Registration Page
From VbGORE Visual Basic Online RPG Engine
Contents |
How to Make Your Own Registration Page
Author: Cruzn
Hey guys! This is a crash course guide on making your very own basic registration page. For starters, you'll need:
- PHP
- MySQL w/ Remote Access (or hosted on the same machine as vbGore)
- Without remote access enabled, the users won't be inserted into your database.
- For a quick way to get PHP and MySQL on the same computer as vbGore, try out XAMPP or Uniform Server.
- Patience
Just a foreword that this is going to be a VERY basic registration system. It's your responsibility to fix any security flaws, imperfections, ugliness, etc. I will not be here to fix every aspect that you may have messed up with or cannot do. I will try my best to answer legitimate questions only. Personalizations are NOT legitimate. =)This guide will consider everyone "fairly okay" with PHP, meaning I won't go into extreme detail. If you want more help you can contact me:
- AIM: Glacier8699
- MSN: glacier8699 at bellsouth dot net
To begin, open up a blank document and prepare it for PHP (put "<?" at the top and "?>" at the bottom.)
[edit] Step 1. Establish a Connection to the Database.
What information is needed to connect to the database?
First, let’s take a look at the mysql_connect and mysql_select_db functions within PHP.
mysql_connect($host, $username, $password)
Purpose: to establish a connection with the database using the above variables. A common setup would have $host set as “localhost,” $username set as “root,” and $password set as “root” or blank.
mysql_select_db($database)
Purpose: to select the appropriate database. The default installation for vbGore would require this to be set to “vbgore.” Now we will head to the actual PHP work. To establish a connection, we need the four above mentioned variables; host, username, password, and database. Here are the variables I will be using for this demonstration:
$host = “localhost”; $username = “root”; $password = “root”; $database = “vbgore”;
Place this code at the top of your document as it will be our first test. Before we head further, we have to make sure we can actually connect to the database. We’ll use a common way to test if the database is connected or not.
if( !$test = mysql_connect($host, $username, $password) ){ print(“Unable to make the connection.”); }else{ print(“Success! We can move forward.”); };
What does this do?
In short, this IF-THEN-ELSE statement will print us a message telling us if our connection was a success or not. What we did here was set the variable $test to equal our connection to the database. It will return a variable of either 1 (true, we connected) or 0 (false, no connection). So, if $test returns as 0 then we are display the “Unable to make the connection,” message. If we did connect, however, it will tell us we were successful because $test returned a 1. If you received the success message please continue reading. If your test failed, try double checking your variables used to connect.
Let's Select the Database now.
Sure. This is a very simple part. Since we've already declared our database, we simply need to throw this code somewhere below where we defined $database.
mysql_select_db($database);
Personally, I put this under the IF-THEN-ELSE statement we used to check if we could actually connect.
[edit] Functions Cited/Mentioned:
[edit] Step 2. Build the Form to Register.
This is the calm before the storm right here: HTML. We have to set up our registration for in order to continue.
What are the required fields in order to register?
Well, this is a rather simple question. We just have to mimic vbGore's registration style. Unfortunately, I am not familiar with vbGore so I will only be showing you how to make the username and password required. (Adding classes will be an addition at a later time. Sorry!)
Let's begin. Start off with declaring a form in HTML.
<form action="register.php" enctype="multipart/form-data" method="post">
What is all of this? Method="Post"? Action? What?
In here, I have set action to "register.php." This is where we will continue on with the registration. Set this as the same name as your document. We'll have the registration stay in one page. If you really wanted to, you could span it across several pages. Wink
Now, the actual places to enter the data.
Username: <input type="text" name="username" value="" maxlength="32" /> Password: <input type="password" name="password" value="" maxlength="32"/>
Elementary, my dear Watson. If you need an explanation for this, please, stop reading now. I'm sure you can finish the form by adding the submit button and ending the form on your own.
To get a visual aid, you can check out: Steps 1 & 2
[edit] Step 3. Determining Whether the Form was Submitted or Not.
Stupid form, submit!
This form is no good if it just sits there. We're going to make sure it does its job when somebody pushes that shiny button over there. =D
First, we MUST rearrange the way the page handles its operations. To start, we only want the form showing when they first vist the page. A simple IF-THEN-ELSE statement can clear this dilemma for us. I'll use this style:
if( $HTTP_POST_VARS['submit'] ){ // Yes, the form has been submitted. print("We made it past step 3."); // This will show when someone presses submit. // See Step 4 to watch this part develop. }else{ // Nope, the form hasn't been submitted. Let's show them it. ?> <form action="register.php" enctype="multipart/form-data" method="post"> Username: <input type="text" name="username" value="" maxlength="32" /><br /> Password: <input type="password" name="password" value="" maxlength="32" /><br /> <input type="submit" name="submit" value="Submit" /> </form> <? };
And you did this, why?
Remember earlier when we set the action type of the form? That's come back to help us now. We can perform a simple check to see whether or not the submit button was pressed. ($HTTP_POST_VARS['submit']) If it has been pressed it returns a 1 (true) otherwise it returns a 0 (false). Simple yet VERY effective.
If the submit button was pressed, we'll get a simple message saying that we've made it past step 3. Nice.
To get a visual aid, you can check out: Step 3
[edit] Step 4. Add Actions to the Form When Submitted.
Can we do something about "Success!" popping up on each page?
Yes. If you think about it, we don't need the connection to always be opened on each page. Instead we can slide it into the IF-THEN-ELSE statement we just created. For now we will just put the entire part above:
Code:
print("We made it past step 3.");
Now we have that message only popping up when we click submit. You'll be back, yes, all by yourself, to fix this part up later.
Can I prevent them from entering blank data?
Yup. I'll give you this part because I'm feeling generous. We'll simply check the variables to see if they're NULL (can be abbreviated in PHP by putting in two ").
$error = false; if( $HTTP_POST_VARS['username'] == "" ){ print("You have to type something for username."); $error = true; }; if( $HTTP_POST_VARS['password'] == "" ){ print("You have to type something for password."); $error = true; };
Simply place this below:
print("We made it past step 3."); // See Step 4 to watch this part develop.
In this code, you'll notice I added the variable $error. This will be used to determine whether or not the script will continue based on if there were critical errors. (empty password or username being critical and all. . .) If the username is blank, it will print "You have to type something for username." If the password is left blank it will print "You have to type something for password."
What should be happening?
The information that the user inputs needs to be validated. We don't want Mr. çπùžñ™ signing up now, do we? We'll be using the eregi function to determine whether or not the username and password are alphanumeric.
eregi("Search Parameters", $string)
Purpose: to determine if a string complies with the search parameter. In this case, it will check if it is alphanumeric (only using a-Z, 0-9 and _).
eregi("[^a-z0-9_]", $HTTP_POST_VARS['username'])
Take this code and place it into an IF-THEN-ELSE statement. Wink Have a true value print out "Username is acceptable," and a false value return "Please choose another name." Now, test your code and hope it works! =D If it doesn't. . . well then simply scroll down a bit to see how it's supposed to be.
Scroll down if you have actually tried something.
This should be placed under the last IF-THEN-ELSE statement you added:
if( eregi('[^a-z0-9_]', $HTTP_POST_VARS['username']) ){ print("Username is acceptable."); }else{ print("Please choose another name."); };
Don't forget to do the same thing with their passwords, too! You can use the same function, just change the variable.
To get a visual aid, you can check out: Step 4
[edit] Functions Cited/Mentioned:
[edit] Step 5. Add the User to the Database.
Let there be registration!
Time for a two new functions, mysql_query and mysql_fetch_row.
mysql_query($query)
Purpose: to send a MySQL query to the database, of course!
mysql_fetch_row($query)
Purpose: selects a row from the database based on the data provided from mysql_query. Sister function: mysql_fetch_array.
Alright, this is where it gets to be a little more vague. I cannot tell you what stats to start your characters with, so this is where your customization comes into play. Personally, i'd have all users start out the same and eventually branch off into classes; just to make things simple when it comes to online registration. If you choose to have 50 classes available for players to pick at start, well, it's your problem to figure out how exactly to do that. Wink On to the PHP.
We still have one last error check to go through. We have to make sure that the username is not already taken.
$query = mysql_query("SELECT name FROM users WHERE name = '" . $HTTP_POST_VARS['username'] . "'");
This statement will search through all the rows in your users table and compare the name to what the registering user is trying to acquire. Now, we have to actually check to see if it found a match.
if( $result = mysql_fetch_row($query) ){ print("Sorry, the username is already taken."); $error = true; };
If there was a match, it will print "Sorry, the username is already taken," and then set $error. To further this, I set and IF-THEN statement to check if $error was already set to true, this way if there was already something wrong it wont bother querying the database. Saves time and bandwith.
Okay, cool. What if there wasn't a match? It's time to add them. Finally.
First, the actual query we will use.
$query = "INSERT INTO users (name, password) VALUES('" . $HTTP_POST_VARS['username'] . "', '" . md5($HTTP_POST_VARS['password']) . "')";
Notice in the parenthesis we only have name and password. This is because we only have this information to put into the table. Remember, any specific stats and such is up to you to add. Wink
Now let's parse that query using the mysql_query function.
$result = mysql_query($query);
Simple. $result is not really required in order to execute the function. You'll see why I added it below.
if( $error == false ){ // No errors. Let's proceed to adding them to the game. =D $query = "INSERT INTO users (name, password) VALUES('" . $HTTP_POST_VARS['username'] . "', '" . md5($HTTP_POST_VARS['password']) . "')"; // The INSERT statement that will be used to add their name and password. if( $result = mysql_query($query) ){ print("User successfully added."); // They have successfully joined your game! Unfortunately, they have no stats. =( // Enjoy figuring out the rest and I hope this helped you out. ~Mr. çπùžñ™ }else{ print("Sorry, we could not complete your registration. Please try again later."); // Oh no. . . It couldn't add the player. This is most likely caused by the MySQL server being down. }; };
There. An IF-THEN statement to check if a success message should be printed or a failure message. Yup.
For those of you who didn't read what I just posted for you, you missed something important. Another new function: md5
md5($string)
Purpose: to set a string into md5 encryption. MD5 is what vbGore uses to "hide" passwords from prying eyes. If someone were to hack into your database, they wouldn't see the real password the player used. They would have to rely on MD5 "decryptors," which are sites that people enter strings to see what comes as a result. Not much of a decryption process and overall it's a waste of time.
[edit] Functions Cited/Mentioned:
[edit] Conclusion
Congratulations, you should now have a working online registration page! If you want more help you can contact me:
- AIM: Glacier8699
- MSN: glacier8699 at bellsouth dot net
If it doesn't seem to be working, I'll leave you with this: Did yours not go so well?
