Registration validate thin

Question

1.00/5 (1 vote)

See more:

Whats wrong witm my validation ...i can easily register user with 3 3 3 3 -(name,email,pass,repeat pass) values...should not be able to do that....

my form is name="form_id"
and register is "register_submit"
all good there...

What I have tried:

PHP

if (!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['password']) || !isset($_POST['password_2']) || !isset($_POST['register_submit'])) {
			die("place all infos pls");
		}
        $name = test_input($_POST["name"]);
           if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
           echo "Only letters and white space allowed"; 
             }
		$email = test_input($_POST["email"]);
           if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
             echo "Invalid email format"; 
             
             }
		$password = test_input($_POST['password']);
		$password_2 = test_input($_POST['password_2']);
	    $status = 1;
		

		if (!$email) {
			die("Please enter email");
		}
		 
	     if (!$name) {
			die("Please enter name");
		} 

		if (!$password || $password != $password_2) {
			die("Pass dont match");
		}

		$password = md5($password);
		$sql = "select * from users where email='$email' and password='$password'";
		$result = mysqli_query($conn, $sql);
		$exists = mysqli_num_rows($result);
		if ($exists != 0) {
			die("user with same email alredy registered");
		}


		$sql = "insert into users (name, email, password, status) values ('$name', '$email', '$password','$status')";
		$result = mysqli_query($conn, $sql);
		$last_id = mysqli_insert_id($result);
		
		header("Location: home.php");
		break;

	default:
		echo "error_log(d): " . $_POST['form_id'];
		break;
}

Posted 27-Jul-17 13:02pm

Sfjklm

Updated 27-Jul-17 17:01pm

Bryian Tan

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Mohibur Rashid · Answer 1 · 2017-07-27T17:01:00

You have many issues in your source code:
1. what is your test_input function. How come it can validate name, password, email?. You need to define separate validator for name and email. Name can contain space but mail can't;
2. your preg_match will allow empty name to pass through.
3. What's the point of password_2?
4. When you check for existence of email and password together, it will give a window to hacker to find password with brute-force attak
5. You cannot use break or default or default in main body PHP: break - Manual[^]
6. May be use md5 function of mysql, not php.
7. Your insert query does not use ENCRYPTION. If you can successfully add in the database, your password will be registered as unencrypted
8. You insert query is not secured. Insecure insert query will compromise the security of your entire system. Read about SQL inject[^]