Help with password

Question

roheath_1 0 Newbie Poster

12 Years Ago

Hi, so I'm trying to make a basic registration and everything shows up in the database (phpMyAdmin) except the password

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php

$con = mysql_connect("localhost","root","");

if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("sportcourt", $con);

$sql="INSERT INTO user (firstname, lastname, password, email, month, day, year)
VALUES
('$_POST[fname]','$_POST[lname]','$_POST[password]','$_POST[email]','$_POST[month]','$_POST[day]','$_POST[year]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con);
?>

This code is HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

<form action="insert.php" method="post" class="registration_form">
  <fieldset>
    <legend>Registration Form </legend>

    <p>Create A new Account <span style="background:#EAEAEA none repeat scroll 0 0;line-height:1;margin-left:210px;;padding:5px 7px;">
Already a member? <a href="login.php">Log in</a></span> </p>
<table align=right>
    <div class="elements">
        <tr>
      <label for="name">First Name :</label>
      <input type="text" id="fname" name="fname" size="25" /><br />
      <label for="name">Last Name :</label>
      <input type="text" id="lname" name="lname" size="25" /><br />      
      <label for="email">E-mail :</label>
      <input type="text" id="email" name="email" size="25" /><br />
      <label for="password">Password :</label>
      <input type="password" id="password" name="password" size="25" /><br />
      <label for="Pass2">Confirm Password :</label>
      <input type="password" id="Pass2" name="Pass2" size="25" /><br />     
      <label for="Birthday">Birth Date:</label>
    <select name="month">
    <option value="default">Month:</option>    
    <option value="01">1</option>
    <option value="02">2</option>
    <option value="03">3</option>
    <option value="04">4</option>
    <option value="05">5</option>
    <option value="06">6</option> 
    <option value="07">7</option>
    <option value="08">8</option>
    <option value="09">9</option>
    <option value="10">10</option>
    <option value="11">11</option>
    <option value="12">12</option>           
    </select>
    <select name="day">
    <option value="default">Day:</option>    
    <option value="01">1</option>
    <option value="02">2</option>
    <option value="03">3</option>
    <option value="04">4</option>
    <option value="05">5</option>
    <option value="06">6</option> 
    <option value="07">7</option>
    <option value="08">8</option>
    <option value="09">9</option>
    <option value="10">10</option>
    <option value="11">11</option>
    <option value="12">12</option>           
    <option value="13">13</option>
    <option value="14">14</option>
    <option value="15">15</option>
    <option value="16">16</option>
    <option value="17">17</option>
    <option value="18">18</option> 
    <option value="19">19</option>
    <option value="20">20</option>
    <option value="21">21</option>
    <option value="22">22</option>  
    <option value="23">23</option>
    <option value="24">24</option>
    <option value="25">25</option>
    <option value="26">26</option>
    <option value="27">27</option>
    <option value="28">28</option> 
    <option value="29">29</option>
    <option value="30">30</option>
    <option value="31">31</option>
    </select>    
    <input type="text" id="year" name="year" size="4" value="Year"/>
    </div>
    <div class="submit">
     <input type="hidden" name="formsubmitted" value="TRUE" />
      <input type="submit" value="Register" />
    </div>
    </table>
  </fieldset>
</form>



</body>
</html>

php

4 Contributors
4 Replies
146 Views
8 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by cigoL..:)

GliderPilot 33 Posting Whiz

12 Years Ago

This is why we don't copy and paste something from W3C lol... There is a lot of security issues with what you've posted. you should never take user inputted data and insert it directly into the database without verifying it first and you shouldn't store unencrypted passwords in your database. You don't have to follow my advise but personally I would at a minimum do the following:

//check that all required info was sent
if(
   (!isset($_POST['fname'])) ||
   (!isset($_POST['lname'])) ||
   (!isset($_POST['password'])) ||
   (!isset($_POST['email'])) ||
   (!isset($_POST['month'])) ||
   (!isset($_POST['day'])) ||
   (!isset($_POST['year']))
   ){

       //Everything is not set, output error
       echo "All fields are required, please go back and complete all fields.";
    }
    else
    {
      //everything is set.. I would add some sanitation here
      $fname = $_POST['fname'];
      $lanme = $_POST['lname'];
      $raw_password = $_POST['password'];
      $email = $_POST['email'];
      $month = $_POST['month'];
      $day = $_POST['day'];
      $year = $_POST['year'];

      //Use which ever encryption method you prefer, I hash with the password as the hash
      $encrypted_password = hash('sha512', hash('sha512', $raw_password));

      //verify the email is valid structure. This is just a simple one, there are better ways out there do some research to find them
      if (!preg_match('/^[^\W][a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\@[a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\.[a-zA-Z]{2,4}$/',$email)) {
          echo "Invalid email provided";
      }
      else
      {
          //All is good, lets add it
          $con = mysql_connect("localhost","root","");

          if (!$con){
            die('Could not connect: ' . mysql_error());
          }

          mysql_select_db("sportcourt", $con);

          $sql="INSERT INTO user (firstname, lastname, password, email, month, day, year)VALUES('$fname','$lname','$encypted_password','$email','$month','$day','$year')";

          if (mysql_query($sql,$con)){
            echo "New user added!";
          }
          else
          {
            die('Error: ' . mysql_error());
          }

          mysql_close($con);
      }
    }

**Please note that code provided is not verified, just providing examples to assist you in your work. Please verify and test all code prior to using it on a live site

Edited 12 Years Ago by GliderPilot

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

urtrivedi 276 Nearly a Posting Virtuoso · Answer 1 · 2012-11-13T19:48:12+00:00

urtrivedi 276 Nearly a Posting Virtuoso

12 Years Ago

post your table structure sql here

roheath_1 0 Newbie Poster · Answer 2 · 2012-11-13T20:26:08+00:00

Column  Type    Collation   Attributes  Null    Default Extra   Action
     1  id  bigint(20)          No  None    AUTO_INCREMENT    Change      Drop   More 
     2  username    varchar(50) latin1_swedish_ci       No  None          Change      Drop   More 
     3  password    varchar(50) latin1_swedish_ci       No  None          Change      Drop   More 
     4  email   varchar(250)    latin1_swedish_ci       No  None          Change      Drop   More 
     5  active  tinyint(1)          No  None          Change      Drop   More 
     6  code    varchar(25) latin1_swedish_ci       No  None          Change      Drop   More 
     7  date    timestamp           No  CURRENT_TIMESTAMP         Change      Drop   More 
     8  month   int(2)          No  None          Change      Drop   More 
     9  day int(2)          No  None          Change      Drop   More 
     10 year    int(4)          No  None          Change      Drop   More 
     11 firstname   text    latin1_swedish_ci       No  None          Change      Drop   More 
     12 lastname    text    latin1_swedish_ci       No  None          Change      Drop   More

cigoL..:) -1 Newbie Poster · Answer 3 · 2012-11-14T03:40:23+00:00

Hi!
what do you mean?! everything is shown up? do you mean the password is not "inserting"? Follow their advice. encrypt your password before you store it in a database:)

And i suggest. try storing data in a variable
e.g.

$password = $_POST['password'];
//Encrypt it.
$CryptPassword = sha1 ($password);

//or you can use 
$CryptPassword = md5($spassword);
//your Call , it's up to you.

i suggest before you insert data
print your sql statement first.
` print $sql;
so that yout will see if your query is correct.

(Friendly Suggestion: just comment the mysql_query with insert sql statement.. (so will not end up typing it again. :))

I hope this will help.
-Alex.