php-beginner

Do you mean by "change behaviors at run time" that I shouldn't call my objects (like message, encryption, formValidator etc.) in the user class, instead call them on the registration script? So that all the objects doesn't form as one system in the user class, but as one system at run time.

Okay, Could you be more specific of what I don't understand. What I know is that objects should be re-usable, thats what I'm doing. And if ever needed in other projects, I could simply use the classes that are already made and leave the classes I don't need. Thanks for your suggestions, I'll take a look at those books.

Great, Thankyou very much for all your help. I have only one question left: Is the way I make use of object orientated programming good? Or did I wrong interpreted the way objects should be handled? You would probably do it differently, but everyone has his own way I think. Anyway, I'm new to OOP and I hope I understand it quite well now.

This does also work but am not sure if this is allowed: I change the message class in my user class to public; I change the function where I "echo" to "return $this->errorMessages;" Now I add this in my registration script to check if the object has been set ... : <?php if(isset($user)){ if($user->message->messageStatus != false){ echo 'Oops...'; echo '<ul>'; foreach($user->error as $msg){ echo '<li>'. $msg .'</li>'; } echo '</ul>'; } } ?> This means that I can remove this code from my user class because this is already set on the registration script: <?php if($this->message->messageStatus != false){ // etc; } ?> This way I don't have to rewrite lots of code.

I don't understand how I could implement this in my code. However, I see that you use $error. But the errors are stored in an array so I can't echo it like that.

Ah ok, I will try to figure that out , Thankyou so far!

So this means I have to cut the output from the processing and parse it within my presentation (html)? Or just set the doctype at top which also solves this problem?

Correct me if I'm wrong but, if the error messages should be at the beginning of the page like the rest of the php code then the error message will be above the doctype. So the error message script should be set in the html part?

My registration form: <?php function __autoload($class){ require('classes/' . strtolower($class) . '.class.php'); } if ($_SERVER['REQUEST_METHOD'] == 'POST'){ if(isset($_POST['firstname'])){ $firstname = $_POST['firstname']; } if(isset($_POST['lastname'])){ $lastname = $_POST['lastname']; } if(isset($_POST['address'])){ $address = $_POST['address']; } if(isset($_POST['postcode'])){ $postcode = $_POST['postcode']; } if(isset($_POST['city'])){ $city = $_POST['city']; } if(isset($_POST['username'])){ $username = $_POST['username']; } if(isset($_POST['password'])){ $password = $_POST['password']; } if(isset($_POST['email'])){ $email = $_POST['email']; } if(isset($_POST['kvk'])){ $kvk = $_POST['kvk']; } try{ $user = new User; $user->createUser($firstname, $lastname, $address, $postcode, $city, $username, $password, $email, $kvk); } catch(Mysql_Exception $error){ echo $error->getError(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>registration</title> <link rel="stylesheet" type="text/css" href="opmaak.css" /> </head> <body> <div id="registration_container"> <form class="registration" method="post" action="registration.php"> <div id="registration_left"> <label class="user">Voornaam: *</label> <input class="registration" type="text" size="10" maxlength="40" name="firstname" <input class="registration_postcode" type="text" size="10" maxlength="40" name="postcode" value="<?php if(isset($firstname)){echo $firstname;} ?>"/> <label class="user">Achternaam: *</label> <input class="registration" type="text" size="10" maxlength="40" name="lastname" value="<?php if(isset($lastname)){echo $lastname;} ?>"/> <label class="user">Adres: *</label> <input class="registration" type="text" size="10" maxlength="40" name="address" value="<?php if(isset($address)){echo $address;} ?>"/> <label class="user_postcode_plaats">Postcode / Plaats: *</label> <input class="registration_postcode" type="text" size="10" maxlength="40" name="postcode" value="<?php if(isset($postcode)){echo $postcode;} ?>"/> <input class="registration_city" type="text" size="10" maxlength="40" name="city" value="<?php if(isset($city)){echo $city;} ?>"/> </div> <div id="registration_right"> <label class="user">Gebruikersnaam: *</label><span class="inputeisen">4 of meer</span> <input class="registration" type="text" size="10" maxlength="40" name="username" value="<?php if(isset($username)){echo $username;} ?>"/> <label class="user">Wachtwoord: *</label><span class="inputeisen">6 of meer</span> <input class="registration" type="text" size="10" maxlength="40" name="password" value="<?php if(isset($password)){echo $password;} ?>"/> <label class="user">E-mail: *</label> <input class="registration" type="text" size="10" maxlength="40" name="email" value="<?php if(isset($email)){echo $email;} ?>"/> <label class="user">KvK nummer:</label> <input class="registration" type="text" size="10" maxlength="40" name="kvk" value="<?php if(isset($kvk)){echo $kvk;} ?>"/> </div> <div id="registration_bottom"> <p>Het KvK nummer is alleen verplicht indien u wilt adverteren met uw bedrijf.<br/> U kunt dit ook later toevoegen.</p> <input class="submit_registration_user" type="submit" value="Registreren"/> </div> </form> </div> </body> </html> My user class (not finished yet): <?php class User{ private $formValidator; private $encryption; private $message; private $mysql; private $query; private $session; private $setQuery; private $row; private $username; private $password; private $activationkey; private $alreadyExist = false; public function __construct(){ $this->formValidator = new Form_Validator; $this->encryption = new Encryption; $this->message = new Message; $this->mysql = new Mysql; $this->query = new Query; $this->session = new Session; } public function login($username, $password){ $this->username = $this->mysql->escapeString($username); $this->password = $this->mysql->escapeString($password); if($this->formValidator->isInvalid($username) || $this->formValidator->isInvalid($password)){ $this->message->addMessages('invalid', 'U heeft ongeldige karakters ingevuld.'); } if($this->message->messageStatus != false){ $this->message->showMessages(); } if($this->formValidator->validatorStatus == false){ $this->password = $this->encryption->encryptPassword($password); $this->setQuery = "SELECT userid FROM users WHERE username='" . $this->username . "' AND password='" . $this->password . "'"; $this->query->runQuery($this->setQuery); if($this->query->returnNumRows() > 0){ $this->setQuery = "SELECT username FROM users WHERE username = '".$this->username."'"; $this->query->runQuery($this->setQuery); $this->row = $this->query->returnFetchArray(); echo "Welkom ".$this->session->createSession($this->row['username']).". "."U bent succesvol ingelogd."; }else{ $this->message->addMessages('invalid_data', 'Uw logingegevens kloppen niet.'); $this->message->showMessages(); } } } public function createUser($firstname, $lastname, $address, $postcode, $city, $username, $password, $email, $kvk){ $this->firstname = $this->mysql->escapeString($firstname); $this->lastname = $this->mysql->escapeString($lastname); $this->address = $this->mysql->escapeString($address); $this->postcode = $this->mysql->escapeString($postcode); $this->city = $this->mysql->escapeString($city); $this->username = $this->mysql->escapeString($username); $this->password = $this->mysql->escapeString($password); $this->email = $this->mysql->escapeString($email); $this->kvk = $this->mysql->escapeString($kvk); if($this->formValidator->isInvalidFirstname($firstname)){ $this->message->addMessages('invalid_firstname', 'Uw voornaam voldoet niet aan de eisen.'); } if($this->formValidator->isInvalidLastname($lastname)){ $this->message->addMessages('invalid_lastname', 'Uw achternaam voldoet niet aan de eisen.'); } if($this->formValidator->isInvalidAddress($address)){ $this->message->addMessages('invalid_address', 'Uw adres voldoet niet aan de eisen.'); } if($this->formValidator->isInvalidPostcode($postcode)){ $this->message->addMessages('invalid_postcode', 'Uw postcode voldoet niet aan de eisen.'); } if($this->formValidator->isInvalidCity($city)){ $this->message->addMessages('invalid_city', 'De plaatsnaam voldoet niet aan de eisen.'); } if($this->formValidator->isInvalidUsername($username)){ $this->message->addMessages('invalid_username', 'De gebruikersnaam voldoet niet aan de eisen.'); } if($this->formValidator->isInvalidPassword($password)){ $this->message->addMessages('invalid_password', 'Het wachtwoord voldoet niet aan de eisen.'); } if($this->formValidator->isInvalidEmail($email)){ $this->message->addMessages('invalid_email', 'Ongeldig e-mailadres.'); } if($this->formValidator->isInvalidKvk($kvk)){ $this->message->addMessages('invalid_kvk', 'Ongeldig KvK nummer.'); } if($this->message->messageStatus != false){ $this->message->showMessages(); } if($this->formValidator->validatorStatus == false){ if($this->alreadyExist == false){ $this->setQuery = "SELECT username FROM users WHERE username='" . $this->username . "'"; $this->query->runQuery($this->setQuery); if($this->query->returnNumRows() > 0){ $this->alreadyExist = true; $this->message->addMessages('username_already_exist', 'Gebruikersnaam bestaat al.'); $this->message->showMessages(); }elseif($this->alreadyExist == false){ $this->setQuery = "SELECT email FROM users WHERE email='" . $this->email . "'"; $this->query->runQuery($this->setQuery); if($this->query->returnNumRows() > 0){ $this->alreadyExist = true; $this->message->addMessages('email_already_exist', 'Er is al een account geregistreerd op dit e-mailadres.'); $this->message->showMessages(); }else{ $this->password = $this->encryption->encryptPassword($password); $this->activationkey = mt_rand() . mt_rand() . mt_rand(); $this->setQuery = " INSERT INTO users (status, username, password, email, activationkey, rights, firstname, lastname, address, postcode, city, kvk) VALUES ('Verify', '".$this->username."', '".$this->password."', '".$this->email."', '".$this->activationkey."', 1, '".$this->firstname."', '".$this->lastname."', '".$this->address."', '".$this->postcode."', '".$this->city."', '".$this->kvk."') "; $this->query->runQuery($this->setQuery); echo "U bent geregistreert. Controleer uw e-mailadres om uw account te activeren."; } } } } } } ?> My message class: <?php class Message{ public $messageStatus = false; public $errorMessages = array(); public function addMessages($type, $message) { if ($type != null && $message != null){ $this->messageStatus = true; $this->errorMessages[$type] = $message; }else{ // error } } public function showMessages() { echo 'Oops...'; echo '<ul>'; foreach ($this->errorMessages as $msg){ echo '<li>'. $msg .'</li>'; } echo '</ul>'; } } ?>

Allright. Well, like I said, I already have a form validator, mysql_real_escape_string, etc. This is all done by different classes. My problem is now that my message class outputs this error but this is not done within the doctype. So I have a bunch of classes inside the user class that handle this registration. The user class checks with other classes if the input is correct etc and if user already exist etc and if not a message is echo'ed by my message class. Now I know that echoing inside a class/object is not the best method, that turns out now So what is the best way to get the errors outputted inside the doctype? Do I have to return the message and echo it somewhere else? If so, where? So far, thankyou for your help.

Also the doctype should still be above the php because when I submit the form, this is what happens: Oops...<ul><li>Uw voornaam voldoet niet aan de eisen.</li><li>Uw achternaam voldoet niet aan de eisen.</li><li>Uw adres voldoet niet aan de eisen.</li><li>Uw postcode voldoet niet aan de eisen.</li><li>De plaatsnaam voldoet niet aan de eisen.</li><li>De gebruikersnaam voldoet niet aan de eisen.</li><li>Het wachtwoord voldoet niet aan de eisen.</li><li>Ongeldig e-mailadres.</li></ul> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>registration</title> <link rel="stylesheet" type="text/css" href="opmaak.css" /> </head> //etc The <ul> isn't presented under the doctype. Or did I misunderstood something?

I thaught that this was better? if ($_SERVER['REQUEST_METHOD'] == 'POST'){ People told me that this is more secure. Also a dutch website confirms this: http://www.pfz.nl/wiki/isset-vs-request-method/

@JKG Lol. I feel like a fool now Thankyou! @Nightslyr Thankyou for your explanation. I will update my code and never forget that because I had that error once. But the whole input validation is already done. The user object and the objects within the user object take care of this.

@JKG No it was not a fix, I am very sorry xD This is because I check if the form has been submitted. If so, then show errors with the user input in form. If not, then show the normal form. This means that with this fix, the user can only see the form if it has been submitted. So users that didn't filled in the form, they can't fill it in because they cannot see it. So this is still the best way i think: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head xmlns='http://www.w3.org/1999/xhtml'> <title>registration</title> <link rel="stylesheet" type="text/css" href="opmaak.css" /> </head> <body> <?php function __autoload($class){ require('classes/' . strtolower($class) . '.class.php'); } if ($_SERVER['REQUEST_METHOD'] == 'POST'){ if(isset($_POST['firstname'])){ $firstname = $_POST['firstname']; } if(isset($_POST['lastname'])){ $lastname = $_POST['lastname']; } if(isset($_POST['address'])){ $address = $_POST['address']; } if(isset($_POST['postcode'])){ $postcode = $_POST['postcode']; } if(isset($_POST['city'])){ $city = $_POST['city']; } if(isset($_POST['username'])){ $username = $_POST['username']; } if(isset($_POST['password'])){ $password = $_POST['password']; } if(isset($_POST['email'])){ $email = $_POST['email']; } if(isset($_POST['kvk'])){ $kvk = $_POST['kvk']; } try{ $user = new User; $user->createUser($firstname, $lastname, $address, $postcode, $city, $username, $password, $email, $kvk); } catch(Mysql_Exception $error){ echo $error->getError(); } ?> <div id="registration_container"> <form class="registration" method="post" action="registration.php"> <div id="registration_left"> <label class="user">Voornaam: *</label> <input class="registration" type="text" size="10" maxlength="40" name="firstname" value="<?php echo $firstname; ?>"/> <label class="user">Achternaam: *</label> <input class="registration" type="text" size="10" maxlength="40" name="lastname" value="<?php echo $lastname; ?>"/> <label class="user">Adres: *</label> <input class="registration" type="text" size="10" maxlength="40" name="address" value="<?php echo $address; ?>"/> <label class="user_postcode_plaats">Postcode / Plaats: *</label> <input class="registration_postcode" type="text" size="10" maxlength="40" name="postcode" value="<?php echo $postcode; ?>"/> <input class="registration_city" type="text" size="10" maxlength="40" name="city" value="<?php echo $city; ?>"/> </div> <div id="registration_right"> <label class="user">Gebruikersnaam: *</label><span class="inputeisen">4 of meer</span> <input class="registration" type="text" size="10" maxlength="40" name="username" value="<?php echo $username; ?>"/> <label class="user">Wachtwoord: *</label><span class="inputeisen">6 of meer</span> <input class="registration" type="text" size="10" maxlength="40" name="password" value="<?php echo $password; ?>"/> <label class="user">E-mail: *</label> <input class="registration" type="text" size="10" maxlength="40" name="email" value="<?php echo $email; ?>"/> <label class="user">KvK nummer:</label> <input class="registration" type="text" size="10" maxlength="40" name="kvk" value="<?php echo $kvk; ?>"/> </div> <div id="registration_bottom"> <p>Het KvK nummer is alleen verplicht indien u wilt adverteren met uw bedrijf.<br/> U kunt dit ook later toevoegen.</p> <input class="submit_registration_user" type="submit" value="Registreren"/> </div> </form> </div> </body> </html> <?php }else{ ?> <div id="registration_container"> <form class="registration" method="post" action="registration.php"> <div id="registration_left"> <label class="user">Voornaam: *</label> <input class="registration" type="text" size="10" maxlength="40" name="firstname"/> <label class="user">Achternaam: *</label> <input class="registration" type="text" size="10" maxlength="40" name="lastname"/> <label class="user">Adres: *</label> <input class="registration" type="text" size="10" maxlength="40" name="address"/> <label class="user_postcode_plaats">Postcode / Plaats: *</label> <input class="registration_postcode" type="text" size="10" maxlength="40" name="postcode"/> <input class="registration_city" type="text" size="10" maxlength="40" name="city"/> </div> <div id="registration_right"> <label class="user">Gebruikersnaam: *</label><span class="inputeisen">4 of meer</span> <input class="registration" type="text" size="10" maxlength="40" name="username"/> <label class="user">Wachtwoord: *</label><span class="inputeisen">6 of meer</span> <input class="registration" type="text" size="10" maxlength="40" name="password"/> <label class="user">E-mail: *</label> <input class="registration" type="text" size="10" maxlength="40" name="email"/> <label class="user">KvK nummer:</label> <input class="registration" type="text" size="10" maxlength="40" name="kvk"/> </div> <div id="registration_bottom"> <p>Het KvK nummer is alleen verplicht indien u wilt adverteren met uw bedrijf.<br/> U kunt dit ook later toevoegen.</p> <input class="submit_registration_user" type="submit" value="Registreren"/> </div> </form> </div> </body> </html> <?php } ?>

Great fix, thankyou (no it was not, see next comment(s))