Page 1 of 1

Variable Specification

Posted: Sat Feb 18, 2006 9:42 pm
by mlowery
I am trying to write a registration form script in PHP. Here is how the script works:

A person goes to register.php and fills out the form. The form action is

Code: Select all

$_SERVER['PHP_SELF']
obviously meaning the page basically refreshes with the 'Action' being "Submitted." That will then initialize the intial if statement. That if statement first checks to see if the two passwords match each other. It then checks that the two-letter abbreviation of the state was submitted. If one of these conditions have not been met, it gives the error and then shows the form with the previosly submitted information already in the form fields. Otherwise it will submit the information into the database.

Here is the code. I'll tell you what the problem is after you've looked at the code (you'll probably be able to see it in the code anyways).

*Edited after feyd's reply.

Code: Select all

<HTML>
<HEAD>
<TITLE>Sign Up</TITLE>
</HEAD>
<BODY>
<?php $Self = $_SERVER['PHP_SELF'];
IF ($_POST['Action'] == "Submitted")
    {
       IF ($_POST['Password1'] != $_POST['Password2'])
        {
          ECHO "Your passwords did not match. Please try again";
          INCLUDE 'FORMRETRY.php';
        }
       ELSEIF ((STRLEN($_POST['Location'])) != 2)
        {
          ECHO "Please give the two-letter abbreviation of the state in which you live.";
          INCLUDE 'FORMRETRY.php';
        }
       ELSE
        {
        $Login=ADDSLASHES(HTMLSPECIALCHARS($_POST['Login']));
        $Password=md5($_POST['Password1']);
        $Email=ADDSLASHES(HTMLSPECIALCHARS($_POST['Email']));
        $Name=HTMLSPECIALCHARS($_POST['Name']);
        $Location=$_POST['Location'];
        INCLUDE ("db_connect.php");
        $sql = "INSERT into Members (Login, Password, Email, Name, Location)
                VALUES('$Login','$Password','$Email','$Name','$Location')";
        mysql_query($sql) or die(mysql_error());
        ECHO "Congratulations, you are now a member.";
        }
    }
ELSE
    {
        INCLUDE 'FORM.php';
    }
?>
</BODY>
</HTML>
In line 6 and 7 you probably noticed that there are includes. The code for the include file FORM.php is:
*Edited after feyd's reply.

Code: Select all

<form action="<?php ECHO $Self; ?>" method="POST">
<div>Desired Username:</div><INPUT TYPE="text" name="Login" SIZE="20"><br>
<div>Desired Password:</div><INPUT TYPE="password" name="Password1" SIZE="20"><br>
<div>Verify Password:</div><INPUT TYPE="password" name="Password2" SIZE="20"><br>
<div>Email Address:</div><INPUT TYPE="text" name="Email" SIZE="20"><br>
<div>First Name:</div><INPUT TYPE="text" name="First_Name" SIZE="20"><br>
<div>State:</div><INPUT TYPE="text" name="Location" SIZE="2"><br>
<input type="hidden" name="Action" value="Submitted">
<INPUT TYPE="submit" action="submit" name="submit" value="Register">
The code to the file FORMRETRY.php is:
*Edited after feyd's reply.

Code: Select all

<form action="<?php ECHO $Self; ?>" method="post">
<div>Desired Username:</div>
<INPUT TYPE="text" name="Login" SIZE="20" VALUE="<?php ECHO $_POST['Login']; ?>"><br>
<div>Desired Password:</div><INPUT TYPE="password" name="Password1" SIZE="20"><br>
<div>Verify Password:</div><INPUT TYPE="password" name="Password2" SIZE="20"><br>
<div>Email Address:</div><INPUT TYPE="text" name="Email" SIZE="20" VALUE="<?php ECHO $_POST['Email']; ?>"><br>
<div>First Name:</div><INPUT TYPE="text" name="First_Name" SIZE="20" VALUE="<?php ECHO $_POST['First_Name']; ?>"><br>
<div>State:</div><INPUT TYPE="text" name="Location" SIZE="2" VALUE="<?php ECHO $_POST['Location']; ?>"><br>
<input type="hidden" name="Action" value="Submitted">
<INPUT TYPE="submit" action="submit" name="submit" value="Register">
Here is a visual of the problem I'm running into:
http://mlowery.t35.com/CMS/register.php

According to my logic, initially:

Code: Select all

$_POST['Action'] != 'Submitted'
Therefore only "$Form" should be displayed. My questions are:
1. Why are both forms being displayed?
2. Why is the password verification not working? When I type two different passwords, I am supposed to get an error message.
3. Why, in the form $FORMRETRY are not all the fields being displayed? (I have a feeling it is with the quotes).43. Line 16 --> "ELSEIF ((STRLEN($_POST['Location'])) != 2)" does not seem to be working properly. Even whenever I only type 2 characters for the state, it does not count 2 for some reason and prints the proceding error message.

Thanks,
Mitch

Posted: Sat Feb 18, 2006 9:59 pm
by feyd
the act of including the file tells php to parse it, not return it's contents after parsing. Include the files when and where they are needed. You can confirm this by seeing that a 1 is output after the second form. This is due to $FORM being set to 1, the return code from include().

$_SERVER['PHP_Self'] does not exist. $_SERVER['PHP_SELF'] may exist, given the right circumstances (some servers don't use it).

From FORMENTRY.php:

Code: Select all

<? $_POST['First_Name']; ?>
will print nothing, nor any others that look like it.

Code: Select all

<?= $_POST['First_Name']; ?>
is the short echo, however it is highly recommended to never use short tags, due to compatibility and portability issues. use <?php and <?php echo $yourvar instead.

Posted: Sun Feb 19, 2006 12:12 am
by mlowery
Wow, thanks a whole lot for your help. I updated my original post with the source code in it. I have also updated http://mlowery.t35.com/CMS/register.php with the new code as well.

The form displays correctly. If there is an error upon clicking "Register," then the error message is given above the form and the form has the previously typed contents in it, just like it is supposed to.

The code successfully checks whether or not the two passwords match.
The problem is with the state checker. No matter what, the form returns saying:
Please give the two-letter abbreviation of the state in which you live.
Any tips?

Thanks,
Mitchell

Posted: Sun Feb 19, 2006 12:16 am
by feyd
Your php code is looking for $_POST['Location'] but the state is in $_POST['State']

Posted: Sun Feb 19, 2006 12:53 pm
by mlowery
Wow, that really helped. Thank you so much. The script works now, but there is still one very small problem. I will tell you after you have looked at the new script.

register.php

Code: Select all

<HTML>
<HEAD>
<TITLE>Sign Up</TITLE>
</HEAD>
<BODY>
<?php $Self = $_SERVER['PHP_SELF'];
IF ($_POST['Action'] == "Submitted")
    {
       IF ($_POST['Password1'] != $_POST['Password2'])
        {
          ECHO "Your passwords did not match. Please try again";
          INCLUDE 'FORMRETRY.php';
        }
       ELSEIF ((STRLEN($_POST['Location'])) != 2)
        {
          ECHO "Please give the two-letter abbreviation of the state in which you live.";
          INCLUDE 'FORMRETRY.php';
        }
       ELSE
        {
        $Login=ADDSLASHES(HTMLSPECIALCHARS($_POST['Login']));
        $Password=md5($_POST['Password1']);
        $Email=ADDSLASHES(HTMLSPECIALCHARS($_POST['Email']));
        $Name=HTMLSPECIALCHARS($_POST['Name']);
        $Location=$_POST['Location'];
        INCLUDE ("db_connect.php");
        $sql = "INSERT into Members (Login, Password, Email, Name, Location)
                VALUES('$Login','$Password','$Email','$Name','$Location')";
        mysql_query($sql) or die(mysql_error());
        ECHO "Congratulations, you are now a member.";
        }
    }
ELSE
    {
        INCLUDE 'FORM.php';
    }
?>
</BODY>
</HTML>
FORM.php

Code: Select all

<form action="<?php ECHO $Self; ?>" method="POST">
<div>Desired Username:</div><INPUT TYPE="text" name="Login" SIZE="20"><br>
<div>Desired Password:</div><INPUT TYPE="password" name="Password1" SIZE="20"><br>
<div>Verify Password:</div><INPUT TYPE="password" name="Password2" SIZE="20"><br>
<div>Email Address:</div><INPUT TYPE="text" name="Email" SIZE="20"><br>
<div>First Name:</div><INPUT TYPE="text" name="Name" SIZE="20"><br>
<div>State:</div><INPUT TYPE="text" name="Location" SIZE="2"><br>
<input type="hidden" name="Action" value="Submitted">
<INPUT TYPE="submit" action="submit" name="submit" value="Register">
FORMRETRY.php

Code: Select all

<form action="<?php ECHO $Self; ?>" method="post">
<div>Desired Username:</div>
<INPUT TYPE="text" name="Login" SIZE="20" VALUE="<?php ECHO $_POST['Login']; ?>"><br>
<div>Desired Password:</div><INPUT TYPE="password" name="Password1" SIZE="20"><br>
<div>Verify Password:</div><INPUT TYPE="password" name="Password2" SIZE="20"><br>
<div>Email Address:</div><INPUT TYPE="text" name="Email" SIZE="20" VALUE="<?php ECHO $_POST['Email']; ?>"><br>
<div>First Name:</div><INPUT TYPE="text" name="First_Name" SIZE="20" VALUE="<?php ECHO $_POST['Name']; ?>"><br>
<div>State:</div><INPUT TYPE="text" name="Location" SIZE="2" VALUE="<?php ECHO $_POST['Location']; ?>"><br>
<input type="hidden" name="Action" value="Submitted">
<INPUT TYPE="submit" action="submit" name="submit" value="Register">
Once again, the register.php form is online at http://mlowery.t35.com/CMS/register.php.
To see what the problem is, go to the form and type in a "T" for state. (As opposed to TX, the two-letter abbreviation). As you will see, the error message appears and the form is re-displayed with the previous information - except for "Name." This problem does not occur if you type in two-different passwords. In that case, the error message is displayed and all of the previous information typed into the form (including Name) is displayed as it is supposed to be.

Thanks,
Mitchell

Posted: Sun Feb 19, 2006 1:12 pm
by feyd
Same situation: you've used $_POST['Name'] but one of the forms uses $_POST['First_Name']

Posted: Sun Feb 19, 2006 1:30 pm
by mlowery
lol, How could I miss that? I must have read my script 20 times. Oh well, so goes programming. . .
Once again, I appreciate your help, feyd. Everything works the way it should now.

Here is the new FORMRETRY.php script

Code: Select all

<form action="<?php ECHO $Self; ?>" method="post">
<div>Desired Username:</div>
<INPUT TYPE="text" name="Login" SIZE="20" VALUE="<?php ECHO $_POST['Login']; ?>"><br>
<div>Desired Password:</div><INPUT TYPE="password" name="Password1" SIZE="20"><br>
<div>Verify Password:</div><INPUT TYPE="password" name="Password2" SIZE="20"><br>
<div>Email Address:</div><INPUT TYPE="text" name="Email" SIZE="20" VALUE="<?php ECHO $_POST['Email']; ?>"><br>
<div>First Name:</div><INPUT TYPE="text" name="Name" SIZE="20" VALUE="<?php ECHO $_POST['Name']; ?>"><br>
<div>State:</div><INPUT TYPE="text" name="Location" SIZE="2" VALUE="<?php ECHO $_POST['Location']; ?>"><br>
<input type="hidden" name="Action" value="Submitted">
<INPUT TYPE="submit" action="submit" name="submit" value="Register">
Thanks,
Mitchell