Building Browsergames - Latest Comments in Building Browsergames: The Registration Page (PHP)

Re: Building Browsergames: The Registration Page (PHP)

bbgames — Thu, 24 Sep 2009 15:54:03 -0000

This code is supposed to be getting saved *into* register.php - where are
you saving it? If you're saving it somewhere else you'll want to adjust the
name of the script your form is POSTing to as well.

Re: Building Browsergames: The Registration Page (PHP)

Michael — Thu, 24 Sep 2009 13:17:00 -0000

whats about the page register.php you are posting the registration data to?
if i run this code and fill in the registration form, after clicking at "register!" theres an error, because page register.php doesnt exist

Re: Building Browsergames: The Registration Page (PHP)

horsesforsale — Fri, 11 Sep 2009 03:55:07 -0000

Thanks for the guideline of creating browsergame. I was looking for it. I have successfully followed the first six steps. But I couldn’t create the INSERT query. I have checked the code several times. I have exactly follow what you have written. But it just didn’t work. Can you please help me to find out the error?

Re: Building Browsergames: The Registration Page (PHP)

HughCompton — Tue, 14 Jul 2009 14:13:12 -0000

Here is a picture of what The PHP Admin screen looks like.

http://yfrog.com/5sphpadminp

I clicked on User Priviliges so thats why its Orange (I think).

Re: Building Browsergames: The Registration Page (PHP)

HughCompton — Tue, 14 Jul 2009 14:05:01 -0000

I don't understand where I shoulkd input the SQl you have posted. I signed up to a free package with PHP My Admin support and thats all set up but i dont know where to input what you have posted.

Please Help

Re: Building Browsergames: The Registration Page (PHP)

bbgames — Thu, 23 Apr 2009 22:23:24 -0000

If you're getting that error, it means that something is wrong with your
connection to MySQL - double check the values that you passed to
mysql_connect.

Re: Building Browsergames: The Registration Page (PHP)

Gradient — Thu, 23 Apr 2009 21:25:08 -0000

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/a8891953/public_html/register.php on line 15

That is what I get when trying to register.

Re: Building Browsergames: The Registration Page (PHP)

bbgames — Mon, 12 Jan 2009 23:30:18 -0000

Thanks for the heads-up, Graham!

Re: Building Browsergames: The Registration Page (PHP)

Graham — Mon, 12 Jan 2009 21:31:42 -0000

use SHA1 instead of MD5. Event with Salts, MD5 is still vulnerable to collision attacks, and should not be used for security purposes.

Re: Building Browsergames: The Registration Page (PHP)

bbgames — Sun, 13 Jul 2008 00:52:46 -0000

Hi John, and thanks for the tips!

I wasn't aware that md5's were vulnerable to rainbow tables - thanks for pointing that out. I'll be sure to write a follow-up post as soon as possible clearing up why you should be doing more than just md5ing your data.

Re: Building Browsergames: The Registration Page (PHP)

John Munsch — Sat, 12 Jul 2008 23:59:02 -0000

The MD5 hash doesn't actually protect you if someone were able to dump your table of users or gain access to the database in some fashion.

That's because there exist large hash dictionaries available to hackers which have every word in the dictionary and all common names already pre-hashed using common hashes like MD5. The hacker can search through the list of hashed user passwords for matches in the hash dictionary and then consult the dictionary whenever there is a match to see what word or name was used as the original (unhashed) password. It won't allow them access to accounts where people used strong passwords, but think how many people use the name of a spouse or a common word as a password.

That's why you usually use MD5 in combination with a random "salt" value. You take the user's password (e.g. porcupine), you prepend a randomly generated number or string (e.g. 352) and then MD5 hash that (e.g. 352porcupine => 'alaskdf5...') saving both the randomly generated number and the hash. Then whenever the user submits a password you again prepend the same salt value in front of it and see if it hashes to the same value again. The random value in front of each and every password stored then makes the hash dictionary useless.