Solved

php signup form validation error

Posted on 2011-02-19
8
792 Views
Last Modified: 2013-12-13
Hi,

I have a simple PHP signup file, but I got error. When use it on firefox 3.6, it shows errors correctly when forms filled blank. But on other browsers, it doesnt show any errors. I saw the source code on output page, it doesnt show errors text at all. I dont know why, please help me to fix it.

URL demo: http://goo.gl/tTgjw
I also attach file here, whats wrong with it?

Thank you very much
signup.txt
0
Comment
Question by:jaimehebert
  • 4
  • 2
  • 2
8 Comments
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 34933114
When you need us to see your code at EE, please post the code in the code snippet box.  Then we get line numbers, unispace font, etc.  Much easier to use and share this information.  Thanks, ~Ray
<?php
/*
Ollance Member Login v1.0
Copyright (c) 2008 Ollance.com
Website: www.ollance.com
Email:   info@ollance.com
*/

	require_once ('admin/config.php');
	include('templates/header.tpl');
?>
<body id="authentication">
<div id="wrapper">
<div id="login-navigation">		
		<a href="login.php">Login</a> or <a href="signup.php">Sign up</a>			
		</div>

<div id="content">
		  <?php include('templates/logo.tpl');?>
			<ul id="authentication-box">
				<li id="box-create">
					<p class="large-copy last">Create an account for free</p>
					
					<?php 
					$v_sbm=$_POST['sbm'];
				  
				  $connection = mysql_connect($dbhost, $dbusername, $dbpass);
				  $SelectedDB = mysql_select_db($dbname);
				  if($v_sbm=='Create Account') {
				  $v_username=$_POST['username'];
				  $v_password=$_POST['password'];
				  $v_password1=$_POST['password1'];
				  $v_name=$_POST['name'];
				  $v_email=$_POST['email'];
				  $v_address=$_POST['address'];
				  $v_city=$_POST['city'];
				  $v_state=$_POST['state'];
				  $v_zip=$_POST['zip'];
				  $v_country=$_POST['country'];
				  $v_phone=$_POST['phone'];


				  $validemail=verifyemailaddress($v_email);			
				  $g=0;
				  if(trim($v_username)=='') {
				  $err='Username field is blank.<br />';
				  $g=1;
				  }
				  if(trim($v_password)=='') {
				  $err=$err.'Password field is blank.<br />';
				  $g=1;
				  }
				  elseif(strlen($v_password) < 6 ){   
				  $err=$err.'Password is less than 6 characters.<br />';
				  $g=1;					  
				  }
				  elseif(preg_match('/[^A-Za-z0-9]/', $v_password)){
				  $err=$err.'Password contains special characters.<br />';
				  $g=1;				  
				  }    
				  elseif((trim($v_password1)=='')||($v_password<>$v_password1)) {
				  $err=$err.'Confirm password doesn\'t match.<br />';
				  $g=1;
				  }
				  if(trim($v_name)=='') {
				  $err=$err.'Name field is blank.<br />';
				  $g=1;
				  }
				  if(trim($v_email)=='') {
				  $err=$err.'Email field is blank.<br />';
				  $g=1;
				  }
				  elseif($validemail<>1) {
				  $err=$err.'Not a valid email address.<br />';
				  $g=1;
				  }  
				  //check if username already exists
				  $result=mysql_query("select uname,email from authuser");
					while($row = mysql_fetch_array($result, MYSQL_NUM)) {
					if(strtolower($row[0])==strtolower($v_username)) {$err_username="Username already exists.<br />"; $g=1; }
					elseif((strtolower($row[1])==strtolower($v_email))&&(trim($v_username)<>'')&&(trim($v_email)<>'')) {$err_email="This email address already exists.<br />"; $g=1; }
					}
				  $err=$err.$err_username.$err_email;
				  
				  if ($g==1) {
				  print "<p class=\"form-error\">$err</p>";
				  
				  }
				  
				  
				  else {		
				  	$reg_key=RandomString(7); //generate validate key 
					//$vdlink= $signup_activate."?username=".$v_username."&vcode=".$reg_key;
					//send email to member for activating account
					$result=mysql_query("select subject,contents from emailtemplates where name='signup'");
					while($row = mysql_fetch_array($result, MYSQL_NUM)) {
					$v_subject=trim($row[0]);
					$v_message=nl2br(trim($row[1]));
					}
					$subject = "$v_subject";
					$headers = "From: $v_emailfrom\r\n";
					$headers .= "MIME-Version: 1.0\r\n";
					$headers .= "Content-Type: text/html; charset=utf-8\r\n";
					$v_message = preg_replace("/\\<%username%>/","$v_username",$v_message);
					$v_message = preg_replace("/\\<%password%>/","$v_password",$v_message);
					$v_message = preg_replace("/\\<%weburl%>/","$url_root",$v_message);
					$v_message = preg_replace("/\\<%code%>/","$reg_key",$v_message);						
					//$message .=	"<br /><br /><a href=$vdlink>$vdlink</a>";			
					if (mail($v_email, $v_subject, $v_message, $headers)) {
					$enpass=base64_encode("$v_password");
					mysql_query("insert into authuser (uname,passwd,name,email,address,city,state,zip,country,phone,create_time,logincount,welcome,signup,status,reg_validate,validate_key) values ('$v_username','$enpass','$v_name','$v_email','$v_address','$v_city','$v_state','$v_zip','$v_country','$v_phone',now(),'0','1','1','0','0','$reg_key')");

					$getip=getip();
					mysql_query("insert into log (uname,ctime,ip,activity) values ('$v_username',now(),'$getip','User($v_username) signed up registration form, waiting to activate the account.')");
					mysql_close($connection);
				  	echo "<p>Your registration account has been created, please check your email to activate your account.</p></ul></div></div>";
				  	exit;
				  	}
					else {
				  	echo "<p>Fails to create registration account.</p></ul></div></div>";
					exit;
					}
				  }	
				}
					?>
					
					
					<?php include('templates/signup.tpl');?>
				</li>
				
				<li id="box-login">
					<p class="large-copy last">Benefits</p>
					
				    <p><strong>Get to Know</strong></p>
				    <p>Discover the new information that you haven't know before.</p><br />
			    
                    <p><strong>Easy to Access</strong></p>
                    <p>You simple create an account in seconds and access the valueable information.</p><br />
                    
                    <p><strong>Security</strong></p>
                    <p>Secure, quick and easy to use member area.</p>
				</li>
			</ul>
</div></div>
		  <?php include('templates/footer.tpl');?>
</body>
</html>

<?php
function verifyemailaddress($email_address)
{
	return (preg_match ("/^([a-z0-9_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]+$/i", $email_address));	
}

// function to generate random strings 
function RandomString($length=32) 
{ 
	$randstr=''; 
	srand((double)microtime()*1000000); 
	$chars = array ('1','2','3','4','5','6','7','8','9','0'); 
	for ($rand = 0; $rand <= $length; $rand++) 
		{ 
			$random = rand(0, count($chars) -1); 
			$randstr .= $chars[$random]; 
		} 
	return $randstr; 
} 


function getip() {
	if (getenv(HTTP_X_FORWARDED_FOR)) {
		$ip=getenv(HTTP_X_FORWARDED_FOR);
	}
	else {
		$ip=getenv(REMOTE_ADDR);
	}
	return $ip;
}
?>

Open in new window

0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 34933153
Wow, that "ollance" thing has some weirdness about it.  I tried this link and got a thumb-in-the-eye response.
http://ollance.com/purchase/

I'm not sure I can tell you what is wrong with the script.  It passes validation:
http://validator.w3.org/check?uri=http%3A%2F%2Fdemo.ollance.com%2Fphp-member-login%2Fsignup.php&charset=%28detect+automatically%29&doctype=Inline&group=0

I used it to create an account.  Obviously I am not willing to give it my personal information, but the process seemed to work (slowly).

If you want a registration + handshake script that you can copy and use for your application, maybe this article will be helpful:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_3939-Registration-and-Email-Confirmation-in-PHP.html
0
 
LVL 5

Accepted Solution

by:
onemadeye earned 500 total points
ID: 34933928
Try change this string on line #25
$v_sbm=$_POST['sbm'];

Open in new window

to :
$v_sbm=$_POST['sbm_x'];

Open in new window


I believe the <input type="image"... for your submit button that caused the problem.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 109

Expert Comment

by:Ray Paseur
ID: 34934133
@onemadeye, I sent the form to a script that will print out the contents of $_POST and got this back from Firefox.  It has sbm_x, sbm_y, and sbm in the POST array.

THANK YOU Sat, 19 Feb 2011 13:25:20 -0600 array(14) { ["email"]=> string(0) "" ["username"]=> string(20) "ray.paseur@gmail.com" ["password"]=> string(6) "111111" ["password1"]=> string(0) "" ["name"]=> string(0) "" ["address"]=> string(0) "" ["city"]=> string(0) "" ["state"]=> string(0) "" ["zip"]=> string(0) "" ["country"]=> string(13) "United States" ["phone"]=> string(0) "" ["sbm_x"]=> string(1) "0" ["sbm_y"]=> string(1) "0" ["sbm"]=> string(14) "Create Account" }

Next I tried it with IE8. It has sbm_x, sbm_y, but NOT sbm in the POST array.  So I think that's a good call.  The script does not work cross-browser.

THANK YOU Sat, 19 Feb 2011 13:28:43 -0600 array(13) { ["email"]=> string(0) "" ["username"]=> string(0) "" ["password"]=> string(0) "" ["password1"]=> string(0) "" ["name"]=> string(0) "" ["address"]=> string(0) "" ["city"]=> string(0) "" ["state"]=> string(0) "" ["zip"]=> string(0) "" ["country"]=> string(13) "United States" ["phone"]=> string(0) "" ["sbm_x"]=> string(2) "15" ["sbm_y"]=> string(2) "16" }

That said, however, there is so much wrong with the action script that I would never use that thing.  It does not even test to see if MySQL is working!  When I see programming like that, I run for cover.
0
 
LVL 5

Expert Comment

by:onemadeye
ID: 34934299
@Ray_Paseur:
I hope you dont mean 'me' as the 'programmer like that' ... :(
Actually I was giving the quickest solution for the guy (that I dont know much of his programming level) to make his problem solved.
I remembered I was once before solving a case similar like this .. that occurs because of the <input type="image" ...>
Me myself, actually I prefer to keep using <input type="submit" ...> and apply css on it to add image background .. and also something like this for the IF condition :
if (array_key_exists('submitform', $_POST)) { .. (which later I found out is more cross-browser friendly too).
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 34934448
No, onemadeye, I was not being at all critical of you for catching the cross-browser differences, and I completely agree about using type="submit" instead of an image.  I was talking about the script that the Asker posted with this question.  Some of the issues might include (but not be limited to)...

1. Coding standards - failure to indent and align control structures in any meaningful way.
2. Intermixed PHP and HTML - no separation of code and presentation layer.
3. External functions called without any test to see if they worked (lines 27, 28, 95, 111, 114 and maybe others).
4. The function on line 150 (as if we needed another wrong  REGEX for email addresses).
5. The function on line 156 which can generate the same string without detecting the duplicate.
6. The use of the wrong constant on line 171 (See http://www.php.net/manual/en/function.getenv.php#25024) - a known defect since 2002.
7. The use of email to send a password.
8. The less-than-worthless use of base64-encode to "obscure" a password.
9. The awkward compound statements (lines near 80, 81).
10. The use of un-escaped data in queries.
11. The use of numbered indexes when named indexes are readily available.
12. Failure to use error_reporting(E_ALL) -- which would have caused the undefined index sbm to trigger a notice, saving our Asker a lot of time and frustration.

Taken together these issues are almost certain to guarantee that catastrophe is not left to chance.  It will arrive in the form of a phase-of-the-moon bug when the data base gets destroyed.  
0
 

Author Comment

by:jaimehebert
ID: 34935579
oh, yes, its about the button. I have just fixed it. I changed it to a normal button, it works now :)

Thank you very much
0
 

Author Closing Comment

by:jaimehebert
ID: 34935585
oh, yes, its about the button. I have just fixed it. I changed it to a normal button, it works now :)

Thank you very much
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question