Hello,

I used your RegistrationForm codebase to create a secure web application for a business I started. It was necessary, and desirable, for me to greatly increase the degree of security. I have attempted to endow the "vanilla" site you provided with the security improvements of my site.

I would like for this more secure version to be merged so that in the future when people start a site with the RegistrationForm code they can more easily secure it, and start with a higher level of protection for their users.

I fully welcome your feedback and the issues you take with the code's current state.

Hi there bluehost has updated to php 7.3 and now my website is broken. Please can you tell me if your php code is compatible with php 7.3? If not, what should I do to make it compatible? Thank you in advance!!! P.S. I really really appreciate and love your registration form code!!!

I was trying to use this code with my mongoDB and got an error:

Fatal error: Call to undefined function MongoClient_connect() in /var/www/html/include/fg_membersite.php on line 733

I wondered if there is a version of this RegistrationForm for MongoDB or if anyone can help me change it from mysql to mongo.

thanks alot for offering this good script, but I got issue which is the confirmation email to continue the registration didnt receive. I dont know why but may be because I use localhost??

Selecting forgot password ---> email sent successful. Clicking on email confirmation link ---> the following is displayed:

Warning: uniqid() expects at least 1 parameter, 0 given in /home/content/s/l/a/slanguilla/html/ProofingPlace/registration/source/include/fg_membersite.php on line 411

Password is Reset Successfully Your new password is sent to your email address.

----- end -----

line 411: $new_password = substr(md5(uniqid()),0,10);

change to: $new_password = substr(md5(uniqid(rand())),0,10);

I noticed you made an update to password security, however it's nowhere near as secure as it should be. You should be using something meant for password hashing, like PBKDF2, rather than doing some random combination of salting, md5, and sha1. The point of using something meant for password hashing is so that it takes a long time to calculate the hashes. Here's a php script that has everything you need, https://crackstation.net/source/password-hashing/PasswordHash.php and a tutorial explaining general password security and the reasoning behind each part https://crackstation.net/hashing-security.htm

I know you are trying hard and your registration form is a great concept... however you have multiple errors through out you Html Form Guide website and your include scripts fg_membersite.php and formvalidator.php.

Firstly in reference to your website........ http://www.html-form-guide.com/php-form/php-registration-form.html

ERROR 1 - under the heading "The database table structure"................ function CreateTable() { $qry = "Create Table $this->tablename (". "id_user INT NOT NULL AUTO_INCREMENT ,". "name VARCHAR( 128 ) NOT NULL ,". "email VARCHAR( 64 ) NOT NULL ,". "phone_number VARCHAR( 16 ) NOT NULL ,". ?????????????? etc etc

why is phone_number in Create Table when under the heading "Inserting the registration to the table" you have ........ $insert_query = 'insert into '.$this->tablename.'( name, email, username, password, confirmcode ) values ( "' . $this->SanitizeForSQL($formvars['name']) . '", "' . $this->SanitizeForSQL($formvars['email']) . '", "' . $this->SanitizeForSQL($formvars['username']) . '", "' . md5($formvars['password']) . '", "' . $confirmcode . '" )';
Question: where is the phone number going to be inserted... OBVIOUSLY nowhere! This code will insert the username data into the phone number field in the Created TABLE... thats if you know how SQL works... sequential inputs dude!! This coding will output data in wrong fields in your MySQL database... so maybe have a look at that. Also under the heading "The registration form"...... you dont even have a phone field in your form to input your phone number?????

ERROR 2 - your SQL syntax is shockingly coded in fg_membersite.php...... anywhere there is $qry .... you have inconsistent coding with uppercase and lowercase operators... For example... operators such as Update - set - where - and - from............. SHOULD BE UPPERCASE CONSISTENTLY LIKE SO...... Example Update should be UPDATE, Set should be SET, Where should be WHERE, from should be FROM and and should be AND.....

ERROR 3 - Online 103 in fg_membersite.php...... Should there be a space before and after the operand || .. or should there Not be a any spaces??? your code ...... if(empty($_GET['code'])||strlen($_GET['code'])<=10)................... should be .......if(empty($_GET['code']) || strlen($_GET['code']) <=10) because line 756 shows similar coding... however once again inconsistent, ......................if(!$result || mysql_num_rows($result) <= 0) SO QUESTION... what is the right way of doing such coding... Should there BE or should there NOT be a any spaces??????

ERROR 4 - Online 806 in fg_membersite.php......there are spaces once again... should there BE or NOT be spaces...... your code ...... if(!mysql_query( $insert_query ,$this->connection)) should be ....... if(!mysql_query($insert_query,$this->connection))

ERROR 5 - Confirmuser "code" is buggy.... you have multiple instances refering to confirmcode in a lot of different places... sometimes the database will put a 'y' in the confirmcode field or will put the 32 full characters code into the field... this causes problems for users logging in and also not receiving their confirmation emails.... if they dont get their confirmation emails and click the confirm link they will not be able to log on... if the database does put the UPDATE and SET confirmcode='y' the form works brilliantly... however once again if it puts in the long confirm code then the whole script is stuffed!! I recommend maybe looking at a different way of coding and confirming the new user registrant.

ERROR 6 - throughout Formvalidator.php ..... inconsistent coding... for example... you have $bret=true and $bret = true everywhere throughout code...... you have $bret=false and $bret = false everywhere throughout code......

on lines 261,265, 276 for example and lines 376, 378, 455, 464, 487, 497 coding is spread over multiple lines................. should have whatever in the brackets included all on the one line..... with parentheses doing that is ok...however...wait theres more.... on line 205 there is NO $max_len next to $variable_name like you have with min_len on line 220

ERROR 7 - most of your html and php pages that come with the script have inconsistent coding as well.... for example single and double quotes throughout your HTML code... Upper and lowercase attributes... should validate your webpages at w3c before posting to be downloadable...

ERROR 8 - all webpages are not HTML5 compliant and Mobile freindly.. you have to change all the head code and meta tags etc

ERROR 9 - CSS conflicts - If someone wants to implement these webpages in a Bootstrap environment they will have to change the container class in the fg_membersite.css file. In change-pwd.php .... login.php .... confirm.php and reset-pwd-req.php for example you have < div class="container" > ........ wrapping the form inputs. The ID reference to the class you have in the css file ( #fg_membersite .container) conflicts with Bootstraps container class. Form input fields will expand to 100% of the page etc., basically stuffing up the form layout etc. The fix for that is to just change the container class in the fg_membersite.css file.. Change ........ #fg_membersite .container to .................. #fg_membersite .containernewword so change all the div fields in the html and php webpages .... change < div class="container" > to < div class="containernewword" > no more conflicts with Bootstrap CSS.container class. (Dont change the bootstrap container code in their framework or webpages... just the ones wrapping the form fields in change-pwd.php etc etc from HTML FORM Guide).

Looking at your forum postings in both register form and form validator there seems to be nothing but problems with all the users downloading your scripts..... from deprecated code to basic not receiving certain info or PHP notices Undefining scripts..... as you most probably know with JavaScript there are things like JShint that recommends to fix code and tidy up the code.... Im not sure if there is a PHP complier that will check PHP code syntax errors etc.... but now i am looking for one so i can run it against code that people like yourself put up online to test to see if whether to implement someone else's buggy coding on my website.

Recommend to validate all of your script and pages before making them downloadable or getting people to buy your Simfactic form builder... have a nice day!

After I try registrating it says Fatal error: Uncaught Error: Call to undefined function mysql_connect() in /storage/ssd1/349/9719349/public_html/RegistrationForm-master/RegistrationForm-master/source/include/fg_membersite.php:773 Stack trace: #0 /storage/ssd1/349/9719349/public_html/RegistrationForm-master/RegistrationForm-master/source/include/fg_membersite.php(729): FGMembersite->DBLogin() #1 /storage/ssd1/349/9719349/public_html/RegistrationForm-master/RegistrationForm-master/source/include/fg_membersite.php(86): FGMembersite->SaveToDatabase(Array) #2 /storage/ssd1/349/9719349/public_html/RegistrationForm-master/RegistrationForm-master/source/register.php(6): FGMembersite->RegisterUser() #3 {main} thrown in /storage/ssd1/349/9719349/public_html/RegistrationForm-master/RegistrationForm-master/source/include/fg_membersite.php on line 773

Hi Nice Job, Actually I am new to php, however I downloaded the files and try to use it with wordpress all errors I have been able to correct but when I test the register it automatically redirects me to index.php without creating the user. Meanwhile if I try it without wordpress it works but emails are not sent and also login does not work.

May be you have Ideas on how to make this work. especially on wordpress,

Thanks.

I am getting the above error whenever I try to run any form and my database login and password is correct.

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'a2211478_admin'@'localhost' (using password: YES) in /home/a2211478/public_html/registration_files/include/fg_membersite.php on line 773

see here for your self: http://mybitreturns.net23.net/registration_files/index.html

please send replies to E-Mail: [email protected]

hi guys great script, im facing the issue i cannot recieve email confirmation, email is not sending, is updated in the db but i get no email sending, im using gmail and followed all instructions yet nothing