Page 1 of 1

Validating isn't working???

Posted: Tue Jul 18, 2006 11:43 pm
by cturner
I am trying to validation an email address against another email address to see if they are the same and a security code which is a random number and it keeps saying that they are wrong when it is correct. Can someone please tell me why this is doing this and how I can fix it? Thanks in advance. :?
Here is the code for the validating:

Code: Select all

require "config.php";
$arrErrors = array();
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$subject = "Welcome!";
$header = "mail@domain.com";
$message = "Hello ".$username.",\n\n"	  		 
			 ."Thank you registering to make comments on Kevin "
			 ."Humphries website. Your account information is as follows:\n\n"             
             ."Username: ".$username."\n"
             ."Password: ".$password."\n\n"
			 ."Please keep this email for your records. "
             ."If you ever lose or forget your password, a new "
             ."password will be generated for you and sent to this "
             ."email address, if you would like to change your "
             ."email address you can do so by going to the "
             ."My Account page after signing in.\n\n"
             ."Kind regards\n"
			 ."Kevin Humphries";
		
if (!empty ($_POST['Submit'])) {
	if ($_POST ['username'] == '')
		$arrErrors['username'] = 'Please enter a name that will appear on the posted comments.';	
    if ($_POST ['password']=='')
        $arrErrors['password'] = 'Please enter a password.';
    if ($_POST ['email']=='')
        $arrErrors['email'] = 'Please enter your email address.';
    if ($_POST ['code']=='')
        $arrErrors['code'] = 'Please enter the code.';
	if ( !preg_match("/^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/", $_POST['email']) )
    	$arrErrors['email'] = 'Not a valid email address.';
	if ($_POST['email'] != $_POST['email2'])
		$arrErrors['email'] = 'Please enter your email address.';
		$arrErrors['email2'] = 'Please enter your email address again.';
	if ($_POST['code'] != $_SESSION['image_random_value'])
		$arrErrors['code'] = 'Security code does not match.';
		
    if (count($arrErrors) == 0) {
        // If the error array is empty, there were no errors.
        // Insert form processing here.
		$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; // get user's ip address
		$date = date("Y m d"); // get the today's date
		$result = mysql_query ("INSERT INTO comments (id, username, password, cookie, session, ip, email, comments, date) VALUES (0, '{$_POST['username']}', '{$_POST['password']}', 0, 0, $ip, '{$_POST['email']}', $date)");
		if (mysql_query($result)) {
			header ('Location: registered.php');
		} else {
			print "<p>Could not add the entry because: <b>" . mysql_error() . "</b>. The query was $query.</p>";
		}
				// sent registration email
		mail($email, $subject, $message, $header);
    } else {
        // The error array had something in it. There was an error.
        // Start adding error text to an error string.
        $strError = '<div class="formerror"><p>Please check the following and try again:</p><ul>';
        // Get each error and add it to the error string
        // as a list item.
        foreach ($arrErrors as $error) {
            $strError .= "<li>$error</li>";
        }
        $strError .= '</ul></div>';
    }
}
Here is the code for the security code:

Code: Select all

session_start();

// generate  5 digit random number
$rand = rand(10000, 99999);

// create the hash for the random number and put it in the session
$_SESSION['image_random_value'] = md5($rand);

// create the image
$image = imagecreate(60, 30);

// use white as the background image
$bgColor = imagecolorallocate ($image, 255, 255, 255); 

// the text color is black
$textColor = imagecolorallocate ($image, 0, 0, 0); 

// write the random number
imagestring ($image, 5, 5, 8,  $rand, $textColor); 
    
// send several headers to make sure the image is not cached    
// taken directly from the PHP Manual
    
// Date in the past 
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 

// always modified 
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 

// HTTP/1.1 
header("Cache-Control: no-store, no-cache, must-revalidate"); 
header("Cache-Control: post-check=0, pre-check=0", false); 

// HTTP/1.0 
header("Pragma: no-cache");     

// send the content type header so the image is displayed properly
header('Content-type: image/jpeg');

// send the image to the browser
imagejpeg($image);

// destroy the image to free up the memory
imagedestroy($image);

Posted: Tue Jul 18, 2006 11:49 pm
by Benjamin

Code: Select all

if ($_POST['email'] != $_POST['email2'])
                $arrErrors['email'] = 'Please enter your email address.';
                $arrErrors['email2'] = 'Please enter your email address again.';
Should be

Code: Select all

if ($_POST['email'] != $_POST['email2']) {
                $arrErrors['email'] = 'Please enter your email address.';
                $arrErrors['email2'] = 'Please enter your email address again.';
        }
I consider it good practice to always use braces with if statements, or at the very least keep it on one line.

Posted: Tue Jul 18, 2006 11:53 pm
by cturner
Thanks that fixed the email addresses problem but the security code is still not working.

Posted: Tue Jul 18, 2006 11:55 pm
by Benjamin
Try changing...

Code: Select all

if ($_POST['code'] != $_SESSION['image_random_value'])
                $arrErrors['code'] = 'Security code does not match.';
to..

Code: Select all

if (md5($_POST['code']) != $_SESSION['image_random_value']) {
            $arrErrors['code'] = 'Security code does not match.';
        }

Posted: Wed Jul 19, 2006 12:08 am
by cturner
Thanks for the suggestion but it still says that the security code doesn't match the one that is entered into the text box.

Posted: Wed Jul 19, 2006 12:10 am
by Benjamin
Without looking at your code in detail the only thing I can do is encourage you to echo out the variables such as $_SESSION and $_POST so you can debug it yourself and find out what is going wrong.

Code: Select all

echo '<pre>';
print_r($_POST);
print_r($_SESSION);
echo '</pre>';

Re: Validating isn't working???

Posted: Wed Jul 19, 2006 12:35 am
by tecktalkcm0391
Try this: (Untested)

Code: Select all

ob_start();
session_start();

require "config.php";
$arrErrors = array();
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$subject = "Welcome!";
$header = "mail@domain.com";
$message = "Hello ".$username.",\n\n"	  		 
			 ."Thank you registering to make comments on Kevin "
			 ."Humphries website. Your account information is as follows:\n\n"             
             ."Username: ".$username."\n"
             ."Password: ".$password."\n\n"
			 ."Please keep this email for your records. "
             ."If you ever lose or forget your password, a new "
             ."password will be generated for you and sent to this "
             ."email address, if you would like to change your "
             ."email address you can do so by going to the "
             ."My Account page after signing in.\n\n"
             ."Kind regards\n"
			 ."Kevin Humphries";
		
if (!empty ($_POST['Submit'])) {
	if ($_POST ['username'] == '')
		$arrErrors['username'] = 'Please enter a name that will appear on the posted comments.';	
    if ($_POST ['password']=='')
        $arrErrors['password'] = 'Please enter a password.';
    if ($_POST ['email']=='')
        $arrErrors['email'] = 'Please enter your email address.';
    if ($_POST ['code']=='')
        $arrErrors['code'] = 'Please enter the code.';
	if ( !preg_match("/^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/", $_POST['email']) )
    	$arrErrors['email'] = 'Not a valid email address.';
	if ($_POST['email'] != $_POST['email2'])
		$arrErrors['email'] = 'Please enter your email address.';
		$arrErrors['email2'] = 'Please enter your email address again.';
	if ($_POST['code'] != $_SESSION['image_random_value'])
		$arrErrors['code'] = 'Security code does not match.';
		
    if (count($arrErrors) == 0) {
        // If the error array is empty, there were no errors.
        // Insert form processing here.
		$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; // get user's ip address
		$date = date("Y m d"); // get the today's date
		$result = mysql_query ("INSERT INTO comments (id, username, password, cookie, session, ip, email, comments, date) VALUES (0, '{$_POST['username']}', '{$_POST['password']}', 0, 0, $ip, '{$_POST['email']}', $date)");
		if (mysql_query($result)) {
			header ('Location: registered.php');
		} else {
			print "<p>Could not add the entry because: <b>" . mysql_error() . "</b>. The query was $query.</p>";
		}
				// sent registration email
		mail($email, $subject, $message, $header);
    } else {
        // The error array had something in it. There was an error.
        // Start adding error text to an error string.
        $strError = '<div class="formerror"><p>Please check the following and try again:</p><ul>';
        // Get each error and add it to the error string
        // as a list item.
        foreach ($arrErrors as $error) {
            $strError .= "<li>$error</li>";
        }
        $strError .= '</ul></div>';
    }
}
ob_flush();

Code: Select all

ob_start();
session_start();

// generate  5 digit random number
$rand = rand(10000, 99999);

// create the hash for the random number and put it in the session
$_SESSION['image_random_value'] = md5($rand);

// create the image
$image = imagecreate(60, 30);

// use white as the background image
$bgColor = imagecolorallocate ($image, 255, 255, 255); 

// the text color is black
$textColor = imagecolorallocate ($image, 0, 0, 0); 

// write the random number
imagestring ($image, 5, 5, 8,  $rand, $textColor); 
    
// send several headers to make sure the image is not cached    
// taken directly from the PHP Manual
    
// Date in the past 
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 

// always modified 
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 

// HTTP/1.1 
header("Cache-Control: no-store, no-cache, must-revalidate"); 
header("Cache-Control: post-check=0, pre-check=0", false); 

// HTTP/1.0 
header("Pragma: no-cache");     

// send the content type header so the image is displayed properly
header('Content-type: image/jpeg');

// send the image to the browser
imagejpeg($image);

// destroy the image to free up the memory
imagedestroy($image);
ob_flush();