Hi, im have this register form, i only want what in the email the user cant put emails @yahoo like: yahoo.cl yahoo.com.mx yahoo.com etc because dont received the email from my server, how i can do this? Here are the code: <? include("includes/session.php"); include("templates/header.php"); include("templates/header_sub.php"); ?> <table width="725" border="0" align="center"> <tr> <td> <? /** * The user is already logged in, not allowed to register. */ if($session->logged_in){ echo "<h1>Registered</h1>"; echo "<p>We're sorry <b>$session->username</b>, but you've already registered. " ."<a href=\"$web_path\">Go back Home</a>.</p>"; } /** * The user has submitted the registration form and the * results have been processed. */ elseif(isset($_SESSION['regsuccess'])){ /* Registration was successful */ if($_SESSION['regsuccess']){ echo "<h3>Registered!</h3>"; echo "<p>Thank you <b>".$_SESSION['reguname']."</b>, your information has been added to the database, " ."you may now <a href=\"".$web_path."main.php\">log in</a>.</p>"; } /* Registration failed */ else{ echo "<h3>Registration Failed</h3>"; echo "<p>We're sorry, but an error has occurred and your registration for the username <b>".$_SESSION['reguname']."</b>, " ."could not be completed.<br>You will be redirected back to the register page in a few seconds.</p><br>"; echo "<script language=javascript> setTimeout(\"location.href='register.php'\", 5000); </script>"; } unset($_SESSION['regsuccess']); unset($_SESSION['reguname']); } /** * The user has not filled out the registration form yet. * Below is the page with the sign-up form, the names * of the input fields are important and should not * be changed. */ else{ ?> <table align="center" border="0" width="728"> <tr> <td valign="top"><p><br> <? echo $settings[reg_text]; echo "<br>"; ?> </td> </tr> <tr><td> </td></tr> <td valign="top"> <?if($_GET['error']!="") { echo "<div class=\"little-box\">$_GET[error]</div>"; } ?> </td> </tr> <td valign="top"> <form name="Register" action="<?=$web_path;?>process.php" method="POST" onSubmit="return ValidateForm()"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td colspan="2"> </td></tr> <? if($form->num_errors > 0){ echo "<tr><td colspan=\"2\"><font size=\"1\" color=\"#ff0000\">".$form->num_errors." error(s) found</td></tr>"; } ?> <? if($_GET['message'] !=""){ echo "<tr><td colspan=\"2\"><font size=\"1\" color=\"#ff0000\">".$_GET['message']."</td></tr>"; } ?> <tr><td colspan="2"> </td></tr> <tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr> <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr> <tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<? echo $form->value("email"); ?>"></td><td><? echo $form->error("email"); ?></td></tr> <tr><td colspan="2" align="right"> <input type="hidden" name="subjoin" value="1"> <input type="submit" value="Join!"></td></tr> <tr><td colspan="2"> </td></tr> <tr><td colspan="2" align="left"><a href="main.php">Already registered? Click here to login!</a></td></tr> </table> </form> </td><td width="310" align="center" valign="top"> <?=$ads['box_ad'];?></td></tr></table> <? } ?> </td> </tr> </table> </td> </tr> </table> <?php include("templates/footer.php");?> </body> </html> PHP: I hope some body can help me, thanks
you can use dream wear software. because he is provide validation. and you also use java scrip languages for validate. --- FriendyAnil ---
This should work to not allow yahoo email addresses. Didn't test it though. <script type="text/javascript"> function verifyEmail(){ var emailRegEx = /^[A-Z0-9._%+-]+@yahoo+\.[A-Z]{2,4}$/i; if (document.form.email.value.search(emailRegEx) == 1) { alert("Please enter a valid email address."); return false; } else { document.myform.submit(); } } </script> <table> <form name="form" method="post" action="#"> <tr><td>Name:</td><td><input name='name' /></td></tr> <tr><td>E-Mail:</td><td><input name='email' /></td></tr> <tr><td>Password:</td><td><input name='password' type="password" /></td></tr> <tr><td colspan="2"><input type='submit' name='submit' value='Register' onclick="return verifyEmail();" /></td></tr> </form> </table> Code (markup):
Yes. Server-side: $email = $_POST['email']; $email = mysql_real_escape_string($email); if (eregi("@yahoo", $email)) { die("Yahoo emails are not allowed"); } PHP:
This is the server side, is the process.php where validate the form <? include("includes/session.php"); class Process { /* Class constructor */ function Process(){ global $session; /* User submitted login form */ if(isset($_POST['sublogin'])){ $this->procLogin(); } /* User submitted registration form */ else if(isset($_POST['subjoin'])){ $this->procRegister(); } /* User submitted forgot password form */ else if(isset($_POST['subforgot'])){ $this->procForgotPass(); } /* User submitted edit account form */ else if(isset($_POST['subedit'])){ $this->procEditAccount(); } /** * The only other reason user should be directed here * is if he wants to logout, which means user is * logged in currently. */ else if($session->logged_in){ $this->procLogout(); } /** * Should not get here, which means user is viewing this page * by mistake and therefore is redirected. */ else{ header("Location: main.php"); } } /** * procLogin - Processes the user submitted login form, if errors * are found, the user is redirected to correct the information, * if not, the user is effectively logged in to the system. */ function procLogin(){ global $session, $form; /* Login attempt */ $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); /* Login successful */ if($retval){ header("Location: ".$session->referrer); } /* Login failed */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } } /** * procLogout - Simply attempts to log the user out of the system * given that there is no logout form to process. */ function procLogout(){ global $session; $retval = $session->logout(); header("Location: main.php"); } /** * procRegister - Processes the user submitted registration form, * if errors are found, the user is redirected to correct the * information, if not, the user is effectively registered with * the system and an email is (optionally) sent to the newly * created user. */ function procRegister(){ global $session, $form, $mailer; /* Convert username to all lowercase (by option) */ // if(ALL_LOWERCASE){ $_POST['user'] = strtolower($_POST['user']); // } /* Registration attempt */ // $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['email']); $result = mysql_query("SELECT COUNT(*) FROM users WHERE username = '".$_POST['user']."'") or die(mysql_error()); $row = mysql_fetch_array( $result ); if($row[0]==0){ $retval=0; }else{ $retval=2; } //if(!isset($_POST['user'])||!isset($_POST['pass'])||!isset($_POST['email'])){ // $retval=1; // } else if(strlen($_POST[user])<3){ $retval=3; } if(strlen($_POST[pass])<6){ $retval=4; } if($retval==0){ mysql_query("INSERT INTO users (`username`,`password`,`userid`,`userlevel`,`email`,`timestamp`) VALUES('".$_POST['user']."', '".md5($_POST['pass'])."','".md5($_POST['user'])."','1','".$_POST['email']."',NOW() ) ") or die(mysql_error()); } /* Registration Successful */ if($retval == 0){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = true; $mailer->sendWelcome($_POST['user'],$_POST['email'],$_POST['pass']); header("Location: ".$session->referrer); } /* Error found with form */ else if($retval == 1){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = "Please fill in all data."; header("Location: ".$session->referrer); } /* Registration attempt failed */ else if($retval == 2){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = false; header("Location: ".$session->referrer); } /* Registration attempt failed */ else if($retval == 3){ $_SESSION['reguname'] = $_POST['user']; // $_SESSION['regsuccess'] = false; header("Location: ".$session->referrer."?error=Error: Please Make Sure Username is 3 characters or more."); } /* Registration attempt failed */ else if($retval == 4){ $_SESSION['reguname'] = $_POST['user']; // $_SESSION['regsuccess'] = false; header("Location: ".$session->referrer."?error=Error: Please Make Sure Password is 6 characters or more."); } } /** * procForgotPass - Validates the given username then if * everything is fine, a new password is generated and * emailed to the address the user gave on sign up. */ function procForgotPass(){ global $database, $session, $mailer, $form; /* Username error checking */ $subuser = $_POST['user']; $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered<br>"); } else{ /* Make sure username is in database */ $subuser = stripslashes($subuser); if(strlen($subuser) < 3 || strlen($subuser) > 30 || !eregi("^([0-9a-z_-])+$", $subuser) || (!$database->usernameTaken($subuser))){ $form->setError($field, "* Username does not exist<br>"); } } /* Get email of user */ $usrinf = $database->getUserInfo($subuser); $email = $usrinf['email']; if($_POST['email']!=$email){ $form->setError('email', "* Email does not match<br>"); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); } /* Generate new password and email it to user */ else{ /* Generate new password */ $newpass = $session->generateRandStr(8); /* Attempt to send the email with new password */ if($mailer->sendNewPass($subuser,$email,$newpass)){ /* Email sent, update database */ $database->updateUserField($subuser, "password", md5($newpass)); $_SESSION['forgotpass'] = true; } /* Email failure, do not change password */ else{ $_SESSION['forgotpass'] = false; } } header("Location: ".$session->referrer); } /** * procEditAccount - Attempts to edit the user's account * information, including the password, which must be verified * before a change is made. */ function procEditAccount(){ global $session, $form; /* Account edit attempt */ $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['email']); /* Account edit successful */ if($retval){ $_SESSION['useredit'] = true; header("Location: ".$session->referrer); } /* Error found with form */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } } }; /* Initialize process */ $process = new Process; ?> PHP: In what part i put the code of server side?
Very unsecure code! You are inserting unescaped variables into your database. You are open to SQL injection. At the very least, before inserting variables into the query, use mysql_real_escape_string() to try to avoid most bad characters. You can put what I added right below this part but before the mysql query. if(strlen($_POST[user])<3){ $retval=3; } if(strlen($_POST[pass])<6){ $retval=4; } PHP: You would add something like this: $email = $_POST['email']; $email = mysql_real_escape_string($email); if (eregi("@yahoo", $email)) { $retval = 5; } ////Then at the bottom, where you have all the elseif($retval == X) stuff, add: elseif($retval == 5) { $_SESSION['reguname'] = $_POST['user']; // $_SESSION['regsuccess'] = false; header("Location: ".$session->referrer."?error=Error: Please Make Sure E-mail is not a Yahoo account"); } PHP:
Ok, this is my process.php : <? include("includes/session.php"); class Process { /* Class constructor */ function Process(){ global $session; /* User submitted login form */ if(isset($_POST['sublogin'])){ $this->procLogin(); } /* User submitted registration form */ else if(isset($_POST['subjoin'])){ $this->procRegister(); } /* User submitted forgot password form */ else if(isset($_POST['subforgot'])){ $this->procForgotPass(); } /* User submitted edit account form */ else if(isset($_POST['subedit'])){ $this->procEditAccount(); } /** * The only other reason user should be directed here * is if he wants to logout, which means user is * logged in currently. */ else if($session->logged_in){ $this->procLogout(); } /** * Should not get here, which means user is viewing this page * by mistake and therefore is redirected. */ else{ header("Location: main.php"); } } /** * procLogin - Processes the user submitted login form, if errors * are found, the user is redirected to correct the information, * if not, the user is effectively logged in to the system. */ function procLogin(){ global $session, $form; /* Login attempt */ $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); /* Login successful */ if($retval){ header("Location: ".$session->referrer); } /* Login failed */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } } /** * procLogout - Simply attempts to log the user out of the system * given that there is no logout form to process. */ function procLogout(){ global $session; $retval = $session->logout(); header("Location: main.php"); } /** * procRegister - Processes the user submitted registration form, * if errors are found, the user is redirected to correct the * information, if not, the user is effectively registered with * the system and an email is (optionally) sent to the newly * created user. */ function procRegister(){ global $session, $form, $mailer; /* Convert username to all lowercase (by option) */ // if(ALL_LOWERCASE){ $_POST['user'] = strtolower($_POST['user']); // } /* Registration attempt */ // $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['email']); $result = mysql_query("SELECT COUNT(*) FROM users WHERE username = '".$_POST['user']."'") or die(mysql_error()); $row = mysql_fetch_array( $result ); if($row[0]==0){ $retval=0; }else{ $retval=2; } //if(!isset($_POST['user'])||!isset($_POST['pass'])||!isset($_POST['email'])){ // $retval=1; // } else if(strlen($_POST[user])<3){ $retval=3; } if(strlen($_POST[pass])<6){ $retval=4; } $email = $_POST['email']; $email = mysql_real_escape_string($email); if (eregi("@yahoo", $email)) { $retval = 5; } ////Then at the bottom, where you have all the elseif($retval == X) stuff, add: elseif($retval == 5) { $_SESSION['reguname'] = $_POST['user']; // $_SESSION['regsuccess'] = false; header("Location: ".$session->referrer."?error=Error: Please Make Sure E-mail is not a Yahoo account"); } if($retval==0){ mysql_query("INSERT INTO users (`username`,`password`,`userid`,`userlevel`,`email`,`timestamp`) VALUES('".$_POST['user']."', '".md5($_POST['pass'])."','".md5($_POST['user'])."','1','".$_POST['email']."',NOW() ) ") or die(mysql_error()); } /* Registration Successful */ if($retval == 0){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = true; $mailer->sendWelcome($_POST['user'],$_POST['email'],$_POST['pass']); header("Location: ".$session->referrer); } /* Error found with form */ else if($retval == 1){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = "Please fill in all data."; header("Location: ".$session->referrer); } /* Registration attempt failed */ else if($retval == 2){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = false; header("Location: ".$session->referrer); } /* Registration attempt failed */ else if($retval == 3){ $_SESSION['reguname'] = $_POST['user']; // $_SESSION['regsuccess'] = false; header("Location: ".$session->referrer."?error=Error: Please Make Sure Username is 3 characters or more."); } /* Registration attempt failed */ else if($retval == 4){ $_SESSION['reguname'] = $_POST['user']; // $_SESSION['regsuccess'] = false; header("Location: ".$session->referrer."?error=Error: Please Make Sure Password is 6 characters or more."); } } /** * procForgotPass - Validates the given username then if * everything is fine, a new password is generated and * emailed to the address the user gave on sign up. */ function procForgotPass(){ global $database, $session, $mailer, $form; /* Username error checking */ $subuser = $_POST['user']; $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered<br>"); } else{ /* Make sure username is in database */ $subuser = stripslashes($subuser); if(strlen($subuser) < 3 || strlen($subuser) > 30 || !eregi("^([0-9a-z_-])+$", $subuser) || (!$database->usernameTaken($subuser))){ $form->setError($field, "* Username does not exist<br>"); } } /* Get email of user */ $usrinf = $database->getUserInfo($subuser); $email = $usrinf['email']; if($_POST['email']!=$email){ $form->setError('email', "* Email does not match<br>"); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); } /* Generate new password and email it to user */ else{ /* Generate new password */ $newpass = $session->generateRandStr(8); /* Attempt to send the email with new password */ if($mailer->sendNewPass($subuser,$email,$newpass)){ /* Email sent, update database */ $database->updateUserField($subuser, "password", md5($newpass)); $_SESSION['forgotpass'] = true; } /* Email failure, do not change password */ else{ $_SESSION['forgotpass'] = false; } } header("Location: ".$session->referrer); } /** * procEditAccount - Attempts to edit the user's account * information, including the password, which must be verified * before a change is made. */ function procEditAccount(){ global $session, $form; /* Account edit attempt */ $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['email']); /* Account edit successful */ if($retval){ $_SESSION['useredit'] = true; header("Location: ".$session->referrer); } /* Error found with form */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } } }; /* Initialize process */ $process = new Process; ?> PHP: and this is my register.php: <? include("includes/session.php"); include("templates/header.php"); include("templates/header_sub.php"); ?> <table width="725" border="0" align="center"> <tr> <td> <? /** * The user is already logged in, not allowed to register. */ if($session->logged_in){ echo "<h1>Registered</h1>"; echo "<p>We're sorry <b>$session->username</b>, but you've already registered. " ."<a href=\"$web_path\">Go back Home</a>.</p>"; } /** * The user has submitted the registration form and the * results have been processed. */ elseif(isset($_SESSION['regsuccess'])){ /* Registration was successful */ if($_SESSION['regsuccess']){ echo "<h3>Registered!</h3>"; echo "<p>Thank you <b>".$_SESSION['reguname']."</b>, your information has been added to the database, " ."you may now <a href=\"".$web_path."main.php\">log in</a>.</p>"; } /* Registration failed */ else{ echo "<h3>Registration Failed</h3>"; echo "<p>We're sorry, but an error has occurred and your registration for the username <b>".$_SESSION['reguname']."</b>, " ."could not be completed.<br>You will be redirected back to the register page in a few seconds.</p><br>"; echo "<script language=javascript> setTimeout(\"location.href='register.php'\", 5000); </script>"; } unset($_SESSION['regsuccess']); unset($_SESSION['reguname']); } /** * The user has not filled out the registration form yet. * Below is the page with the sign-up form, the names * of the input fields are important and should not * be changed. */ else{ ?> <table align="center" border="0" width="728"> <tr> <td valign="top"><p><br> <? echo $settings[reg_text]; echo "<br>"; ?> </td> </tr> <tr><td> </td></tr> <td valign="top"> <?if($_GET['error']!="") { echo "<div class=\"little-box\">$_GET[error]</div>"; } ?> </td> </tr> <script type="text/javascript"> function verifyEmail(){ var emailRegEx = /^[A-Z0-9._%+-]+@yahoo+\.[A-Z]{2,4}$/i; if (document.form.email.value.search(emailRegEx) == 1) { alert("Please enter a valid email address."); return false; } else { document.myform.submit(); } } </script> <td valign="top"> <form name="Register" action="<?=$web_path;?>process.php" method="POST" onSubmit="return ValidateForm()"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td colspan="2"> </td></tr> <? if($form->num_errors > 0){ echo "<tr><td colspan=\"2\"><font size=\"1\" color=\"#ff0000\">".$form->num_errors." error(s) found</td></tr>"; } ?> <? if($_GET['message'] !=""){ echo "<tr><td colspan=\"2\"><font size=\"1\" color=\"#ff0000\">".$_GET['message']."</td></tr>"; } ?> <tr><td colspan="2"> </td></tr> <tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr> <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr> <tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<? echo $form->value("email"); ?>"></td><td><? echo $form->error("email"); ?></td></tr> <tr><td colspan="2" align="right"> <input type="hidden" name="subjoin" value="1"> <input type="submit" value="Join!"></td></tr> <tr><td colspan="2"> </td></tr> <tr><td colspan="2" align="left"><a href="main.php">Already registered? Click here to login!</a></td></tr> </table> </form> </td><td width="310" align="center" valign="top"> <?=$ads['box_ad'];?></td></tr></table> <? } ?> </td> </tr> </table> </td> </tr> </table> <?php include("templates/footer.php");?> </body> </html> PHP: but dont work