Free PHP scripts for you to use! ^_^ <3

Black Rose · Aug 4, 2008

^_^ I was bored, so I figured I might as well put my scripting knowledge to use :)

These are free to use, and you don't have to give credit. You can if you want ^_^ but I don't require it :) A simple thanks here would suffice =D

.

Full Scripts

Login Script:

Spoiler:

Registration Script (improved security and validation):

Spoiler:

PHP:

 <?php
if (!mysql_connect("localhost","database_username","db_user_password")){
die(mysql_error());
}
if (!mysql_select_db("database_name")){
die(mysql_error());
}
?>

<form method="post" action="register.php">
Desired Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password1" id="password1" /><br />
Confirm Password: <input type="password" name="password2" id="password2" /><br />
<input type="submit" name="submit" value="Register" id="submit" />
</form>

<?php
if (isset($_POST['submit'])){
if($_POST['password1']!=$_POST['password2']){
$error = "Your passwords do not match!<br />";
}

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])) {
print "<br />";
} else {
$error .= "The email address you entered is not valid!<br />";
}

$query1 = "SELECT * FROM users WHERE username='".$username."'";
$usercheck = mysql_query($query1);
if ($usercheck['username']==$_POST['username']){
$error .= "The username you chose has already been taken!<br />";
}

if ($error){
print "<div style='border:1px solid #3366AA;background-color:#88CCFF;width:72%;color:#3366AA'>";
print $error;
print "</div>";
die();
}
$query = "SELECT * FROM users WHERE username='".$_POST['username']."'";
$array = mysql_query($query);
$user = mysql_fetch_array($array);
if($user['username'] != '' || $user['username'] != 0){
$errormsg += "<b>That username is already taken!</b><br />";
$error = 1;
}
if ($error >0){
die("You have one or more errors that need your attention!");
} else {
protect($_POST['username']);
protect($_POST['password1']);
$query = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."','".md5($_POST['password1'])."')";
if (!mysql_query($query)){
die(mysql_error());
} else {
print "Registered successfully! Redirecting . . . ";
header("Location: login.php");
}
}
}
function protect ($string){
        $string = mysql_real_escape_string($string);
        $string = strip_tags($string);
        $string = addslashes($string);
        
        return $string;
}  

?>

.

Functions:

Validate form

Spoiler:

I'll add more as soon as I can think of them. ^_^ Possibly even some independent functions =D

~BR

.

Thanks to /*.Ooka.*/ for the awesome security improvements =D

Ooka · Aug 5, 2008

Eww... those are extremely unsafe.

Before connecting to a database, protect your strings first.

PHP:

function protect ($string){
		$string = mysql_real_escape_string($string);
		$string = strip_tags($string);
		$string = addslashes($string);
		
		return $string;
}

Use this method to protect variables in Register:

PHP:

	$username = protect($_POST['username']);
	$password = protect($_POST['password']);
	$confirm = protect($_POST['passconf']);
	$email = protect($_POST['email']);
	$name = protect($_POST['name']);

Also, you don't need to connect twice, just make a functions.php folder and put this in it:

PHP:

function connect (){
	$con = mysql_connect("host","username","password") or die (mysql_error());
	$db = mysql_select_db("database", $con);

Then, in the folder you're connecting with, put this before anything:

PHP:

include_once "functions.php";

connect();

Squeenix · Aug 5, 2008

No mysql_escape_real_string :O

Black Rose · Aug 5, 2008

@Ooka: These weren't meant to be commercial grade scripts, they're for fan-sites/games. How many fan-sites out there use high security? ^_^

@Squeenix: See above.

These are simply for foundation, you can add whatever you want to these scripts. By "Full Script" I'm saying that you can use them "as-is", but that doesn't mean you have to. These are just pre-made to save you a bit of time :)

~BR

j_ · Aug 5, 2008

Black Rose said:
@Ooka: These weren't meant to be commercial grade scripts, they're for fan-sites/games. How many fan-sites out there use high security? ^_^

@Squeenix: See above.

These are simply for foundation, you can add whatever you want to these scripts. By "Full Script" I'm saying that you can use them "as-is", but that doesn't mean you have to. These are just pre-made to save you a bit of time :)

~BR

SQL Injection is bad. It doesn't matter what size your site is! :P

It's not a matter of "high security" its a matter of someone dropping your database table if they feel like it! The extra 3 lines it takes to make any user input safe is definately worth it!

:)

Squeenix · Aug 5, 2008

Mysql injection = bad
They could just go on your site and put a username in that field and 1=1 in the password field
They could also just put in, DROP TABLE accounts in the stupid fields

Mysql injection protection is a MUST for all websites dealing with mysql

EDIT: Injection and protection rhymes :D

Black Rose · Aug 5, 2008

=/ Well, since you seem so adamant about it, I'll add those improvements in ^_^

Thankies =)

I'll try to add in more functions later. :)

~BR

Free PHP scripts for you to use! ^_^ <3

More options

Black Rose

Heehee ^_^

Ooka

[font=Maven Pro][color=#A75EE2]Cosmic[/color][/fon

Squeenix

Meow

Black Rose

Heehee ^_^

j_

Squeenix

Meow

Black Rose

Heehee ^_^