Thread: Creating a registration page with php and mysql

Hello, I am trying to make a registration page for my users with php and mysql. I have some knowledge with php and myql but i'm a little lost.
And also how can I make a validation page once the account is created?
Whats the best way to make the php code for this form?

Username
Password
Gender(<input type ="select">)
I agree to the terms
yes(<input type="radio">) no(<input type="radio">)

The mysql is already complete.
My site is http://www.clanxnsx.com/register/
The page has much more than the
Username, Password, Gender, and I agree
but if you can get me started with the simpler code that would be great! My php version is 5.2.4
Thnx in advance

I'm not sure what you need excactly. A login script is far more than a simple registration form. You need pages / scripts for :

Registration
Validation (as applicable) of the user input
Forgot Password feature
Email verification (if you need it)
Account activation reminder (if the user doesn't confirm his email, when he tries to login he gets a reminder email and screen)
Edit Profile feature
Auxiliary pages (thank you pages, confirmation pages, etc)

It is not that simple as you see. The MySQL setup is just a small step, the php scripts and the visual part are the greatest part of it.

Thanks for the quick reply, wasn't expecting that!
And i don't want a login script sorry for the misunderstanding. This is what i mean ill give you the html and the php i have so far.

<form name="register" method="post" action="#">
<div class="box">
<label for="firstname">First Name:*</label>
<br />
<input type="text" name="firstname" id="firstname" maxlength="30" class="text" />
</div>
<div class="box">
<label for="lastname">Last Name:*</label>
<br />
<input type="text" name="lastname" id="lastname" maxlength="30" class="text" />
</div>
<div class="box">
<label for="username">Username:*</label>
<br />
<input type="text" name="username" id="username" maxlength="20" class="text" />
_{<i>(4-20 Characters)</i>}
</div>
<div class="box">
<label for="password">Password:*</label>
<br />
<input type="password" name="password" id="password" maxlength="10" class="password" />
_{<i>(6-10 Characters)</i>}
</div>
<div class="box">
<label for="confirmpassword">Confirm Password:*</label>
<br />
<input type="password" name="confirmpassword" id="confirmpassword" maxlength="10" class="password" />
_{<i>(6-10 Characters)</i>}
</div>
<div class="box">
<label for="email">Email:*</label>
<br />
<input type="text" name="email" id="email" maxlength="60" class="text" />
</div>
<div class="box">
<label for="confirmemail">Confirm Email:*</label>
<br />
<input type="text" name="confirmemail" id="confirmemail" maxlength="60" class="text" />
</div>
<hr />
<div class="box">
<center>
<iframe src="The_agreement" scrolling="yes" frameborder="no" height="600px" width="500px" class="agreement" id="agreement"></iframe>
<br />
<label for="agree">I Agree</label>
<br />
Yes<input type="radio" name="agree" id="agree" />
No<input type="radio" name="agree" id="agree" />
</center>
</div>
<div class="box">
<center>
<input type="reset" name="Start Over" value="Start Over" class="reset"></input>
<input type="submit" name="submit" value="Join us!" class="submit">
</form>

The PhP i am using is

<?php
include("dbconnect");
$errors = "";
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$password = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$email = $_POST['email'];
$confirmemail = $_POST['confirmemail'];
$usernamecheck = mysql_query("SELECT * FROM members WHERE username = '$username'");
$emailcheck = mysql_query("SELECT * FROM members WHERE email = '$email'");
$date = date('n-j-y');
$validate_key = md5(time()+rand(1000,100000).$username);
$message="My Message"
if (!isset($firstname))
$errors .="You have not provided your <b>First Name</b>.<br />";
if (!isset($lastname))
$errors .="You have not provided your <b>Last Name</b>.<br />";
if (!isset($username))
$errors .="You have not provided a <b>Username</b>.<br />";
if (!isset($password))
$errors .="You have not provided a <b>Password</b>.<br />";
if ($password != $confirmpassword)
$errors .="Your <b>Passwords</b> do not match.<br />";
if (!isset($email))
$errors .="You have not provided an <b>Email Address</b>.<br />";
if ($email != $confirmemail)
$errors .="Your <b>Emails</b> do not match.<br />";
if (strlen($username) < 4 )
$errors .="Your <b>Username</b> is too small.<br />";
if (strlen($username) > 20 )
$errors .="Your <b>Username</b> is too long.<br />";
if (strlen($password) < 6 )
$errors .="Your <b>Password</b> is too small.<br />";
if (strlen($password) > 10 )
$errors .="Your <b>Password</b> is too long.<br />";
if (mysql_num_rows($usernamecheck)==1)
$errors .="Sorry but the username <b>$username</b> is already taken.<br />";
if (mysql_num_rows($emailcheck)==1)
$errors .="Sorry but the email <b>$email</b> is already taken.<br />";
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email))
$errors .="<b>$email</b> is an invalid email address.<br />";


if ($errors == "") {
$firstname = addslashes($firstname);
$lastname = addslashes($lastname);
$username = addslashes($username);
$password = md5($password);
$date = date('n-j-y');
$email = addslashes($email);
$usergroup = 1;
$validcode = md5(time()+rand(1000,100000).$username);

mysql_query("INSERT INTO members VALUES(
'',
'$firstname',
'$lastname',
'$username',
'$password',
'$email',
'$date',
'$usergroup',
'$validcode')");

mysql_close();

mail($email,"Validate Your Account",$message);
?>

and then of course i have the else....

As you can see im using "If" for about everything..Is this acceptable or am i doing this wrong? and also how would i make the php code for the users input of a radio, (yes or no) and a select (optgroup) and finally how can i create the validation page to confirm the registration!

Well, you are not asking anything (hehe)......

The if statement is quite acceptable, especially when validation is concerned.

Your MySQL Insert statement misses the column definition.

Your Iframe is missing the page extension.

The code for the radio button already exists in your code:

<label for="agree">I Agree</label>
<br />
Yes<input type="radio" name="agree" id="agree" />
No<input type="radio" name="agree" id="agree" />

You must make it similar to this if you need another one.

The oprion (list) box input should bee something like:

<select name="options" size="1" id="listbox">
<option value="option1">option1</option>
<option value="option2">option2</option>
<option value="option3">option3</option>
</select>

Your errors validation is, i suppose, to the rest of the code, that you are not posting here.....

The "validation page to confirm the registration": you need to have one more field in your database, for subscription Status. It should be set in "Pending" (or a number, if you wish to use numbers instead of text) when the user registers. Your script, should also send an email to the user, with a message and a link like " Please click on the following link to activate your account: http://www.yourdomain.com/activation...o$validcode;?> . the user clicks on that and gets redirected to a script called "activation.php" on your site . This script recieves the $validcode value, looks in the database for a user with that value, and if it finds such a user, it updates the table setting the Status field in "Active", or displays an error message.

Also you are setting $date and $validcode twice (not that would make the script not work, just wasting resources).

Your missing a semi-colon at the end of $message

I would probably use an array instead of a long string for each of your errors:
Declare $error = array(); at the top
and then instead of $error .= "error message"; making it
$error[] = "message";

And then just loop through it at the end to display each message. This makes it much easier to change the formating for your error messages (In case later on your decide to change the font, or color, or add a - infront of each, etc)

on your mail function add the 4th parameter for the headers, at the very least

mail($email,"Validate Your Account",$message, "From: admin@yoursite.com");

But you really want to add more advanced headers, check the comments for the mail() function on php.net, they have some good info on additional headers to add.

Also at the end of your script you not only need to add the error validation, but you also want to check if the database query was successful. (Also checked in the email was sent isn't a bad idea either).
if(mysql_query(....))
\\ worked
else
\\ didn't work, output error

if(mail(..,..,..,..))
\\ worked
else
\\ didn't work...

This way the user will know upfront it didn't work, and that they need to try again later.

Lastly, its a good habit to declare your mysql connection as a variable, and use it as the second parameter in all of your query

$dbconnect = mysql_connet...
$query = mysql_query("select...", $dbconnect);

and when you close enter the connect variable as the parameter

mysql_close($dbconnect);

Note: It isn't required when you only have 1 connection, but if you ever have more then 1 open connection you have to, and if you were never in the habit of doing it to begin with, your going to find yourself double and triple checking your code to make sure that each of your queries are going to the right connection.

Oh one more thing... I looked at your register page, if you are going to have the form and the script on the same page, check if the form was submitted before executing the script

<input type="submit" name="submit" />
if(isset(POST['submit']))
{
\\ execute script
}
else
{
\\ display form
}

Thanks much Navaldesign and watdaflip

Oh one more thing... I looked at your register page, if you are going to have the form and the script on the same page, check if the form was submitted before executing the script

<input type="submit" name="submit" />
if(isset(POST['submit']))
{
\\ execute script
}
else
{
\\ display form
}

Thanks much for that watdaflip i was having soom problems :D
Thank you guys you are the best!

Oh wait hold on a sec, i just received an error.

if(isset(POST['submit'])) {

shouldnt that be

if(isset($_POST['submit'])) {

When i changed that everything seemed fine, so i tested the page and on submit it told me No database selected..
and this is my connection

$con = mysql_connect("localhost", "username, "password") or die(Mysql_error());
$datebase1 = qczjsy_users;
mysql_select_db($database1, $con) or die(mysql_error());

Originally Posted by Phoubers

Oh wait hold on a sec, i just received an error.

if(isset(POST['submit'])) {

shouldnt that be

if(isset($_POST['submit'])) { CORRECT

When i changed that everything seemed fine, so i tested the page and on submit it told me No database selected..
and this is my connection

$con = mysql_connect("localhost", "username, "password") or die(Mysql_error());
$datebase1 = "qczjsy_users"; // Add the ""
mysql_select_db($database1, $con) or die(mysql_error());

Hope this helps

Now i have

$con = mysql_connect("localhost", "username", "password") or die(Mysql_error());
$datebase1 = "qczjsy_users";
mysql_select_db($database1, $con) or die(mysql_error());

And when I insert the info into the db its

mysql_query("INSERT INTO Members VALUES(
'',
'$firstname',
'$lastname',
'$displayname',
'$username',
'$password',
'$email',
'$date',
'$rank',
'$validatekey')");

Mysql_close($con);

But i stilll get the same error, No database selected

You have mistakes here:

$datebase1 = "qczjsy_users"; You have $datebase

whilst after you have

mysql_select_db($database1, $con) or die(mysql_error()); $database

Then you have NO COLUMN definition when you try to insert the new data in your table. Your code should be something like

@$query = "INSERT INTO `Members`(";
@$query .= "`firstname` ,";
@$query .= "`lastname` ,";
@$query .= "`displayname` ,";
@$query .= "`username` ,";
@$query .= "`password` ,";
@$query .= "`email` ,";
@$query .= "`date` ,";
@$query .= "`rank` , ";
@$query .= "`validatekey`";
@$query .= ")";
@$query .= "VALUES (";
@$query .= "\"$firstname\",";
@$query .= "\"$lastname\",";
@$query .= "\"$displayname\",";
@$query .= "\"$password\",";
@$query .= "\"$email\",";
@$query .= "\"$date\",";
@$query .= "\"$rank\",";
@$query .= "\"$validatekey\" ";
@$query .= ")" ;
include ("include/dbconnect.php");
//insert new record
$result = mysql_query($query, $con) or die(Mysql_error());
Mysql_close($con);

HAHA Ok sorry for that i should of noticed that Thanks a lot guys!!!!

Oh one more question is there a better way to use

mysql_num_rows Ex:

if (mysql_num_rows(mysql_query("SELECT * FROM members WHERE username = '$username'");)==1)

Since you have already defined (see your previous posts)

$usernamecheck = mysql_query("SELECT * FROM members WHERE username = '$username'");

if ($usernamecheck >= 1) {
// Code that you want to execute
}

Be carefull: you have named your table members and also Members !!!!!

OK everything is working fine but im not sure what the * is in

$usernamecheck = mysql_query("SELECT * FROM Members WHERE username = '$username'");

ive been using it but didnt know what it was exactly Can you explain that to me?

Means select all fields. Practically you are simply saying to MySQL to select all records with the username equal to the $username.

Ok like a wildcard Thank you so much for you help!

hmmm yet, theres another problem i had a friend sign up and everything worked fine, but then he registered again with the same name and it let him...so the usernamecheck isnt working properly

$usernamecheck = mysql_query("SELECT * FROM members WHERE username = '$username'");

if ($usernamecheck >= 1)
errors .="Message";

is what i have so, what am i doing wrong now?

Instead of :

$usernamecheck = mysql_query("SELECT * FROM members WHERE username = '$username'");
$emailcheck = mysql_query("SELECT * FROM members WHERE email = '$email'");

and

if (mysql_num_rows($usernamecheck)==1)
$errors .="Sorry but the username <b>$username</b> is already taken.<br />";




use this code:

$query = "SELECT username FROM members WHERE username= '$username'";
$result = mysql_query($query, $con);
$rows = mysql_affected_rows ();
if ($rows != 0) {
$errors .= "This Username address already exists! Please select another one!<br>";
}

and a similar one for the email address

Originally Posted by navaldesign

Instead of :

$usernamecheck = mysql_query("SELECT * FROM members WHERE username = '$username'");
$emailcheck = mysql_query("SELECT * FROM members WHERE email = '$email'");

and

if (mysql_num_rows($usernamecheck)==1)
$errors .="Sorry but the username <b>$username</b> is already taken.<br />";




use this code:

$query = "SELECT username FROM members WHERE username= '$username'";
$result = mysql_query($query, $con);
$rows = mysql_affected_rows ();
if ($rows != 0) {
$errors .= "This Username address already exists! Please select another one!<br>";
}

and a similar one for the email address

Hmm idk still not working. My Table name is members and the username field is username so im not sure why this isnt working. I am going to drop the table and make a new one to see if this helps.

Enter phpMyadmin and check to see if the two usernames are actually the same. If the seem the same, check to see that whitespaces have been trimmed (or modify your code to trim them) as a simple white space can create the problem

Ok a friend and i have tested it and EVERYTHING on the page is working. An email is sent to us with the url. But watdaflip sais

The "validation page to confirm the registration": you need to have one more field in your database, for subscription Status. It should be set in "Pending" (or a number, if you wish to use numbers instead of text) when the user registers. Your script, should also send an email to the user, with a message and a link like " Please click on the following link to activate your account: http://www.yourdomain.com/activation...o$validcode;?> . the user clicks on that and gets redirected to a script called "activation.php" on your site . This script recieves the $validcode value, looks in the database for a user with that value, and if it finds such a user, it updates the table setting the Status field in "Active", or displays an error message.

How would i redirect it from http://www.yourdomain.com/activation...o$validcode;?> to the activcation.php, i already have the activation.php ready. Im guessing i should redirect it in the registration form?

Not sure what you mean.

What i suggested is that the email sent to the user after registration cintains a link like : http://www.yourdomain.com/activation...tekey=xxxxxxxx where xxxxxxx is the actual value of the validation key for the specific user. The user clicks on this link and is automatically redirected to the activation page. There, in this page, you need to have a piece of code that will update the "Status" column, for this specific user, to be "Active". After the script activates the account, you can simply use a header ("Location: http://.........."); command to redirect the user to whatever page you want. If you want the user to go straight in his profile page in order to add more details, just place there the URL of the Edit Profile page, like header ("Location: http://www.yourdomain.com/path/editprofile.php?validatekey=xxxxxxxx");