Valid registration page

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Valid registration page

    hey am gettng 5 errors on my registration page but i cant seem to find them...and its causing people to not get to register at my site can u help me out....here is the registration page....
    PHP Code:
    //-----------REGISTRATION PAGE-------------//

    <?php

    include("connect.php");

    include(    "function.php");

    connectdb();

    echo     "<?xml version=\"1.0\" encoding=\"utf-8\"?>";

    echo     "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\" \"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";

    echo     "<html xmlns=\"http://www.w3.org/1999/xhtml\">";

    echo     "<head>";

    echo     "<meta name=\"keywords\" content=\"chat,free,pics,photos,videos,myspace\"/>";

    echo     "<meta name=\"description\" content=\"Mobile community where you can meet people, chat, share pics and videos and play games on your cell phone.\"/>";

    echo     "<title>Register</title>";

    echo     "<link href=\"css/122538344.css\" rel=\"stylesheet\" type=\"text/css\" />";

    echo     "</head>";

    echo     "<body>";

    echo     "<p>";
    if(isset(    $_POST['submit']))
    {

    $error '';

    $nm trim($_POST['name']);

    $nm mysql_real_escape_string($nm);

    $nm strip_tags($nm);

    $nm htmlentities($nm);

    $nm str_replace('#','',$nm);

    $nm str_replace('--','',$nm);

    $ps $_POST['pass'];

    $ps trim(mysql_real_escape_string($ps));

    $utaken mysql_fetch_array(mysql_query("SELECT count(*) FROM c_users WHERE name='".$nm."'"));

    if(    $utaken[0]>0)
    {
    $error "<div class=\"error\">$nm is unavailable. Please try another user name!</div>";

    }



    else if(    trim($nm)==NULL)
    {

    $error ="<div class=\"error\">User name is required. Please fill out user name field!</div>";

    }

    else if(    strlen($nm)<4)
    {

    $error "<div class=\"error\">User name should be 4 - 20 characters long!</div>";

    }
    else if(    strlen($nm)>20)
    {

    $error ="<div class=\"error\">User name cannot exceed 20 characters. Make it shorter!</div>";

    }

    else if(    $ps==NULL)
    {

    $error "<div class=\"error\">Password is required, should not be identical to the user name and not too obvious!</div>";

    }
    else if(    strlen($ps)<6)
    {

    $error "<div class=\"error\">Password should be 6 - 20 characters long!</div>";

    }
    else if(    strlen($ps)>20)
    {

    $error "<div class=\"error\">Password cannot exceed 20 characters!</div>";

    }

    else if(    trim($nm)==$ps)

    {

    $error "<div class=\"error\">Username and Password cannot be the same!</div>";

    }

    else if (    ereg("^[^@]{1,64}@[^@]{1,255}$"$nm)) 
    {

    $error "<div class=\"error\">Username is Invalid!. -_ . are the only special characters allowed!</div>";

    }

    else if (    ereg("^[^@]{1,64}@[^@]{1,255}$"$ps)) 
    {

    $error "<div class=\"error\">Password is Invalid!. special characters are not allowed in Password!</div>";

    }

    else

    {

    $ipadd=$_SERVER['REMOTE_ADDR'];

    $brws explode(" ",$_SERVER['HTTP_USER_AGENT']); 
     
    $one $brws[0]; 

    $success mysql_query("INSERT INTO c_users SET name='".$nm."', pass='".$ps."', ipadd='".$ipadd."', browserm='".$one."', regdate='".time()."'");

    if(    success)
    {

    $uid mysql_fetch_array(mysql_query("SELECT id FROM c_users WHERE name='".$nm."'"));

    $msg "Welcome to sitename!. Thanks for joining sitename, the best community on your phone!. [br/]Tips to get started: [br/] 1. Bookmark the login page, write down your username and password if you wish to. [br/] 2. Upload a photo by your phone or by sending a email to: myphoto@sitename.com. [br/] 3. Last but not least tour the site and get familiar with it. Now go have some fun!.";

    $msg mysql_escape_string($msg);

    autopm($msg$uid[0]);


    echo     "<h3>Welcome to sitename.com</h3>";

    echo     "<p>";

    echo     "<u><b>Your login Details</b></u>:<br/>";

    echo     "Username: <b>$nm</b><br/>";

    echo     "Password: <b>$ps</b><br/>";

    echo     "<b><a href=\"welcome.php?u=$nm&amp;p=$ps\">Login Now</a></b><br/>";

    echo     "</p>";

    echo     "<div class=\"foot\">";

    echo     "sitename &copy; 2010 All Rights Reserved";

    echo     "</div>";

    exit;
    }

    else
    {
    echo     mysql_error();
    }
    }

    }
    echo     "</p>";
    ?>


    <p style='text-align: center'>

    <img src='img/logo.gif' alt='+'/>

    </p>

    <h3>Join sitename</h3>

    <?php echo $error?>

    <form method='post' action='<?php $_SERVER["PHP_SELF"]; ?>'>

    <p>

    <b>User Name</b>:<br />

    <input type='text' size='15' name='name' value='<?php $_POST['name']; ?>' maxlength='20'/><br />

    <b>Password</b>:<br />

    <input type='password' size='15' name='pass' maxlength='20'/><br />

    <input type='submit' class='submitter' name='submit' value='Register'/><br />



    </p>

    </form>

    <p>

    Already a Member? <a href='login.php'>Login now!</a>

    </p>

    <div class='foot'>sitename &copy; 2010 All Rights Reserved</div>

    </body>

    </html>
    Last edited by metulj; 15.06.10, 18:56. Reason: use [ php ] tag [ / php ] for posting php code !
    Tags: None
    #2
    depends what the errors say lol .... oh also your script isnt very safe

    here is one error: if(success)

    Comment

      #3
      Originally posted by something else View Post
      depends what the errors say lol .... oh also your script isnt very safe

      here is one error: if(success)

      1. when i validate the page i get 5 errors i wanna get rid of those errors

      2. wht u mean script not safe

      3. whats wrong with if($success) how is that a error ?

      Comment

        #4
        oh i think i seee it

        it should be if($success) and not if(success) right?

        Comment

          #5
          correct :P

          although you explode browser by " " doesnt mean its safe :P

          Comment

            #6
            so what must i use to make it safe then?

            Comment

              #7
              In your script cover every input a user can possibly make ...even if you think there is no chance in hell of a user being able to change it.

              eg: what happens if my browser is called: <b>hello</b>

              not very dangerous i know but still im managing to use html on your site :P and could change that to other things more dangerous

              Comment

                #8
                Originally posted by something else View Post
                In your script cover every input a user can possibly make ...even if you think there is no chance in hell of a user being able to change it.

                eg: what happens if my browser is called: <b>hello</b>

                not very dangerous i know but still im managing to use html on your site :P and could change that to other things more dangerous
                i really dont understand anything u just said

                Comment

                  #9
                  Originally posted by wap_king View Post
                  i really dont understand anything u just said

                  He's saying he can input html in to your forms. So for an example, he could do:

                  HTML Code:
                  <font color="red">See, this would be red.</font>
                  You should disallow any html characters. EG:

                  PHP Code:
                  $username mysql_real_escape_string($_POST['username']); 
                  If you don't he could use more dangerous code, like XSS, and so on.

                  Comment

                    #10
                    already have tht coding thts the old coded registration page

                    Comment

                    Previous template Next
                    Working...
                    X