Double password during register

https://stackoverflow.com/questions/20597284

02-09-2022
|

Question

I am working on a register and login page for a quiz game that i am making in PHP. I currently have the basics covered, but i im looking to make the registration with like a password check (double password) and also when the user enters the password i would like it to be covered and at the moment the password shows what the user is entering, can someone help me out with this, below is code i am working with:

<?PHP

if (isset($_POST['submit']))
{

  $username = $_POST['username'];
  $password = $_POST['password'];

  $file = file_get_contents("data.txt");
  if(!strstr($file, "$username||$password"))
  {
    print '<script> alert ("Sorry! You have entered a Invalid Username or Password.");   window.location="index.php"; </script>';
  }
  if(empty($username))
  {
    print '<script> alert ("Sorry! You have entered a Invalid Username or Password."); window.location="index.php"; </script>';
  }
  else
  {
    header("Location: /home.php");
  }
}
?>
<!doctype html>
<html>
<head>
  <title>Index</title>
</head>
<body>
<div id="container" style="width:500px; height:500px; border: 2px solid black;  margin:auto">

  <?php include "header.php"; ?>

  <div id="content" style="background-color:#EEEEEE; width:500px; height:400px; float: left">
    <br>
    <form  align="center" method="post" action="index.php" >
      Username:
      <input type="text" name="username" />
      <br/>
      <br/>
      Password:
      <input type="text" name="password" />
      <br/>
      <br/>
      <input type="submit" value="Login" name="submit"/>
      <input type="button" value="Register" onclick="document.location='registration.php'" />
    </form>
  </div>

  <?php include "footer.php"; ?>

</div>
</body>
</html>

and Register

<div align="center">
  <?PHP

  if (isset($_POST['submit']))
  {

    $username = $_POST['username'];
    $password = $_POST['password'];

    $file = file_get_contents("data.txt");
    $string = "$username||$password";
    if(!strstr($file, "$string"))
    {
      $myFile = "data.txt";
      $fh = fopen($myFile, 'a') or die("can't open file");
      $stringData = "$username||$password\n";
      fwrite($fh, $stringData);
      print '<script> alert ("Registration Complete"); window.location="index.php"; </script>';
      fclose($fh);
    }
    else
    {

      echo "Sorry the username: <b>$username</b> is already registered. Please use diferent  username.";

    }
  }

  ?>
</div>
<!doctype html>
<html>
<head>
  <title>Registration</title>
</head>
<body>
<div id="container" style="width:500px; height:500px; border: 2px solid black; margin:auto">

  <?php include "header.php"; ?>

  <div id="content" style="background-color:#EEEEEE; width:500px; height:400px; float: left">
    <br>
    <form align="center" method="post" action="registration.php" >
      Username:
      <input type="text" name="username" />
      <br/>
      <br/>
      Password:
      <input type="text" name="password" />
      <br/>
      <br/>
      <input type="submit" value="Register" name="submit" />
    </form>
  </div>

  <?php include "footer.php"; ?>

</div>
</body>
</html>

I am using flat file database to store the information.

Solution

First, to make your password field look like a password you need to change its type to password instead of text, so type="text" becomes type="password", you also need to add another password field and change its name so you could confirm it.

<form  align="center" method="post" action="index.php" >
  Username:
  <input type="text" name="username" />
  <br/>
  <br/>
  Password:
  <input type="password" name="password" />
  <br/>
  <br/>
  Password (Confirmation):
  <input type="password" name="password2" />
  <br/>
  <br/>
  <input type="submit" value="Login" name="submit"/>
  <input type="button" value="Register" onclick="document.location='registration.php'" />
</form>

Then at register, you need to grab the values sent in the request and compare them to each other(password and password2), if they're equal let the user continue, if they're not display an error message

<?PHP

if (isset($_POST['submit']))
{

  $username = $_POST['username'];
  $password = $_POST['password'];
  $password2 = $_POST['password2'];
  if($password != $password2) die('Passwords do not match');
  $file = file_get_contents("data.txt");
  $string = "$username||$password";
  if(!strstr($file, "$string"))
  {
    $myFile = "data.txt";
    $fh = fopen($myFile, 'a') or die("can't open file");
    $stringData = "$username||$password\n";
    fwrite($fh, $stringData);
    print '<script> alert ("Registration Complete"); window.location="index.php";    </script>';
    fclose($fh);
  }
  else
  {
    echo "Sorry the username: <b>$username</b> is already registered. Please use diferent  username.";

  }
}

?>

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow