Solved

php signup form validation error

Posted on 2011-02-19
8
787 Views
Last Modified: 2013-12-13
Hi,

I have a simple PHP signup file, but I got error. When use it on firefox 3.6, it shows errors correctly when forms filled blank. But on other browsers, it doesnt show any errors. I saw the source code on output page, it doesnt show errors text at all. I dont know why, please help me to fix it.

URL demo: http://goo.gl/tTgjw
I also attach file here, whats wrong with it?

Thank you very much
signup.txt
0
Comment
Question by:jaimehebert
  • 4
  • 2
  • 2
8 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34933114
When you need us to see your code at EE, please post the code in the code snippet box.  Then we get line numbers, unispace font, etc.  Much easier to use and share this information.  Thanks, ~Ray
<?php
/*
Ollance Member Login v1.0
Copyright (c) 2008 Ollance.com
Website: www.ollance.com
Email:   info@ollance.com
*/

	require_once ('admin/config.php');
	include('templates/header.tpl');
?>
<body id="authentication">
<div id="wrapper">
<div id="login-navigation">		
		<a href="login.php">Login</a> or <a href="signup.php">Sign up</a>			
		</div>

<div id="content">
		  <?php include('templates/logo.tpl');?>
			<ul id="authentication-box">
				<li id="box-create">
					<p class="large-copy last">Create an account for free</p>
					
					<?php 
					$v_sbm=$_POST['sbm'];
				  
				  $connection = mysql_connect($dbhost, $dbusername, $dbpass);
				  $SelectedDB = mysql_select_db($dbname);
				  if($v_sbm=='Create Account') {
				  $v_username=$_POST['username'];
				  $v_password=$_POST['password'];
				  $v_password1=$_POST['password1'];
				  $v_name=$_POST['name'];
				  $v_email=$_POST['email'];
				  $v_address=$_POST['address'];
				  $v_city=$_POST['city'];
				  $v_state=$_POST['state'];
				  $v_zip=$_POST['zip'];
				  $v_country=$_POST['country'];
				  $v_phone=$_POST['phone'];


				  $validemail=verifyemailaddress($v_email);			
				  $g=0;
				  if(trim($v_username)=='') {
				  $err='Username field is blank.<br />';
				  $g=1;
				  }
				  if(trim($v_password)=='') {
				  $err=$err.'Password field is blank.<br />';
				  $g=1;
				  }
				  elseif(strlen($v_password) < 6 ){   
				  $err=$err.'Password is less than 6 characters.<br />';
				  $g=1;					  
				  }
				  elseif(preg_match('/[^A-Za-z0-9]/', $v_password)){
				  $err=$err.'Password contains special characters.<br />';
				  $g=1;				  
				  }    
				  elseif((trim($v_password1)=='')||($v_password<>$v_password1)) {
				  $err=$err.'Confirm password doesn\'t match.<br />';
				  $g=1;
				  }
				  if(trim($v_name)=='') {
				  $err=$err.'Name field is blank.<br />';
				  $g=1;
				  }
				  if(trim($v_email)=='') {
				  $err=$err.'Email field is blank.<br />';
				  $g=1;
				  }
				  elseif($validemail<>1) {
				  $err=$err.'Not a valid email address.<br />';
				  $g=1;
				  }  
				  //check if username already exists
				  $result=mysql_query("select uname,email from authuser");
					while($row = mysql_fetch_array($result, MYSQL_NUM)) {
					if(strtolower($row[0])==strtolower($v_username)) {$err_username="Username already exists.<br />"; $g=1; }
					elseif((strtolower($row[1])==strtolower($v_email))&&(trim($v_username)<>'')&&(trim($v_email)<>'')) {$err_email="This email address already exists.<br />"; $g=1; }
					}
				  $err=$err.$err_username.$err_email;
				  
				  if ($g==1) {
				  print "<p class=\"form-error\">$err</p>";
				  
				  }
				  
				  
				  else {		
				  	$reg_key=RandomString(7); //generate validate key 
					//$vdlink= $signup_activate."?username=".$v_username."&vcode=".$reg_key;
					//send email to member for activating account
					$result=mysql_query("select subject,contents from emailtemplates where name='signup'");
					while($row = mysql_fetch_array($result, MYSQL_NUM)) {
					$v_subject=trim($row[0]);
					$v_message=nl2br(trim($row[1]));
					}
					$subject = "$v_subject";
					$headers = "From: $v_emailfrom\r\n";
					$headers .= "MIME-Version: 1.0\r\n";
					$headers .= "Content-Type: text/html; charset=utf-8\r\n";
					$v_message = preg_replace("/\\<%username%>/","$v_username",$v_message);
					$v_message = preg_replace("/\\<%password%>/","$v_password",$v_message);
					$v_message = preg_replace("/\\<%weburl%>/","$url_root",$v_message);
					$v_message = preg_replace("/\\<%code%>/","$reg_key",$v_message);						
					//$message .=	"<br /><br /><a href=$vdlink>$vdlink</a>";			
					if (mail($v_email, $v_subject, $v_message, $headers)) {
					$enpass=base64_encode("$v_password");
					mysql_query("insert into authuser (uname,passwd,name,email,address,city,state,zip,country,phone,create_time,logincount,welcome,signup,status,reg_validate,validate_key) values ('$v_username','$enpass','$v_name','$v_email','$v_address','$v_city','$v_state','$v_zip','$v_country','$v_phone',now(),'0','1','1','0','0','$reg_key')");

					$getip=getip();
					mysql_query("insert into log (uname,ctime,ip,activity) values ('$v_username',now(),'$getip','User($v_username) signed up registration form, waiting to activate the account.')");
					mysql_close($connection);
				  	echo "<p>Your registration account has been created, please check your email to activate your account.</p></ul></div></div>";
				  	exit;
				  	}
					else {
				  	echo "<p>Fails to create registration account.</p></ul></div></div>";
					exit;
					}
				  }	
				}
					?>
					
					
					<?php include('templates/signup.tpl');?>
				</li>
				
				<li id="box-login">
					<p class="large-copy last">Benefits</p>
					
				    <p><strong>Get to Know</strong></p>
				    <p>Discover the new information that you haven't know before.</p><br />
			    
                    <p><strong>Easy to Access</strong></p>
                    <p>You simple create an account in seconds and access the valueable information.</p><br />
                    
                    <p><strong>Security</strong></p>
                    <p>Secure, quick and easy to use member area.</p>
				</li>
			</ul>
</div></div>
		  <?php include('templates/footer.tpl');?>
</body>
</html>

<?php
function verifyemailaddress($email_address)
{
	return (preg_match ("/^([a-z0-9_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]+$/i", $email_address));	
}

// function to generate random strings 
function RandomString($length=32) 
{ 
	$randstr=''; 
	srand((double)microtime()*1000000); 
	$chars = array ('1','2','3','4','5','6','7','8','9','0'); 
	for ($rand = 0; $rand <= $length; $rand++) 
		{ 
			$random = rand(0, count($chars) -1); 
			$randstr .= $chars[$random]; 
		} 
	return $randstr; 
} 


function getip() {
	if (getenv(HTTP_X_FORWARDED_FOR)) {
		$ip=getenv(HTTP_X_FORWARDED_FOR);
	}
	else {
		$ip=getenv(REMOTE_ADDR);
	}
	return $ip;
}
?>

Open in new window

0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34933153
Wow, that "ollance" thing has some weirdness about it.  I tried this link and got a thumb-in-the-eye response.
http://ollance.com/purchase/

I'm not sure I can tell you what is wrong with the script.  It passes validation:
http://validator.w3.org/check?uri=http%3A%2F%2Fdemo.ollance.com%2Fphp-member-login%2Fsignup.php&charset=%28detect+automatically%29&doctype=Inline&group=0

I used it to create an account.  Obviously I am not willing to give it my personal information, but the process seemed to work (slowly).

If you want a registration + handshake script that you can copy and use for your application, maybe this article will be helpful:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_3939-Registration-and-Email-Confirmation-in-PHP.html
0
 
LVL 5

Accepted Solution

by:
onemadeye earned 500 total points
ID: 34933928
Try change this string on line #25
$v_sbm=$_POST['sbm'];

Open in new window

to :
$v_sbm=$_POST['sbm_x'];

Open in new window


I believe the <input type="image"... for your submit button that caused the problem.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34934133
@onemadeye, I sent the form to a script that will print out the contents of $_POST and got this back from Firefox.  It has sbm_x, sbm_y, and sbm in the POST array.

THANK YOU Sat, 19 Feb 2011 13:25:20 -0600 array(14) { ["email"]=> string(0) "" ["username"]=> string(20) "ray.paseur@gmail.com" ["password"]=> string(6) "111111" ["password1"]=> string(0) "" ["name"]=> string(0) "" ["address"]=> string(0) "" ["city"]=> string(0) "" ["state"]=> string(0) "" ["zip"]=> string(0) "" ["country"]=> string(13) "United States" ["phone"]=> string(0) "" ["sbm_x"]=> string(1) "0" ["sbm_y"]=> string(1) "0" ["sbm"]=> string(14) "Create Account" }

Next I tried it with IE8. It has sbm_x, sbm_y, but NOT sbm in the POST array.  So I think that's a good call.  The script does not work cross-browser.

THANK YOU Sat, 19 Feb 2011 13:28:43 -0600 array(13) { ["email"]=> string(0) "" ["username"]=> string(0) "" ["password"]=> string(0) "" ["password1"]=> string(0) "" ["name"]=> string(0) "" ["address"]=> string(0) "" ["city"]=> string(0) "" ["state"]=> string(0) "" ["zip"]=> string(0) "" ["country"]=> string(13) "United States" ["phone"]=> string(0) "" ["sbm_x"]=> string(2) "15" ["sbm_y"]=> string(2) "16" }

That said, however, there is so much wrong with the action script that I would never use that thing.  It does not even test to see if MySQL is working!  When I see programming like that, I run for cover.
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 5

Expert Comment

by:onemadeye
ID: 34934299
@Ray_Paseur:
I hope you dont mean 'me' as the 'programmer like that' ... :(
Actually I was giving the quickest solution for the guy (that I dont know much of his programming level) to make his problem solved.
I remembered I was once before solving a case similar like this .. that occurs because of the <input type="image" ...>
Me myself, actually I prefer to keep using <input type="submit" ...> and apply css on it to add image background .. and also something like this for the IF condition :
if (array_key_exists('submitform', $_POST)) { .. (which later I found out is more cross-browser friendly too).
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34934448
No, onemadeye, I was not being at all critical of you for catching the cross-browser differences, and I completely agree about using type="submit" instead of an image.  I was talking about the script that the Asker posted with this question.  Some of the issues might include (but not be limited to)...

1. Coding standards - failure to indent and align control structures in any meaningful way.
2. Intermixed PHP and HTML - no separation of code and presentation layer.
3. External functions called without any test to see if they worked (lines 27, 28, 95, 111, 114 and maybe others).
4. The function on line 150 (as if we needed another wrong  REGEX for email addresses).
5. The function on line 156 which can generate the same string without detecting the duplicate.
6. The use of the wrong constant on line 171 (See http://www.php.net/manual/en/function.getenv.php#25024) - a known defect since 2002.
7. The use of email to send a password.
8. The less-than-worthless use of base64-encode to "obscure" a password.
9. The awkward compound statements (lines near 80, 81).
10. The use of un-escaped data in queries.
11. The use of numbered indexes when named indexes are readily available.
12. Failure to use error_reporting(E_ALL) -- which would have caused the undefined index sbm to trigger a notice, saving our Asker a lot of time and frustration.

Taken together these issues are almost certain to guarantee that catastrophe is not left to chance.  It will arrive in the form of a phase-of-the-moon bug when the data base gets destroyed.  
0
 

Author Comment

by:jaimehebert
ID: 34935579
oh, yes, its about the button. I have just fixed it. I changed it to a normal button, it works now :)

Thank you very much
0
 

Author Closing Comment

by:jaimehebert
ID: 34935585
oh, yes, its about the button. I have just fixed it. I changed it to a normal button, it works now :)

Thank you very much
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
An enjoyable and seamless user experience can go a long way on an eCommerce site. While a cohesive layout and engaging copy play roles in creating a positive user experience, some sites neglect aspects that seem marginal but in actuality prove very …
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This video teaches users how to migrate an existing Wordpress website to a new domain.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now