Hi,
I am trying to complete a membership registration script however the email part allows for any email address to be entered such as “emailmehere” instead of “emailme@here.com”
Can anyone advise how can ensure only a correct format email address is entered
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if (!$email)
{
$error = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com';
}
<?php
$_SESSION['userLoggedIn'] = 0;
$_SESSION['userEmail'] = '';
$_SESSION['userID'] = '';
// Reset errors and success messages
$errors = array();
$success = array();
// Login attempt
if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
{
$loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
$loginPassword = trim($_POST['password']);
if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)
{
$errors['loginPassword'] = 'Your password must be between 6-12 characters.';
}
if(count($errors) === 0)
{
$query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . mysql_real_escape_string($loginPassword) . '") LIMIT 1';
$result = mysql_query($query);
if (!$result)
{
die('Invalid query: ' . mysql_error());
}
if(mysql_num_rows($result) === 1)
{
$row = mysql_fetch_assoc($result);
$_SESSION['userLoggedIn'] = 1;
$_SESSION['userEmail'] = $loginEmail;
$_SESSION['userID'] = $row['id'];
header('Location: index.php');
exit;
} else {
$errors['login'] = 'No user was found with the details provided.';
}
}
}
/*
The rest of your login page code
*/
// Reset errors and success messages
$errors = array();
$success = array();
// Login attempt
if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){
$loginEmail = trim($_POST['email']);
$loginPassword = trim($_POST['password']);
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if (!$email)
{
$error = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com';
}
if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)
$errors['loginPassword'] = 'Your password must be between 6-12 characters.';
if(!$errors){
$query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . $loginPassword . '") LIMIT 1';
$result = mysql_query($query);
if(mysql_num_rows($result) == 1){
$user = mysql_fetch_assoc($result);
$query = 'UPDATE users SET session_id = "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1';
mysql_query($query);
header('Location: index.php');
exit;
}else{
$errors['login'] = 'No user was found with the details provided.';
}
}
}
// Register attempt
if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
$firstname = mysql_real_escape_string(trim($_POST['firstname']));
$surname = mysql_real_escape_string(trim($_POST['surname']));
$registerEmail = trim($_POST['email']);
$registerPassword = trim($_POST['password']);
$registerConfirmPassword = trim($_POST['confirmPassword']);
if(!isset($firstname) || empty($firstname)) {
$errors['firstname'] = "Please enter your First Name.";
}
if(!isset($surname) || empty($surname)) {
$errors['surname'] = "Please enter your Surname.";
}
if ($loginEmail === false)
{
$errors['loginEmail'] = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com';
}
if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)
$errors['registerPassword'] = 'Your password must be between 6-12 characters.';
if($password != $confirmPassword && !$error) {
$error = "The passwords you entered did not match.";
}
$Email = filter_var($_POST['registerEmail'], FILTER_VALIDATE_EMAIL);
if (!registerEmail)
{
$errors['registerEmail'] = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com';
}
if($registerPassword != $registerConfirmPassword)
$errors['registerConfirmPassword'] = 'Your passwords did not match.';
// Check to see if we have a user registered with this email address already
if(!$errors){
$query = "INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), NOW())";
$result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error
if($result){
$success['register'] = 'Thank you for registering. You can now log in on the left.';
}else{
$errors['register'] = 'There was a problem registering you. Please check your details and try again.';
}
}
}
$query = mysql_query("SELECT id FROM users WHERE email = '".$email."' LIMIT 1");
if(mysql_num_rows($query) > 0 && !$error) {
$error = "Sorry, that email is already in use!";
}
if(!$error) {
$query = mysql_query("INSERT INTO users (email) VALUES ('".$password."', '".$password."', '".mysql_real_escape_string(md5($password))."', '".$email."')");
if($query) {
$message = "Hello ".$_POST['email'].",\\r\
\\r\
Thanks for registering with .com! We hope you enjoy your stay.\\r\
\\r\
Many Thanks,\\r\
.com";
$headers = "From: ".$website['name']." <".$website['email'].">\\r\
";
mail($_POST['email'], "Welcome", $message, $headers);
setcookie("user", mysql_insert_id(), $time);
setcookie("pass", mysql_real_escape_string(md5($password)), $time);
header("Location: users.php");
} else {
$error = "There was a problem with the registration. Please try again.";
}
}
?>