ive started to disect it and add bits to suit my needs
looking through the whole script ive raised questions about the confusion of the whole if and else statements.
Heres my code im using
Code: Select all
<?php
include 'Connect.php'; // The conection file connects to database which also includes the functions page.
if(isset($_POST[submit])) // 1
{
include 'index.php'; // 2
exit;
}
else // 3
{
//CHECKS FORM
if (empty($_POST['username']) || empty($_POST['email']) || empty($_POST['password']) || empty($_POST['confirmpassword']))// 4
{
$missing_error = 'One or more fields missing';
include 'index.php';
exit;
}
//CHECKS USERNAME
if(preg_match("/^[a-z\d]{5,12}$/i", $_POST[username])) // 5
{}
else
{
// Reshow the form with an error
$username_error = "Your username must only contain letter and numbers and be at least 5 characters but no longer than 12 characters in length!<br />";
include 'index.php';
exit;
}
//CHECKS EMAIL
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST[email])) // 6
{
$email_error = "The e-mail you entered was not in the proper format!";
include 'index.php';
exit;
}
//CHECKS PASSOWORD
if (preg_match('/^[a-z\d]{6,12}$/i', $_POST[password])) // 7
{}
else
{
$password_error = "Your password must only contain letter and numbers and be at least 6 characters but no longer than 12 characters in length!<br />";
include 'index.php';
exit;
}
// CHECKS CONFIRMPASSWORD
if ($_POST['password'] != $_POST['confirmpassword'])// 8
{
$confirmpassword_error = 'Your passwords do not match';
include 'index.php';
exit;
}
// 9
user_register ($_POST['username'], $_POST['email'], $_POST['dobday'], $_POST['dobmonth'], $_POST['dobyear'], $_POST['password']);
echo "registered";
}
?>
anyone know of a secure way check that it came from my form and not someone submitting there own form.
after reading lots of tutorials i came to understand this is basic principle of using if and else statments.
Code: Select all
if (condition)
{code to be executed if condition is true;}
else
{ code to be executed if condition is false;}
2 - This seems to tell the script what to do if it fails. shouldnt this be what it returns true? hence the basic principle is wrong?
3 - This seems to tell script what to do if it true. shouldnt this be what it returns false?
4 - shouldnt this statement have if and else statments?
currently if feild is empty it shows the error message
but if someone enters something in the feild it continues to check next statement so does seem to work the way it is
i need to understand why and how it works in this format.
5 - This is in the format i have come to understand and believe to be true
6 - same question as 4
7 - This is again the format i have come to understand and believe to be true
8 - This again doesnt have both else and if statments why?
9 - This what happens if all checks have been successful...
but with it been in the else part of the statement shouldnt this be what happens if there was a error
if the basic principle is correct what would be my process to display all errors once all checks have been made.
currently it does a check, and, if error displays the page with just the first error it encounters
logic tells me that the current way is only gonna frustrate users exspcially if they make a mistake on each input feild
im guessing i just need to remove the following code for each error statement, am i right?
Code: Select all
include 'index.php';
exit;
if you see any mistakes or problems that i will encounter in future by using this script feel free to point them out
im not asking for someone to do the code but more to explain in depth but feel free to show me examples