Hey guys, Just lately I have been trying to start a specific project for myself. I started off by designing the pages etc on HTML, and then a friend of mine helped me convert them to PHP.
At the moment, when a user registers to the site, they only require to enter a Username and Password. I would like to add their email to it too, due to adding slightly extra security. It would also be used for future reasons such as sending emails out etc.
I’m not sure about adding this, I know that most likely it is going to be VERY similar to how it already is, but I couldn’t seem to get it to work when I tried.
Ill give the coding which I am using at the moment. (Without Email Feature) (the documents which I believe would need editing) :
Register.php
[code]<?php
require($_SERVER[‘DOCUMENT_ROOT’] . ‘/TruckWorld/includes/config.php’);
$sOutput .= ‘
if (isset($_GET[‘action’])) {
switch (strtolower($_GET[‘action’])) {
case ‘register’:
// If the form was submitted lets try to create the account.
if (isset($_POST[‘username’]) && isset($_POST[‘password’])) {
if (createAccount($_POST[‘username’], $_POST[‘password’])) {
$sOutput .= ‘
}else {
// unset the action to display the registration form.
unset($_GET[‘action’]);
}
}else {
$_SESSION[‘error’] = “Username and or Password was not supplied.”;
unset($_GET[‘action’]);
}
break;
}
}
// If the user is logged in display them a message.
if (loggedIn()) {
$sOutput .= '
Already Registered
You have already registered and are currently logged in as: ’ . $_SESSION[‘username’] . ‘.
Would you like to logout?
Would you like to go to site index?
’;// If the action is not set, we want to display the registration form
}elseif (!isset($_GET[‘action’])) {
// incase there was an error
// see if we have a previous username
$sUsername = “”;
if (isset($_POST[‘username’])) {
$sUsername = $_POST[‘username’];
}
$sError = "";
if (isset($_SESSION['error'])) {
$sError = '<span id="error">' . $_SESSION['error'] . '</span><br />';
}
$sOutput .= '<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Truck World - Register</title>
<!-- Core CSS - Include with every page -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="font-awesome/css/font-awesome.css" rel="stylesheet">
<!-- SB Admin CSS - Include with every page -->
<link href="css/sb-admin.css" rel="stylesheet">
</head>
<body>
<div align=center><img src="images/logintitle.png" alt="LoginTitle" /></div>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Register To Join Truck World!</h3>
</div>
<div class="panel-body">
' . $sError . '
<form name="register" method="post" action="' . $_SERVER['PHP_SELF'] . '?action=register">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="Username" name="username" type="username" autofocus="">
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="password" type="password" value="">
</div>
<div class="form-group">
<input class="form-control" placeholder="Email" name="email" type="email" value="">
</div>
<!-- Change this to a button or input when using this as a form -->
<input type="submit" class="btn btn-lg btn-success btn-block" name="submit" value="Register" />
</fieldset>';
}
$sOutput .= ’
Copyright - Lewis Pickles 2014 - All Rights Reserved
// display our output.
echo $sOutput;
?>[/code]
Functions.php (Not sure if this would need editing, I think it might, Correct me if I’m wrong)
[code]<?php
function createAccount($pUsername, $pPassword) {
// First check we have data passed in.
if (!empty($pUsername) && !empty($pPassword)) {
$uLen = strlen($pUsername);
$pLen = strlen($pPassword);
// escape the $pUsername to avoid SQL Injections
$eUsername = mysql_real_escape_string($pUsername);
$sql = "SELECT username FROM users WHERE username = '" . $eUsername . "' LIMIT 1";
// Note the use of trigger_error instead of or die.
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
// Error checks (Should be explained with the error)
if ($uLen <= 4 || $uLen >= 11) {
$_SESSION['error'] = "Username must be between 4 and 11 characters.";
}elseif ($pLen < 6) {
$_SESSION['error'] = "Password must be longer then 6 characters.";
}elseif (mysql_num_rows($query) == 1) {
$_SESSION['error'] = "Username already exists.";
}else {
// All errors passed lets
// Create our insert SQL by hashing the password and using the escaped Username.
$sql = "INSERT INTO users (`username`, `password`) VALUES ('" . $eUsername . "', '" . hashPassword($pPassword, SALT1, SALT2) . "');";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if ($query) {
return true;
}
}
}
return false;
}
/***********
string hashPassword (string $pPassword, string $pSalt1, string $pSalt2)
This will create a SHA1 hash of the password
using 2 salts that the user specifies.
************/
function hashPassword($pPassword, $pSalt1=“2345#$%@3e”, $pSalt2=“taesa%#@2%^#”) {
return sha1(md5($pSalt2 . $pPassword . $pSalt1));
}
/***********
bool loggedIn
verifies that session data is in tack
and the user is valid for this session.
************/
function loggedIn() {
// check both loggedin and username to verify user.
if (isset($_SESSION[‘loggedin’]) && isset($_SESSION[‘username’])) {
return true;
}
return false;
}
/***********
bool logoutUser
Log out a user by unsetting the session variable.
************/
function logoutUser() {
// using unset will remove the variable
// and thus logging off the user.
unset($_SESSION[‘username’]);
unset($_SESSION[‘loggedin’]);
return true;
}
/***********
bool validateUser
Attempt to verify that a username / password
combination are valid. If they are it will set
cookies and session data then return true.
If they are not valid it simply returns false.
************/
function validateUser($pUsername, $pPassword) {
// See if the username and password are valid.
$sql = “SELECT username FROM users
WHERE username = '” . mysql_real_escape_string($pUsername) . “’ AND password = '” . hashPassword($pPassword, SALT1, SALT2) . “’ LIMIT 1”;
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
// If one row was returned, the user was logged in!
if (mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query);
$_SESSION['username'] = $row['username'];
$_SESSION['loggedin'] = true;
return true;
}
return false;
}
?>[/code]
The Database for the email is as follows:
Any help would be great, Thanks 
