This is some more of it I have covered over the last few days:
<?php
require_once 'init.php';
require_once 'header.html';
if(array_key_exists('action', $_GET)){
switch ($_GET['action']) {
case 'register':
require_once 'inc.database.php';
if(array_key_exists('register', $_POST)) {
foreach($_POST as $v) {
trim($v);
}
if(strlen($_POST['username']) === 0 ||
strlen($_POST['email']) === 0 ||
strlen($_POST['password']) === 0 ||
strlen($_POST['password2']) === 0) {
$error = 'You missed out some required fields, please try again';
} else {
// now make true vars out of them:
$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string(sha1($_POST['password']));
$password2 = mysql_real_escape_string(sha1($_POST['password2']));
$salt = md5($username.date('U'));
// make up the remaining variables:
$host_ip = $_SERVER['REMOTE_ADDR'];
//creates the unix time stamp (entirely based on BST if its applicable!
if(date('I') === '1'){ // if you check date('I') in the php manual, this outputs if you put echo infront of it 1 or 0 (bool value). 1 = BST = 1 kind of!
$time = date('U') + 3600; // plus 1 hour if BST holds true!
} else {
$time = date('U');
}
// process the registration further:
// firstly by validating the username against a set criteria using regex's:
if(preg_match('/^[A-Za-z](?=[A-Za-z0-9_.]{4,31}$)[a-zA-Z0-9_]*\.?[a-zA-Z0-9_]*$/', $_POST['username'])) { // i want a non regex function to do this!
// if(preg_match('/^[A-Za-z](?=[A-Za-z0-9_.]$)[a-zA-Z0-9_]*\.?[a-zA-Z0-9_]*$/', $_POST['username'])) {
if(strlen($_POST['username']) < 5) {
$error = 'The username must be 5 characters or longer';
} else {
// if the username is of alphanumeric chars of _. and a-z (uppercase allowed too), 0-9 then:
$sql = "SELECT username
FROM blog_users
WHERE username = '$username'";
$result = mysql_query($sql);
if(mysql_num_rows($result) > 0) {
$error = 'Username is already taken, please try another';
} else {
$sql = "SELECT email
FROM blog_users
WHERE email = '$email'";
$result = mysql_query($sql);
if(mysql_num_rows($result) > 0) {
$error = 'The email address you entered is already taken, please try a different email address';
} else {
// now check the email address is a valid and then if the domain actually exists!
if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
// now check if the domain exists:
$split_email = split('@', $email);
$host = $split_email[1];
// now use the dns checker function in php:
if(checkdnsrr($host, 'ANY')) {
if(strlen($password) >= 5) {
if($password2 === $password) {
// now process login with mysql database:
$sql = "INSERT INTO blog_users (user_id, user_type, username, password, email, user_ip, register_date, last_logged_in, salt, active) VALUES (NULL, 'U', '$username', '$password', '$email', '$host_ip', $time, $time, '$salt', '0');";
$result = mysql_query($sql);
if($result) {
// send off email for verification of email address:
} else {
$error 'An unexpected error occured, please try again later';
}
} else {
$error = 'The password you entered does not match, please try again';
print_r($_POST);
}
} else {
$error = 'Your password is too short, must be a minimum of 5 characters long and it can contain any value you want';
}
} else {
$error = 'Email domain does not exist, please try again';
}
} else {
$error = 'The email address you entered was not valid, please try again';
}
}
}
}
} else {
$error = 'You entered some illegal characters in your username please try again!';
}
}
} else {
$message = 'Please use the form below to register on this site:';
}
break;
case 'login':
$message = 'Please use the form below to login to this site:';
// $error = '';
break;
default:
// if no other actions are present send user back like below:
header('location: index.php?error=1');
break;
}
?>
<form id="<?=$_GET['action'];?>" name="<?=$_GET['action'];?>" method="post" action="<?=$_SERVER['PHP_SELF'];?>?action=<?=$_GET['action'];?>">
<p><?=(isset($message)) ? $message : '';?></p>
<table>
<tr>
<td><label for="username">Username: </label></td>
<td><input type="text" id="username" name="username" maxlength="25" size="27" value="" /><?=($_GET['action']==='register') ? '*':'';?></td>
</tr>
<?php
// if register then show email:
if(isset($_GET['action']) && $_GET['action'] === 'register') {
?>
<tr>
<td><label for="email">Email: </label></td>
<td><input type="text" id="email" name="email" size="27" value="" /><?=($_GET['action']==='register') ? '*':'';?></td>
</tr>
<?php
}
?>
<tr>
<td><label for="password">Password: </label></td>
<td><input type="password" id="password" name="password" size="27" value="" /><?=($_GET['action']==='register') ? '*':'';?></td>
</tr>
<?php
// if register then show email:
if(isset($_GET['action']) && $_GET['action'] === 'register') {
?>
<tr>
<td><label for="password2">Confirm: </label></td>
<td><input type="password" id="password2" name="password2" maxlength="25" size="27" value="" /></td>
</tr>
<?php
}
?>
<tr>
<td colspan="2">
<input type="submit" id="<?=$_GET['action'];?>" name="<?=$_GET['action'];?>" value="<?=ucfirst($_GET['action']);?>" />
</td>
</tr>
</table>
<p><?=(isset($error)) ? $error : '';?></p>
</form>
<?php
require_once 'footer.html';
} else {
header('location: index.php?error=1');
}
Basically the same script just far more robust for user authentication, just a register and login page still though, but the active column in my database will only read 1 when the user has verified their email address.
Might work on a method for checking the whole email address but not sure of a method for going about doing that, this is quite an advanced script using regular expressions to stop users from entering certain values as their usernames.
I can go over some of the details regarding this at some point but regular expressions are technically slower than conditions on strings, though they are far more robust than having say 10 lines of code for 1 row of code in a regular expression if you get my meaning.
Hope you enjoy it,
Jez.
, Please 
0
