Komut dosyası güvenlik çeki yap

0 Cevap php

Hey guys, ben bu kaydolmak script var ve ben mysql_real_escape_string kullanıyorum. Ben hazırlanmış deyimleri daha güvenli olduğunu biliyorum ama ben sadece bunları kullanmak için yeterince deneyimli değilim, ben sadece anlamaya olamaz. Neyse burada script:

<?php

    $username=mysql_real_escape_string($_POST['username']);
    $password=sha1($_POST['password']);
    $password2=sha1($_POST['password_confirmation']);
    $passcheck=$_POST['password'];
    $todo=mysql_real_escape_string($_POST['todo']);
    $email=mysql_real_escape_string($_POST['email']);
    $fname=mysql_real_escape_string($_POST['fname']);
    $lname=mysql_real_escape_string($_POST['lname']);
    $gender=$_POST['gender'];
    $class=$_POST['class'];
    $section=$_POST['section'];



if(isset($todo) and $todo=="post"){

    $status = "OK";
    $msg="";
    }

if(!isset($username) OR strlen($username) <3){
    $msg=$msg."Username should be equal to or more than 3 characters long.<BR/>";
    $status= "NOTOK";
    }                   

if(mysql_num_rows(mysql_query("SELECT username FROM users WHERE username = '$username'"))){
$msg=$msg."Username already exists. Please try another one.<BR/>";
$status= "NOTOK";
}

if(mysql_num_rows(mysql_query("SELECT email FROM users WHERE email = '$email'"))){
$msg=$msg."E-mail is already in use. Please try again.<BR/>";
$status= "NOTOK";
}                                       


if ( strlen($passcheck) < 3 ){
    $msg=$msg."Password must be more than 3 charactors long.<BR/>";
    $status= "NOTOK";
    }                   

if ( $password <> $password2 ){
    $msg=$msg."Passwords are not identical.<BR/>";
    $status= "NOTOK";
    }                   
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
    $msg=$msg."The email is not a valid email.<br/>";
    $status="NOTOK";
    }

if($status=="NOTOK"){
    echo '<div class="statusmsg">'.$msg.'<br/><input class="submitButton" type="button" value="Retry" onClick="location.href='."'signup.php'\"></div>";
}
    else {
        $hash = md5( rand(0,1000) );
        $hash = mysql_real_escape_string($hash);
if(mysql_query("insert into users(username,password,email,fname,lname,hash,gender,class,section) values('$username','$password','$email','$fname','$lname','$hash','$gender','$class','$section')")or die (mysql_error ())){
    echo '<div class="statusmsg">Welcome, You have successfully signed up. Please check the verification e-mail sent to you.</div>';
    $to = $email; 
   $subject = 'Signup | Verification'; 
   $message = ' 

        Thanks for signing up! 
            Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below. 

            ------------------------ 
            Username: '.$username.' 
        ------------------------ 

        Please click this link to activate your account: 
   <div id="header">  
         <h3>JMToday > Sign up</h3>  
     </div>         
        http://www.JMtoday.com/verification.php?email='.$email.'&hash='.$hash.' 

   ';

    $headers = 'From:noreply@JMtoday.com' . "\r\n";  
    mail($to, $subject, $message, $headers); 
    }
else { 
echo "Database problem, please contact site admin";
}

}
?>

0 Cevap

etiketler