Jump to content
The Web Section is Now Read-Only

Simple Registration

Micheck

By Micheck
in Web Releases

 Share

Recommended Posts

Micheck Poring

Micheck

Posted
Posted (edited)

Simple Registration HTML+PHP (v1.0)

The HTML is very basic and is intended to use for server admin in production environment. It just have a SignUp and Login function. Fill up the server info in dbh.inc.php and you are good to go.

The PhP script had been optimized for live webserver, below is the information :

  • SQL injection protected (please test and reply to me)
  • using 'prepared-statement
  • using bind_param
  • login function using 'SESION'

Please test the script and any comment is welcome. I will update the script from time to time. Thank you.

Sorry for my english

 

Edited by Micheck
edit the link to the file
Jey Poring

Jey

Posted
Posted 
/*//De-hashing the password (use this if password is hashed)
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
exit();
}*/

The password check is completely disabled, so currently you need to send a password which is >= 1 and you're able to log in with any account.

Micheck Poring

Micheck

Posted
  • Author
Posted

@Jey oopss... yes i made a mistake there, i will rectify it now. That is due i disable the hashed password as i do not know rathena login system can use it or not?

Jey Poring

Jey

Posted
Posted (edited)

If I may give some more feedback: 


	if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
		header("Location: ../signup.php?signup=empty");
		exit();
	} else {
		//Check if input characters are valid
		if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last) || !preg_match("/^[1-9][0-9]*$/", $gid)) {
			header("Location: ../signup.php?signup=invalid");
			exit();
		} else {
			//Check if email is valid
			if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
				header("Location: ../signup.php?signup=email");
				exit();
			} else {
				//Check if username exists USING PREPARED STATEMENTS
				$sql = "SELECT * FROM login WHERE userid=?";
				//Create a prepared statement
				$stmt = mysqli_stmt_init($conn);
				//Check if prepared statement fails
				if(!mysqli_stmt_prepare($stmt, $sql)) {
				    header("Location: ../index.php?login=error");
				    exit();
				} else {
					//Bind parameters to the placeholder

This nesting makes the code look pretty bad, try to use more functions, classes and their methods to make the code more readable.

For example these prepared statements could be used like objects `$stmt->bindParam(1$name);`

Rathena is currently able to hash passwords with md5.

 

Edit: But I like the usage of regex to validate the user input.

Edited by Jey
Micheck Poring

Micheck

Posted
  • Author
Posted (edited)
1 hour ago, Jey said:

If I may give some more feedback: 



	if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
		header("Location: ../signup.php?signup=empty");
		exit();
	} else {
		//Check if input characters are valid
		if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last) || !preg_match("/^[1-9][0-9]*$/", $gid)) {
			header("Location: ../signup.php?signup=invalid");
			exit();
		} else {
			//Check if email is valid
			if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
				header("Location: ../signup.php?signup=email");
				exit();
			} else {
				//Check if username exists USING PREPARED STATEMENTS
				$sql = "SELECT * FROM login WHERE userid=?";
				//Create a prepared statement
				$stmt = mysqli_stmt_init($conn);
				//Check if prepared statement fails
				if(!mysqli_stmt_prepare($stmt, $sql)) {
				    header("Location: ../index.php?login=error");
				    exit();
				} else {
					//Bind parameters to the placeholder

This nesting makes the code look pretty bad, try to use more functions, classes and their methods to make the code more readable.

For example these prepared statements could be used like objects `$stmt->bindParam(1$name);`

Rathena is currently able to hash passwords with md5.

Thank you for the feedback @Jey i appreciated it , i will improve the nesting. I am learning prepared statement now in school, so that is why i am making this script to test what have i learned.

@Jey , is using prepared statements for this kind of script is good or without it will works better?

Anyways, i will try to rectify the login. Thank you again jey

Edited by Micheck
asking questions to jey
Micheck Poring

Micheck

Posted
  • Author
Posted (edited)

I have update the code. It is not using prepared statements now as i need to learn more about that :( 

Below is the change log for the new versions :

v1.0.1

  • using 'prepared-statement
  • login should work now
  • MD5 supported
  • update regular expressions so it match to the correct value
  • fix typo on GID regex
Edited by Micheck
Jey Poring

Jey

Posted
Posted (edited)

Mh... I'm not really sure if this really belongs to file releases. I don't think anyone is in need of a login system without an associated web site :D

You could post these things under script/source support. Or if you feel confident you could try to improve rathenas FluxCP on our github page by submitting pull requests. Help is highly appreciated there, but keep in mind that your code must fulfill high standards, so doing small issues/additions first will help you to get into it and help us to know you and your code style better :)

Edit: https://github.com/rathena/FluxCP

Note: Akkarin is currently more or less the only one, who is maintaining the FluxCP. Most of the rathena devs are working on the emulator itself. So it would be nice to have another active person there.

Edited by Jey
  • Upvote 2
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...