SQL query to be executed

$request = "INSERT INTO `users` ( `userid` , `username` , `password` , `email` , `biography`) 

VALUES (

'', '$user', '$pass', '$email', '$biography');";



// execute the query

$result = mysql_query($request);



// check if succesful registration(currently disabled)

if($result){

echo "Registration was succesful";

?>
<a href="index.php">

:: HOME :: </a>

<?}

else {

echo "Registration failed";

}

?>

</body>
</html>

login.php

Code: Select all

<?php

// Connect to the database

$server = "localhost";

$dbuser = "dbuser";

$dbpass = "dbpass";

$dbname = "dbname";

mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection

mysql_select_db($dbname); // select database



// convert posted info to easy to use variables

$user = $_REQUEST['username'];

$pass = $_REQUEST['password'];



// strip away any dangerous tags

$user=strip_tags($user);

$pass=strip_tags($pass);



// remove spaces from variables

$user=str_replace(" ","",$user);

$pass=str_replace(" ","",$pass);



// remove escaped spaces

$user=str_replace("%20","",$user);

$pass=str_replace("%20","",$pass);



// add slashes to stop hacking

$user=addslashes($user);

$pass=addslashes($pass);



// encrypt password into md5 (random 32 characters)

$pass=md5($pass);



// search database to check for user

$request = "SELECT * FROM users WHERE password='".$pass."' AND username='".$user."'";



// hand over the request

$results = mysql_query($request);





// if mysql returns any number of rows great than 0 then there is a succesful login

if(mysql_num_rows($results))

{

// get users id

$getid = "SELECT * FROM users WHERE username='".$user."' LIMIT 1";

$getidexec = mysql_query($getid);



while($r=mysql_fetch_array($getidexec)){

$userid = $r[userid];

}

// set a cookie

session_start();

$_SESSION['userid']=$_POST['username'];

//setcookie( "userid", "$userid", time()+3600, "/", "", 0 );

echo "User Logged in.<br><br><a href=\"index.php\">Continue...</a>";



}

else // only happens if not a succesful username and password match

{

// login failed so display error message and kill script

die("Username and passwords do not match our records");

}
?>

Please solve my problem

i will look forward to hear ur response

Thx In Advance
SaQib
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

Wooaahh. Too much code.

Question 1.

I don't know the best way of doing it, but I presume a method like this would be close:
When a user registers, generate a random string 20 chars long or w/e, and store it in your DB along with the user info. Make a page called useractivate.php and in the registration success email include a link like useractivate.php?string=therandomstringyougenerated. Then, when a user ever goes to useractive.php, get it to grab all the random activation strings from your DB, and if $_GET['string'] matches one of them, activate the user which the random string is associated with. Then you could set the random string field to NULL to save time in the future, so it only grabs the strings that are actually necessary, and not one for every user every registered, including the ones already activated. Then you could have a field in your DB called activated or w/e and set it to TRUE after their link has been clicked on, only let people with that field set to TRUE login to your website.

Question 2.

Simple. When a user is registering, check their details against current details in your DB.

Code: Select all

SELECT username FROM users WHERE username = '$username';
If the query returns a result, then you know someone already has that username, and then you will tell the user they can't have that username because it's taken, and let them try again.

Question 3.

The same as question 2, but check against the email instead of the username.

I don't have time to read and study all your code, this are just solutions to your problems, you should be able to implement them from there.

If you have any more trouble just say so and I'll post some example code if I get the chance.

Hope I've helped.

Ps. I thought I should post a long help reply, because of all the questions I've been asking as of late :)
Post Reply