Simple Registration

[Micheck]

Simple Registration HTML+PHP (v1.0)

The HTML is very basic and is intended to use for server admin in production environment. It just have a SignUp and Login function. Fill up the server info in dbh.inc.php and you are good to go.

The PhP script had been optimized for live webserver, below is the information :

• SQL injection protected (please test and reply to me)
• using 'prepared-statement
• using bind_param
• login function using 'SESION'

Please test the script and any comment is welcome. I will update the script from time to time. Thank you.

Sorry for my english

 

Edited November 24, 2017 by Micheck
edit the link to the file

[Cyro]

Submit your file here

https://rathena.org/board/files/

[Micheck]

@Cyro i have put at the correct sections, sorry as this is my first time posting here.

[Jey]

/*//De-hashing the password (use this if password is hashed)
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
exit();
}*/

The password check is completely disabled, so currently you need to send a password which is >= 1 and you're able to log in with any account.

[Micheck]

@Jey oopss... yes i made a mistake there, i will rectify it now. That is due i disable the hashed password as i do not know rathena login system can use it or not?

[Jey]

If I may give some more feedback:

	if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
		header("Location: ../signup.php?signup=empty");
		exit();
	} else {
		//Check if input characters are valid
		if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last) || !preg_match("/^[1-9][0-9]*$/", $gid)) {
			header("Location: ../signup.php?signup=invalid");
			exit();
		} else {
			//Check if email is valid
			if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
				header("Location: ../signup.php?signup=email");
				exit();
			} else {
				//Check if username exists USING PREPARED STATEMENTS
				$sql = "SELECT * FROM login WHERE userid=?";
				//Create a prepared statement
				$stmt = mysqli_stmt_init($conn);
				//Check if prepared statement fails
				if(!mysqli_stmt_prepare($stmt, $sql)) {
				    header("Location: ../index.php?login=error");
				    exit();
				} else {
					//Bind parameters to the placeholder

This nesting makes the code look pretty bad, try to use more functions, classes and their methods to make the code more readable.

For example these prepared statements could be used like objects `$stmt->bindParam(1, $name);`

Rathena is currently able to hash passwords with md5.

 

Edit: But I like the usage of regex to validate the user input.

Edited November 24, 2017 by Jey

[Micheck]

1 hour ago, Jey said:

If I may give some more feedback:

	if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
		header("Location: ../signup.php?signup=empty");
		exit();
	} else {
		//Check if input characters are valid
		if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last) || !preg_match("/^[1-9][0-9]*$/", $gid)) {
			header("Location: ../signup.php?signup=invalid");
			exit();
		} else {
			//Check if email is valid
			if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
				header("Location: ../signup.php?signup=email");
				exit();
			} else {
				//Check if username exists USING PREPARED STATEMENTS
				$sql = "SELECT * FROM login WHERE userid=?";
				//Create a prepared statement
				$stmt = mysqli_stmt_init($conn);
				//Check if prepared statement fails
				if(!mysqli_stmt_prepare($stmt, $sql)) {
				    header("Location: ../index.php?login=error");
				    exit();
				} else {
					//Bind parameters to the placeholder

This nesting makes the code look pretty bad, try to use more functions, classes and their methods to make the code more readable.

For example these prepared statements could be used like objects `$stmt->bindParam(1, $name);`

Rathena is currently able to hash passwords with md5.

Thank you for the feedback @Jey i appreciated it , i will improve the nesting. I am learning prepared statement now in school, so that is why i am making this script to test what have i learned.

@Jey , is using prepared statements for this kind of script is good or without it will works better?

Anyways, i will try to rectify the login. Thank you again jey

Edited November 24, 2017 by Micheck
asking questions to jey

[Jey]

https://en.wikipedia.org/wiki/Prepared_statement

I'd prefer prepared statements in 95% of all cases, since they're resilient against sql injection and they're quicker if they are executed repeatedly. Keep on implementing stuff, you will get better the more code you write and read. Especially with some feedback

[Micheck]

I have update the code. It is not using prepared statements now as i need to learn more about that  

Below is the change log for the new versions :

v1.0.1

• using 'prepared-statement
• login should work now
• MD5 supported
• update regular expressions so it match to the correct value
• fix typo on GID regex

Edited November 24, 2017 by Micheck

[Haikenz]

Link off?

[Micheck]

4 hours ago, Windows XP said:

Link off?

Still pending approval.

[Jey]

Mh... I'm not really sure if this really belongs to file releases. I don't think anyone is in need of a login system without an associated web site

You could post these things under script/source support. Or if you feel confident you could try to improve rathenas FluxCP on our github page by submitting pull requests. Help is highly appreciated there, but keep in mind that your code must fulfill high standards, so doing small issues/additions first will help you to get into it and help us to know you and your code style better

Edit: https://github.com/rathena/FluxCP

Note: Akkarin is currently more or less the only one, who is maintaining the FluxCP. Most of the rathena devs are working on the emulator itself. So it would be nice to have another active person there.

Edited November 25, 2017 by Jey