Technology. Education. Art (TEA) tealearn.org

Home > Courses > Web development using PHP and MySQL > Authentication: Registration

Authentication: Registration

Subject: Web development using PHP and MySQL

Here is the code for the registration form

auth_register.php


<html>
<head>
<title>Authentication</title>
</head>
<body>
<b>REGISTER</b>
<br />
<a href="auth_login.php">Login</a><br />
<form method="post" action="auth_register_confirm.php">
USER ID: <input name="user_name" type="text" required /><br/>
PASSWORD: <input name="password" type="password" required /><br/>
Re-enter password: <input name="password2" type="password" required /><br/>
Name: <input name="name" type="text" required /><br/>
Email Address: <input name="email" type="email"  /><br/>
<input type="submit" value="REGISTER"  />
</form>
</body>
</html>

The code in this page is plain HTML with form action auth_register_confirm.php this is where the form is submitting to when you complete it's fields and click the submit button.

You can use CSS or Bootstrap framework to style and make the form or page look attractive.

Process registration
When the Registration form submits to this page, we need to cleanup the inputted data, validates and encrypt the password before the actual entry (registration) is made. Below is the source code.

First we need to connect to the database

conn.php


<?php
define ('DB_USER', 'root');
define ('DB_PASSWORD', '');
define ('DB_HOST', 'localhost');
define ('DB_NAME', 'BGdb');

// mysqli_connect function is used to connect to the database
$conn = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
?>

and the connection can then be included to the registration confirmation page.

auth_register_confirm.php


<?php
include("conn.php"); //connect to database

//Cleanup the input
$user_name=mysqli_escape_string($conn,$_POST['user_name']);
$password=mysqli_escape_string($conn, $_POST['password']);
$password2=mysqli_escape_string($conn, $_POST['password2']);
$email=mysqli_escape_string($conn, $_POST['email']);
$name=mysqli_escape_string($conn, $_POST['name']);

//encode the password
$password_encode=md5($password);


     // validate to check if the password and renter password is same
if($password !== $password2){
           $msg="Sorry your PASSWORD is not
the same as the RE-ENTER PASSWORD, please
           <a href=\"javascript:history.back()\">Try Again!</a>";      
 }else{    
          //check if the username or password is already use
          $sql = "SELECT * FROM user WHERE user_name = '$user_name'
          OR password = '$password_encode'";
          $sql_query = mysqli_query($conn, $sql) or
die(mysqli_error($conn));
    
           //if exist....
           if (mysqli_num_rows($sql_query) == 1) {

$msg="Sorry a user already use the USER ID or PASSWORD you intend using,
please change the login ID and                                              <a href=\"javascript:history.back()\">Try Again!</a>";            

            }else{

           //if not existing.... then register
$sql="INSERT INTO user VALUES ('','$user_name',
'$password_encode','$name', '$email')";
               
                mysqli_query($conn, $sql) or die(mysqli_error($conn)); 
                $msg="Thank you! 
                     your registration was successfull.
                <a href=\"auth_login.php\">LOGIN HERE!</a>";
           } 
     
}
?>                 

<html>
<head>
<title>Authentication</title>
</head>
<body>
<b>REGISTER</b>
<br/>
<?php
if (isset($msg)){
     print $msg;
}
?>
</body>
</html>

The following is worth nothing in the code above.

One


//encode the password
$password_encode=md5($password);

We use MD5 encryption technology to encrypt or hash the password, this is to improve the security of the password for example you type dan as your password and a stranger wonder into your database here is what he will see (Screenshot 1).

Two


// validate to check if the password and renter password
// is same
if($password !== $password2){
.....

This block of code verify IF the Password ($password) and Re-enter password ($password2) values are NOT (!==) the same. If this condition is TRUE then the line that follows is executed (similar to the error in last example I explained) but if the condition is not TRUE the block of code in ELSE statement is executed.
Let’s assume I entered james and jame for both Password and Re-enter password field and submit, I will get an error message (Screenshot 2).

Three


//check if the username or password is already use
$sql = "SELECT * FROM user WHERE user_name = '$user_name' OR password = '$password_encode'";
$sql_query = mysql_query($sql, $conn) or die(mysql_error());
....

This line within the else statement, actually check if the User ID or Password you supplied is already registered by another user.

SELECT statement was used with WHERE clause to compare our user id entry with the ones available in the user table, WHERE user_name = '$user_name and we also use the OR to check for the Password also OR password = '$password_encode'.

This means that if an existing or registered member has already used either the User ID OR Password you are about to use…. Then the query $sql_query will contains record or data (the number of time the User ID or Password have been used) and the next IF statement will be TRUE


/if use....
if (mysql_num_rows($sql_query) >= 1) {

The mysql_num_rows($sql_query) function here check the number of time the User ID or Password you are about to use have been used, if equal to or more than once >= 1 then the condition is TRUE and you will get an error message "Sorry a user already use the USER ID or PASSWORD you intend using,
please change the login ID"

IF this condition is TRUE, that means the User ID or Password you are about to use have been use, therefore you will receive an error message similar to the first the two. See the screenshots below.

ELSE (which means that the, mysql_num_rows($sql_query) returned 0 - no user have used your USER ID or PASSWORD)
The registration will be completed (INSERT) and you will be directed to the login page.

Note: This Registration algorithm (that is register if record does not exist) is the opposite of the Login algorithm (that is, login if record if exists). We will be looking at the Login next.

MD5 encryption