Page 1 of 1

FormHandler problem...

Posted: Sun Mar 28, 2004 6:19 pm
by partiallynothing
I have a script that validates all my forms, when i try and validate the logon password, it allways errors on the eregi() function, saying I have unsuported characters. I want passwords to be able to have alphebetic characters, numbers, and a hyphen '-'. Here is my code:

Code: Select all

<?php
if (isset($_GET['logon'])) {
	
	//create form array
	foreach ($_POST as $varname => $value) {
		$formVars[$varname] = trim($value);
		}
	//validate username field
	if (empty($formVars['logon'])) {
		echo '<p><b>Username error:</b> No username specified.  This field cannot be left blank.</p>';
		$errors = 1;
		}
	elseif (strlen($formVars['logon']) < 6) {
		echo '<p><b>Username error:</b> Your username must be at least 6 characters long.</p>';
		$errors = 1;
		}
	elseif (!eregi("^[a-z1-9-]*$", $formVars['logon'])) {
		echo '<p><b>Username error:</b> The username field contains unsupported characters.  Please only use alphebetic letters, numbers, or "-".</p>';
		$errors = 1;
		}
	elseif (strlen($formVars['logon']) > 50) {
		echo '<p><b>Username error:</b> Your username cannot exceed 50 characters.</p>';
		$errors = 1;
		}
	
	//validate password field
	if (empty($formVars['password'])) {
		echo '<p><b>Password error:</b> No password specified.  This field cannot be left blank.</p>';
		$errors = 1;
		}
		
	elseif (strlen($formVars['password']) < 6) {
		echo '<p><b>Password error:</b> You password must be at least 6 characters long.</p>';
		$errors = 1;
		}
		
	elseif (!eregi("^[a-z1-9-]*$", $formVars['password'])) {
		echo '<p><b>Password error:</b> The password field contains unsupported characters.  Please only use alphebetic letters, numbers, or "-".</p>';
		$errors = 1;
		}
		
	elseif (strlen($formVars['password']) > 50) {
		echo '<p><b>Password error:</b> Your password cannot exceed 50 characters.</p>';
		$errors = 1;
		}
	
	//check for erros and die if any are present
	if (isset($errors)) {
		die();
		}
	
	//encrypt password
	$password = $formVars['logon']['0'] . $formVars['password'] . $formVars['logon']['5'];
	$password = md5($password);
	
	//connect to database
	require('inc/common/mysql_connect.php');
	
	//query databse
	$query = "SELECT * WHERE logon = {$formVars['logon']}, password = {$password})";
	@ mysql_query($query) or die (mysql_error());
	}
	
elseif (isset($_GET['logoff'])) {
	
	echo 'exicute logoff script';
	}
	
elseif (isset($_GET['register'])) {

	echo 'exicute register script';
	}
	
elseif (isset($_GET['updateprofile'])) {

	echo 'exicute update profile script';
	}
	
else {

	echo 'No action was specified.  If you would like to blaim someone, e-mail the webmaster.';
	}

?>
(I know the code is not complete, I just need to figure out why it errors on the passwords character string.

Re: FormHandler problem...

Posted: Sun Mar 28, 2004 6:22 pm
by John Cartwright

Code: Select all

<?php
   //query databse 
   $query = "SELECT * WHERE logon = {$formVars['logon']}, password = {$password})"; 
   @ mysql_query($query) or die (mysql_error()); 
   } 
?>
Why are you using curly brackets for WhEere statement

Try this

Code: Select all

<?php
   //query databse 
   $query = "SELECT * WHERE logon = '$formVars['logon']', password = '$password')"; 
   @ mysql_query($query) or die (mysql_error()); 
   } 
?>
Don't know if that was your problem but I've never seen anyone use the curly brackets like that.

Posted: Sun Mar 28, 2004 6:29 pm
by partiallynothing
Curly brackets can be used around a variable to make sure the php parser sees them.

Say you had:

Code: Select all

<?php
$var = 'efgh';
echo "abcd{$var}ijk";
?>
The above text would output abcdefghijk

But, what my problem is is that it says that I have unsuported characters in my password field when I do not.

Posted: Sun Mar 28, 2004 6:31 pm
by partiallynothing
I believe line 37 is the problem...

Posted: Sun Mar 28, 2004 6:50 pm
by partiallynothing
SOLVED - i had it say numbers between 1 and 9, i wanted 0 through 9.