Menu
Hi,
I built this reg-login file.
Note, login.php asks for your login details. The webform (so to speak) uses SELECT sql query to check your login credentials.
The reg.php asks for your new acc details. The webform (so to speak) uses INSERT sql query to add your details to db.
I got my webform not displayed to you either as registration form or login form. It is a neutral form. It justs asks you for your email.
Then checks against db. If it exists, it assumes you existing member and login() function takes over and logs you in. Else, registration() functions takes over and registers you.
Note:
On the login(), at the end when user is logged into his member account, his personal details get displayed on screen.
I need you to check if this following line (especially) is correct or not:
[code]
if($row = mysqli_fetch_array($result_3,MYSQLI_ASSOC))
1.
I want you to see if there any errors in my code that will result in malfunction or hacker sql injecting or hacking.
I need you to show me how to VALIDATE user input. VALIDATE email using 1). html5 & 2). php 7 email validation function plus 3.) with REGEX so nothing but email is inputted. Show me these 3 ways to check for email.
I need you to show me how to VALIDATE user password. VALIDATE password using 1). html5 & 2). php 7 & 3.) with REGEX so nothing but password (A-Z, 0-9 ONLY) is inputted. And no other chars. Show me these 3 ways to check for password.
From there, I should pick on fast from you and manage to VALIDATE username input.
I don’t know how to do these above 2 so kindly teach me by showing snippet with comments so i understand your snippet.
NOTE:
I did not complete the password prompt because I have forgotten how to do it with SHA256. Can someone show me a typical example how to query for password with SHA256 or whatever the latest strong algorithm is ? Show me code with comments so I understand what you doing with your code.
I will the modify your snippet a little to suit my purpose and add it on the login().
I know I need to add the password prompt on the registration() too but you don’t have to deal with that as I will complete it once I finish learning from you. You just teach me how to do it in the login() and from there I will take it on to add it on the registration().
Also, show me how to show error messages from array. I have not a clue how to perform this.
The best I did is this:
[code]
<?php if(!empty($email_error)){echo $email_error;}?>
You know what should be done here. Error messages should be in array. Script should check if error occured then echo it in the appropriate form input after grabbing the error message from the error array. that sort of thing. So, if user forgot to input password then password error message will be grabbed from error array and echoed on the password prompt input field. That sort of basic thing that you usually do. I just don’t know how how to code it. Not a single clue. I need a sample shown. Something to start with. You be my starting point. Show me a basic snippet how it should be done.
Thanks
[code]
<?php
session_start();
if($_SERVER[‘REQUEST_METHOD’] == ‘POST’)
{
if(!isset($_POST[’email_account’]) || !isset($_POST[’email_service’]))
{
$email_error = “<font color=’red’>Input Email Address!</color>”;
}
else
{
//Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
$conn = mysqli_connect(“localhost”,”root”,””,”powerpage”);
$conn->set_charset(‘utf8mb4’); //Always set Charset.
if($conn === false)
{
die(“ERROR: Connection Error!. ” . mysqli_connect_error());
}
else
{
//Set Parameters.
$email = trim($_POST[“email_account”]) . ‘@’ . trim($_POST[“email_service”]);
$_SESSION[’email’] = trim($_POST[“email_account”]) . ‘@’ . trim($_POST[“email_service”]);//If this fails on test then replace it with above line
echo “line 25 triggered: $email<br>”;
$sql_query = “SELECT COUNT(personal_email) FROM users WHERE personal_email = ?”;
$stmt = mysqli_prepare($conn,$sql_query);
if($stmt == False)
{
//Close Connection.
mysqli_close($conn);
echo “Line 33<br>”;//DELETE THIS
die(“<pre>Mysqli Prepare Failed!n”.mysqli_stmt_error($stmt).”n$sql_query</pre>”);
}
else
{
mysqli_stmt_bind_param($stmt,’s’,$email);
if(!mysqli_stmt_execute($stmt))
{
//Close Connection.
mysqli_close($conn);
die(“Could not mysqli_stmt_execute! Please try again later!”);
}
$result = mysqli_stmt_get_result($stmt);
if(mysqli_fetch_array($result, MYSQLI_NUM)[0])//WHY THIS NOT WORK UNLESS NUM ARRAY GIVEN ?
{
echo “Line 57 triggered: Function login() will trigger!<br>”; //DELETE THIS
$_SESSION[‘session_type’] = ‘login’;
login();
}
else
{
echo “Line 61 triggered: Function register() will trigger!<br>”; //DELETE THIS
$_SESSION[‘session_type’] = ‘register’;
register();
}
}
}
}
}
function register()
{
//if(!isset($_SESSION[‘session_type’] or $_SESSION[‘session_type’] != ‘registration’)//Nog Dog’s copied & pasted line
if(!isset($_SESSION[‘session_type’]) || $_SESSION[‘session_type’] != ‘register’)
{
//Close Statement.
mysqli_stmt_close($stmt);
//Close Connection.
mysqli_close($conn);
die(“Line 86: Could not check email! Please try again later!”);
}
//$email = trim($_POST[“email_account”]) . ‘@’ . trim($_POST[“email_service”]);
$email = $_SESSION[’email’];//If this fails on test then replace it with above line
//Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
$conn = mysqli_connect(“localhost”,”root”,””,”powerpage”);
//Prepare an INSERT Statement.
$sql_query_2 = “INSERT INTO users (personal_email) VALUES (?)”;
if(!$stmt_2 = mysqli_prepare($conn,$sql_query_2))
{
//Close Connection.
mysqli_close($conn);
die(“Could not register! Please try again later!”);
}
else
{
//Bind Variables to the Prepared Statement as parameters.
mysqli_stmt_bind_param($stmt_2,’s’,$email);
//Attempt to execute the Prepared Statement.
if(!mysqli_stmt_execute($stmt_2))
{
//Close Statement.
mysqli_stmt_close($stmt_2);
//Close Connection.
mysqli_close($conn);
die(“Could not register! Please try again later!”);
}
mail();
}
}
function login()
{
if(!isset($_SESSION[‘session_type’]) || $_SESSION[‘session_type’] != ‘login’)
{
//Close Statement.
mysqli_stmt_close($stmt);
//Close Connection.
mysqli_close($conn);
die(“Could not check email! Please try again later!”);
}
//$email = trim($_POST[“email_account”]) . ‘@’ . trim($_POST[“email_service”]);
$email = $_SESSION[’email’];//If this fails on test then replace it with above line
//Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
$conn = mysqli_connect(“localhost”,”root”,””,”powerpage”);
//Prepare a Select Statement.
$sql_query_3 = “SELECT id,username,first_name,middle_name,surname,gender,age_range FROM users WHERE personal_email = ?”;
if(!$stmt_3 = mysqli_prepare($conn,$sql_query_3))
{
//Close Statement.
mysqli_stmt_close($stmt_3);
//Close Connection.
mysqli_close($conn);
die(“Could not check email! Please try again later!”);
}
else
{
//Bind Variables to the Prepared Statement as parameters.
mysqli_stmt_bind_param($stmt_3,’s’,$email);
//Attempt to execute the Prepared Statement.
if(!mysqli_stmt_execute($stmt_3))
{
//Close Statement.
mysqli_stmt_close($stmt_3);
//Close Connection.
mysqli_close($conn);
die(“Could not check email! Please try again later!”);
}
//mysqli_stmt_bind_result($stmt,$email);
$result_3 = mysqli_stmt_get_result($stmt_3);
//if(mysqli_fetch_array($result_3, MYSQLI_NUM))
//Fetch result row as an associative array. Since the result set contains only one row, we don’t need to use the ‘While loop’.
//mysqli_stmt_fetch($stmt);//use this if you use ‘mysqli_stmt_bind_result($stmt,$email).
if($row = mysqli_fetch_array($result_3,MYSQLI_ASSOC)) //Use this if you use ‘$result = mysqli_stmt_get_result($stmt)’ instead of ‘mysqli_stmt_bind_result($stmt,$email)’.
{
//Retrieve Values.
$id = $row[“id”];//Use this if you use ‘$result = mysqli_stmt_get_result($stmt)’ instead of //’mysqli_stmt_bind_result($stmt,$email_count)’;
$username = $row[“username”];//Use this if you use ‘$result = mysqli_stmt_get_result($stmt)’ instead of //’mysqli_stmt_bind_result($stmt,$email_count)’;
$first_name = $row[“first_name”];//Use this if you use ‘$result = mysqli_stmt_get_result($stmt)’ instead of //’mysqli_stmt_bind_result($stmt,$email_count)’;
$middle_name = $row[“middle_name”];//Use this if you use ‘$result = mysqli_stmt_get_result($stmt)’ instead of //’mysqli_stmt_bind_result($stmt,$email_count)’;
$surname = $row[“surname”];//Use this if you use ‘$result = mysqli_stmt_get_result($stmt)’ instead of //’mysqli_stmt_bind_result($stmt,$email_count)’;
$gender = $row[“gender”];//Use this if you use ‘$result = mysqli_stmt_get_result($stmt)’ instead of //’mysqli_stmt_bind_result($stmt,$email_count)’;
$age_range = $row[“age_range”];//Use this if you use ‘$result = mysqli_stmt_get_result($stmt)’ instead of //’mysqli_stmt_bind_result($stmt,$email_count)’;
echo “Id: $id<br>”;
echo “Username: $username<br>”;
echo “First Name: $first_name<br>”;
echo “Middle Name: $middle_name<br>”;
echo “Surname: $surname<br>”;
echo “Gender: $gender<br>”;
echo “Age Range: $age_range<br>”;
//Close Statement.
mysqli_stmt_close($stmt_3);
//Close Connection.
mysqli_close($conn);
}
}
}
//DO NOT NEED TO REDO THE HTML CODE BELOW AS WAS NOT COPY & PASTE FROM ELESEWHERE ….
?>
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01//EN” “http://www.w3.org/TR/html4/strict.dtd”>
<html>
<head>
<meta name=”viewport” content=”width=device=width, initial-scale=1″>
</head>
<body>
<form action=”” method=”post”>
<label for=”email_account”>Email:</label>
<input type=”text” name=”email_account” id=”email_first_part” placeholder=”Email Address before ‘@'”>
<label for=”email_service”><b>@</b></label>
<input type=”text” name=”email_service” id=”email_last_part” placeholder=”Email Address after ‘@'”>
<?php if(!empty($email_error)){echo $email_error;}?>
<br>
<button type=”submit” class=”login_register” name=”login_register”>Register/Login</button>
</body>
<html>
<?php
?>
Anybody! Show me code samples I asked for! if you do not mind, that is!
Thanks