Script 18.6
Test Application - User Registration
Register
<?php # Script 18.6 - register.php // This is the registration page for the site. require (CHAPTER_PATH.'/'.$chapter.'/includes/18.3.php'); $page_title = 'Register'; include (CHAPTER_PATH.'/'.$chapter.'/includes/18.1.php'); // Need the database connection: require (CONNECT_OOP); if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form. // Trim all the incoming data: $trimmed = array_map('trim', $_POST); // Assume invalid values: $fn = $ln = $un = $e = $p = $q = $a = FALSE; //setup error array $errors = array(); //set the default user_level $ul = 0; // Check for a first name: if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['first_name'])) { $fn = mysqli_real_escape_string ($link, $trimmed['first_name']); } else { $errors['fn'] = "Please enter your first name!"; } // Check for a last name: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) { $ln = mysqli_real_escape_string ($link, $trimmed['last_name']); } else { $errors['ln'] = "Please enter your last name!"; } // Check for a unique username: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['user_name'])) { $un = mysqli_real_escape_string ($link, $trimmed['user_name']); $q = "SELECT user_id FROM reg_users WHERE user_name='$un'"; $r = mysqli_query ($link, $q); if(mysqli_num_rows($r) == 0) { $un = mysqli_real_escape_string ($link, $trimmed['user_name']); } else { $errors['un'] = "<br/>That user name has already been registered. Please try another catchy nom de plume."; } // Free the results: mysqli_free_result($r); } else { $errors['un'] = "Please enter your username!"; } // Check for a unique email address: if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) { // Make sure the email address is available: $e = mysqli_real_escape_string ($link, $trimmed['email']); $q = "SELECT user_id FROM reg_users WHERE email='$e'"; $r = mysqli_query ($link, $q); if(mysqli_num_rows($r) == 0) { $e = mysqli_real_escape_string ($link, $trimmed['email']); } else { $errors['em'] = "<br/>That email address has already been registered.<br/>To register as a new user - please enter a different email address.<br />If you have forgotten your password, use the link at right to reset your password."; } // Free the results: mysqli_free_result($r); } else { $errors['em'] = "Please enter a valid email address!"; } // Check for a selected security question: if (preg_match ('/[1-9]{1}/', $trimmed['question_id'])) { $qid = mysqli_real_escape_string ($link, $trimmed['question_id']); } else { $errors['qid'] = "Please select a security question!"; } // Check for a security answer: if (preg_match ('/^[A-Z \'.-]{2,50}$/i', $trimmed['question_answer'])) { $ans = mysqli_real_escape_string ($link, $trimmed['question_answer']); } else { $errors['ans'] = "Please enter your security answer!"; } // Check for a password and match against the confirmed password: if (preg_match ('/^\w{4,20}$/', $trimmed['password1']) ) { if ($trimmed['password1'] == $trimmed['password2']) { $p = mysqli_real_escape_string ($link, $trimmed['password1']); } else { $errors['pw2'] = "Your passwords do not match!"; } } else { $errors['pw1'] = "Please enter a valid password!"; } if (empty($errors)) { // If no errors... // Create the activation code: $a = md5(uniqid(rand(), true)); // Add the user to the database: $q = "INSERT INTO reg_users (email, pass, first_name, last_name, user_name, user_level, active, registration_date, question_id, question_answer) VALUES ('$e', SHA1('$p'), '$fn', '$ln', '$un', '$ul', '$a', NOW(), $qid, '$ans' )"; $r = mysqli_query ($link, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($link)); if (mysqli_affected_rows($link) == 1) { // If it ran OK. // Send the email: $body = "Thank you for registering at http://www.ashlietaylor.com/percolate. To activate your account, please click on this link:\n\n"; $body .= BASE_URL . '/index.php?chapter=18&script=18.7&x=' . urlencode($e) . "&y=$a"; mail($trimmed['email'], 'Registration Confirmation', $body, 'From: noreply@ashlietaylor.com'); // Finish the page: echo '<h3>Thank you for registering!</h3><p>A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</p>'; include (CHAPTER_PATH.'/'.$chapter.'/includes/18.2.php'); // Free the results: //mysqli_free_result($r); require(DISCONNECT_OOP); exit(); // Stop the page. } else { // If it did not run OK. // Free the results: //mysqli_free_result($r); $errors['flag'] = "<h3>Error</h3><p>You could not be registered due to a glitch in the system. We apologize for any inconvenience.</p>"; } } else { // If one of the data tests failed. $errors['flag'] = "<h3>Error</h3><p>Registration incomplete. Please complete the registration form as indicated.</p>"; } } // End of the main Submit conditional. echo (isset($errors['flag']))? '<div class="error-message">'. $errors['flag'] .'</div>' : ''; ?> <h1>Register</h1> <form action="" method="post"> <fieldset> <p> <label for="fn">First Name:</label> <input id="fn" type="text" name="first_name" size="20" maxlength="20" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" /> <?php echo (isset($errors['fn']))?'<span class="error">'.$errors['fn'].'</span>' : ''; ?> </p> <p> <label for="ln">Last Name:</label> <input id="ln" type="text" name="last_name" size="20" maxlength="40" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" /> <?php echo (isset($errors['ln']))?'<span class="error">'.$errors['ln'].'</span>' : ''; ?> </p> <p> <label for="un">User Name:</label> <input id="un" type="text" name="user_name" size="20" maxlength="40" value="<?php if (isset($trimmed['user_name'])) echo $trimmed['user_name']; ?>" /> <?php echo (isset($errors['un']))?'<span class="error">'.$errors['un'].'</span>' : ''; ?> </p> <p> <label for="em">Email Address:</label> <input type="text" name="email" size="30" maxlength="60" value="<?php if (isset($trimmed['email'])) echo $trimmed['email']; ?>" /> <?php echo (isset($errors['em']))?'<span class="error">'.$errors['em'].'</span>' : ''; ?> </p> <p> <label for="q">Security Question:</label> <select id="q" name="question_id"> <?php //get security questions in drop down list with id as value. $q = "SELECT question_id, question FROM reg_sec_questions"; $r = mysqli_query($link, $q); while($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { echo "<option "; echo (isset($trimmed['question_id']) && $trimmed['question_id'] == $row['question_id'])?"selected=selected ":""; echo "value='{$row['question_id']}'>{$row['question']}</option>"; } // Free the results: mysqli_free_result($r); ?> </select> <?php echo (isset($errors['qid']))?'<span class="error">'.$errors['qid'].'</span>' : ''; ?> </p> <p> <label for="a">Security Answer:</label> <input id="a" type="text" name="question_answer" size="30" maxlength="50" value="<?php if (isset($trimmed['question_answer'])) echo $trimmed['question_answer']; ?>" /> <?php echo (isset($errors['ans']))?'<span class="error">'.$errors['ans'].'</span>' : ''; ?> </p> <p> <label for="pw1">Password:</label> <input id="pw1" type="password" name="password1" size="20" maxlength="20" value="<?php if (isset($trimmed['password1'])) echo $trimmed['password1']; ?>" /> <?php echo (isset($errors['pw1']))?'<span class="error">'.$errors['pw1'].'</span>' : ''; ?> <br /><small>Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</small> </p> <p> <label for="pw2">Confirm Password:</label> <input id="pw2" type="password" name="password2" size="20" maxlength="20" value="<?php if (isset($trimmed['password2'])) echo $trimmed['password2']; ?>" /> <?php echo (isset($errors['pw2']))?'<span class="error">'.$errors['pw2'].'</span>' : ''; ?> </p> </fieldset> <p> <input type="submit" name="submit" value="Register" /> </p> </form> <?php require(DISCONNECT_OOP); include (CHAPTER_PATH.'/'.$chapter.'/includes/18.2.php'); ?>