Registration System
Overview
The registration system allows new users to create accounts with unique usernames, email addresses, and mobile numbers. It includes security features such as password hashing and input validation.
Features
- User registration with unique identifiers
- Password hashing for security
- Input validation
- Duplicate entry prevention
- Session management
- Responsive design
- Client-side password validation
Registration Process
User Input Fields
- Username (must be unique)
- Email address (must be unique)
- Mobile number (must be unique)
- Password (minimum 5 characters)
Validation Rules
Username Validation
- Must be unique in the system
- No special requirements for format
Email Validation
- Must be unique in the system
- Must be a valid email format
- HTML5 email validation applied
Mobile Number Validation
- Must be unique in the system
- Maximum length of 16 characters
- Required field
Password Requirements
- Minimum length: 5 characters
- Client-side validation enforced
- Server-side hashing using PHP's password_hash()
Security Features
Password Security
php
// Password hashing using PHP's secure hashing
$hashed_password = password_hash($raw_password, PASSWORD_DEFAULT);Input Validation
- Server-side validation for duplicate entries
- Client-side validation for password length
- HTML5 form validation for email format
- XSS prevention using htmlspecialchars
Database Security
- Prepared statements to prevent SQL injection
- Parameterized queries for all database operations
Error Handling
Implementation Overview
The registration system implements a comprehensive error handling system that covers both server-side and client-side validation. Here's the detailed implementation:
1. Server-Side Error Handling
Error Message Initialization
php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$error_message = '';- Enables strict MySQL error reporting
- Initializes error message variable
Duplicate Entry Validation
php
// Username uniqueness check
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$error_message = "Username is already taken.";
} else {
// Email uniqueness check
$stmt = $conn->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$error_message = "Email is already registered.";
} else {
// Mobile number uniqueness check
$stmt = $conn->prepare("SELECT * FROM users WHERE mobile = ?");
$stmt->bind_param("s", $mobile);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$error_message = "mobile number is already registered.";
}
}
}- Sequential validation checks
- Prepared statements for security
- Specific error messages for each case
Database Error Handling
php
$stmt = $conn->prepare("INSERT INTO users (username, email, mobile, password) VALUES (?, ?, ?, ?)");
if ($stmt === false) {
die("Error preparing statement: " . $conn->error);
}
if (!$stmt->execute()) {
$error_message = "Error executing statement: " . $stmt->error;
}- Checks for statement preparation failures
- Handles execution errors
- Provides specific error messages
2. Client-Side Error Handling
Form Validation
html
<form action="" method="POST">
<input name="username" type="text" value="<?php echo isset($link) ? htmlspecialchars($link, ENT_QUOTES, 'UTF-8') : ''; ?>" placeholder="Username">
<input name="email" type="email" placeholder="Email" required>
<input name="mobile" type="tel" placeholder="Mobile Number" maxlength="16" required>
<input name="password" type="password" placeholder="Password" minlength="5" required>
<button type="submit">Create Account</button>
</form>- HTML5 validation attributes
- Required field validation
- Input type validation
- Maximum length constraints
JavaScript Password Validation
javascript
document.querySelector('form').addEventListener('submit', function(event) {
var password = document.querySelector('input[name="password"]').value;
if (password.length < 5) {
event.preventDefault();
alert('Password must be at least 5 characters long.');
}
});- Real-time password length validation
- Form submission prevention
- User feedback via alert
3. Error Display
Error Message Styling
html
<style>
.error-message {
color: red;
font-size: 14px;
margin: 10px 0;
}
</style>- Clear visual feedback
- Consistent styling
- Prominent placement
Secure Error Display
php
<?php if (!empty($error_message)): ?>
<div class="error-message">
<?php echo htmlspecialchars($error_message, ENT_QUOTES, 'UTF-8'); ?>
</div>
<?php endif; ?>- XSS prevention using htmlspecialchars
- Conditional display
- UTF-8 encoding
Error Handling Flow
Client-Side Validation
- HTML5 form validation
- JavaScript password validation
- Immediate user feedback
Server-Side Validation
- Duplicate entry checks
- Database error handling
- Prepared statement validation
Error Response
- Clear error messages
- Form data preservation
- Secure error display
Security Measures
- Input sanitization
- SQL injection prevention
- XSS prevention
Best Practices Implemented
Input Validation
- Server-side validation
- Client-side validation
- Required field checks
Security
- Prepared statements
- Password hashing
- Error message sanitization
User Experience
- Clear error messages
- Form data persistence
- Immediate feedback
UI/UX Features
- Responsive design
- Clear error messaging
- Password strength validation
- Easy navigation to login page
- Modern form styling
Code Structure
Form Structure
html
<form action="" method="POST">
<input name="username" type="text" placeholder="Username">
<input name="email" type="email" placeholder="Email" required>
<input name="mobile" type="tel" placeholder="Mobile Number" maxlength="16" required>
<input name="password" type="password" placeholder="Password" minlength="5" required>
<button type="submit">Create Account</button>
</form>Database Integration
- Uses prepared statements for security
- Checks for duplicate entries before insertion
- Handles database connection errors
Success Flow
- User submits registration form
- System validates input data
- Checks for duplicate entries
- Hashes password
- Stores user data in database
- Creates user session
- Redirects to admin dashboard
Error Flow
- User submits invalid/duplicate data
- System catches validation errors
- Displays appropriate error message
- Maintains form data for correction
- Allows user to resubmit
Related Files
register.php- Main registration logicstyle_forms.css- Registration form stylingconfig.php- Database configurationlogin.php- Login system integration
Registration System Documentation
Overview
The registration system (register.php) implements a secure user registration process with validation, error handling, and security features.
Implementation Details
Session and Initial Setup
php
session_start();
if (isset($_SESSION['username'])) {
header("Location: admin/index.php");
exit;
}
require_once "admin/config.php";
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);- Initializes PHP session
- Redirects logged-in users to dashboard
- Includes database configuration
- Enables strict MySQL error reporting
Form Data Processing
php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$raw_password = $_POST['password'];
$hashed_password = password_hash($raw_password, PASSWORD_DEFAULT);- Validates POST request method
- Captures form data:
- Username
- Mobile number
- Password
- Securely hashes password using PHP's built-in function
Validation Process
1. Username Validation
php
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$error_message = "Username is already taken.";
}- Checks for username uniqueness
- Uses prepared statements for security
- Returns error if username exists
2. Email Validation
php
$stmt = $conn->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$error_message = "Email is already registered.";
}- Verifies email uniqueness
- Prevents duplicate email registrations
3. Mobile Number Validation
php
$stmt = $conn->prepare("SELECT * FROM users WHERE mobile = ?");
$stmt->bind_param("s", $mobile);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$error_message = "mobile number is already registered.";
}- Checks for unique mobile numbers
- Prevents multiple accounts with same mobile
User Creation Process
php
$stmt = $conn->prepare("INSERT INTO users (username, email, mobile, password) VALUES (?, ?, ?, ?)");
$stmt->bind_param("ssss", $username, $email, $mobile, $hashed_password);
if ($stmt->execute()) {
$_SESSION['username'] = $username;
$_SESSION['role'] = $row['role'];
header("Location: admin/index.php");
exit;
}- Inserts new user into database
- Sets session variables on success
- Redirects to dashboard
Security Features
SQL Injection Prevention
- Uses prepared statements throughout
- Parameters properly bound
- Input sanitization
Password Security
- Secure password hashing
- Minimum length validation
- Client-side length validation
XSS Prevention
phphtmlspecialchars($error_message, ENT_QUOTES, 'UTF-8')- Proper escaping of output
- Secure form handling
Data Validation
- Unique username check
- Unique email check
- Unique mobile check
- Password length requirements
User Interface Elements
The registration form includes:
- Username field (pre-fillable via URL parameter)
- Email field with type validation
- Mobile number field with length restriction
- Password field with minimum length
- Error message display
- Login link for existing users
Client-Side Validation
javascript
document.querySelector('form').addEventListener('submit', function(event) {
var password = document.querySelector('input[name="password"]').value;
if (password.length < 5) {
event.preventDefault();
alert('Password must be at least 5 characters long.');
}
});- Password length validation
- Form submission prevention
- User feedback
Registration Interface
The registration form with username, email, mobile, and password fields
Related Components
- Login system
- User profile management
- Session handling
- Database schema