php signup form validation error

Posted on 2011-02-19
Medium Priority
Last Modified: 2013-12-13

I have a simple PHP signup file, but I got error. When use it on firefox 3.6, it shows errors correctly when forms filled blank. But on other browsers, it doesnt show any errors. I saw the source code on output page, it doesnt show errors text at all. I dont know why, please help me to fix it.

URL demo: http://goo.gl/tTgjw
I also attach file here, whats wrong with it?

Thank you very much
Question by:jaimehebert
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
LVL 111

Expert Comment

by:Ray Paseur
ID: 34933114
When you need us to see your code at EE, please post the code in the code snippet box.  Then we get line numbers, unispace font, etc.  Much easier to use and share this information.  Thanks, ~Ray
Ollance Member Login v1.0
Copyright (c) 2008 Ollance.com
Website: www.ollance.com
Email:   info@ollance.com

	require_once ('admin/config.php');
<body id="authentication">
<div id="wrapper">
<div id="login-navigation">		
		<a href="login.php">Login</a> or <a href="signup.php">Sign up</a>			

<div id="content">
		  <?php include('templates/logo.tpl');?>
			<ul id="authentication-box">
				<li id="box-create">
					<p class="large-copy last">Create an account for free</p>
				  $connection = mysql_connect($dbhost, $dbusername, $dbpass);
				  $SelectedDB = mysql_select_db($dbname);
				  if($v_sbm=='Create Account') {

				  if(trim($v_username)=='') {
				  $err='Username field is blank.<br />';
				  if(trim($v_password)=='') {
				  $err=$err.'Password field is blank.<br />';
				  elseif(strlen($v_password) < 6 ){   
				  $err=$err.'Password is less than 6 characters.<br />';
				  elseif(preg_match('/[^A-Za-z0-9]/', $v_password)){
				  $err=$err.'Password contains special characters.<br />';
				  elseif((trim($v_password1)=='')||($v_password<>$v_password1)) {
				  $err=$err.'Confirm password doesn\'t match.<br />';
				  if(trim($v_name)=='') {
				  $err=$err.'Name field is blank.<br />';
				  if(trim($v_email)=='') {
				  $err=$err.'Email field is blank.<br />';
				  elseif($validemail<>1) {
				  $err=$err.'Not a valid email address.<br />';
				  //check if username already exists
				  $result=mysql_query("select uname,email from authuser");
					while($row = mysql_fetch_array($result, MYSQL_NUM)) {
					if(strtolower($row[0])==strtolower($v_username)) {$err_username="Username already exists.<br />"; $g=1; }
					elseif((strtolower($row[1])==strtolower($v_email))&&(trim($v_username)<>'')&&(trim($v_email)<>'')) {$err_email="This email address already exists.<br />"; $g=1; }
				  if ($g==1) {
				  print "<p class=\"form-error\">$err</p>";
				  else {		
				  	$reg_key=RandomString(7); //generate validate key 
					//$vdlink= $signup_activate."?username=".$v_username."&vcode=".$reg_key;
					//send email to member for activating account
					$result=mysql_query("select subject,contents from emailtemplates where name='signup'");
					while($row = mysql_fetch_array($result, MYSQL_NUM)) {
					$subject = "$v_subject";
					$headers = "From: $v_emailfrom\r\n";
					$headers .= "MIME-Version: 1.0\r\n";
					$headers .= "Content-Type: text/html; charset=utf-8\r\n";
					$v_message = preg_replace("/\\<%username%>/","$v_username",$v_message);
					$v_message = preg_replace("/\\<%password%>/","$v_password",$v_message);
					$v_message = preg_replace("/\\<%weburl%>/","$url_root",$v_message);
					$v_message = preg_replace("/\\<%code%>/","$reg_key",$v_message);						
					//$message .=	"<br /><br /><a href=$vdlink>$vdlink</a>";			
					if (mail($v_email, $v_subject, $v_message, $headers)) {
					mysql_query("insert into authuser (uname,passwd,name,email,address,city,state,zip,country,phone,create_time,logincount,welcome,signup,status,reg_validate,validate_key) values ('$v_username','$enpass','$v_name','$v_email','$v_address','$v_city','$v_state','$v_zip','$v_country','$v_phone',now(),'0','1','1','0','0','$reg_key')");

					mysql_query("insert into log (uname,ctime,ip,activity) values ('$v_username',now(),'$getip','User($v_username) signed up registration form, waiting to activate the account.')");
				  	echo "<p>Your registration account has been created, please check your email to activate your account.</p></ul></div></div>";
					else {
				  	echo "<p>Fails to create registration account.</p></ul></div></div>";
					<?php include('templates/signup.tpl');?>
				<li id="box-login">
					<p class="large-copy last">Benefits</p>
				    <p><strong>Get to Know</strong></p>
				    <p>Discover the new information that you haven't know before.</p><br />
                    <p><strong>Easy to Access</strong></p>
                    <p>You simple create an account in seconds and access the valueable information.</p><br />
                    <p>Secure, quick and easy to use member area.</p>
		  <?php include('templates/footer.tpl');?>

function verifyemailaddress($email_address)
	return (preg_match ("/^([a-z0-9_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]+$/i", $email_address));	

// function to generate random strings 
function RandomString($length=32) 
	$chars = array ('1','2','3','4','5','6','7','8','9','0'); 
	for ($rand = 0; $rand <= $length; $rand++) 
			$random = rand(0, count($chars) -1); 
			$randstr .= $chars[$random]; 
	return $randstr; 

function getip() {
	if (getenv(HTTP_X_FORWARDED_FOR)) {
	else {
	return $ip;

Open in new window

LVL 111

Expert Comment

by:Ray Paseur
ID: 34933153
Wow, that "ollance" thing has some weirdness about it.  I tried this link and got a thumb-in-the-eye response.

I'm not sure I can tell you what is wrong with the script.  It passes validation:

I used it to create an account.  Obviously I am not willing to give it my personal information, but the process seemed to work (slowly).

If you want a registration + handshake script that you can copy and use for your application, maybe this article will be helpful:

Accepted Solution

onemadeye earned 2000 total points
ID: 34933928
Try change this string on line #25

Open in new window

to :

Open in new window

I believe the <input type="image"... for your submit button that caused the problem.
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

LVL 111

Expert Comment

by:Ray Paseur
ID: 34934133
@onemadeye, I sent the form to a script that will print out the contents of $_POST and got this back from Firefox.  It has sbm_x, sbm_y, and sbm in the POST array.

THANK YOU Sat, 19 Feb 2011 13:25:20 -0600 array(14) { ["email"]=> string(0) "" ["username"]=> string(20) "ray.paseur@gmail.com" ["password"]=> string(6) "111111" ["password1"]=> string(0) "" ["name"]=> string(0) "" ["address"]=> string(0) "" ["city"]=> string(0) "" ["state"]=> string(0) "" ["zip"]=> string(0) "" ["country"]=> string(13) "United States" ["phone"]=> string(0) "" ["sbm_x"]=> string(1) "0" ["sbm_y"]=> string(1) "0" ["sbm"]=> string(14) "Create Account" }

Next I tried it with IE8. It has sbm_x, sbm_y, but NOT sbm in the POST array.  So I think that's a good call.  The script does not work cross-browser.

THANK YOU Sat, 19 Feb 2011 13:28:43 -0600 array(13) { ["email"]=> string(0) "" ["username"]=> string(0) "" ["password"]=> string(0) "" ["password1"]=> string(0) "" ["name"]=> string(0) "" ["address"]=> string(0) "" ["city"]=> string(0) "" ["state"]=> string(0) "" ["zip"]=> string(0) "" ["country"]=> string(13) "United States" ["phone"]=> string(0) "" ["sbm_x"]=> string(2) "15" ["sbm_y"]=> string(2) "16" }

That said, however, there is so much wrong with the action script that I would never use that thing.  It does not even test to see if MySQL is working!  When I see programming like that, I run for cover.

Expert Comment

ID: 34934299
I hope you dont mean 'me' as the 'programmer like that' ... :(
Actually I was giving the quickest solution for the guy (that I dont know much of his programming level) to make his problem solved.
I remembered I was once before solving a case similar like this .. that occurs because of the <input type="image" ...>
Me myself, actually I prefer to keep using <input type="submit" ...> and apply css on it to add image background .. and also something like this for the IF condition :
if (array_key_exists('submitform', $_POST)) { .. (which later I found out is more cross-browser friendly too).
LVL 111

Expert Comment

by:Ray Paseur
ID: 34934448
No, onemadeye, I was not being at all critical of you for catching the cross-browser differences, and I completely agree about using type="submit" instead of an image.  I was talking about the script that the Asker posted with this question.  Some of the issues might include (but not be limited to)...

1. Coding standards - failure to indent and align control structures in any meaningful way.
2. Intermixed PHP and HTML - no separation of code and presentation layer.
3. External functions called without any test to see if they worked (lines 27, 28, 95, 111, 114 and maybe others).
4. The function on line 150 (as if we needed another wrong  REGEX for email addresses).
5. The function on line 156 which can generate the same string without detecting the duplicate.
6. The use of the wrong constant on line 171 (See http://www.php.net/manual/en/function.getenv.php#25024) - a known defect since 2002.
7. The use of email to send a password.
8. The less-than-worthless use of base64-encode to "obscure" a password.
9. The awkward compound statements (lines near 80, 81).
10. The use of un-escaped data in queries.
11. The use of numbered indexes when named indexes are readily available.
12. Failure to use error_reporting(E_ALL) -- which would have caused the undefined index sbm to trigger a notice, saving our Asker a lot of time and frustration.

Taken together these issues are almost certain to guarantee that catastrophe is not left to chance.  It will arrive in the form of a phase-of-the-moon bug when the data base gets destroyed.  

Author Comment

ID: 34935579
oh, yes, its about the button. I have just fixed it. I changed it to a normal button, it works now :)

Thank you very much

Author Closing Comment

ID: 34935585
oh, yes, its about the button. I have just fixed it. I changed it to a normal button, it works now :)

Thank you very much

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Q&A with Course Creator, Mark Lassoff, on the importance of HTML5 in the career of a modern-day developer.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question