PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sat Dec 15, 2018 12:30 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 25 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Thu Jan 06, 2011 8:08 pm 
Offline
Forum Newbie

Joined: Thu Jan 06, 2011 8:03 pm
Posts: 11
Hello everyone,

I have just finished coding a logion/register/logout script. I am quite new to PHP (this was my first task to begin the learning process!). The scripts now work fine and gets the job done. It incorporates a database and has a number of checks in place. I know that the code is probably pretty ugly however and not as efficient as it could be. Could anyone suggest places where I could improve it or security issues with it? I have tried to secure it against sql injection; it also ensures that no fields are blank and that the two passwords in registration are the same and I have also made username a unique field in database. Thanks in advance for any help or guidance.

index.html
Syntax: [ Download ] [ Hide ]
<html>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="input" action="checklogin.php" method="post">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="password" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="login" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<center>Not a member? <a href="./register.php">Register!</a></center>
</body>
</html>
 


checklogin.php
Syntax: [ Download ] [ Hide ]

<?php
$host="localhost";
$usr="root";
$pwd="******";
$db="*****";
$tbl_name="members";

mysql_connect($host, $usr, $pwd) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

$initialusr = $_POST['username'];
$initialpwd = $_POST['password'];
$secondusr = stripslashes($initialusr);
$secondpwd = stripslashes($initialpwd);
$pswd = mysql_real_escape_string($secondpwd);
$myusr = mysql_real_escape_string($secondusr);
$mypswd= md5($pswd);

$sql="SELECT *FROM $tbl_name WHERE username='$myusr' and password='$mypswd'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if ($count==1) {
session_start();
$_SESSION['username'] = $myusr;
header("location:menu.php");
}
else {
echo "Incorrect Username or Password";
}
?>
 


register.php
Syntax: [ Download ] [ Hide ]
<?php
$host="localhost";
$usr="root";
$pwd="*****";
$db="***********";
$tbl_name="members";

mysql_connect($host, $usr, $pwd) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

if (isset($_POST['register']) && $_POST['username'] && $_POST['password'] && $_POST['confirm'] && $_POST['email'] && $_POST['password'] == $_POST['confirm'])
{
$pwd = mysql_real_escape_string("$_POST[password]");
$md5pwd = md5("$pwd");
$usr = mysql_real_escape_string("$_POST[username]");
$email = mysql_real_escape_string("$_POST[email]");

$query = "INSERT INTO members (username, password, email)
VALUES('$usr', '$md5pwd', '$email')"
;

mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully registered!";
}
else{
?>

<html>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="input" action="register.php" method="post">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Register</strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td>Confirm Password</td>
<td>:</td>
<td><input name="confirm" type="password" id="confirm"></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="register" value="Register"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>
</html>

<?php
}
?>
 


menu.php
Syntax: [ Download ] [ Hide ]
<?php
session_start();
if (!isset($_SESSION['username'])){
header("location:index.html");
}
else {
?>
<html>
<body>
<?php
$username = $_SESSION['username'];
echo "Welcome " . $username . " !";
?>
<br />
<a href = logout.php>Log out</a>
</body>
</html>
<?php
}
?>
 


logout.php
Syntax: [ Download ] [ Hide ]
<?php
session_start();
session_destroy();
header("location:index.html")
?>
 


Last edited by Grinsa on Thu Jan 06, 2011 8:45 pm, edited 3 times in total.

Top
 Profile  
 
PostPosted: Thu Jan 06, 2011 8:28 pm 
Offline
Forum Commoner

Joined: Thu Dec 23, 2010 8:38 pm
Posts: 59
one thing i find is you are declaring the database information in all files..you should be storing those db username and password information in one file as a function and just calling the function in every page...


Top
 Profile  
 
PostPosted: Thu Jan 06, 2011 8:45 pm 
Offline
Forum Newbie

Joined: Thu Jan 06, 2011 8:03 pm
Posts: 11
Thanks for the suggestion. I created the file database.php:

Syntax: [ Download ] [ Hide ]
<?php
$host="localhost";
$usr="root";
$pwd="*****";
$db="***********";
$tbl_name="members";

mysql_connect($host, $usr, $pwd) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());
?>
 


In both checklogin.php and registration.php I removed these lines and added the following at the top of the page.

Syntax: [ Download ] [ Hide ]
include('database.php');
 



One thing I know that I would like to do is make the script return a reason why registration did not proceed if for example a field is left blank. Right now if this is the case or the pw's don't match a blank registration form is returned. Would the best way to do this be to nest if else statements inside the initial if else?


Top
 Profile  
 
PostPosted: Thu Jan 06, 2011 9:26 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13585
Location: New York, NY, US
Moved to Code Critique.

_________________
(#10850)


Top
 Profile  
 
PostPosted: Thu Jan 06, 2011 11:20 pm 
Offline
Forum Newbie

Joined: Thu Jan 06, 2011 8:03 pm
Posts: 11
Sorry about posting it in the wrong section!

I have figured out a way to incorporate error messages. I have also removed functions that stripped the pw both here and in the checklogin.php file since it does not seem necessary when I turn it into a md5 hash. How does this look? Any other suggestions, especially on the security side? For example, I have seen sample scripts utilize utilize magic quotes and addslashes? Is this something I should look into; I googled magic quotes and sites were advising against using it, so I did not look further hoping to keep things simple as I am learning php.

Syntax: [ Download ] [ Hide ]
<?php
include('database.php');

if (!isset($_POST['register']))
       
        {
?>

        <html>
        <body>
        <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
        <tr>
        <form name="input" action="register.php" method="post">
        <td>
        <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
        <tr>
        <td colspan="3"><strong>Register</strong></td>
        </tr>
        <tr>
        <td width="78">Username</td>
        <td width="6">:</td>
        <td width="294"><input name="username" type="text" id="username"></td>
        </tr>
        <tr>
        <td>Password</td>
        <td>:</td>
        <td><input name="password" type="password" id="password"></td>
        </tr>
        <tr>
        <td>Confirm Password</td>
        <td>:</td>
        <td><input name="confirm" type="password" id="confirm"></td>
        </tr>
        <tr>
        <td>Email</td>
        <td>:</td>
        <td><input name="email" type="text" id="email"></td>
        </tr>
        <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td><input type="submit" name="register" value="Register"></td>
        </tr>
        </table>
        </td>
        </form>
        </tr>
        </table>
        </body>
        </html>

<?php
        }

elseif (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['confirm']) || empty($_POST['email']))
       
        {
        echo "One or more fields missing";
        }

elseif ($_POST['password'] != $_POST['confirm'])
       
        {
        echo "Your passwords do not match";
        }

elseif (strlen($_POST['password']) < 8 || strlen($_POST['password']) > 32)
       
        {
        echo "Your password must be between 8 and 32 alphanumeric characters long";
        }

elseif (strlen($_POST['username']) < 6 || strlen($_POST['username']) > 16)
       
        {
        echo "Your username must be between 6 and 16 characters long";
        }

else
        {
        $pwd = md5("$_POST[password]");
        $usr = mysql_real_escape_string("$_POST[username]");
        $email = mysql_real_escape_string("$_POST[email]");


        $query = "INSERT INTO members (username, password, email)
        VALUES('$usr', '$pwd', '$email')"
;
                       
        mysql_query($query) or die(mysql_error());
        mysql_close();

        echo "You have successfully registered!";
        }
?>
 


Top
 Profile  
 
PostPosted: Fri Jan 07, 2011 2:06 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
Don't use md5() for passwords. Go with something like sha512.
Syntax: [ Download ] [ Hide ]
<?php
$password = $_POST['password'];
$hashed_password = hash('sha512', $password);
?>

Give an alternative to your successful query
Syntax: [ Download ] [ Hide ]
<?php
 $sql = mysql_query($query);
 if ($sql) {
  echo 'Registered';
 }
 else {
  echo 'Error occured';
}
?>

Lastly, don't let users see errors like mysql_error(). It can display information about your system that might be used against you. Suppress errors with @ and handle them.

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Fri Jan 07, 2011 3:17 am 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13585
Location: New York, NY, US
A couple of comments. One very common one is that your login script should submit to itself, so the error messages can be shown on the same page as the login form. Then the user does not have to click the back button. Upon success then redirect the user to a page.

Also, you probably should not destroy the whole session when the user logs-out. Sites often use the session on pages that do not require you to be logged-in. Instead assign an array or object to a single session variable clear only it when they logout.

And like was recommended, you might want to separate the database code into functions or classes in separate files. That will create a separation between you Domain code and your Presentation code.

_________________
(#10850)


Top
 Profile  
 
PostPosted: Fri Jan 07, 2011 2:06 pm 
Offline
Forum Newbie

Joined: Thu Jan 06, 2011 8:03 pm
Posts: 11
Thank you for all the great suggestions. I have incorporated a sha512 hash (changed password in database to varchar 128), removed mysql_error()'s from the script (I only had these after I was debugging the script, and forgot to remove), and made it so that the form along with the error is returned so users don't need to backspace. I might have cheated on this last part, however :P, as i simply made a new file form.php with the registration form, and then include('form.php') with each error in registration.php. For the login script, I added include('index.html') for the checklogin.php alongisde the incorrect username/pw error.

Social_experiment: I am a little bit unsure how I would incorporate an alternative to success query with the way I have set it up (i.e. I don't think I can just add another else statment, since the query already is the else statement).

Christopher: would you mind explaining a little more what you mean with the session_destroy:

Quote:
Also, you probably should not destroy the whole session when the user logs-out. Sites often use the session on pages that do not require you to be logged-in. Instead assign an array or object to a single session variable clear only it when they logout.


Thank you very much for all your help. Here is an updated version of the register.php (like I said, form.php is simply the html code for the registration)

Syntax: [ Download ] [ Hide ]
<?php
include('database.php');

if (!isset($_POST['register']))
       
        {
        include ('form.php');
        }

elseif (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['confirm']) || empty($_POST['email']))
       
        {
        echo "One or more fields missing!";
        include ('form.php');
        }

elseif (strlen($_POST['username']) < 6 || strlen($_POST['username']) > 16)
       
        {
        echo "Your username must be between 6 and 16 characters long!";
        include ('form.php');
        }

elseif (ctype_alnum($_POST['username']) == false)
       
        {
        echo "You username must consist of numbers and letters only!";
        include ('form.php');
        }

elseif (strlen($_POST['password']) < 8 || strlen($_POST['password']) > 32)
       
        {
        echo "Your password must be between 8 and 32 characters long!";
        include ('form.php');
        }

elseif ($_POST['password'] != $_POST['confirm'])
       
        {
        echo "Your passwords do not match!";
        include ('form.php');
        }

else

        {
        $initialpwd = $_POST['password'];
        $pwd = hash('sha512', $initialpwd);
        $usr = mysql_real_escape_string("$_POST[username]");
        $email = mysql_real_escape_string("$_POST[email]");

        $query = "INSERT INTO members (username, password, email)
        VALUES('$usr', '$pwd', '$email')"
;
                       
        mysql_query($query) or die("Unable to insert user into database!");
        mysql_close();

        echo "You have successfully registered!";
        }

?>
 


Top
 Profile  
 
PostPosted: Fri Jan 07, 2011 2:39 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13585
Location: New York, NY, US
Grinsa wrote:
Christopher: would you mind explaining a little more what you mean with the session_destroy:
Your website may have areas that require you to be logged-in and public pages (like the home page) that do not require you to be logged-in. Those public pages may also use the session to save information. If you destroy the whole session you will also delete that information.

Instead do something like:
Syntax: [ Download ] [ Hide ]
// login
$_SESSION['login'] = array('username'=>$myusr, /* whatever other data you want to save */);

// logout
$_SESSION['login'] = array();

// check if logged-in
if (isset($_SESSION['login']['username']) {

_________________
(#10850)


Top
 Profile  
 
PostPosted: Fri Jan 07, 2011 3:13 pm 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
Grinsa wrote:
I am a little bit unsure how I would incorporate an alternative to success query with the way I have set it up (i.e. I don't think I can just add another else statment, since the query already is the else statement).

I'm suggestion you keep your variable checking and your query processing more seperate. If your script starts to misbehave your going to sift through multiple conditional statements trying to find why something is not working.

1. Create functions to deal with santizing & check of input.
2. If / else your query so you know exactly where to go and look for errors.

What you are doing isn't wrong, it's just bad practise imo. Clean up the logic slightly is all that i am saying.

Below is a simple example of what i'm talking about
Syntax: [ Download ] [ Hide ]
<?php
 function checkValue($value) {
  if ($value != '') {
   $clean_val = htmlentities($value);
   return $clean_val;
  }
  else {
   $errorMsg[] = "Error here";
  }
 }

 // ----

 $password = checkValue($_POST['password']);

 if (is_array($errorMsg)) {
  echo $errorMsg[0];
 }
 else {
  // at this point errors are not present
  $query = mysql_query("SELECT * FROM table WHERE password = '".
  mysql_real_escape_string($password) ."' ");

  if ($query) {
   // do something
  }
  else {
   // do something else
  }
 }
?>

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Fri Jan 07, 2011 3:27 pm 
Offline
Forum Newbie

Joined: Thu Jan 06, 2011 8:03 pm
Posts: 11
Ah I see what you mean, Christopher. This improvement brought with it another little issue, however. The menu.php (where a successful login directs you) no longer shows the username in the Welcome phrase.

Syntax: [ Download ] [ Hide ]
<?php
session_start();
if (!isset($_SESSION['login']['username']))
        {
        echo "You must be <a href='index.html'>logged in</a> to view this page!";
        }
else
        {
?>

        <html>
        <body>

<?php
        $username = $_SESSION['username'];
        echo "Welcome " . $username . " !";
?>

        <br />
        <a href = logout.php>Log out</a>
        </body>
        </html>

<?php
        }
?>
 


I am not certain what I should define $username as, since it should probably be different due to the array? Also, why is it necessary to include both login and username in the isset statement, rather than just:

Syntax: [ Download ] [ Hide ]
if (!isset($_SESSION['login']['username']))
 


Thank you for your help!


Top
 Profile  
 
PostPosted: Fri Jan 07, 2011 5:09 pm 
Offline
Forum Newbie

Joined: Thu Jan 06, 2011 8:03 pm
Posts: 11
social_experiment wrote:
Grinsa wrote:
I am a little bit unsure how I would incorporate an alternative to success query with the way I have set it up (i.e. I don't think I can just add another else statment, since the query already is the else statement).

I'm suggestion you keep your variable checking and your query processing more seperate. If your script starts to misbehave your going to sift through multiple conditional statements trying to find why something is not working.

1. Create functions to deal with santizing & check of input.
2. If / else your query so you know exactly where to go and look for errors.

What you are doing isn't wrong, it's just bad practise imo. Clean up the logic slightly is all that i am saying.


Thanks for the help social_experiment. I have confused myself quite a bit, however, trying to "clean" my code up. I am still in the early learning process so bear with me on this :P. Here is my attempt at incorporating your suggestion. The script does not function and I am obviously not doing what you had intended since it looks far more complicated than what I initially had. Would you mind pointing me in the right direction, please. Sorry for the confusion.

Syntax: [ Download ] [ Hide ]
<?php
include('database.php');

 function checkEmpty($value) {
  if ($value = '$_POST['username'] || $_POST['password'] || $_POST['confirm'] || $_POST['email']) {
   $clean_val = htmlentities($value);
   return $clean_val;
  }
  else {
   $errorMsg[] = "One or more fields are missing!";
  }
 }

 function checkUsername($value) {
  if ($value = '
strlen($_POST['username']) > 5 || strlen($_POST['username']) < 17') {
   $clean_val = mysql_real_escape_string($value);
   return $clean_val;
  }
  else {
   $errorMsg[] = "Your username must be between 6 and 16 characters long!";
  }
 }

 function alphanumUsername($value) {
  if ($value = '
ctype_alnum($_POST['username']) == true') {
   $clean_val = mysql_real_escape_string($value);
   return $clean_val;
  }
  else {
   $errorMsg[] = "Your username must consist of numbers and letters only!";
  }
 }

 function confirm($value) {
  if ($value = '
$_POST['password'] == $_POST['confirm']') {
   $clean_val = mysql_real_escape_string($value);
   return $clean_val;
  }
  else {
   $errorMsg[] = "Your passwords do not match!";
  }
 }

 function checkPassword($value) {
  if ($value = '
strlen($_POST['password']) > 7 || strlen($_POST['password']) < 33') {
   $clean_val = mysql_real_escape_string($value);
   return $clean_val;
  }
  else {
   $errorMsg[] = "Your password must be between 8 and 32 characters long!";
  }
 }

 $initialpassword = confirm(checkValue($_POST['
password']));
 $pwd = hash('
sha512', $initialpwd);
 $initialusr = checkUsername($_POST['
username']);
 $usr = alphanumUsername($initialusr);
 $email = mysql_real_escape_string("$_POST['
email']");

 echo "You have successfully registered!"; }

 if (is_array($errorMsg)) {
  echo $errorMsg[0];
  include('
form.php');
 }
 else {
  $query = "INSERT INTO members (username, password, email)
  VALUES('
$usr', '$pwd', '$email')";

  if ($query) {
   mysql_query($query) or die("Unable to insert user into database!");
   mysql_close();
  }
  else {
   echo "Registration was unsuccessful!";
  }
 }
?>

 


Last edited by Grinsa on Fri Jan 07, 2011 7:19 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Fri Jan 07, 2011 6:12 pm 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
:) No problem. I understand that you are still learning and my apologies if i have added to your confusion. I've amended the script for you.

Syntax: [ Download ] [ Hide ]
<?php
include('database.php');
 // check empty value
 function checkEmpty($value) {
  if ($value != '') {
   $clean_val = htmlentities($value);
   return $clean_val;
  }
  else {
   $errorMsg[] = "One or more fields are missing!";
  }
 }

 function checkUsername($value) {
  if (strlen($value) > 5 || strlen($value) < 17) {
      return $value;
  }
  else {
   $errorMsg[] = "Your username must be between 6 and 16 characters long!";
  }
 }

 function alphanumUsername($value) {
  if (ctype_alnum($value) == true) {
      return $value;
  }
  else {
   $errorMsg[] = "Your username must consist of numbers and letters only!";
  }
 }

 function confirm($value, $value1) {
  if ($value == $value1) {
     return $value;
  }
  else {
   $errorMsg[] = "Your passwords do not match!";
  }
 }

 function checkPassword($value) {
  if (strlen($value) > 7 || strlen($value) < 33) {
      return $value;
  }
  else {
   $errorMsg[] = "Your password must be between 8 and 32 characters long!";
  }
 }

 //---
 checkempty($_POST['username']);
 checkempty($_POST['password']);
 checkempty($_POST['confirm']);
 checkempty($_POST['email']);

 checkusername($_POST['username']);
 
 alphanumusername($_POST['username']);
 
 confirm($_POST['password'], $_POST['confirm']);
 
 checkpassword($_POST['password']);
 
 // ----
 
 if (is_array($errorMsg)) {
  foreach ($errorMsg as $key) {
   echo 'Error : '. $key .'<br />';
  }
 }
 else {
  $password = hash('sha512', $_POST['password']);
  $username = $_POST['username'];
  $email = $_POST['email'];

  $query = "INSERT INTO members (username, password, email)
  VALUES ('"
. mysql_real_escape_string($username) ."', '". mysql_real_escape_string($password) ."',
  '"
. mysql_real_escape_string($email) ."')";

  $sql = mysql_query($query);

  if ($sql) {
   echo 'Registration successful';
  }
  else {
   echo 'Registration unsuccessful';
  }
 }
?>

Hth.

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Fri Jan 07, 2011 8:19 pm 
Offline
Forum Newbie

Joined: Thu Jan 06, 2011 8:03 pm
Posts: 11
Ah it is far clearer what you were doing now. I sort of had your initial example stuck in my mind and wasn't sure if I should deviate from it and it led to a mess. Now the script that we have doesn't show the registration form (which is what I called for with the include('form.php') in my initial example); this script alone returns "Registration unsuccessful". So I changed the form.php (the html for the registration form) to registration.html and directed it to your above script (renamed it checkregistration.php; I also changed the functions in the latter part of the script to be case sensitive since they didn't match the original functions we defined, e.g. alphanumUsername vs. alphanumusername). Unfortunately, whatever I type into form is automatically successfully registered (even if I type two passwords of unequal length, etc.). What is it that may be causing this? Also, how could we incorporate it all into one file and have the registration form with the error message if something went wrong?

Overall, what is it about this structure that makes it "cleaner code"? It is clearly structured into each part like you said (variable sanitizing and query) but it accomplishes the same goal and even may seem a little more convoluted than the original script? I want to make sure I get into good habits early on so that I don't have to break bad manners :)
Also, I have a question regarding your code: why are both of the following snippets used (they seem redundant to me as they intend to accomplish the same goal) ? Could you please clarify this segment.

Syntax: [ Download ] [ Hide ]
 // check empty value
 function checkEmpty($value) {
  if ($value != '') {
   $clean_val = htmlentities($value);
   return $clean_val;
  }
  else {
   $errorMsg[] = "One or more fields are missing!";
  }
 



Syntax: [ Download ] [ Hide ]
 checkempty($_POST['username']);
 checkempty($_POST['password']);
 checkempty($_POST['confirm']);
 checkempty($_POST['email']);
 



Thank you very much for your help social_experiment (and everyone else), it's very appreciated.


Top
 Profile  
 
PostPosted: Sat Jan 08, 2011 3:58 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
The first script creates the function. I don't know if you have started looking at functions yet. The simplest explanation of a function is to do many things but just code once. So if you wanted to write 'Hello World' 2000 times, you can either write a function that accepts 2000 as a value and prints accordingly OR (not advised) you can write 2000 lines of code.

The second script tests the values from the form. By doing this we see if each value meets the conditions inside the function. If a value is not correct, the function return an array containing an error message. Further down you see the is_array() function, if that finds an array it means there was an error with one of the values and the script stops.

The alphanum problem is explain below :)
Syntax: [ Download ] [ Hide ]
<?php
 // this is incorrect (err on my part)
 alphanumusername($_POST['username']);
 // it should be this. Functions like variables are case-sensitive
 alphanumUsername($_POST['username']);
?>

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 25 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: Majestic-12 [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group