So basically I have a registration form, all working fantastic so far. It displays the reCAPTCHA on the data collection page (below) and registers the person. If the CAPTCHA is incorrect it displays the error code. To save the user going back, I've made it include the create-account.php from the previous page so the user can fill it out again. Either way, it won't display, nor will the footer information. The includes are used sitewide, so I know I've coded that right. I've tried changing the die() to exit() or moving around code, etc, just won't happen. Please reply in idiot language, as I'm a beginner, thanks Here's my script: <?php include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-head.php"); require_once($_SERVER["DOCUMENT_ROOT"].'/community/create-account/confirm/captcha.php'); $privatekey = "REMOVEDPRIVATEKEYFORSECURITYREASONS"; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { die ("<div class=\"advertise\">Sorry, you entered the code incorrectly and we need to make sure you're not a robot. Please try again.</div>"); include($_SERVER["DOCUMENT_ROOT"]."/community/create-account.php"); include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-foot.php"); } else { $monthlyemailme['Monthly'] = false; $monthlyemailme[$_POST['emailme']] = true; $ivereadterms['Terms'] = false; $ivereadterms[$_POST['iveread']] = true; $entityconfirm['Male'] = false; $entityconfirm['Female'] = false; $entityconfirm['Company'] = false; $entityconfirm['Project'] = false; $entityconfirm['Website'] = false; $entityconfirm[$_POST['entity']] = true; include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-foot.php");} ?>
Worked like a charm, thank you very much! I assumed it was this, but haven't began learning anything new yet. Although I'm doing well so far I think. I now have a fully functional registration script that connects to a database and validates.Any tips on making it secure? Also, what is the difference between print and echo?
Yes... To make it secure you can do the following: 1. Save all passwords as MD5 in your database and when you fetch from POST, you do md5 of password and check it with corresponding one. (Prevention measure incase, any sql injection vulnerability is found) 2. If more than 5 login attempts are done from same IP, block it for sometime or put a captcha. (Prevents brute force) 3. Sanitize every input with mysql_real_escape_string() 4. Sanitize every output with htmlspecialchars() 5. If server does not have high traffic, enable gpc_magic_quotes flag in your php.ini (deprecated in php6) Difference between print and echo echo is faster than print. echo is a shell command , most of unix commands can be used by php, echo is a unix command and print is terminal specific... You can use either but, print is more reliable and more you will realize during unit-level testing. Since you have just started, a wise word: Coders do not stumble on mountains but, small stones. Here is a coding tip: $w = "world!"; print "Hello $w"; print 'Hello $w'; PHP: Get to know the difference between single quote and double quote, while creating big applications, coders usually fumble over which type of quotes to use. Happy coding
one thing to remember about print if your print statement looks like this print ""; PHP: then when you do html code remember to either use \" or ' in your html example below print "<a href=\"mypage.php\">my page</a>"; PHP: or print "<a href='mypage.php'>my page</a>"; PHP: when calling and/or using an array you would want to do this print "<a href=\"{$mypage['url']}.php\">my page</a>"; PHP: or this print "<a href='".$mypage['url'].".php'>my page</a>"; PHP: you can also do both provided you don't do both on the same array.
eleetgeek I think passwords should be stronger than simple md5... for example $password = "asd56as4d6a5cs4d"; $password_encrypted = md5(md5(md5(md5(md5($password))))); PHP:
That's okay, figured it all out. I added salt to the md5. I'm surprised at how easy im learning all this php!