[SOLVED] Form Validation (with php, not javascript)

[alconebay]

I am using roscripts registration script. After a user registers I have "mkdir" create a directory that is the same as their username. So all usernames have to be directory friendly names. I would like to set up form validation for register.php that only allows letter/number/dashes and no spaces in the username field.

 

I have read a few tutorials and it looks like I will need to implement the code below into roscrips register.php but I'm not sure how to do it. Also, will that code stop spaces?

 

/[^a-zA-Z0-9\-\ ]+$/

 

Also, will that code above stop spaces?

 

Thanks

 

Register.php:

 

<?php

require_once('login/settings.php');

 

if ( array_key_exists ( '_submit_check', $_POST ) )

{

if ( $_POST['username'] != '' && $_POST['password'] != '' && $_POST['password'] == $_POST['password_confirmed'] && $_POST['email'] != '' && valid_email ( $_POST['email'] ) == TRUE )

{

if ( ! checkUnique ( 'Username', $_POST['username'] ) )

{

$error = 'Username already taken. Please try again!';

}

elseif ( ! checkUnique ( 'Email', $_POST['email'] ) )

{

$error = 'The email you used is associated with another user. Please try again or use the "forgot password" feature!';

}

else {

$query = $db->query ( "INSERT INTO " . DBPREFIX . "users (`Username` , `Password`, `date_registered`, `Email`, `Random_key`) VALUES (" . $db->qstr ( $_POST['username'] ) . ", " . $db->qstr ( md5 ( $_POST['password'] ) ).", '" . time () . "', " . $db->qstr ( $_POST['email'] ) . ", '" . random_string ( 'alnum', 32 ) . "')" );

 

$getUser = "SELECT ID, Username, Email, Random_key FROM " . DBPREFIX . "users WHERE Username = " . $db->qstr ( $_POST['username'] ) . "";

 

if ( $db->RecordCount ( $getUser ) == 1 )

{

$row = $db->getRow ( $getUser );

 

$subject = "Activation email from " . DOMAIN_NAME;

 

$message = "Dear ".$row->Username.", this is your activation link to join our website. In order to confirm your membership please click on the following link: <a href=\"" . APPLICATION_URL . "confirm.php?ID=" . $row->ID . "&key=" . $row->Random_key . "\">" . APPLICATION_URL . "confirm.php?ID=" . $row->ID . "&key=" . $row->Random_key . "</a> <br /><br />Thank you for joining";

 

if ( send_email ( $subject, $row->Email, $message ) ) {

$msg = 'Account registered. Please check your email for details on how to activate it.';

}

else {

$error = 'I managed to register your membership but failed to send the validation email. Please contact the admin at ' . ADMIN_EMAIL;

}

}

else {

$error = 'User not found. Please contact the admin at ' . ADMIN_EMAIL;

}

}

}

else {

$error = 'There was an error in your data. Please make sure you filled in all the required data, you provided a valid email address and that the password fields match one another.';

}

}

?>

<?php

session_start();

include ("../include/doctype.php");

?>

<title>New User Registration</title>

</head>

<body>

<div id="login">

<?php

include ("login_div_master.php");

?>

</div>

<div id="puplogo"></div>

<?php

include ("../include/menu.php");

?><div id="teaser">

<div class="wrap">

<div class="box">

</div>

</div>

</div>

 

<?php

include ("../include/bar.php");

?><div class="wrap">

<div class="fullpage"> <div id="log">

<?php if ( isset ( $error ) ) { echo ' <p class="error">' . $error . '</p>' . "\n"; } ?>

<?php if ( isset ( $msg ) ) { echo ' <p class="msg">' . $msg . '</p>' . "\n"; } else {//if we have a mesage we don't need this form again.?>

</div>

 

<div id="container" style="width:230px;">

<form action="<?=$_SERVER['PHP_SELF']?>" method="post">

<input type="hidden" name="_submit_check" value="1"/>

 

<label for="username">Username</label>

<input class="input" type="text" id="username" name="username" size="32" value="<?php if(isset($_POST['username'])){echo $_POST['username'];}?>" />

 

<label for="password">Password</label>

<input class="input" type="password" id="password" name="password" size="32" value="" />

 

<label for="password_confirmed">Re-Password</label>

<input class="input" type="password" id="password_confirmed" name="password_confirmed" size="32" value="" />

 

<label for="email">Email</label>

<input class="input" type="text" id="email" name="email" size="32" value="<?php if(isset($_POST['email'])){echo $_POST['email'];}?>" />

 

<input type="image" name="register" value="register" class="submit-btn" src="login/images/btn.gif" alt="submit" title="submit" />

<div class="clear"></div>

</form>

</div>

<? } ?>

</div>

</div>

<div class="clear"></div>

<div class="clear"></div>

<?php

include ("../include/footer.php");

?><?php

include ("../include/analytics.php");

?></body>

</html>

[Skittalz]

Try using the PHP ereg function

 

Its explained here

 

http://us.php.net/ereg

 

Cheers

[alconebay]

Thanks, I couldent figure out how to use ereg in the script but I got it working using ctype_alnum.

Here is my updated register.php with the added validation in bold:

 

<?php

require_once('login/settings.php');

$username=$_POST['username'];

if ( array_key_exists ( '_submit_check', $_POST ) )

{

if ( $_POST['username'] != '' && $_POST['password'] != '' && $_POST['password'] == $_POST['password_confirmed'] && $_POST['email'] != '' && valid_email ( $_POST['email'] ) == TRUE )

{

if ( ! checkUnique ( 'Username', $_POST['username'] ) )

{

$error = 'Username already taken. Please try again!';

}

elseif ( ! checkUnique ( 'Email', $_POST['email'] ) )

{

$error = 'The email you used is associated with another user. Please try again or use the "forgot password" feature!';

}

 

elseif ( ! ctype_alnum($username))

{

$error = 'Username must contain only letters and/or numbers. No spaces or special characters.';

}

else