[PHP]Create a register script

Iamcoolz Aug 4, 2014

  1. Iamcoolz

    Iamcoolz Forum Administrator Staff Member XPG Administrator
    205/282

    Joined:
    Mar 30, 2012
    Messages:
    1,231
    Likes Received:
    509
    Trophy Points:
    205
    Gender:
    Male
    Location:
    XPG
    Console:
    Xbox One
    Hello XPG

    This is a quick little PHP tutorial regarding how to write PHP in-line with HTML and allowing you to create a register page that actually works. I will explain on what it is and what it does, what each line is doing. So on, this script could be wrote a bit more cleaner, but for learning purposes, you will be able to look at it and figure out a way to write one. This can also be altered to fit your database and so on. So let's dive on in and get this puppy started:

    Firstly, we want to set our ODBC Connections and set them up accordingly. ODBC is an acronym for "Open Database Connectivity" and this allows you, the user, to register via a forum, and this allows the register.php file to connect to the database to successfully connect and allow the registration script to go through.

    We would do that by simply setting our variables:

    //ODBC - anything beginning with // is a comment line in PHP and thus it is ignored.
    $DB = "YourDBName";
    $User="Iamcoolz";
    $Pass = "XPG";
    So basically what this is, it is allowing the register file to read that, and this alone serves no purpose, as we dive deeper in, you will see where this comes into place. Onto the next piece of codes, a function and we are going to tell what we what it to do:

    //Function
    function sanitize($input,$length)

    {
    return substr(htmlentities($input, ENT_QUOTES), 0, $length);
    So what this is doing, is sanitizing or cleaning up the input and converting whatever you put into the login box and making sure you don't go over the limit, that will be set at a later time. If you do, the script will break and cause an error. So let's say my $limit is set to 15, and I put my password to 16 characters, the script will error out and won't allow the registration, this is set in place as most databases won't allow a certain amount of characters in.

    Now we are going to dive into the HTML part, the skin of this bad boy!

    //Check

    if (!$_POST) - This is allowing the PHP file to read input, or what you POST into the form boxes below.
    echo ' <div align = "center">
    <form action = "Register.php" method="post">
    <div align = "center">ID: <input type="text" name="userid" /></div>
    <div align = "center">Password: <input type="text" name="pass1" /></div>
    <div align = "center">Confirm Password: <input type="text" name="pass2" /></div>
    <div align = "center">Security Code: <input type="text" name="charsil" /></div>
    <div align = "center">Confirm Security Code: <input type="text" name="charsil1" /></div>
    <div align = "center">Email: <input type="text" name="email" /></div>
    <div align = "center">Confirm Email: <input type="text" name="email1" /></div>
    <div align = "center"><input type = "submit" value = "Register" /></div>
    </form>
    </div>
    ';

    Now this is the HTML, this is what you will visually see, where it says ID: you will see ID: and then a white box right next to it, allowing you to put whatever you want into it, now we are going to move onto the posted data, which is basically take whatever you put into those boxes, and POSTing it to make sure it will work properly and match the limit we have set.



    Code:
    else
    {
            // Posted Data
            $login = trim (sanitize (@$_POST['userid'], 15));
            $pw = trim (sanitize (@$_POST['pass1'], 15));
            $c_pw = trim (sanitize (@$_POST['pass2'], 15));
            $socNo = trim (sanitize (@$_POST['charsil'], 5));
            $socNo2 = trim (sanitize (@$_POST['charsil1'], 5));
            $email = trim (sanitize (@$_POST['email'], 25));
            $email2 = trim (sanitize (@$_POST['email1'], 25));

    The numbers at the very end, is the max character limit you are allowing! Now let's step through and see what each is doing -

    $login is taking what you wrote, cleaning up any random characters that may have went through, trimming it, which is PHP's away of cutting and pasting, and then also verifying that you aren't exceeding the 15 character limit. So on and so forth, it is what everything else is doing also.

    Now its time to make some error codes, and make sure people won't try to abuse the form.



    Code:
    // Error Codes
            if ($pw != $c_pw)
            {
                    echo 'Passwords don\'t match.';
                    die ();
            }
           
            if (empty ($login))
            {
                    echo 'Fill In Login Field';
                    die ();
            }
           
            if (empty ($pw) ||
                empty ($c_pw))
            {
                    echo 'Fill in Password Field';
                    die ();
            }
           
            if (empty ($socNo) ||
                empty ($socNo2))
            {
                    echo 'Fill In Security Code Field';
                    die ();
            }
           
            if (empty ($email) ||
                empty ($email2))
            {
                    echo 'Fill In Email Field';
                    die ();
            }
           
            if ($email != $email2)
            {
                    echo 'Emails don\'t match.';
                    die ();
            }

    So its all very basic algebra, or not even that, basic math. Let's look at $email != $email2, all this is doing is verifying you typed in the same emails in both the same forms of $email and $email2 up above, and if you didn't, it will display an error Emails don't match, the reason for that \ in the middle of the don and the 't is to allow PHP to ignore the comma, and just place it in the error box rather than it go "Oh wow, much comma, so done, close php, error out, such error". The errors up above are rather easy to code, and don't take much time as long as you rather basic math. So let's say we gotta check the database for an existing email address? Simple we would firstly establish SQL connection using the ODBC variables we set above:



    Code:
    // Check For Previous Accounts
            $msconnect=odbc_connect ($DB,$User,$Pass);
            $stmt = odbc_prepare ($msconnect, "select count(*) from TB_User where straccountid = ?");
            $msresul=odbc_execute ($stmt, array ($login));
            odbc_fetch_row ($stmt);
            $count = odbc_result ($stmt, 1);
           
            if ($count > 0)
            {
                    echo 'Account Name In Use';
                    die ();
            }
           
                    // Check For Previous Email Accounts
            $stmt = odbc_prepare ($msconnect, "select count(*) from TB_User where email = ?");
            $msresul=odbc_execute ($stmt, array ($email));
            odbc_fetch_row ($stmt);
            $count = odbc_result ($stmt, 1);
           
            if ($count > 0)
            {
                    echo 'Email In Use';
                    die ();
            }

    So let's step through the email account one.

    $stmt is a global variable meaning statement, odbc_prepare is preparing the ODBC for a connection. If you look above in the "Check for previous accounts" you will see a variable that looks like:


    Code:
    $msconnect=odbc_connect ($DB,$User,$Pass);
    This is doing the actual connection, if you do odbc_prepare it just saves you time from having to type the whole line again, thus allowing you to just use the variable $msconnect.


    Code:
    select count(*) from TB_User where email = ?

    This is just selecting whatever you put in to the form box for userID and making sure no one else is using the same ID, hence the ?, it is just allowing SQL to input the text you wrote so let's say I wrote Iamcoolz, it would take what I write from up above, and replace it with that question mark.



    Code:
     odbc_fetch_row ($stmt);
            $count = odbc_result ($stmt, 1);
    It fetches the row, or grabs a column if there is one, moves on down to the:


    Code:
      if ($count > 0)

    If there is an account with your name Iamcoolz it will display that error:



    Code:
      {
                    echo 'Email In Use';
                    die ();
            }
    
    And using die, it will kill the script.

    Enough with the error codes, assuming it goes pass all that criteria, it will then move onto the actual registration and it will look something like this:



    Code:
     //Registration
            $stmt = odbc_prepare($msconnect, "INSERT INTO TB_USER (strAccountID, strPasswd, strSocNo, Email) VALUES (?,?,?,?)");
            $result = odbc_execute($stmt, array($login,$pw,$socno,$email));

    If you looked at my SQL tutorial you will see a rather common statement. INSERT. Yep, it's used! So basically what this script is using, is reading what you put at the top into that form box, and pulling that information and placing it in order, where those question marks are. Executing it into SQL via a query, and ODBC will then say it was a successful registration and voila!

    Code Recap:




    Code:
    <?php
    // Coded By Iamcoolz
    
    
    
    
    // ODBC
    $DB = "YourDBName";
    $User = "Iamcoolz";
    $Pass = "XPG";
    
    
    // Function
    function sanitize($input,$length)
    {
            return substr(htmlentities($input, ENT_QUOTES), 0, $length);
    }
    
    
    // Check
    if (!$_POST)
            echo '
                   <div align = "center">
                           <form action = "Register.php" method="post">
                                   <div align = "center">ID: <input type="text" name="userid" /></div>
                                   <div align = "center">Password: <input type="text" name="pass1" /></div>
                                   <div align = "center">Confirm Password: <input type="text" name="pass2" /></div>
                                   <div align = "center">Security Code: <input type="text" name="charsil" /></div>
                                   <div align = "center">Confirm Security Code: <input type="text" name="charsil1" /></div>
                                   <div align = "center">Email: <input type="text" name="email" /></div>
                                   <div align = "center">Confirm Email: <input type="text" name="email1" /></div>
                                   <div align = "center"><input type = "submit" value = "Register" /></div>
                           </form>
                   </div>
                ';
    else
    {
            // Posted Data
            $login = trim (sanitize (@$_POST['userid'], 15));
            $pw = trim (sanitize (@$_POST['pass1'], 15));
            $c_pw = trim (sanitize (@$_POST['pass2'], 15));
            $socNo = trim (sanitize (@$_POST['charsil'], 5));
            $socNo2 = trim (sanitize (@$_POST['charsil1'], 5));
            $email = trim (sanitize (@$_POST['email'], 25));
            $email2 = trim (sanitize (@$_POST['email1'], 25));
    
    
            // Error Codes
            if ($pw != $c_pw)
            {
                    echo 'Passwords don\'t match.';
                    die ();
            }
           
            if (empty ($login))
            {
                    echo 'Fill In Login Field';
                    die ();
            }
           
            if (empty ($pw) ||
                empty ($c_pw))
            {
                    echo 'Fill in Password Field';
                    die ();
            }
           
            if (empty ($socNo) ||
                empty ($socNo2))
            {
                    echo 'Fill In Security Code Field';
                    die ();
            }
           
            if (empty ($email) ||
                empty ($email2))
            {
                    echo 'Fill In Email Field';
                    die ();
            }
           
            if ($email != $email2)
            {
                    echo 'Emails don\'t match.';
                    die ();
            }
    
    
            // Check For Previous Accounts
            $msconnect=odbc_connect ($DB,$User,$Pass);
            $stmt = odbc_prepare ($msconnect, "select count(*) from TB_User where straccountid = ?");
            $msresul=odbc_execute ($stmt, array ($login));
            odbc_fetch_row ($stmt);
            $count = odbc_result ($stmt, 1);
           
            if ($count > 0)
            {
                    echo 'Account Name In Use';
                    die ();
            }
           
                    // Check For Previous Email Accounts
            $stmt = odbc_prepare ($msconnect, "select count(*) from TB_User where email = ?");
            $msresul=odbc_execute ($stmt, array ($email));
            odbc_fetch_row ($stmt);
            $count = odbc_result ($stmt, 1);
           
            if ($count > 0)
            {
                    echo 'Email In Use';
                    die ();
            }
           
            //Registration
            $stmt = odbc_prepare($msconnect, "INSERT INTO TB_USER (strACcountID, strPasswd, strSocNo, Email) VALUES (?,?,?,?)");
            $result = odbc_execute($stmt, array($login,$pw,$socno,$email));
    }
    ?>
    Again this is a basic register script, and it could be wrote a little neater easily enough and you can look at PHP tutorials on how to do so, this is a quick throw-together code to do a job for me.

    -Iamcoolz
     

Share This Page

Close