Script 17.8
Output
English/English
PHP and MySQL for Dynamic Web Sites: The Forum!
English/English![](http://ashlietaylor.com/percolate/images//uk.png)
Register
Source
<?php # Script 17.8 - secure register.php // This script performs an INSERT query to add a record to the mb_users table. include (CHAPTER_PATH.'/'.$chapter.'/includes/17.1.php'); // check if registration form has been submitted if($_SERVER['REQUEST_METHOD'] == 'POST') { // create error array $errors = array(); // check each field for validity, assign error message if fails // first_name // if (empty($_POST['first_name'])) { // $errors['fn'] = 'Please enter your first name.'; // } else { // $fn = mysqli_real_escape_string($link,trim($_POST['first_name'])); // } // // last_name // if (empty($_POST['last_name'])) { // $errors['ln'] = 'Please enter your last name.'; // } else { // $ln = mysqli_real_escape_string($link,trim($_POST['last_name'])); // } // user_name - must be unique if (empty($_POST['user_name'])) { $errors['un'] = 'Please enter a user name.'; } else { $un = mysqli_real_escape_string($link,trim($_POST['user_name'])); //prevent users with duplicate user names $q = "SELECT user_id FROM mb_users WHERE user_name='$un'"; if ($r = @mysqli_query($link, $q)) { if(mysqli_num_rows($r) != 0) { $errors['un'] = 'Sorry, that user name has already been used. Please enter a different user name.'; } // free result set mysqli_free_result($r); } } // email - must be unique if (empty($_POST['email'])) { $errors['e'] = 'Please enter an email address.'; } elseif (!(filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL))) { $errors['e'] = 'Your email is not in a valid format.'; } else { $e = mysqli_real_escape_string($link,trim($_POST['email'])); //prevent users with duplicate email addresses $q = "SELECT user_id FROM mb_users WHERE email='$e'"; if ($r = @mysqli_query($link, $q)) { if(mysqli_num_rows($r) != 0) { $errors['e'] = 'Sorry, that email has already been used. Please enter a different email address.'; } // free result set mysqli_free_result($r); } } // pass1==pass2 if (!empty($_POST['pass1'])) { if ($_POST['pass1'] != $_POST['pass2']) { $errors['p2'] = 'Your passwords do not match.'; } else { $p = mysqli_real_escape_string($link,trim($_POST['pass1'])); } } else { $errors['p1'] = 'Please enter a password.'; } // lid if (empty($_POST['lid'])) { $errors['lang'] = 'Please select your preferred language.'; } else { $lid = mysqli_real_escape_string($link,trim($_POST['lid'])); } // time_zone if (empty($_POST['time_zone'])) { $errors['tz'] = 'Please select your time zone.'; } else { $time_zone = mysqli_real_escape_string($link,trim($_POST['time_zone'])); } if(empty($errors)) { // if no errors // build query $q= "INSERT INTO mb_users (username,email,pass,lang_id,time_zone) VALUES ('$un','$e',SHA1('$p'),'$lid','$time_zone')"; // $q = "ERROR"; // submit data if($r = mysqli_query($link,$q)) { if(mysqli_affected_rows($link) == 1) { // data successfully inserted $message = "<h2>Thank you!</h2><p>Your name has been added to our list of users!</p>"; } else { // error - data not inserted $message = "<h2>System Error</h2><p class='error'>Your information could not be added to our database.<br />We apologize for any inconvenience, please <a href='javascript:history.back()'>try again</a>.</p>"; $message .= '<p><span class="content-caption">Debugging information</span>Error message: <br />'.mysqli_error($link).'<br /><br />Query: <br />'. $q .'</p>'; } // free result set -- not needed because insert statement returns boolean value //mysqli_free_result($r); } else { //query unsuccessful $message = '<h2>Error</h2><p class="error-message error">There was an error accessing the database. Please try again later.</p>'; } // provide feedback from submission echo '<div id="content" class="message">'.$message.'</div>'; // include footer include (CHAPTER_PATH.'/'.$chapter.'/includes/17.2.php'); // exit script - do not redisplay form exit(); } else { $errors['flag'] = "<div class='error-message error'><h2>Error</h2><p>Your registration is not complete.<br />Please doublecheck your information and resubmit after correcting the highlighted errors.</p></div>"; } } // begin form output. if submitted with errors - include original submission values with error messages ?> <h1><?php echo $words['register']; ?></h1> <?php echo (isset($errors['flag']))? $errors['flag'] : ''; ?> <form action="" method="post"> <!-- <p> <label for='fn'>First Name: </label> <input type="text" id='fn' name="first_name" size="15" maxlength="20" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /> <?php echo (isset($errors['fn']))?'<span class="error">'.$errors['fn'].'</span>' : ''; ?> </p> <p> <label for='ln'>Last Name: </label> <input type="text" id='ln' name="last_name" size="15" maxlength="40" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>" /> <?php echo (isset($errors['ln']))?'<span class="error">'.$errors['ln'].'</span>' : ''; ?> </p> --> <p> <label for='un'>User Name: </label> <input type="text" id='un' name="user_name" size="15" maxlength="40" value="<?php if (isset($_POST['user_name'])) echo $_POST['user_name']; ?>" /> <?php echo (isset($errors['un']))?'<span class="error">'.$errors['un'].'</span>' : ''; ?> </p> <p> <label for='e'>Email Address: </label> <input type="text" id='e' name="email" size="20" maxlength="60" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /> <?php echo (isset($errors['e']))?'<span class="error">'.$errors['e'].'</span>' : ''; ?> </p> <p> <label for='p1'>Password: </label> <input type="password" id='p1' name="pass1" size="10" maxlength="20" value="<?php if (isset($_POST['pass1'])) echo $_POST['pass1']; ?>" /> <?php echo (isset($errors['p1']))?'<span class="error">'.$errors['p1'].'</span>' : ''; ?> </p> <p> <label for='p2'>Confirm Password: </label> <input type="password" id='p2' name="pass2" size="10" maxlength="20" value="<?php if (isset($_POST['pass2'])) echo $_POST['pass2']; ?>" /> <?php echo (isset($errors['p2']))?'<span class="error">'.$errors['p2'].'</span>' : ''; ?> </p> <p> <label for='lang'>Preferred Language: </label> <?php // Select drop down choose a preferred language: echo '<select id="lang" name="lid">'; echo '<option value="0">' . $words['select'] . '</option>'; // Retrieve all the languages... $q = "SELECT lang_id, lang, image, lang_eng FROM mb_languages ORDER BY lang_eng ASC"; $r = mysqli_query($link, $q); if (mysqli_num_rows($r) > 0) { while ($menu_row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option"; if (isset($_POST['lid']) && $menu_row[0] == $_POST['lid']) { echo " selected='selected'"; } elseif(isset($_SESSION['lid']) && $menu_row[0] == $_SESSION['lid']) { echo " selected='selected'"; } // echo (isset($_POST['lid']) && $menu_row[0] == $_POST['lid'])?" selected='selected'":''; echo " value=\"$menu_row[0]\" >$menu_row[1]/$menu_row[3]</option>\n"; } } mysqli_free_result($r); echo '</select>'; ?> <!-- <input type="text" id='lang' name="language" size="15" maxlength="40" value="<?php if (isset($_POST['language'])) echo $_POST['language']; ?>" /> --> <?php echo (isset($errors['lang']))?'<span class="error">'.$errors['lang'].'</span>' : ''; ?> </p> <p> <label for='tz'>Your Time Zone: </label> <?php // Select drop down choose a timezone: echo '<select id="tz" name="time_zone">'; echo '<option value="0">' . $words['select'] . '</option>'; // Retrieve all the timezones... $q = "SELECT DISTINCT(time_zone) FROM mb_users ORDER BY time_zone ASC"; $r = mysqli_query($link, $q); if (mysqli_num_rows($r) > 0) { while ($menu_row = mysqli_fetch_array($r, MYSQLI_NUM)) { echo "<option"; echo (isset($_POST['time_zone']) && $menu_row[0] == $_POST['time_zone'])?" selected='selected'":''; echo " value=\"$menu_row[0]\" >$menu_row[0]</option>\n"; } } mysqli_free_result($r); echo '</select>'; ?> <?php echo (isset($errors['tz']))?'<span class="error">'.$errors['tz'].'</span>' : ''; ?> </p> <p> <input type="submit" name="submit" value="<?php echo $words['register']; ?>" /> </p> </form> <?php include (CHAPTER_PATH.'/'.$chapter.'/includes/17.2.php'); ?>