Solved

php signup form validation error

Posted on 2011-02-19
8
793 Views
Last Modified: 2013-12-13
Hi,

I have a simple PHP signup file, but I got error. When use it on firefox 3.6, it shows errors correctly when forms filled blank. But on other browsers, it doesnt show any errors. I saw the source code on output page, it doesnt show errors text at all. I dont know why, please help me to fix it.

URL demo: http://goo.gl/tTgjw
I also attach file here, whats wrong with it?

Thank you very much
signup.txt
0
Comment
Question by:jaimehebert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34933114
When you need us to see your code at EE, please post the code in the code snippet box.  Then we get line numbers, unispace font, etc.  Much easier to use and share this information.  Thanks, ~Ray
<?php
/*
Ollance Member Login v1.0
Copyright (c) 2008 Ollance.com
Website: www.ollance.com
Email:   info@ollance.com
*/

	require_once ('admin/config.php');
	include('templates/header.tpl');
?>
<body id="authentication">
<div id="wrapper">
<div id="login-navigation">		
		<a href="login.php">Login</a> or <a href="signup.php">Sign up</a>			
		</div>

<div id="content">
		  <?php include('templates/logo.tpl');?>
			<ul id="authentication-box">
				<li id="box-create">
					<p class="large-copy last">Create an account for free</p>
					
					<?php 
					$v_sbm=$_POST['sbm'];
				  
				  $connection = mysql_connect($dbhost, $dbusername, $dbpass);
				  $SelectedDB = mysql_select_db($dbname);
				  if($v_sbm=='Create Account') {
				  $v_username=$_POST['username'];
				  $v_password=$_POST['password'];
				  $v_password1=$_POST['password1'];
				  $v_name=$_POST['name'];
				  $v_email=$_POST['email'];
				  $v_address=$_POST['address'];
				  $v_city=$_POST['city'];
				  $v_state=$_POST['state'];
				  $v_zip=$_POST['zip'];
				  $v_country=$_POST['country'];
				  $v_phone=$_POST['phone'];


				  $validemail=verifyemailaddress($v_email);			
				  $g=0;
				  if(trim($v_username)=='') {
				  $err='Username field is blank.<br />';
				  $g=1;
				  }
				  if(trim($v_password)=='') {
				  $err=$err.'Password field is blank.<br />';
				  $g=1;
				  }
				  elseif(strlen($v_password) < 6 ){   
				  $err=$err.'Password is less than 6 characters.<br />';
				  $g=1;					  
				  }
				  elseif(preg_match('/[^A-Za-z0-9]/', $v_password)){
				  $err=$err.'Password contains special characters.<br />';
				  $g=1;				  
				  }    
				  elseif((trim($v_password1)=='')||($v_password<>$v_password1)) {
				  $err=$err.'Confirm password doesn\'t match.<br />';
				  $g=1;
				  }
				  if(trim($v_name)=='') {
				  $err=$err.'Name field is blank.<br />';
				  $g=1;
				  }
				  if(trim($v_email)=='') {
				  $err=$err.'Email field is blank.<br />';
				  $g=1;
				  }
				  elseif($validemail<>1) {
				  $err=$err.'Not a valid email address.<br />';
				  $g=1;
				  }  
				  //check if username already exists
				  $result=mysql_query("select uname,email from authuser");
					while($row = mysql_fetch_array($result, MYSQL_NUM)) {
					if(strtolower($row[0])==strtolower($v_username)) {$err_username="Username already exists.<br />"; $g=1; }
					elseif((strtolower($row[1])==strtolower($v_email))&&(trim($v_username)<>'')&&(trim($v_email)<>'')) {$err_email="This email address already exists.<br />"; $g=1; }
					}
				  $err=$err.$err_username.$err_email;
				  
				  if ($g==1) {
				  print "<p class=\"form-error\">$err</p>";
				  
				  }
				  
				  
				  else {		
				  	$reg_key=RandomString(7); //generate validate key 
					//$vdlink= $signup_activate."?username=".$v_username."&vcode=".$reg_key;
					//send email to member for activating account
					$result=mysql_query("select subject,contents from emailtemplates where name='signup'");
					while($row = mysql_fetch_array($result, MYSQL_NUM)) {
					$v_subject=trim($row[0]);
					$v_message=nl2br(trim($row[1]));
					}
					$subject = "$v_subject";
					$headers = "From: $v_emailfrom\r\n";
					$headers .= "MIME-Version: 1.0\r\n";
					$headers .= "Content-Type: text/html; charset=utf-8\r\n";
					$v_message = preg_replace("/\\<%username%>/","$v_username",$v_message);
					$v_message = preg_replace("/\\<%password%>/","$v_password",$v_message);
					$v_message = preg_replace("/\\<%weburl%>/","$url_root",$v_message);
					$v_message = preg_replace("/\\<%code%>/","$reg_key",$v_message);						
					//$message .=	"<br /><br /><a href=$vdlink>$vdlink</a>";			
					if (mail($v_email, $v_subject, $v_message, $headers)) {
					$enpass=base64_encode("$v_password");
					mysql_query("insert into authuser (uname,passwd,name,email,address,city,state,zip,country,phone,create_time,logincount,welcome,signup,status,reg_validate,validate_key) values ('$v_username','$enpass','$v_name','$v_email','$v_address','$v_city','$v_state','$v_zip','$v_country','$v_phone',now(),'0','1','1','0','0','$reg_key')");

					$getip=getip();
					mysql_query("insert into log (uname,ctime,ip,activity) values ('$v_username',now(),'$getip','User($v_username) signed up registration form, waiting to activate the account.')");
					mysql_close($connection);
				  	echo "<p>Your registration account has been created, please check your email to activate your account.</p></ul></div></div>";
				  	exit;
				  	}
					else {
				  	echo "<p>Fails to create registration account.</p></ul></div></div>";
					exit;
					}
				  }	
				}
					?>
					
					
					<?php include('templates/signup.tpl');?>
				</li>
				
				<li id="box-login">
					<p class="large-copy last">Benefits</p>
					
				    <p><strong>Get to Know</strong></p>
				    <p>Discover the new information that you haven't know before.</p><br />
			    
                    <p><strong>Easy to Access</strong></p>
                    <p>You simple create an account in seconds and access the valueable information.</p><br />
                    
                    <p><strong>Security</strong></p>
                    <p>Secure, quick and easy to use member area.</p>
				</li>
			</ul>
</div></div>
		  <?php include('templates/footer.tpl');?>
</body>
</html>

<?php
function verifyemailaddress($email_address)
{
	return (preg_match ("/^([a-z0-9_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]+$/i", $email_address));	
}

// function to generate random strings 
function RandomString($length=32) 
{ 
	$randstr=''; 
	srand((double)microtime()*1000000); 
	$chars = array ('1','2','3','4','5','6','7','8','9','0'); 
	for ($rand = 0; $rand <= $length; $rand++) 
		{ 
			$random = rand(0, count($chars) -1); 
			$randstr .= $chars[$random]; 
		} 
	return $randstr; 
} 


function getip() {
	if (getenv(HTTP_X_FORWARDED_FOR)) {
		$ip=getenv(HTTP_X_FORWARDED_FOR);
	}
	else {
		$ip=getenv(REMOTE_ADDR);
	}
	return $ip;
}
?>

Open in new window

0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34933153
Wow, that "ollance" thing has some weirdness about it.  I tried this link and got a thumb-in-the-eye response.
http://ollance.com/purchase/

I'm not sure I can tell you what is wrong with the script.  It passes validation:
http://validator.w3.org/check?uri=http%3A%2F%2Fdemo.ollance.com%2Fphp-member-login%2Fsignup.php&charset=%28detect+automatically%29&doctype=Inline&group=0

I used it to create an account.  Obviously I am not willing to give it my personal information, but the process seemed to work (slowly).

If you want a registration + handshake script that you can copy and use for your application, maybe this article will be helpful:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_3939-Registration-and-Email-Confirmation-in-PHP.html
0
 
LVL 5

Accepted Solution

by:
onemadeye earned 500 total points
ID: 34933928
Try change this string on line #25
$v_sbm=$_POST['sbm'];

Open in new window

to :
$v_sbm=$_POST['sbm_x'];

Open in new window


I believe the <input type="image"... for your submit button that caused the problem.
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34934133
@onemadeye, I sent the form to a script that will print out the contents of $_POST and got this back from Firefox.  It has sbm_x, sbm_y, and sbm in the POST array.

THANK YOU Sat, 19 Feb 2011 13:25:20 -0600 array(14) { ["email"]=> string(0) "" ["username"]=> string(20) "ray.paseur@gmail.com" ["password"]=> string(6) "111111" ["password1"]=> string(0) "" ["name"]=> string(0) "" ["address"]=> string(0) "" ["city"]=> string(0) "" ["state"]=> string(0) "" ["zip"]=> string(0) "" ["country"]=> string(13) "United States" ["phone"]=> string(0) "" ["sbm_x"]=> string(1) "0" ["sbm_y"]=> string(1) "0" ["sbm"]=> string(14) "Create Account" }

Next I tried it with IE8. It has sbm_x, sbm_y, but NOT sbm in the POST array.  So I think that's a good call.  The script does not work cross-browser.

THANK YOU Sat, 19 Feb 2011 13:28:43 -0600 array(13) { ["email"]=> string(0) "" ["username"]=> string(0) "" ["password"]=> string(0) "" ["password1"]=> string(0) "" ["name"]=> string(0) "" ["address"]=> string(0) "" ["city"]=> string(0) "" ["state"]=> string(0) "" ["zip"]=> string(0) "" ["country"]=> string(13) "United States" ["phone"]=> string(0) "" ["sbm_x"]=> string(2) "15" ["sbm_y"]=> string(2) "16" }

That said, however, there is so much wrong with the action script that I would never use that thing.  It does not even test to see if MySQL is working!  When I see programming like that, I run for cover.
0
 
LVL 5

Expert Comment

by:onemadeye
ID: 34934299
@Ray_Paseur:
I hope you dont mean 'me' as the 'programmer like that' ... :(
Actually I was giving the quickest solution for the guy (that I dont know much of his programming level) to make his problem solved.
I remembered I was once before solving a case similar like this .. that occurs because of the <input type="image" ...>
Me myself, actually I prefer to keep using <input type="submit" ...> and apply css on it to add image background .. and also something like this for the IF condition :
if (array_key_exists('submitform', $_POST)) { .. (which later I found out is more cross-browser friendly too).
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34934448
No, onemadeye, I was not being at all critical of you for catching the cross-browser differences, and I completely agree about using type="submit" instead of an image.  I was talking about the script that the Asker posted with this question.  Some of the issues might include (but not be limited to)...

1. Coding standards - failure to indent and align control structures in any meaningful way.
2. Intermixed PHP and HTML - no separation of code and presentation layer.
3. External functions called without any test to see if they worked (lines 27, 28, 95, 111, 114 and maybe others).
4. The function on line 150 (as if we needed another wrong  REGEX for email addresses).
5. The function on line 156 which can generate the same string without detecting the duplicate.
6. The use of the wrong constant on line 171 (See http://www.php.net/manual/en/function.getenv.php#25024) - a known defect since 2002.
7. The use of email to send a password.
8. The less-than-worthless use of base64-encode to "obscure" a password.
9. The awkward compound statements (lines near 80, 81).
10. The use of un-escaped data in queries.
11. The use of numbered indexes when named indexes are readily available.
12. Failure to use error_reporting(E_ALL) -- which would have caused the undefined index sbm to trigger a notice, saving our Asker a lot of time and frustration.

Taken together these issues are almost certain to guarantee that catastrophe is not left to chance.  It will arrive in the form of a phase-of-the-moon bug when the data base gets destroyed.  
0
 

Author Comment

by:jaimehebert
ID: 34935579
oh, yes, its about the button. I have just fixed it. I changed it to a normal button, it works now :)

Thank you very much
0
 

Author Closing Comment

by:jaimehebert
ID: 34935585
oh, yes, its about the button. I have just fixed it. I changed it to a normal button, it works now :)

Thank you very much
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question