H
Hank
Guest
my field validations didn't work with registration in PHP!! Please help
Main code loginregister.php :
<?php require_once("session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php require_once("includes/connection.php"); ?>
<link href="stylesheets/main.css" rel="stylesheet" media="all" type="text/css" />
<?php confirm_logged_in(); ?>
<?php
//REGISTERING ACCOUNT
// Start Form Processing
if (isset($_POST['submit'])) {
// Form has been submitted.
$errors = array();
//perform validations on the form data
$required_fields = array('username', 'password');
$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
$fields_with_lengths = array('username' =>30, 'password' => 30);
$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
//field clean up
$username = trim(mysql_prep($_POST['username']));
$password = trim(mysql_prep($_POST['password']));
$hashed_password = sha1($password);
if (empty($errors)) {
$query = "INSERT INTO users (
username, hashed_password
) VALUES (
'$username', '$hashed_password'
)";
$result = mysql_query($query, $connection);
if ($result) {
$message = "The user was successfully created.";
} else {
$message = "The user could not be created.";
$message .= "<br />" . mysql_error();
}}
else {
$error_message = "The number of errors in the form is: " . count($errors);
}
}
else {// form has not been submitted.
$username = "";
$password = "";
}
?>
<?php require_once("includes/header.php"); ?>
<div id="login_register">
<h2>Create New User</h2>
<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
<?php if (!empty($errors)) { display_errors($errors); } ?>
<div id="form_register">
<form action="loginregister.php" method="post">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
</tr>
<tr>
<td id="submit_button" colspan="2"><input type="submit" name="submit" value="Register" /></td>
</tr>
</table>
</form>
</div>
functions: <?php
function redirect_to($location=NULL) {
if ($location !=NULL) {
header("Location: {$location}");
exit;
}
}
?>
<?php
function check_required_fields($required_array) {
$field_errors = array();
foreach($required_array as $fieldname) {
if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) && $_POST[$fieldname] != 0)) {
$field_errors[] = $fieldname;
}
}
return $field_errors;
}
?>
<?php
function check_max_field_lengths($field_length_array) {
$field_errors = array();
foreach($field_length_array as $fieldname => $maxlength ) {
if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) { $field_errors[] = $fieldname; }
}
return $field_errors;
}
?>
<?php
function mysql_prep($value) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
if( $new_enough_php ) { // PHP v4.3.0 or higher
// undo any magic quote effects so mysql_real_escape_string can do the work
if( $magic_quotes_active ) { $value = stripslashes( $value ); }
$value = mysql_real_escape_string( $value );
} else { // before PHP v4.3.0
// if magic quotes aren't already on then add slashes manually
if( !$magic_quotes_active ) { $value = addslashes( $value ); }
// if magic quotes are active, then the slashes already exist
}
return $value;
}
?>
I spend 3 hours building this piece and eventually, it allows me to create users/passwords but the validations didn't work. I can type in blanks in both fields and it will say "registration successful" and insert a blank username into my database with a hashed password of the blank password.
Can someone please help me.
Thank you
Main code loginregister.php :
<?php require_once("session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php require_once("includes/connection.php"); ?>
<link href="stylesheets/main.css" rel="stylesheet" media="all" type="text/css" />
<?php confirm_logged_in(); ?>
<?php
//REGISTERING ACCOUNT
// Start Form Processing
if (isset($_POST['submit'])) {
// Form has been submitted.
$errors = array();
//perform validations on the form data
$required_fields = array('username', 'password');
$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
$fields_with_lengths = array('username' =>30, 'password' => 30);
$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
//field clean up
$username = trim(mysql_prep($_POST['username']));
$password = trim(mysql_prep($_POST['password']));
$hashed_password = sha1($password);
if (empty($errors)) {
$query = "INSERT INTO users (
username, hashed_password
) VALUES (
'$username', '$hashed_password'
)";
$result = mysql_query($query, $connection);
if ($result) {
$message = "The user was successfully created.";
} else {
$message = "The user could not be created.";
$message .= "<br />" . mysql_error();
}}
else {
$error_message = "The number of errors in the form is: " . count($errors);
}
}
else {// form has not been submitted.
$username = "";
$password = "";
}
?>
<?php require_once("includes/header.php"); ?>
<div id="login_register">
<h2>Create New User</h2>
<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
<?php if (!empty($errors)) { display_errors($errors); } ?>
<div id="form_register">
<form action="loginregister.php" method="post">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
</tr>
<tr>
<td id="submit_button" colspan="2"><input type="submit" name="submit" value="Register" /></td>
</tr>
</table>
</form>
</div>
functions: <?php
function redirect_to($location=NULL) {
if ($location !=NULL) {
header("Location: {$location}");
exit;
}
}
?>
<?php
function check_required_fields($required_array) {
$field_errors = array();
foreach($required_array as $fieldname) {
if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) && $_POST[$fieldname] != 0)) {
$field_errors[] = $fieldname;
}
}
return $field_errors;
}
?>
<?php
function check_max_field_lengths($field_length_array) {
$field_errors = array();
foreach($field_length_array as $fieldname => $maxlength ) {
if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) { $field_errors[] = $fieldname; }
}
return $field_errors;
}
?>
<?php
function mysql_prep($value) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
if( $new_enough_php ) { // PHP v4.3.0 or higher
// undo any magic quote effects so mysql_real_escape_string can do the work
if( $magic_quotes_active ) { $value = stripslashes( $value ); }
$value = mysql_real_escape_string( $value );
} else { // before PHP v4.3.0
// if magic quotes aren't already on then add slashes manually
if( !$magic_quotes_active ) { $value = addslashes( $value ); }
// if magic quotes are active, then the slashes already exist
}
return $value;
}
?>
I spend 3 hours building this piece and eventually, it allows me to create users/passwords but the validations didn't work. I can type in blanks in both fields and it will say "registration successful" and insert a blank username into my database with a hashed password of the blank password.
Can someone please help me.
Thank you