Here is a function I am making to handle user registration for a new project. Take a look at the else statement, think it will do the trick? All comment’s are private to not publicly expose hack-a-able errors. Let me know, thanks.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | function doRegistration() { if($this->validation->run() == FALSE) { $this->load->view('regform'); } else { if(!$_POST) { /** * We should never get here, this means that * someone tried to access the page without * filling out the form, signs of a usual hack * attempt. We should deny access at this point * or perhaps implement a 3 strike ban system * based on IP address */ $this->load->view('regform'); } else { $email = $_POST['email']; $pass = $_POST['password']; $date = date("m.d.y"); /** * $id is generated using the following: * Month Day Hour Minute Second * IE: If it is June 18th 2008 at 11:53:33 AM the ID is: * 06182008115333 (14 characters). This virtually eliminates * the chances that two people will have duplicate ID's. * What are the chances two people will access the site to register at * the EXACT time down to the milisecond? Not likely. */ $id = date("mdyais"); $sql = "SELECT * FROM some_table WHERE email = ?"; $query = $this->db->query($sql, array('$email')); if($query->num_rows() > 0) { // We have a existing entry for that email address, not good. // Kick back an error page. } else { $data = array('id' => '', 'email' => $email, 'pass' => $pass, 'date' => $date); $str = $this->db->insert_string('accounts', $data); $query = $this->db->query($str); } } // end if !$_POST } } // end doRegistration |