Page 1 of 1

need help with simple form validator

Posted: Wed Aug 02, 2006 6:08 pm
by dknight3
okay, so i have a form (http://www.freescripts.exofire.net/test/register.html) and it posts to register.php

here is my register.php

Code: Select all

<?php
require 'config.php';
mysql_connect(localhost,$username,$password);
mysql_select_db(dknight3_users) or die( "Unable to select database");

$_POST = array_map('strip_tags', $_POST);

if (strlen($_POST['username']) < 3){
if (strlen($_POST['username']) > 20){
if ($_POST['username'] !== NULL){
$_POST['username'] = $username;
}else{
$error = 'Please enter a desired username!';
}
}else{
$error = 'Username to long!';
}
}else{
$error = 'Username is to short!';
}

if (strlen($_POST['password']) < 3){
if (strlen($_POST['password']) > 20){
if ($_POST['password'] == $_POST['repassword']){
if ($_POST['password'] !== NULL){
$_POST['password'] = $password;
}else{
$error = 'Please enter a password!';
}
}else{
$error = 'Your passwords do not match!';
}
}else{
$error = 'Password to long!';
}
}else{
$error = 'Password is to short!';
}

if ($_POST['email'] == $_POST['reemail']){
if ($_POST['email'] !== NULL){
if (checkemail($_POST['email'])){
if (duplicateemail($_POST['email'])){
$_POST['email'] = $email;
}else{
$error = 'Your email address has already been registered!';
}
}else{
$error = 'Invalid email address!';
}
}else{
$error = 'Please enter an Email address!';
}
}else{
$error = 'Your emails do not match!';
}

if (ctype_alpha($_POST['firstname'])){
if (strlen($_POST['firstname']) > 2){
if (strlen($_POST['firstname']) < 20){
if ($_POST['firstname'] !== NULL){
$_POST['firstname'] = $firstname;
}else{
$error = 'Please enter your first name!';
}
}else{
$error = 'First name to long!';
}
}else{
$error = 'First name is to short!';
}
}else{
$error = 'First name contains invalid characters!';
}

if (ctype_alpha($_POST['lastname'])){
if (strlen($_POST['lastname']) < 20){
$_POST['lastname'] = $lastname;
}else{
$error = 'Last name to long!';
}
}else{
$error = 'last name contains invalid characters!';
}

if (strlen($_POST['age']) < 3){
if (ctype_digit($_POST['age'])){
$_POST['age'] = $age;
}else{
$error = 'Age is not valid!';
}
}else{
$error = 'Age is to long!';
}

if ($_POST['sex'] !== NULL){
$_POST['sex'] = $sex;
}else{
$error = 'Please select your sex!';
}

if (strlen($_POST['icq']) < 25){
$_POST['icq'] = $icq;
}else{
$error = 'icq is to long!';
}

if (strlen($_POST['msn']) < 25){
$_POST['msn'] = $msn;
}else{
$error = 'msn is to long!';
}

if (strlen($_POST['aim']) < 25){
$_POST['aim'] = $aim;
}else{
$error = 'aim is to long!';
}

if (strlen($_POST['yim']) < 25){
$_POST['yim'] = $yim;
}else{
$error = 'yim is to long!';
}

if (strlen($_POST['location']) < 50){
$_POST['location'] = $location;
}else{
$error = 'Location is to long!';
}

$_POST['website'] = $website;

if (strlen($_POST['about']) < 10000){
$_POST['about'] = $about;
}else{
$error = 'To much info about you, i didnt ask for your life story.';
}

if (strlen($_POST['hobbys']) < 10000){
$_POST['hobbys'] = $hobbys;
}else{
$error = 'You have way to many hobbies.';
}

if (strlen($_POST['additional']) < 10000){
$_POST['additional'] = $additional;
}else{
$error = 'To much additional info.';
}

if($error=NULL){
mysql_query("INSERT INTO users VALUES('','$username','$password','$email','$firstname','$lastname','$age','$sex','$icq','$msn','$aim','$yim','$location','$website','$about','$hobbys','$additional')") or die(mysql_error());

$to      = $email;
$subject = 'Activate your' . $websitename . 'account!';
$message = 'Thank you for creating an account with' . $websitename . 'to activate your account click on the following link or copy and paste it into your browsers address bar.<br>' . $websiteurl . 'activate.php&email=' . $email;
$headers = 'From:' . $webmasteremail . "\r\n" .
   'Reply-To:' . $webmasteremail . "\r\n" .
   'X-Mailer: PHP/' . phpversion();

if (mail($to, $subject, $message, $headers)){
echo'<center>Your account has been created successfully!<br>Check you email for instructions on how to activate your account.</center>';
}
}else{
echo $error . '<br><a href="javascript: history.go(-1)">Go Back</a>';
echo $error;
}




function checkemail($email)
{
 $pos = strpos($email, '@');
 if ($pos === false){
  return false;
 }
 else
 {
  $pos = strpos($email, '.', $pos);
  if ($pos === false){
   return false;
  }
  else
  {
   list($user, $mailDomain) = split("@", $email);
   if (myCheckDNSRR($mailDomain, "MX")) {
    return true;
   }
   else 
   {
    return false;
   }
  }
 }
}


function myCheckDNSRR($hostName, $recType = '')
{
 if(!empty($hostName)) {
   if( $recType == '' ){
    $recType = "MX";
   }
   exec("nslookup -type=$recType $hostName", $result);
   foreach ($result as $line) {
     if(eregi("^$hostName",$line)) {
       return true;
     }
   }
   return false;
 }
 return false;
}


function duplicateemail($email)
{
$query = "SELECT * FROM users WHERE email=$email";
if ($result = mysql_query($query) and mysql_num_rows($result)){
	return false;
}else{
	return true;
}
}

mysql_close();
?>
for some reason all i get is the "go back" link no matter what! thanks for the help guys!

Posted: Thu Aug 03, 2006 12:52 am
by dknight3
can someone please help me with this problem?

Posted: Thu Aug 03, 2006 1:03 am
by Benjamin
Wrong

Code: Select all

if($error=NULL){
Better

Code: Select all

if($error == null){

Posted: Thu Aug 03, 2006 1:37 am
by dknight3
awww, its always somthing simple like that, thanks a lot man! appreciate it.

Posted: Thu Aug 03, 2006 1:47 am
by Benjamin
It doesn't look like your initializing the $error variable. You may want to use empty instead..

Code: Select all

if(empty($error)){

Posted: Thu Aug 03, 2006 2:37 am
by dknight3
i dont understand.

Posted: Thu Aug 03, 2006 2:49 am
by Benjamin
If there isn't an error, your $error variable never gets set so it doesn't exist. PHP will issue a Notice when you try to compare the value of an unset variable with something. The code will work fine either way, but some would say that if a Notice error is being triggered the code isn't written correctly. The empty function, as shown above, will not issue a Notice when the variable your checking isn't set.

Posted: Thu Aug 03, 2006 3:01 am
by dknight3
so if i say,

if $error == NULL
it calls the error variable and since its not set it has some sort of invisible error that doesnt matter.

and if i say empty($error) it never calls error, it just sees if its empty, thus not producing the error?

Posted: Thu Aug 03, 2006 3:05 am
by Benjamin
That is correct, however the error may or may not be visible depending on your error reporting settings and whether display errors in php.ini is turned on or off.

Posted: Thu Aug 03, 2006 3:05 am
by JayBird
dknight3 wrote:so if i say,

if $error == NULL
it calls the error variable and since its not set it has some sort of invisible error that doesnt matter.
The error isn't invisible, it is just because you have NOTICES turned off in your php.ini.
dknight3 wrote:and if i say empty($error) it never calls error, it just sees if its empty, thus not producing the error?
Yup

Posted: Thu Aug 03, 2006 4:28 am
by dknight3
hmmm im having trouble with the checkemail function its not working, it will always make the account

Posted: Thu Aug 03, 2006 5:01 am
by dknight3
heres my new code

Code: Select all

<?php
require 'config.php';
mysql_connect(localhost,$sql_username,$sql_password);
mysql_select_db($sql_db) or die( "Unable to select database");

$_POST = array_map('strip_tags', $_POST);

if (strlen($_POST['username']) > 3){
if (strlen($_POST['username']) < 20){
if ($_POST['username'] !== NULL){
if (duplicateusername($_POST['username'])){
$username = $_POST['username'];
}else{
$error = 'Username currently in use!';
}
}else{
$error = 'Please enter a desired username!';
}
}else{
$error = 'Username to long!';
}
}else{
$error = 'Username is to short!';
}

if (strlen($_POST['password']) > 3){
if (strlen($_POST['password']) < 20){
if ($_POST['password'] == $_POST['repassword']){
if ($_POST['password'] !== NULL){
$password = crypt($_POST['password']);
}else{
$error = 'Please enter a password!';
}
}else{
$error = 'Your passwords do not match!';
}
}else{
$error = 'Password to long!';
}
}else{
$error = 'Password is to short!';
}

if ($_POST['email'] == $_POST['reemail']){
if ($_POST['email'] !== NULL){
if (checkemail($_POST['email'])){
if (duplicateemail($_POST['email'])){
$email = $_POST['email'];
}else{
$error = 'Your email address has already been registered!';
}
}else{
$error = 'Invalid email address!';
}
}else{
$error = 'Please enter an Email address!';
}
}else{
$error = 'Your emails do not match!';
}

if (ctype_alpha($_POST['firstname'])){
if (strlen($_POST['firstname']) > 2){
if (strlen($_POST['firstname']) < 20){
if ($_POST['firstname'] !== NULL){
$firstname = $_POST['firstname'];
}else{
$error = 'Please enter your first name!';
}
}else{
$error = 'First name to long!';
}
}else{
$error = 'First name is to short!';
}
}else{
$error = 'First name contains invalid characters!';
}

if (ctype_alpha($_POST['lastname'])){
if (strlen($_POST['lastname']) < 20){
$lastname = $_POST['lastname'];
}else{
$error = 'Last name to long!';
}
}else{
$error = 'last name contains invalid characters!';
}

if (strlen($_POST['age']) < 3){
if (ctype_digit($_POST['age'])){
$age = $_POST['age'];
}else{
$error = 'Age is not valid!';
}
}else{
$error = 'Age is to long!';
}

$sex = $_POST['sex'];

if (strlen($_POST['icq']) < 25){
$icq = $_POST['icq'];
}else{
$error = 'icq is to long!';
}

if (strlen($_POST['msn']) < 25){
$msn = $_POST['msn'];
}else{
$error = 'msn is to long!';
}

if (strlen($_POST['aim']) < 25){
$aim = $_POST['aim'];
}else{
$error = 'aim is to long!';
}

if (strlen($_POST['yim']) < 25){
$yim = $_POST['yim'];
}else{
$error = 'yim is to long!';
}

if (strlen($_POST['location']) < 50){
$location = $_POST['location'];
}else{
$error = 'Location is to long!';
}

$_POST['website'] = $website;

if (strlen($_POST['about']) < 10000){
$about = $_POST['about'];
}else{
$error = 'To much info about you, i didnt ask for your life story.';
}

if (strlen($_POST['hobbies']) < 10000){
$hobbies = $_POST['hobbies'];
}else{
$error = 'You have way to many hobbies.';
}

if (strlen($_POST['additional']) < 10000){
$additional = $_POST['additional'];
}else{
$error = 'To much additional info.';
}

if(empty($error)){
mysql_query("INSERT INTO users VALUES('','$username','$password','$email','$firstname','$lastname','$age','$sex','$icq','$msn','$aim','$yim','$location','$website','$about','$hobbys','$additional','0','')") or die(mysql_error());

$to      = $email;
$subject = 'Activate your' . $websitename . 'account!';
$message = 'Thank you for creating an account with' . $websitename . 'to activate your account click on the following link or copy and paste it into your browsers address bar.<br>' . $websiteurl . 'activate.php&email=' . $email;
$headers = 'From:' . $webmasteremail . "\r\n" .
   'Reply-To:' . $webmasteremail . "\r\n" .
   'X-Mailer: PHP/' . phpversion();

if (mail($to, $subject, $message, $headers)){
echo'<center>Your account has been created successfully!<br>Check you email for instructions on how to activate your account.</center>';
}
}else{
echo $error . '<br><a href="javascript: history.go(-1)">Go Back</a>';
}




function checkemail($email)
{
 $pos = strpos($email, '@');
 if ($pos === false){
  return false;
 }
 else
 {
  $pos = strpos($email, '.', $pos);
  if ($pos === false){
   return false;
  }
  else
  {
   list($user, $mailDomain) = split("@", $email);
   if (myCheckDNSRR($mailDomain, "MX")) {
    return true;
   }
   else 
   {
    return false;
   }
  }
 }
}


function myCheckDNSRR($hostName, $recType = '')
{
 if(!empty($hostName)) {
   if( $recType == '' ){
    $recType = "MX";
   }
   exec("nslookup -type=$recType $hostName", $result);
   foreach ($result as $line) {
     if(eregi("^$hostName",$line)) {
       return true;
     }
   }
   return false;
 }
 return false;
}


function duplicateemail($emailtocheck)
{
$query = "SELECT * FROM users WHERE email='$emailtocheck'";
$result = mysql_query($query) or die(mysql_error());
$num = mysql_num_rows($result) or die(mysql_error());
if ($num > 0){
	return false;
}else{
	return true;
}
}

function duplicateusername($usernametocheck)
{
$query = "SELECT * FROM users WHERE username='$usernametocheck'";
$result = mysql_query($query) or die(mysql_error());
$num = mysql_num_rows($result) or die(mysql_error());
if ($num > 0){
	return false;
}else{
	return true;
}
}

mysql_close();
?>
the problem is that everytime you enter a email address that isnt in the database already it will just bring you to a blank screen, but if you enter a email that is already in the database it will work and say its already registered, i dont get it..