PHP Quandry - Oh the joys..

[DaVulf]

Alright, so I'm still struggling with PHP, and I haven't had time to really dive into it since I've been working full-time with summer school at night, and I've run into this issue.

What I want to do is have a hybrid page, HTML, with Flash navbar. Now, on my navbar, I want to have a login/password box (with forgot password? register). Now, when you click on register, I want it to appear in the HTML portion as a sign up ala phpBB. The issue I want to do is have it so that I manually give out confirmation numbers to people when they register. They put this number in, and can sign up. Without it, no signup.

I am trying to prevent just anyone from signing up, this is for a club at my university, and I only want members to be able to access the members area. When they pay their membership fee, I will give them a unique code that they will enter when signing up. This will allow them to create an account.

Is this possible to do, if so, how? Also, how can I have it so those same usernames get registered on the forum and are active there aswell.

This is the current code in Flash:

Submit button

Code:

on (release) 
{
	if(userName.length > 0 && userPassword.length > 0)
	{
		myVars = new LoadVars();
		myVars.username = userName.text
		myVars.pass = userPassword.text
		myVars.action = 'login';
		myVars.sendAndLoad(php_file, myVars, 'POST');
		myVars.onLoad = function()
		{
			if(!this.error && this.user > 0)
			{
				_root.gotoAndStop('registered');
			} else {
				_root.gotoAndStop('no_registered');
			}
			userName.selectable = true;
			userPassword.selectable = true;
			loginButton.enabled = true;
		}
		userName.selectable = false;
		userPassword.selectable = false;
		loginButton.enabled = false;
	}
}

This is the backend code:

user.php

PHP Code:

<?
require_once('conf.inc.php');
require_once('functions.php');
// ---
// register new user
// ---
function register($username,$pass,$email,$question,$answer)
{
   GLOBAL $db, $table;
   $username = trim($username);
   $pass = trim($pass);
   $email = trim($email);
   $question = addslashes(trim($question));
   $answer = addslashes(trim($answer));
   $validEmail = valid_email($email);
   $validName = valid_userName($username);
   $validPass = valid_password($pass);
   if(!$validName) return "error=invalid name";
   if(!$validPass) return "error=invalid password";
   if(!$validEmail) return "error=invalid email";
   $pass = md5(trim($pass));
   // all checks ok
   $query = @mysql_query("INSERT INTO $table (userName,userPassword,userMail,userQuestion,userAnswer) VALUES "
   ."('$username','$pass','$email','$question','$answer')");
   if(!$query)
   {
      return "error=" . mysql_error();
   } else {
      return "user=ok";
   }
}

// ---
// login, check user
// ---
function login($username,$pass)
{
   GLOBAL $db,$table;
   $username = trim($username);
   $pass = md5(trim($pass));
   $query = mysql_query("SELECT * FROM $table WHERE userName = '$username' AND userPassword = '$pass'");
   return mysql_num_rows($query);
}

// ---
// forget password
// ---
function forget($email)
{
   GLOBAL $db,$table;
   $email = trim($email);
   $query = mysql_query("SELECT userName, userQuestion from $table WHERE userMail = '$email'");
   if(mysql_num_rows($query)<1)
   {
      return "error=email not present into database";
   }
   $row = mysql_fetch_array($query);
   return "userName=$row[userName]&userQuestion=" . stripslashes($row['userQuestion']);
}

// ---
// generate new password
// ---
function new_password($username,$email,$answer)
{
   GLOBAL $db,$table;
   $username = trim($username);
   $email = trim($email);
   $answer = addslashes(trim($answer));
   $query = mysql_query("SELECT * FROM $table WHERE userName = '$username' AND userMail = '$email' AND userAnswer = '$answer'");
   if(mysql_num_rows($query) < 1)
   {
      return "error=wrong answer";
   }
   $rand_string = '';
   // ---
   // generating a random 8 chars lenght password
   // ---
   for($a=0;$a<7;$a++)
   {
      do
      {
         $newrand = chr(rand(0,256));
      } while(!eregi("^[a-z0-9]$",$newrand));
      $rand_string .= $newrand;
   }
   $pwd_to_insert = md5($rand_string);
   $new_query = mysql_query("UPDATE $table SET userPassword = '$pwd_to_insert' WHERE userName = '$username' AND userMail = '$email'");
   if(!$new_query)
   {
      return "error=unable to update value";
   }
   return "userName=$username&new_pass=$rand_string";
}

// ---
// decisional switch
// ---
if(isset($HTTP_POST_VARS["action"]))
{
   switch($HTTP_POST_VARS["action"])
   {
      case "register":
         $result = register($HTTP_POST_VARS['username'],$HTTP_POST_VARS['pass'],$HTTP_POST_VARS['email'],$HTTP_POST_VARS['question'],$HTTP_POST_VARS['answer']);
         print $result;
         break;
      case "login":
         $result = login($HTTP_POST_VARS['username'],$HTTP_POST_VARS['pass']);
         print "user=" . $result;
         break;
      case "forget":
         $result = forget($HTTP_POST_VARS['email']);
         print $result;
         break;
      case "new_password":
         $result = new_password($HTTP_POST_VARS['username'],$HTTP_POST_VARS['email'],$HTTP_POST_VARS['answer']);
         print $result;
         break;
   }
}
?>

Information gathered from:http://www.sephiroth.it/tutorials/fl...tion/index.php

If anyone can help, that would be amazing. If you have anything to contribute, please post. Any reply is better than no reply.

I appreciate the help,
DaVULf

[DaVulf]

Nobody has anything to say?

[newboyoldboy]

I cannot help you with everything. However I have found this the most successful sendAndLoad application:
Your use of myVars for your reply could cause problems.

Code:

{		myVars = new LoadVars();
		MyReply= new LoadVars();
		myVars.username = userName.text
		myVars.pass = userPassword.text
		myVars.action = 'login';
		MyVars.sendAndLoad('your.php, MyReply);
		MyReply.onLoad = UpdateReply;           ///don't put brackets '()'
}
function UpdateReply(success) {
	if (success) {
		_root.Vareply = MyReply;
		
	} else {
		_root.Vareply = "Failed";
		
	}
}

[DaVulf]

Great, thanks newboy. I'll have to switch that up.

[DaVulf]

Okay, what newboy suggested has now been implemented, but although helpful (and thanks a bunch man), this does not contribute to the bulk of the problem.

As I say, I know some people on here know how to fix this, so could I please get you to help a brother out. I know I've been asky lately, but I've been swamped at work, and I don't have the time I did back when school was still in. Once I'm back at school I will have time to research all of this instead of just asking, but I need things done long before then, so I need your collective help.

I appreciate the help,
DaVuLf

[admedia]

So you want someone to come to the site. Register, then you manually confirm the registration?

[DaVulf]

That's correct.

The only people that I will confirm registration for, are people who have been pre-authorized by me giving them a registration code in person.. Similar to a CD-Key for a program.

As I explained, this is because only people who are members of the club are to have access. To be a member of the club you have to sign up on campus, and pay the club fee and I will give them the registration key.