LCKB ** OLD LCKB DATABASE ** Website Scripting & Security Website Releases Ep1 Websites v
Safe registration script

Linear Mode
Safe registration script
vavan Offline
Junior Member
**
Posts: 28
Threads: 5
Thanks Received: 0 in 0 posts
Thanks Given: 0
Joined: Jun 2011
Reputation: 0
#7
05-20-2012, 11:41 AM

Hi.

 

I seen a lot of PHP scripts that access the database in a unsafe way, giving hackers way to much information or maybe even access to your database.

To prevent this from happening i wrote this script to make the user registration a lot more secure.

 

<?php

// Settings to change
$conf['db']['server'] = '';
$conf['db']['dbase'] = '';
$conf['db']['user'] = '';
$conf['db']['pass'] = '';

// Set this to true if u want to use encrypted passwords in the database.
// Your Engine.dll must support this in order to set it to true.
// Its highly recommended to use it

$conf['use_encryption'] = false;

// Dont change below here unless u know what u are doing -------------------------------------------------------------------

$conf['db']['dsn'] = sprintf("mysql:host=%s;dbname=%s", $conf['db']['server'], $conf['db']['dbase']);

try
{
$db = new PDO($conf['db']['dsn'], $conf['db']['user'], $conf['db']['pass']);
}
catch(PDOException $e)
{
die('Error connecting to the databaseRegistration is not possible at this moment.');
}

if( isset( $_POST['submit'] ) )
{

if( strlen( $_POST['username'] ) < 3 || strlen( $_POST['username'] ) > 15 )
echo 'Pick a username between 3 and 15 characters long';

elseif( !ctype_alnum( $_POST['username'] ) )
echo 'Please use only alfanumeric characters as username ( a-Z 0-9 )';

elseif( strlen( $_POST['pass1'] ) < 3 || strlen( $_POST['pass1'] ) > 15 )
echo 'Pick a password between 3 and 15 characters long';

elseif( strcmp( $_POST['pass1'] , $_POST['pass2'] ) != 0 )
echo 'Please use 2x exactley the same passwords';

else
{

$dbh = $db->prepare("SELECT count(*) FROM bg_user WHERE user_id = :userid");
$dbh->bindParam(':userid', $_POST['username'], PDO:TongueARAM_STR);

$dbh->execute();

$result = $dbh->fetch();

if( $result[0] != 0 )
echo 'Username already takenPlease choose another name';

else
{

( $conf['use_encryption'] ? $pass = md5( $_POST['pass1'] ) : $pass = $_POST['pass1'] )

$dbh = $db->prepare("INSERT INTO bg_user (user_id,passwd) VALUES(:userid,:passwd)");

$dbh->bindParam(':userid', $_POST['username'], PDO:TongueARAM_STR);
$dbh->bindParam(':passwd', $pass , PDO:TongueARAM_STR);

$dbh->execute();

echo 'Your account is created.';

}

}
}

else
echo
'
<form method="post">
<table>
<tr>
<td>Username</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="pass1" /></td>
</tr>
<tr>
<td>Password (again)</td>
<td><input type="password" name="pass2" /></td>
</tr>
<tr>
<td> colspan="2"><input type="submit" name="submit" value="Register" /></td>
</tr>
</table>
</form>
';

?>

Find


Messages In This Thread
[No subject] - by Wizatek - 05-02-2012, 09:43 PM
[No subject] - by vavan - 05-06-2012, 01:05 PM
[No subject] - by Blackfire - 05-13-2012, 08:19 AM
[No subject] - by Baikim - 05-18-2012, 11:52 AM
[No subject] - by slowz2seecret - 05-20-2012, 11:12 AM
[No subject] - by Blackfire - 05-20-2012, 11:17 AM
[No subject] - by vavan - 05-20-2012, 11:41 AM
[No subject] - by Ascadia-Network - 05-20-2012, 12:32 PM
[No subject] - by Wizatek - 05-20-2012, 03:08 PM
[No subject] - by slowz2seecret - 05-20-2012, 09:17 PM
[No subject] - by Baikim - 05-20-2012, 10:04 PM
[No subject] - by slowz2seecret - 05-20-2012, 10:21 PM
[No subject] - by Spezzato - 08-18-2012, 03:37 PM
[No subject] - by Wizatek - 08-18-2012, 05:33 PM
[No subject] - by LiQuiD - 10-02-2012, 11:05 AM
[No subject] - by halohalo - 10-24-2012, 02:34 AM
[No subject] - by halohalo - 04-04-2013, 02:50 AM
[No subject] - by fantasymerlin - 01-23-2016, 09:26 AM
[No subject] - by Sutz - 01-25-2016, 01:41 AM
[No subject] - by fantasymerlin - 01-25-2016, 07:49 PM
[No subject] - by Sutz - 01-26-2016, 01:15 AM
[No subject] - by fantasymerlin - 01-26-2016, 07:33 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)