User Personalization with PHP:User Registration [con't]
|
We are only interested in the file name, so we test to see if a file has been uploaded:
if(isset($_FILES['fn'])){
If a file has been uploaded then we transfer the file name to a shorter variable and try to upload it to the images directory where we store all user images:
$fn = $_FILES['fn']['name'];
We use the move_uploaded_file() function to send the file to its final destination:
if(!move_uploaded_file($_FILES['fn']['tmp_name'],'../images/'.$_FILES['fn']['name'].'')){
If any errors occur, then it will be stored in the FILES arrays' errors, we go through
them to see which of the errors has been encountered and set the $msg variable
to pick up the error:
Then we test to see if the file name is set; if so, we fill the image variable with the file name. If no file has been uploaded, we set the image variable to 'No_img':
Next, we store the color that has been selected by the user in the $bgc variable:
$bgc = $_POST['select'];
Now we are ready to insert the data into the database; we create a SQL statement and run the query:
$sql_ins="INSERT INTO users(uid,uname,upass,e-mail,level,bgc,img,actcode) values (5,'".$uname."','".md5($upass)."','".$e-mail."','".$level."','".$bgc."','".$img."','".$actcode."')";
$result = mysql_query($sql_ins);
If the user information has been inserted successfully, we need to notify the user accordingly:
Then we need to send the activation code through the email. To send the email we will use
the mail() function of PHP. Make sure that you've made the necessary changes in your
PHP ini file, before using this function. We start by setting the subject of the email
message:
//now we notify the user through e-mail
$subject="Registration at Online Bookmarks";
Then we start to create the body of the email message:
$emsg = "Thank you for registering with us.The next step is for you to activate your account. To do this, simply click on the link below:\n\n";
We then set the activation URL and instruct the user on what to do:
If the query we run encountered any problems then we show the error:
}else{
$msg .=" The following MYSQL error occurred:".mysql_error().";
}
}else{
$msg = "Error with the e-mail address provided ";
}
}//end err check
}//end submit check
?>
The HTML Code
The HTML part of the registration form contains the main form that collects user information such as the users name, email, password and other information. The code itself utilizes three different coding languages:
- HTML - Hosting the form
- JavaScript - Clientside form data validation
- PHP - Displaying error information
The JavaScript basically checks that the form fields are completed using a function called checkform().
We've used the same function in the login form to check the log-in details of the user in
the previous article. Basically, the function tests each
required field on the form to see if it contains text. If the fields are empty then a
message dialog is shown to the user informing them of the find:
In the HTML code below, the form fields are defined. Notice that in the form header we include an
enctype and set it as multipart/form-data. This is because this form will
also be used to upload files. By declaring the enctype as multipart/form-data
we automatically create a browse button on our form that enables users to
upload a file from their system:
This part of the form hosts the PHP code that displays any error messages that was encountered
when the user registration information was processed by the main PHP code. All error messages
are stored in the $msg variable:
Finally, we reach the main part of the HTML portion, the code below shows the form fields that are responsible for actually collecting the user information that is required:
The Password Script
One of the links that is displayed on the login form is the forgotten password link.
This link takes you to the forgot_pass.php script which is responsible for
generating a new password for users who have forgotten their passwords. The reason we
generate a new password instead of simply retrieving and sending the stored password is
because all of our passwords are stored in a one-way encrypted hash form, meaning that no one
except the owner of the password will know the plain text version of the hashed password.
The application only stores the hashed password, which has a thirty-two character length. So
how does the script work? It requires the username and password of the user. Then it uses
the two pieces of information to run check on the database to see if the user actually
exists in the database and the if so, sends a new password to the given email address.
Here's a screenshot of what the script looks like:
See Figure 1
The password that is generated is created by a function called rangen(). It is
defined in the connection.php script that is included on every page of the application
and has the following code:
function rangen(){
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
$rand = substr(str_shuffle($alphanum), 0, 5);
return $rand;
}
The function takes a string called alphanum that contains all the letters of
the alphabet and numbers from one to nine:
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
It then shuffles the contents of the above variable and creates a five character string and stores it
in a variable called $rand:
$rand = substr(str_shuffle($alphanum), 0, 5);
This variable is then returned by the function:
return $rand;
The first section of the main PHP code deals with form validation, which should be familiar to you. It is using the same functions as all the other scripts did to check for the validity of email addresses and also of usernames. The second part of the code is what we will explore. After validating the form variables, we need to 'clean' them and ready them for use in MySQL database. Remember the aim of the script is to, first collect the username and email address, which will be used to check the authenticity of the requesting user:
$uname=mysql_real_escape_string($_POST['uname']);
$email=mysql_real_escape_string($_POST['mail']);
Then we run the query to check if the requesting user exists in our database:
$q="SELECT uname,email FROM users WHERE uname='".$uname."' AND email ='".$email."'";
$result= mysql_query($q);
If the user exists then the mysql_num_rows() function will return a value greater
than zero; we test for this:
if(mysql_num_rows($result)>0){
$row = mysql_fetch_assoc($result);
The random password is generated, using the rangen() function:
$newpass = rangen();
Armed with the random password, our job becomes easier, we send the password to the
requesting user using the email address provided, but before we do that we need to
update the users table, so that the user is able to login as soon as they
get the password:
After updating the database, the code continues to build the email message that will be sent to the user. It starts by setting the subject of the message:
$subject="RE:Your Login Password\r\n";
Then it continues to create the body of the message:
Finally, the message is sent and the user is informed:
if(mail($mail,$subject,$emsg)){
$msg.= "Your password has been sent";
}
If the user does not exist in the database, an error message is stored in the
$msg variable, which will later be displayed:
else{
$msg .=" The following MYSQL error occurred:".mysql_error()."
";
}
The HTML part of the page contains a form that is responsible for collecting the username and email address of the requesting user. It also does the job of displaying any errors that is encountered by the script. Below is the code that makes up the HTML portion of the page:
Conclusion
This is the last script in the authentication section of our application. In the next part, we will start to build the main section of the application that deals with bookmarks.
Download the source code for the entire authentication section.
Original: March 02, 2009
