Registration form

H.R.H_The_Duke_of_Bi · August 14, 2016, 2:32pm

I am creating a social app and wanted to know when the user clicks register how to send the info into the database . I am using 000webhost as my database . I know the network.request code I have works because I tried it before but I don’t exactly know where to put it and make it work . Can someone help me make everything work properly ? I already wrote the php code on 000webhost . I would really appreciate it .

register.lua

local composer = require( "composer" ) local scene = composer.newScene() local widget = require("widget") local function handleButtonEvent( event ) if ( "ended" == event.phase ) then networkListener end end network.request("http://web.web.com", "GET", function (e) end) local function networkListener( event ) if ( event.isError ) then print( "Network error: ", event.response ) else end end local function loginLink( event ) if ( "ended" == event.phase ) then composer.gotoScene("login") end end function scene:create(event) local screenGroup = self.view display.setDefault("background", 0, 3, 5) local icon = display.newImage("icon\_opt.png", 160, 70) screenGroup:insert(icon) local username = native.newTextField( 160, 200, 180, 30 ) username.placeholder = "Username" screenGroup:insert(username) local password = native.newTextField( 160, 260,180, 30 ) password.isSecure = true password.placeholder = "Password" screenGroup:insert(password) local email = native.newTextField( 160, 320, 180, 30 ) email.placeholder = "E-mail" screenGroup:insert(email) local Button = widget.newButton( { shape = "roundedRect", left = 70, top = 360, id = "Register", label = "Register", onEvent = handleButtonEvent } ) screenGroup:insert(Button) local Button2 = widget.newButton( { left = 70, top = 440, id = "Loginhere", label = "Login here", onEvent = loginLink } ) screenGroup:insert(Button2) end function scene:show(event) end function scene:hide(event) end function scene:destroy(event) end scene:addEventListener("create", scene) scene:addEventListener("show", scene) scene:addEventListener("hide", scene) scene:addEventListener("destroy", scene) return scene

network.request

network.request("http://web.web.com", "GET", function (e) end) local function networkListener( event ) if ( event.isError ) then print( "Network error: ", event.response ) else end end

ldurniat · August 14, 2016, 3:14pm

Check out these links

Corona SDK – Saving player score on server using PHP

https://arekzb.wordpress.com/2012/04/27/corona-sdk-saving-player-score-on-server-using-php/

Saving JSON from web to SQL Database

https://forums.coronalabs.com/topic/58690-saving-json-from-web-to-sql-database/

YouTube - Downloading JSON data from MySQL to Corona SDK

In this tutorial Dr. Burton explains how to connect to a remote database through php, convert the data to JSON and pass to a mobile app using Corona SDK. The data is then saved to a local SQLite database.

https://www.youtube.com/watch?v=iIeJEBQYA10

H.R.H_The_Duke_of_Bi · August 14, 2016, 4:09pm

That kind of helped but I honestly think I don’t know what I’m doing . If I post what I have will you be able to tell me if i"m going down the right path

rob · August 14, 2016, 7:49pm

You have several things going on. Most importantly you’re network code isn’t working. But before you get there, you have to understand the work flow.

You have two buttons: one labeled “Register” and executes a function called “handleButtonEvent” when pressed. I’m assuming this function should take the values of username, password and email and do something to create a new user on the web server for this person.

The second button “Login” tries to go to a new scene called “login”.

It would help to understand what you want to happen each time one of these buttons are pressed, then the community can help straighten out the code.

Next is security. How well do you know PHP and MySQL to write the server scripts? Have you thought about how you intend to secure the user’s data? Login/Password credentials need to be well secured and how you secure things on the server impacts how you write the Corona code to match.

Rob

H.R.H_The_Duke_of_Bi · August 14, 2016, 8:09pm

When the user clicks the register button the users info will go to the database I have setup . The login here button takes the user to a page where they can sign up . That works properly . But I need help with the registration button . When I first tried my network code it worked but It wasn’t using the url I have now , it was example.com and it outputed what was on the website which was good . But when the user signs up and if its successful I want them to go to the page and login . Can you help Me with this ?

rob · August 14, 2016, 9:32pm

Maybe something like:

-- forward declare the text fields local username local password local email local function urlencode(str) if (str) then str = string.gsub (str, "\n", "\r\n") str = string.gsub (str, "([^%w])", function (c) return string.format ("%%%02X", string.byte(c)) end) str = string.gsub (str, " ", "+") end return str end local function networkListener( event ) if ( event.isError ) then print( "Network error: ", event.response ) else print( event.response ) end end local function handleButtonEvent( event ) if ( "ended" == event.phase ) then local URL = "http://web.web.com/yourscript.php?username=" .. urlencode( username.text ) .. "&password=" .. urlencode(password.text) .. "&email=" .. urlencode( email.text ) network.request(URL, "GET", networkListener) end end local function loginLink( event ) if ( "ended" == event.phase ) then composer.gotoScene("login") end end function scene:create(event) local screenGroup = self.view display.setDefault("background", 0, 3, 5) local icon = display.newImage("icon\_opt.png", 160, 70) screenGroup:insert(icon) username = native.newTextField( 160, 200, 180, 30 ) -- take the local off since it's forward declared username.placeholder = "Username" screenGroup:insert(username) password = native.newTextField( 160, 260,180, 30 ) -- take the local off since it's forward declared password.isSecure = true password.placeholder = "Password" screenGroup:insert(password) email = native.newTextField( 160, 320, 180, 30 ) -- take the local off since it's forward declared email.placeholder = "E-mail" screenGroup:insert(email) -- rest of your code

Now there are still major concerns with this. First of all, you’re access http:// which is not secure. This script as I have it written will transmit the password in the clear and anyone snooping on your network will be easily able to grab the username and password. THIS IS INCREDIBLY INSECURE.

How can you secure it?

Don’t use obvious keys like “username”, “password” and "email
Base64 encode the data before you transmit it and your script needs to know to base64 decode it. If you base64 encode it, you won’t need to URL encode it which is a benefit.
Use https:// instead of http://. Your server must be set up to run SSL but at least the data is encrypted during its transmission to the server.

A more secure version of this, would be:

-- forward declare the text fields local mime = require("mime") local username local password local email local function networkListener( event ) if ( event.isError ) then print( "Network error: ", event.response ) else print( event.response ) end end local function handleButtonEvent( event ) if ( "ended" == event.phase ) then local URL = "https://web.web.com/yourscript.php?a=" .. mime.b64( username.text ) .. "&b=" .. mime.b64(password.text) .. "&c=" .. mime.b64( email.text ) network.request(URL, "GET", networkListener) end end local function loginLink( event ) if ( "ended" == event.phase ) then composer.gotoScene("login") end end function scene:create(event) local screenGroup = self.view display.setDefault("background", 0, 3, 5) local icon = display.newImage("icon\_opt.png", 160, 70) screenGroup:insert(icon) username = native.newTextField( 160, 200, 180, 30 ) -- take the local off since it's forward declared username.placeholder = "Username" screenGroup:insert(username) password = native.newTextField( 160, 260,180, 30 ) -- take the local off since it's forward declared password.isSecure = true password.placeholder = "Password" screenGroup:insert(password) email = native.newTextField( 160, 320, 180, 30 ) -- take the local off since it's forward declared email.placeholder = "E-mail" screenGroup:insert(email) -- rest of your code

But this assumes you have control over your script that’s going to handle the input and store the data into a database and you can use https://. Here I used keys: a, b and c and all the data has been base64 encoded. On the server side if you’re using PHP it would be something like:

\<?php $username = mysqli\_real\_escape\_string( base64\_decode( $\_GET["a"]) ); $password = mysqli\_real\_escape\_string( base64\_decode( $\_GET["b"]) ); $email = mysqli\_real\_escape\_string( base64\_decode( $\_GET["c"]) ); // rest of&nbsp; your script echo "Success" // or whatever you want to communicate back to the Corona App as event.response. ?\>

Now this could be even more secure by making sure you only store the password in a one way encryption such as an MD5 hash. The server should add some additional text to the password (called a salt) before it’s hashed. Then when the user logs in, you pass in the password from the user, salt it, hash it and then compare to what’s in the database. You should never store user passwords in clear text. And MD5 is considered minimal security. An SHA hash with larger encryption keys is more secure. Most hackers can bust an MD5 hash pretty quickly these days. That’s why adding a salt string is important.

If you don’t have control over the server script, then you will have to make your URL, key-value pairs, encoding match what the server expects.

Rob

H.R.H_The_Duke_of_Bi · August 14, 2016, 9:49pm

when I click register nothing happens

H.R.H_The_Duke_of_Bi · August 14, 2016, 9:54pm

never mind I think I know what to do

H.R.H_The_Duke_of_Bi · August 14, 2016, 10:17pm

Is this code good ?

\<?php include("db.php"); if (isset($\_POST['submit'])) { if ($\_POST['password'] == $\_POST['password2']) { $username = $\_POST['username']; $pw = $\_POST['password']; $email = $\_POST['email']; // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySql here to find the $username and // bring out result of find in $username\_result $result = mysqli\_query($conn ,"SELECT \* FROM users WHERE username='$username' AND email='$email'"); if(mysqli\_num\_rows($result) \> 0) { echo "User exist"; } else { // it is not in use so put it in $pw = password\_hash($pw, PASSWORD\_BCRYPT, array('cost' =\> 12)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$email')"; if(mysqli\_query($conn, $sql)){ // if insert checked as successful echo username and password saved successfully echo"Your user was created. \<a href= login.php\>Click here to login \</a\>\<br /\>"; }else{ echo "Sorry something went wrong, \<a href= signup.php\>Try again\</a\>\<br /\>"; // and send them back to registration page } } }else{ echo "The passwords do not match. \<a href= signup.php\>Try again\</a\>\<br /\>"; // and send them back to registration page } } ?\>

Scott_Harrison · August 14, 2016, 10:20pm

You should check out coronium:

forums.coronalabs.com/topic/64888-release-coronium-ls-123-beta/

coronium.cloud

coronium.io

H.R.H_The_Duke_of_Bi · August 14, 2016, 10:32pm

I like the way i’m doing it now

rob · August 14, 2016, 10:36pm

First the PHP script is using HTTP POST not HTTP GET. The code I provide above assumes you’re doing GET. Your network.request() call has to match your server’s script methods. network.request() can use POST, but you have to restructure the call to use a table for the body parameters rather than passing them on the URL.

Your script only requested the password once. On new registration’s you should have two password fields. The PHP script expects two passwords. You should also validate the passwords on the local device before sending them.

I’ve not used password_hash() so I’m not sure how secure it is, but it seems better than a clear text password. The script outputs HTML which is great for a website. You might want to consider JSON output which will work better with your Corona App.

But the script is a minimalist user registration script.

Rob

H.R.H_The_Duke_of_Bi · August 14, 2016, 10:44pm

 $username = $\_POST["username"]; $password = $\_POST["password"]; $statement = mysqli\_prepare($con, "INSERT INTO users (username, password, email) VALUES (?, ?, ?)"); $password = password\_hash($password, PASSWORD\_BCRYPT, array('cost' =\> 12)); mysqli\_stmt\_bind\_param($statement, "sss", $username, $password, $email); mysqli\_stmt\_execute($statement); $response = array(); $response["success"] = true; print\_r(json\_encode($response));

Is this better

rob · August 14, 2016, 10:50pm

You’re still using POST, which is okay if you change Corona to use POST.

You’ve removed the check to make sure that username/email doesn’t already exist.

You’ve removed the check to validate the password with the second copy of the password.

You are not sanitizing the input using mysqli_real_escape_string

And you’re potentially passing the password in the clear if this isn’t an https:// service.

But just looking at the code, the basics are there.

Rob

H.R.H_The_Duke_of_Bi · August 14, 2016, 11:12pm

when I was using the code to check if the username doesn’t exists on my website , it didn’t work .

H.R.H_The_Duke_of_Bi · August 14, 2016, 11:41pm

Nothing happens when I click the register button

rob · August 14, 2016, 11:49pm

You will need to post both your lua code and your PHP code.

H.R.H_The_Duke_of_Bi · August 15, 2016, 12:43am

register.php :

 if (isset($\_POST['register'])) { if ($\_POST['password'] == $\_POST['password2']) { $username = $\_POST['username']; $password = $\_POST['password']; $email = $\_POST['email']; // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySqli here to find the $username and // bring out result of find in $username\_result $result = mysqli\_query($con ,"SELECT \* FROM users WHERE username='$username' AND email='$email'"); if(mysqli\_num\_rows($result) \> 0) { echo "User exist"; } else { // it is not in use so put it in $pw = password\_hash($pw, PASSWORD\_BCRYPT, array('cost' =\> 12)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$email')"; if(mysqli\_query($conn, $sql)){ // if insert checked as successful echo username and password saved successfully echo"Your user was created. \<a href= login.php\>Click here to login \</a\>\<br /\>"; }else{ echo "Sorry something went wrong, \<a href= signup.php\>Try again\</a\>\<br /\>"; // and send them back to registration page } } }else{ echo "The passwords do not match. \<a href= signup.php\>Try again\</a\>\<br /\>"; // and send them back to registration page } }

register.lua :

local composer = require( "composer" ) local scene = composer.newScene() local widget = require("widget") -- forward declare the text fields local mime = require("mime") local username local password local email local function networkListener( event ) if ( event.isError ) then print( "Network error: ", event.response ) else print( event.response ) end end local function handleButtonEvent( event ) if ( "ended" == event.phase ) then local URL = "https://web.web.com/register.php?a=" .. mime.b64( username.text ) .. "&b=" .. mime.b64(password.text) .. "&c=" .. mime.b64( email.text ) network.request(URL, "POST", networkListener) composer.gotoScene("login") else print( "Something went wrong.") end end local function loginLink( event ) if ( "ended" == event.phase ) then composer.gotoScene("login") end end function scene:create(event) local screenGroup = self.view display.setDefault("background", 0, 3, 5) local icon = display.newImage("web\_opt.png", 160, 70) screenGroup:insert(icon) username = native.newTextField( 160, 200, 180, 30 ) -- take the local off since it's forward declared username.placeholder = "Username" screenGroup:insert(username) password = native.newTextField( 160, 250,180, 30 ) -- take the local off since it's forward declared password.isSecure = true password.placeholder = "Password" screenGroup:insert(password) password2 = native.newTextField( 160, 300,180, 30 ) -- take the local off since it's forward declared password2.isSecure = true password2.placeholder = "Confirm Password" screenGroup:insert(password2) email = native.newTextField( 160, 350, 180, 30 ) -- take the local off since it's forward declared email.placeholder = "E-mail" screenGroup:insert(email) local Button = widget.newButton( { shape = "roundedRect", left = 70, top = 400, id = "Register", label = "Register", onEvent = userRegister } ) screenGroup:insert(Button) local Button2 = widget.newButton( { left = 70, top = 460, id = "Loginhere", label = "Login here", onEvent = loginLink } ) screenGroup:insert(Button2) end function scene:show(event) end function scene:hide(event) end function scene:destroy(event) end scene:addEventListener("create", scene) scene:addEventListener("show", scene) scene:addEventListener("hide", scene) scene:addEventListener("destroy", scene) return scene

rob · August 15, 2016, 12:54am

Your lua code won’t work with your PHP code.

You changed your network.request() to “POST”, but you didn’t change the parameters. There is an example of using POST on the docs page for network.request(). Honestly it may be easier to adapt your PHP script to GET instead of POST.

Next, you’re still trying to use my suggestion of key-value pairs named “a”, “b”, “c”, but your PHP script is looking for “username”, “password”, “password”, and “email”. The parameters have to match. You’re also not passing password2 in either.

For security I suggested using base64 encoding, which you are doing on the Corona side, but you never base64 decode on the PHP side.

Rob

H.R.H_The_Duke_of_Bi · August 15, 2016, 1:06am

But I think that if I change from post to get I wouldn’t understand anything i’m doing and it would be a lot of changing