User Registration System In PHP

Posted 4 months ago at 6:40 pm. 2 comments

Ok, this is a continuation from my post on making a login system. I realized after I had written the tutorial that I would need to do a tutorial on how to register users too. So here it is.

Making Our Registration Form

The php that goes above the form is back. It just needs a little change. Place the following first:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

<?php 
switch($_GET['e']) {
	case "pdm" :
		echo '<div class="fail">Your passwords do not match. Please enter them again</div>';
	break;
	case "mf" :
		echo '<div class="fail">Please fill in all fields before submitting.</div>';
	break;
	case "iu" :
		echo '<div class="fail">Please enter a valid Username</div>';
	break;
	case "uw" :
		echo '<div class="fail">That Username cannot be found.</div>';
	break;
	case "ut" :
		echo '<div class="fail">That Username is already taken. Please try another.</div>';
	break;
}
?>

Then you need the form like the login page from the previous tutorial. The only difference is that you need two password fields as one is for verification. It should look something like this:

1
2
3
4
5
6
7
8
9
10
11
12

<form action="register.php" method="post">
  <label for="username">Username:</label>
  <input type="text" name="username" />
  <br />
  <label for="password">Password:</label>
  <input type="password" name="password" />
  <br />
  <label for="passwordv">Password Again:</label>
  <input type="password" name="passwordv" />
  <br />
  <input type="submit" />
</form>

That’s about it for the registration form. By the way I called it reg.php but you can call it whatever you like.

The Registration Script

Ok. For reference I called this script registration.php, a bit obvious huh? Some of the code is the same as before, such as the error function. But anyway let’s start with the first 13 lines:

1
2
3
4
5
6
7
8
9
10
11
12

function error($type) {
	header("location: reg.php?e=".$type);
	exit(0);
}
function checkUsername($user) {
	return eregi("[^a-z0-9 ]", $user) ? false : true;
}
require('mysql.class.php');
 
$user = $_POST['username'];
$pass = $_POST['password'];
$passver = $_POST['passwordv'];

The error function is the same as before, it returns the user back to the registration page with an error code. checkUsername() takes the username & checks for any characters that aren’t in our regex set. This can be changed just by adding the characters you want, please remember that some characters have a special meaning to regex so they may need backslashing. To find out more try here.

We include the MySQL class and then we define the variables needed later from the $_POST array.

14
15
16
17
18
19
20
21
22
23
24
25
26

if(empty($user) || empty($pass) || empty($passver)) :
	error("mf");
endif;
 
if($pass !== $passver) :
	error("pdm");
endif;
 
if(!checkUsername($user)) :
	error("iu");
endif;
$user = addslashes($user);
$salt = substr(md5(uniqid(rand(), true)), 0, 8);

Here we check to see if any of the fields are empty if so we return a message saying they all need to be filled in to continue. We make sure that the password and the verification password match each other & we use the checkUsername() function from earlier to check the username.

We then add slashes to the username. We don’t really need because of the character set used in the regex but better to be safe than sorry. Lastly we create the salt for the password hashing later. I have chosen a 8 character salt, you can use a longer one but the benefit is heavly debated.

27
28
29
30
31
32
33
34
35
36
37
38
39
40

$db =& new db_mysql("SERVER", "USER", "PASS", "DB");
 
$r = $db->query("SELECT user FROM auth WHERE user = '".$user."'") or $db->raise_error();
 
if($db->num_rows($r) == 1) :
	error("ut");
endif;
 
$db->query("INSERT INTO auth (id, user, pass, salt) VALUES (NULL, '".$user."', '".sha1($salt.$pass)."', '".$salt."')") or $db->raise_error();
 
//You can send the user to a registration complete page...
//header("location: /path/to/place");
//or you can just echo or include some sort of message to show on this page...
echo 'Thank you. Your registration is complete, you can now log-in at this(Link here) page';

We make our database connection and then make a query to see if the current username is already in the database. If there is one row, then we already have a user with that name and we return a message telling the user to choose another.

Finally we can now add the user into the database. We make a query adding every thing in. In the password field we add the salt to the front of the given password and sha1 hash it together. Then we store the salt so we can check the password using the login system from earlier.

A Possible MySQL Table Layout

You will probably have your own table layout but if you want my example MySQL tables layout, here it is:

1
2
3
4
5
6
7

CREATE TABLE `auth` (
  `id` INT(11) NOT NULL AUTO_INCREMENT,
  `user` VARCHAR(255) NOT NULL,
  `pass` VARCHAR(255) NOT NULL,
  `salt` VARCHAR(8) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM;

Of course you should probably limit the length of the username & password but that is relatively easy to do.

If you need the MySQL connection class you can download it just below:

Ok I hope you enjoyed this tutorial. Remember this tutorial goes hand in hand with the tutorial I made earlier about how to create a user login system which can be found here.

If you have any questions, suggestions or you need any help implementing the code just let me know in a comment and I’ll get back to you asap.