Solved

php signup form validation error

Posted on 2011-02-19
8
785 Views
Last Modified: 2013-12-13
Hi,

I have a simple PHP signup file, but I got error. When use it on firefox 3.6, it shows errors correctly when forms filled blank. But on other browsers, it doesnt show any errors. I saw the source code on output page, it doesnt show errors text at all. I dont know why, please help me to fix it.

URL demo: http://goo.gl/tTgjw
I also attach file here, whats wrong with it?

Thank you very much
signup.txt
0
Comment
Question by:jaimehebert
  • 4
  • 2
  • 2
8 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
When you need us to see your code at EE, please post the code in the code snippet box.  Then we get line numbers, unispace font, etc.  Much easier to use and share this information.  Thanks, ~Ray
<?php
/*
Ollance Member Login v1.0
Copyright (c) 2008 Ollance.com
Website: www.ollance.com
Email:   info@ollance.com
*/

	require_once ('admin/config.php');
	include('templates/header.tpl');
?>
<body id="authentication">
<div id="wrapper">
<div id="login-navigation">		
		<a href="login.php">Login</a> or <a href="signup.php">Sign up</a>			
		</div>

<div id="content">
		  <?php include('templates/logo.tpl');?>
			<ul id="authentication-box">
				<li id="box-create">
					<p class="large-copy last">Create an account for free</p>
					
					<?php 
					$v_sbm=$_POST['sbm'];
				  
				  $connection = mysql_connect($dbhost, $dbusername, $dbpass);
				  $SelectedDB = mysql_select_db($dbname);
				  if($v_sbm=='Create Account') {
				  $v_username=$_POST['username'];
				  $v_password=$_POST['password'];
				  $v_password1=$_POST['password1'];
				  $v_name=$_POST['name'];
				  $v_email=$_POST['email'];
				  $v_address=$_POST['address'];
				  $v_city=$_POST['city'];
				  $v_state=$_POST['state'];
				  $v_zip=$_POST['zip'];
				  $v_country=$_POST['country'];
				  $v_phone=$_POST['phone'];


				  $validemail=verifyemailaddress($v_email);			
				  $g=0;
				  if(trim($v_username)=='') {
				  $err='Username field is blank.<br />';
				  $g=1;
				  }
				  if(trim($v_password)=='') {
				  $err=$err.'Password field is blank.<br />';
				  $g=1;
				  }
				  elseif(strlen($v_password) < 6 ){   
				  $err=$err.'Password is less than 6 characters.<br />';
				  $g=1;					  
				  }
				  elseif(preg_match('/[^A-Za-z0-9]/', $v_password)){
				  $err=$err.'Password contains special characters.<br />';
				  $g=1;				  
				  }    
				  elseif((trim($v_password1)=='')||($v_password<>$v_password1)) {
				  $err=$err.'Confirm password doesn\'t match.<br />';
				  $g=1;
				  }
				  if(trim($v_name)=='') {
				  $err=$err.'Name field is blank.<br />';
				  $g=1;
				  }
				  if(trim($v_email)=='') {
				  $err=$err.'Email field is blank.<br />';
				  $g=1;
				  }
				  elseif($validemail<>1) {
				  $err=$err.'Not a valid email address.<br />';
				  $g=1;
				  }  
				  //check if username already exists
				  $result=mysql_query("select uname,email from authuser");
					while($row = mysql_fetch_array($result, MYSQL_NUM)) {
					if(strtolower($row[0])==strtolower($v_username)) {$err_username="Username already exists.<br />"; $g=1; }
					elseif((strtolower($row[1])==strtolower($v_email))&&(trim($v_username)<>'')&&(trim($v_email)<>'')) {$err_email="This email address already exists.<br />"; $g=1; }
					}
				  $err=$err.$err_username.$err_email;
				  
				  if ($g==1) {
				  print "<p class=\"form-error\">$err</p>";
				  
				  }
				  
				  
				  else {		
				  	$reg_key=RandomString(7); //generate validate key 
					//$vdlink= $signup_activate."?username=".$v_username."&vcode=".$reg_key;
					//send email to member for activating account
					$result=mysql_query("select subject,contents from emailtemplates where name='signup'");
					while($row = mysql_fetch_array($result, MYSQL_NUM)) {
					$v_subject=trim($row[0]);
					$v_message=nl2br(trim($row[1]));
					}
					$subject = "$v_subject";
					$headers = "From: $v_emailfrom\r\n";
					$headers .= "MIME-Version: 1.0\r\n";
					$headers .= "Content-Type: text/html; charset=utf-8\r\n";
					$v_message = preg_replace("/\\<%username%>/","$v_username",$v_message);
					$v_message = preg_replace("/\\<%password%>/","$v_password",$v_message);
					$v_message = preg_replace("/\\<%weburl%>/","$url_root",$v_message);
					$v_message = preg_replace("/\\<%code%>/","$reg_key",$v_message);						
					//$message .=	"<br /><br /><a href=$vdlink>$vdlink</a>";			
					if (mail($v_email, $v_subject, $v_message, $headers)) {
					$enpass=base64_encode("$v_password");
					mysql_query("insert into authuser (uname,passwd,name,email,address,city,state,zip,country,phone,create_time,logincount,welcome,signup,status,reg_validate,validate_key) values ('$v_username','$enpass','$v_name','$v_email','$v_address','$v_city','$v_state','$v_zip','$v_country','$v_phone',now(),'0','1','1','0','0','$reg_key')");

					$getip=getip();
					mysql_query("insert into log (uname,ctime,ip,activity) values ('$v_username',now(),'$getip','User($v_username) signed up registration form, waiting to activate the account.')");
					mysql_close($connection);
				  	echo "<p>Your registration account has been created, please check your email to activate your account.</p></ul></div></div>";
				  	exit;
				  	}
					else {
				  	echo "<p>Fails to create registration account.</p></ul></div></div>";
					exit;
					}
				  }	
				}
					?>
					
					
					<?php include('templates/signup.tpl');?>
				</li>
				
				<li id="box-login">
					<p class="large-copy last">Benefits</p>
					
				    <p><strong>Get to Know</strong></p>
				    <p>Discover the new information that you haven't know before.</p><br />
			    
                    <p><strong>Easy to Access</strong></p>
                    <p>You simple create an account in seconds and access the valueable information.</p><br />
                    
                    <p><strong>Security</strong></p>
                    <p>Secure, quick and easy to use member area.</p>
				</li>
			</ul>
</div></div>
		  <?php include('templates/footer.tpl');?>
</body>
</html>

<?php
function verifyemailaddress($email_address)
{
	return (preg_match ("/^([a-z0-9_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]+$/i", $email_address));	
}

// function to generate random strings 
function RandomString($length=32) 
{ 
	$randstr=''; 
	srand((double)microtime()*1000000); 
	$chars = array ('1','2','3','4','5','6','7','8','9','0'); 
	for ($rand = 0; $rand <= $length; $rand++) 
		{ 
			$random = rand(0, count($chars) -1); 
			$randstr .= $chars[$random]; 
		} 
	return $randstr; 
} 


function getip() {
	if (getenv(HTTP_X_FORWARDED_FOR)) {
		$ip=getenv(HTTP_X_FORWARDED_FOR);
	}
	else {
		$ip=getenv(REMOTE_ADDR);
	}
	return $ip;
}
?>

Open in new window

0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Wow, that "ollance" thing has some weirdness about it.  I tried this link and got a thumb-in-the-eye response.
http://ollance.com/purchase/

I'm not sure I can tell you what is wrong with the script.  It passes validation:
http://validator.w3.org/check?uri=http%3A%2F%2Fdemo.ollance.com%2Fphp-member-login%2Fsignup.php&charset=%28detect+automatically%29&doctype=Inline&group=0

I used it to create an account.  Obviously I am not willing to give it my personal information, but the process seemed to work (slowly).

If you want a registration + handshake script that you can copy and use for your application, maybe this article will be helpful:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_3939-Registration-and-Email-Confirmation-in-PHP.html
0
 
LVL 5

Accepted Solution

by:
onemadeye earned 500 total points
Comment Utility
Try change this string on line #25
$v_sbm=$_POST['sbm'];

Open in new window

to :
$v_sbm=$_POST['sbm_x'];

Open in new window


I believe the <input type="image"... for your submit button that caused the problem.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
@onemadeye, I sent the form to a script that will print out the contents of $_POST and got this back from Firefox.  It has sbm_x, sbm_y, and sbm in the POST array.

THANK YOU Sat, 19 Feb 2011 13:25:20 -0600 array(14) { ["email"]=> string(0) "" ["username"]=> string(20) "ray.paseur@gmail.com" ["password"]=> string(6) "111111" ["password1"]=> string(0) "" ["name"]=> string(0) "" ["address"]=> string(0) "" ["city"]=> string(0) "" ["state"]=> string(0) "" ["zip"]=> string(0) "" ["country"]=> string(13) "United States" ["phone"]=> string(0) "" ["sbm_x"]=> string(1) "0" ["sbm_y"]=> string(1) "0" ["sbm"]=> string(14) "Create Account" }

Next I tried it with IE8. It has sbm_x, sbm_y, but NOT sbm in the POST array.  So I think that's a good call.  The script does not work cross-browser.

THANK YOU Sat, 19 Feb 2011 13:28:43 -0600 array(13) { ["email"]=> string(0) "" ["username"]=> string(0) "" ["password"]=> string(0) "" ["password1"]=> string(0) "" ["name"]=> string(0) "" ["address"]=> string(0) "" ["city"]=> string(0) "" ["state"]=> string(0) "" ["zip"]=> string(0) "" ["country"]=> string(13) "United States" ["phone"]=> string(0) "" ["sbm_x"]=> string(2) "15" ["sbm_y"]=> string(2) "16" }

That said, however, there is so much wrong with the action script that I would never use that thing.  It does not even test to see if MySQL is working!  When I see programming like that, I run for cover.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 5

Expert Comment

by:onemadeye
Comment Utility
@Ray_Paseur:
I hope you dont mean 'me' as the 'programmer like that' ... :(
Actually I was giving the quickest solution for the guy (that I dont know much of his programming level) to make his problem solved.
I remembered I was once before solving a case similar like this .. that occurs because of the <input type="image" ...>
Me myself, actually I prefer to keep using <input type="submit" ...> and apply css on it to add image background .. and also something like this for the IF condition :
if (array_key_exists('submitform', $_POST)) { .. (which later I found out is more cross-browser friendly too).
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
No, onemadeye, I was not being at all critical of you for catching the cross-browser differences, and I completely agree about using type="submit" instead of an image.  I was talking about the script that the Asker posted with this question.  Some of the issues might include (but not be limited to)...

1. Coding standards - failure to indent and align control structures in any meaningful way.
2. Intermixed PHP and HTML - no separation of code and presentation layer.
3. External functions called without any test to see if they worked (lines 27, 28, 95, 111, 114 and maybe others).
4. The function on line 150 (as if we needed another wrong  REGEX for email addresses).
5. The function on line 156 which can generate the same string without detecting the duplicate.
6. The use of the wrong constant on line 171 (See http://www.php.net/manual/en/function.getenv.php#25024) - a known defect since 2002.
7. The use of email to send a password.
8. The less-than-worthless use of base64-encode to "obscure" a password.
9. The awkward compound statements (lines near 80, 81).
10. The use of un-escaped data in queries.
11. The use of numbered indexes when named indexes are readily available.
12. Failure to use error_reporting(E_ALL) -- which would have caused the undefined index sbm to trigger a notice, saving our Asker a lot of time and frustration.

Taken together these issues are almost certain to guarantee that catastrophe is not left to chance.  It will arrive in the form of a phase-of-the-moon bug when the data base gets destroyed.  
0
 

Author Comment

by:jaimehebert
Comment Utility
oh, yes, its about the button. I have just fixed it. I changed it to a normal button, it works now :)

Thank you very much
0
 

Author Closing Comment

by:jaimehebert
Comment Utility
oh, yes, its about the button. I have just fixed it. I changed it to a normal button, it works now :)

Thank you very much
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
.htaccess file settings 4 31
php documentation 4 19
File Upload Control on a ASP.NET Overlay Page 1 19
modify h2 4 8
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now