Generic Registration Script (Using PDO)

pintinho12 · 08/23/2014, 18:45

Hello,
I don't have much time, so i will just make a little explanation.
This is a simple PHP Script for Register Pages, I aint releasing the Form because i havent done it, i just did the PHP Script to reply to another thread and then i tought it was gonna be useful for other peoples.

First, it uses PDO for MySql, it requires a higher version of PHP and needs to be enabled if you use Wampserver. Wont work on AppServ. Usually Host Providers already have this enabled so you wont need to worry, otherwise, if it doesnt work, you should ask them to enable PDO for MySql on your Apache Server.
Second, i havent done the Errors handle, i have made the functions, but if you need it to show messages, you gotta do it yourself.
The functions, Configurations and Handle are on the same file, so you gotta split them if you want.
If you need a guide for how to use PDO, i recommend this

. Its not hard and i recommend who use mysql_* to start learning PDO. I think its so cool.

The Code:

Code:

<?php
/*
 * Generic Register Page
 * Author: Felipe Vieira Vendramini
 * Configuration
 */
$MySql["Host"] = "localhost"; // host, duuh
$MySql["User"] = "root"; // Username
$MySql["Pass"] = "test"; // Password
$MySql["Data"] = "zf"; // Database

$Database = new PDO('mysql:host='.$MySql["Host"].';dbname='.$MySql["Data"].';charset=utf8', $MySql["User"], $MySql["Pass"], array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'));
$Database->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

/*
 * Common Functions
 */
function CheckIfNegative($Number)
{
    if($Number < 0)
        $Number *= (-1);
    return $Number;
}

function CheckINT($Number)
{
    return filter_var($Number, FILTER_VALIDATE_INT);
}

function ValidateUser($string){
    $expression = "[A-Za-z0-9]";
    return preg_match($expression, $string);
}

function ValidateEmail($string){
    return filter_var($string, FILTER_VALIDATE_EMAIL);
}

/*
 * Form validation
 * Fill:
 * Username: varchar(16)
 * Password: varchar(16)
 * SecurityCode: bigint(8)
 * Email: varchar(64)
 */

if(!ValidateUser($_POST["Username"]) || !ValidateUser($_POST["Password"])){
    //Handle Invalid Username or Password
}

$Username = $_POST["Username"];
$Password = $_POST["Password"];

if(strlen($_POST["Username"]) < 6 || strlen($_POST["Username"]) > 16){
    //Handle Username Lenght Error
}

if(strlen($_POST["Password"]) < 6 || strlen($_POST["Password"]) > 16){
    //Handle Password Lenght Error
}

$CheckName = $Database->prepare("SELECT username FROM `account` WHERE `username`=:name");
$CheckName->bindValue(':name', $Username, PDO::PARAM_STR);
$CheckName->execute();
$CountN = $CheckName->rowCount();

if($CountN > 0){
    //Handle Existing Username
}

if(!ValidateEmail($_POST["Email"])){
    //Handle Invalid E-mail
}

$Email = $_POST["Email"];

$CheckMail = $Database->prepare("SELECT email FROM `account` WHERE `email`=:mail");
$CheckMail->bindValue(':mail', $Email, PDO::PARAM_STR);
$CheckMail->execute();
$CountM = $CheckMail->rowCount();

if($CountM > 0){
    //Handle Existing Mail
}

$SecurityCode = CheckIfNegative($_POST["SecurityCode"]);

if(!CheckINT($SecurityCode)){
    //Handle Invalid format Security Code
}

if($SecurityCode < 10000000){
    //Handle 8 Digits Security Code Error
}

$InsertRow = $Database->prepare("INSERT INTO account (`username`,`password`,`email`,`code`) VALUES (:name, :pass, :mail, :code)");
$InsertRow->bindValue(':name', $Username, PDO::PARAM_STR);
$InsertRow->bindValue(':pass', $Password, PDO::PARAM_STR);
$InsertRow->bindValue(':mail', $Email, PDO::PARAM_STR);
$InsertRow->bindValue(':code', $SecurityCode, PDO::PARAM_INT);
$Check = $InsertRow->execute();

if(!$Check){
    //Handle Insert failed
}

die("OK");

*Damn, pressed CTRL+W twice, hate this*

FAQ:
Why do i you use bindValue if you can save n lines by doing different?
So newbies can see +- how it works and it will become easier for them to edit. With a query where ill set 20 values, it will take 20 lines, but at least newbies will get the touch, but yes, it can be done in 1 line.

Well, i wont rewrite everything, i gotta go.
Later i Edit with something else.
I am accepting suggestions for improvements.

Good luck

turk55 · 08/23/2014, 19:28

Quote:

Originally Posted by pintinho12

Code:

<?php
/*
 * Generic Register Page
 * Author: Felipe Vieira Vendramini
 * Configuration
 */
$MySql["Host"] = "localhost"; // host, duuh
$MySql["User"] = "root"; // Username
$MySql["Pass"] = "test"; // Password
$MySql["Data"] = "zf"; // Database

$Database = new PDO('mysql:host='.$MySql["Host"].';dbname='.$MySql["Data"].';charset=utf8', $MySql["User"], $MySql["Pass"], array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'));
$Database->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

/*
 * Common Functions
 */
function CheckIfNegative($Number)
{
/* Why are you trying so hard?
    if($Number < 0)
    {
        $Number *= (-1);
    }
    return $Number;
	*/
	return $Number >= 0;
}

function CheckINT($Number)
{
	/* You should really check how you can improve your return statements
    if(filter_var($Number, FILTER_VALIDATE_INT) === false)
    {
        return false;
    }
    return true;
	*/
	return filter_var($Number, FILTER_VALIDATE_INT);
}

function ValidateUser($string){
    $expression = "[A-Za-z0-9]";
    /* Return statement......
	if(preg_match($expression, $string)){
        return true;
    }
    return false;
	*/
	return preg_match($expression, $string);
}

function ValidateEmail($string){
    /* Don't need a expression check
	$string = strtolower($string);
    $expression = "/([\w\-]+\@[\w\-]+\.[\w\-]+)/";
    if(preg_match($expression, $string)){
        return true;
    }
    return false;
	*/
	return filter_var($string, FILTER_VALIDATE_EMAIL);
}

/*
 * Form validation
 * Fill:
 * Username: varchar(16)
 * Password: varchar(16)
 * SecurityCode: bigint(8)
 * Email: varchar(64)
 */

if(!ValidateUser($_POST["Username"]) || !ValidateUser($_POST["Password"])){
    //Handle Invalid Username or Password
}

$Username = $_POST["Username"];
$Password = $_POST["Password"];

if(strlen($_POST["Username"]) < 6 || strlen($_POST["Username"]) > 16){
    //Handle Username Lenght Error
}

if(strlen($_POST["Password"]) < 6 || strlen($_POST["Password"]) > 16){
    //Handle Password Lenght Error
}

// This whole checking a value thing can be done inside a single function saves you like 20 lines of codes
$CheckName = $Database->prepare("SELECT username FROM `account` WHERE `username`=:name");
$CheckName->bindValue(':name', $Username, PDO::PARAM_STR);
$CheckName->execute();
$CountN = $CheckName->rowCount();

if($CountN > 0){
    //Handle Existing Username
}

if(!ValidateEmail($_POST["Email"])){
    //Handle Invalid E-mail
}

$Email = $_POST["Email"];

$CheckMail = $Database->prepare("SELECT email FROM `account` WHERE `email`=:mail");
$CheckMail->bindValue(':mail', $Email, PDO::PARAM_STR);
$CheckMail->execute();
$CountM = $CheckMail->rowCount();

if($CountM > 0){
    //Handle Existing Mail
}

$SecurityCode = CheckIfNegative($_POST["SecurityCode"]);

if(!CheckINT($SecurityCode)){
    //Handle Invalid format Security Code
}

if($SecurityCode < 10000000){
    //Handle 8 Digits Security Code Error
}

$InsertRow = $Database->prepare("INSERT INTO account (`username`,`password`,`email`,`code`) VALUES (:name, :pass, :mail, :code)");
$InsertRow->bindValue(':name', $Username, PDO::PARAM_STR);
$InsertRow->bindValue(':pass', $Password, PDO::PARAM_STR);
$InsertRow->bindValue(':mail', $Email, PDO::PARAM_STR);
$InsertRow->bindValue(':code', $SecurityCode, PDO::PARAM_INT);
$Check = $InsertRow->execute();

if(!$Check){
    //Handle Insert failed
}

die("OK");

Improvements are in the code.

pintinho12 · 08/23/2014, 19:59

Quote:

Originally Posted by turk55

Improvements are in the code.

Edited, thanks
I have made some changes, thank you.
By the way, i keep some double checks,
The email and user made in 2 different queries and the Negative Number
The CheckIfNegative ive made because i am developing a PHP game and on the beta i didnt made this check, just the int one,
so 1 guy used a negative number so he could increase the amount of items he has.
It isnt to return true or false, it will get that number and make it positive, then better keep it, may be useful to other peoples.
The Validate Part i've based on a old script, one of my first tests, so its the "hard" way haha, better saying, the noob way.
I am not a Pro, improvements are welcome. Thanks

turk55 · 08/23/2014, 22:48

Quote:

Originally Posted by pintinho12

Edited, thanks
I have made some changes, thank you.
By the way, i keep some double checks,
The email and user made in 2 different queries and the Negative Number
The CheckIfNegative ive made because i am developing a PHP game and on the beta i didnt made this check, just the int one,
so 1 guy used a negative number so he could increase the amount of items he has.
It isnt to return true or false, it will get that number and make it positive, then better keep it, may be useful to other peoples.
The Validate Part i've based on a old script, one of my first tests, so its the "hard" way haha, better saying, the noob way.
I am not a Pro, improvements are welcome. Thanks

This is what I meant with you could save lines:

PHP Code:


			
function GetDBValue($db, $where, $table = "tablename", $fields = "*") {
    $values = array();
    $wherestring = "";
    foreach($where as $field => $value) { 
        array_push($values, ":".$field => $value); 
        if(empty($wherestring)) {
            $wherestring .= " WHERE "; 
        }
        $wherestring .= $field."="":".$field.",";
    }
    $querystring = "SELECT ".$fields." FROM ".$table." ".substr($wherestring, 0, -1);
    $query = $db->prepare($querystring);
    return $query->execute($values);
}

$CountM = GetDBValue($Database, array("email" => $_POST["Email"]), "account", "Email")->rowCount();

I haven't tested the code but you should get the idea, plus this same function can be extended to create an insert, update and delete query as well

pintinho12 · 08/23/2014, 23:21

Quote:

Originally Posted by turk55

This is what I meant with you could save lines:

PHP Code:

function GetDBValue($db, $where, $table = "tablename", $fields = "*") { $values = array(); $wherestring = ""; foreach($where as $field => $value) { array_push($values, ":".$field => $value); if(empty($wherestring)) { $wherestring .= " WHERE "; } $wherestring .= $field."="":".$field.","; } $querystring = "SELECT ".$fields." FROM ".$table." ".substr($wherestring, 0, -1); $query = $db->prepare($querystring); return $query->execute($values); } $CountM = GetDBValue($Database, array("email" => $_POST["Email"]), "account", "Email")->rowCount();

I haven't tested the code but you should get the idea, plus this same function can be extended to create an insert, update and delete query as well

Well, ill take the idea for me, and now its good to have on the Thread, but it's better we dont deliver it completely done, peoples need to learn. And thanks, nice to see new structures