Script 18.6 Registration Page

Output

Register


Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.

Source
<?php # Script 18.6 - register.php
// This is the registration page for the site.
require (CHAPTER_PATH.'/'.$chapter.'/includes/18.3.php');
$page_title = 'Register';
include (CHAPTER_PATH.'/'.$chapter.'/includes/18.1.php');

// Need the database connection:
require (CONNECT_OOP);

if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.
	
	// Trim all the incoming data:
	$trimmed = array_map('trim', $_POST);

	// Assume invalid values:
	$fn = $ln = $un = $e = $p = $q = $a = FALSE;

	//setup error array
	$errors = array();

	//set the default user_level 
	$ul = 0;
	
	// Check for a first name:
	if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['first_name'])) {
		$fn = mysqli_real_escape_string ($link, $trimmed['first_name']);
	} else {
		$errors['fn'] = "Please enter your first name!";
	}

	// Check for a last name:
	if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) {
		$ln = mysqli_real_escape_string ($link, $trimmed['last_name']);
	} else {
		$errors['ln'] = "Please enter your last name!";
	}

	// Check for a unique username:
	if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['user_name'])) {
		$un = mysqli_real_escape_string ($link, $trimmed['user_name']);
		$q = "SELECT user_id FROM reg_users WHERE user_name='$un'";
		$r = mysqli_query ($link, $q);
		if(mysqli_num_rows($r) == 0) {
			$un = mysqli_real_escape_string ($link, $trimmed['user_name']);
		} else {
			$errors['un'] = "<br/>That user name has already been registered. Please try another catchy nom de plume.";
		}
		// Free the results:
		mysqli_free_result($r);
	} else {
		$errors['un'] = "Please enter your username!";
	}
	
	// Check for a unique email address:
	if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) {
		// Make sure the email address is available:
		$e = mysqli_real_escape_string ($link, $trimmed['email']);
		$q = "SELECT user_id FROM reg_users WHERE email='$e'";
		$r = mysqli_query ($link, $q);
		if(mysqli_num_rows($r) == 0) {
			$e = mysqli_real_escape_string ($link, $trimmed['email']);
		} else {
			$errors['em'] = "<br/>That email address has already been registered.<br/>To register as a new user - please enter a different email address.<br />If you have forgotten your password, use the link at right to reset your password.";
		}
		// Free the results:
		mysqli_free_result($r);
	} else {
		$errors['em'] = "Please enter a valid email address!";
	}

	// Check for a selected security question:
	if (preg_match ('/[1-9]{1}/', $trimmed['question_id'])) {
		$qid = mysqli_real_escape_string ($link, $trimmed['question_id']);
	} else {
		$errors['qid'] = "Please select a security question!";
	}

	// Check for a security answer:
	if (preg_match ('/^[A-Z \'.-]{2,50}$/i', $trimmed['question_answer'])) {
		$ans = mysqli_real_escape_string ($link, $trimmed['question_answer']);
	} else {
		$errors['ans'] = "Please enter your security answer!";
	}

	// Check for a password and match against the confirmed password:
	if (preg_match ('/^\w{4,20}$/', $trimmed['password1']) ) {
		if ($trimmed['password1'] == $trimmed['password2']) {
			$p = mysqli_real_escape_string ($link, $trimmed['password1']);
		} else {
			$errors['pw2'] = "Your passwords do not match!";
		}
	} else {
		$errors['pw1'] = "Please enter a valid password!";
	}
	
	if (empty($errors)) { // If no errors...

			// Create the activation code:
			$a = md5(uniqid(rand(), true));

			// Add the user to the database:
			$q = "INSERT INTO reg_users (email, pass, first_name, last_name, user_name, user_level, active, registration_date, question_id, question_answer) VALUES ('$e', SHA1('$p'), '$fn', '$ln', '$un', '$ul', '$a', NOW(), $qid, '$ans' )";
			$r = mysqli_query ($link, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($link));

			if (mysqli_affected_rows($link) == 1) { // If it ran OK.

				// Send the email:
				$body = "Thank you for registering at http://www.ashlietaylor.com/percolate. To activate your account, please click on this link:\n\n";
				$body .= BASE_URL . '/index.php?chapter=18&script=18.7&x=' . urlencode($e) . "&y=$a";
				mail($trimmed['email'], 'Registration Confirmation', $body, 'From: noreply@ashlietaylor.com');
				
				// Finish the page:
				echo '<h3>Thank you for registering!</h3><p>A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</p>';
				include (CHAPTER_PATH.'/'.$chapter.'/includes/18.2.php');
				// Free the results:
				//mysqli_free_result($r);
				require(DISCONNECT_OOP);
				exit(); // Stop the page.
				
			} else { // If it did not run OK.
				// Free the results:
				//mysqli_free_result($r);
				$errors['flag'] = "<h3>Error</h3><p>You could not be registered due to a glitch in the system. We apologize for any inconvenience.</p>";
			}
		
	} else { // If one of the data tests failed.
		$errors['flag'] = "<h3>Error</h3><p>Registration incomplete. Please complete the registration form as indicated.</p>";
	}


} // End of the main Submit conditional.

echo (isset($errors['flag']))? '<div class="error-message">'. $errors['flag'] .'</div>' : '';
?>
<h1>Register</h1>
<form action="" method="post">
	<fieldset>
	
		<p>
			<label for="fn">First Name:</label>
			<input id="fn" type="text" name="first_name" size="20" maxlength="20" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" />
			<?php echo (isset($errors['fn']))?'<span class="error">'.$errors['fn'].'</span>' : ''; ?>
			
		</p>
		
		<p>
			<label for="ln">Last Name:</label>
			<input id="ln" type="text" name="last_name" size="20" maxlength="40" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" />
			<?php echo (isset($errors['ln']))?'<span class="error">'.$errors['ln'].'</span>' : ''; ?>
			
		</p>

		<p>
			<label for="un">User Name:</label>
			<input id="un" type="text" name="user_name" size="20" maxlength="40" value="<?php if (isset($trimmed['user_name'])) echo $trimmed['user_name']; ?>" />
			<?php echo (isset($errors['un']))?'<span class="error">'.$errors['un'].'</span>' : ''; ?>
		
		</p>

		<p>
			<label for="em">Email Address:</label>
			<input type="text" name="email" size="30" maxlength="60" value="<?php if (isset($trimmed['email'])) echo $trimmed['email']; ?>" />
			<?php echo (isset($errors['em']))?'<span class="error">'.$errors['em'].'</span>' : ''; ?>
		</p>
		<p>
			<label for="q">Security Question:</label>
			<select id="q" name="question_id">
			<?php //get security questions in drop down list with id as value.
			$q = "SELECT question_id, question FROM reg_sec_questions";
			$r = mysqli_query($link, $q);
			while($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
			 	echo "<option ";
			 	echo (isset($trimmed['question_id']) && $trimmed['question_id'] == $row['question_id'])?"selected=selected ":"";
			 	echo "value='{$row['question_id']}'>{$row['question']}</option>";
			}
			// Free the results:
			mysqli_free_result($r);
			?>
			</select>
			<?php echo (isset($errors['qid']))?'<span class="error">'.$errors['qid'].'</span>' : ''; ?>
			
		</p>
		<p>
			<label for="a">Security Answer:</label>
			<input id="a" type="text" name="question_answer" size="30" maxlength="50" value="<?php if (isset($trimmed['question_answer'])) echo $trimmed['question_answer']; ?>" />
			<?php echo (isset($errors['ans']))?'<span class="error">'.$errors['ans'].'</span>' : ''; ?>
			
		</p>
			
		<p>
			<label for="pw1">Password:</label>
			<input id="pw1" type="password" name="password1" size="20" maxlength="20" value="<?php if (isset($trimmed['password1'])) echo $trimmed['password1']; ?>" />
			<?php echo (isset($errors['pw1']))?'<span class="error">'.$errors['pw1'].'</span>' : ''; ?>
			<br /><small>Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</small>
		</p>

		<p>
			<label for="pw2">Confirm Password:</label>
			<input id="pw2" type="password" name="password2" size="20" maxlength="20" value="<?php if (isset($trimmed['password2'])) echo $trimmed['password2']; ?>" />
			<?php echo (isset($errors['pw2']))?'<span class="error">'.$errors['pw2'].'</span>' : ''; ?>
		</p>
	</fieldset>
	<p>
		<input type="submit" name="submit" value="Register" />
	</p>
</form>

<?php  	
require(DISCONNECT_OOP);
include (CHAPTER_PATH.'/'.$chapter.'/includes/18.2.php');
?>