Registration script not functioning as it should

[Barabas69]

Ok, I've been banging my head against the wall on this "simple" registration script that's not working as desired.  Basically, what it's designed to do is, "clean" the user input and check it for illegal characters, proper syntax in the email, username length and password length as well as does it match the second password input.

 

The roadblock  I was running into was, no matter the length of the password, the check would "fail".  Now, the username is "failing" on the criteria of character content.  In short, no matter what I use for the password, and no matter what I use for the username, they fail.  Below are 2 code blocks.  The top code block contains 2 functions, 1 to "sanitize the user input, and the 2nd to validate email syntax.

 

function sanitizeString(&$input){
    $input = trim($input);
    $input = strip_tags($input);
    $input = htmlentities($input);
    $input = stripslashes($input);
    return mysql_real_escape_string($input);
}

function validateEmail(&$email) {
    $email = trim($email);
    $email2 = $email;
    // Check for invalid characters
if (preg_match('/[\x00-\x1F\x7F-\xFF]/', $email2))
return false;

// Check that there's one @ symbol, and that the lengths are right
if (!preg_match('/^[^@]{1,64}@[^@]{1,255}$/', $email2))
return false;

// Split it into sections to make life easier
$email_array = explode('@', $email2);

// Check local part
$local_array = explode('.', $email_array[0]);
foreach ($local_array as $local_part)
if (!preg_match('/^(([A-Za-z0-9!#$%&\'*+\/=?^_`{|}~-]+)|("[^"]+"))$/', $local_part))
return false;

// Check domain part
if (preg_match('/^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}$/', $email_array[1]) || preg_match('/^\[(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\]$/', $email_array[1]))
return true; // If an IP address
else
{ // If not an IP address
$domain_array = explode('.', $email_array[1]);
if (sizeof($domain_array) < 2)
return false; // Not enough parts to be a valid domain

foreach ($domain_array as $domain_part)
if (!preg_match('/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]))$/', $domain_part))
return false;

return true;
}
}

 

In this 2nd bit I've noted where the problematic fragments are (2) of them and kind of seprated them from the others (using white space) some things are missing as I noted for debugging.

 

if(isset($_POST['submit'])) {
    //make sure that all fields have been filled.
      if(empty($_POST['fname'])|| empty($_POST['lname']) || empty($_POST['user']) || empty($_POST['email']) || empty($_POST['pass']) || empty($_POST['pass1'])) {
          echo "<p class='error' style='width: 50%; margin: auto; background-color: white; font-family: verdana; font-size: .8em; color: red; text-align: center;'>All fields must be filled properly please.</p>";
      }
//Ok, no empty fields? time to assign to  variables.
      else {
        $fname = sanitizeString($_POST['fname']);
        $lname = sanitizeString($_POST['lname']);
        $user = sanitizeString($_POST['user']);
        $email = sanitizeString($_POST['email']);
        $pass = sanitizeString($_POST['pass']);
        $pass1 = sanitizeString($_POST['pass1']);
            
        }
//Making sure the first name contains letters only.  Reports the error.
        if (preg_match('/[^a-zA-Z]/', $fname)){
            echo "<p class='error' style='width: 50%; margin: auto; background-color: white; font-family: verdana; font-size: .8em; color: red; text-align: center;'>Please make sure your first name only consists of letters please.</p>";
        }
//Same function as for the first name.  Reports the error.
        if (preg_match('/[^a-zA-Z]/', $lname)) {
            echo "<p class='error' style='width: 50%; margin: auto; background-color: white; font-family: verdana; font-size: .8em; color: red; text-align: center;'>Please make sure your last name only consists of letter please.</p>";
        }
//Here we want to make sure that usernames only contain letters and numbers and report otherwise... This is reporting wrong now.
        if (preg_match('/[^a-zA-Z0-9]/', $user)) {
            echo "<p class='error' style='width: 50%; margin: auto; background-color: white; font-family: verdana; font-size: .8em; color: red; text-align: center;'>(1)Please make sure your username consists of 6-16 alphanumeric characters.</p>";
        }



//Make sure the username is atleast 6 letters. The next function makes sure it's no longer than 16.  This is a problematic portion.
        if (strlen($user < 6)) {
            echo "<p class='error' style='width: 50%; margin: auto; background-color: white; font-family: verdana; font-size: .8em; color: red; text-align: center;'>(2)Please make sure your username consists of 6-16 alphanumeric characters.</p>";
        }




//I know I could have made both into one function, but It wasn't reporting right...
        if (strlen($user > 16)) {
            echo "<p class='error' style='width: 50%; margin: auto; background-color: white; font-family: verdana; font-size: .8em; color: red; text-align: center;'>(3)Please make sure your username consists of 6-16 alphanumeric characters.</p>";
        }
//This is the most complexed function.  Irony of it is, this works the best.
        if (validateEmail($email) == false) {
            echo "<p class='error' style='width: 50%; margin: auto; background-color: white; font-family: verdana; font-size: .8em; color: red; text-align: center;'>Invalid email syntax.</p>";
        }




//Making sure the password is atleast 6 characters long.  This is the 2nd problematic portion.
        if (strlen($pass < 6)) {
            echo "<p class='error' style='width: 50%; margin: auto; background-color: white; font-family: verdana; font-size: .8em; color: red; text-align: center;'>(1)Passwords must be between 6-16 characters in length.</p>";
        }




        
//This makes sure the password is no longer than 16 letters.
        if (strlen($pass > 16)) {
            echo "<p class='error' style='width: 50%; margin: auto; background-color: white; font-family: verdana; font-size: .8em; color: red; text-align: center;'>(2)Passwords must be between 6-16 characters in length.</p>";
        }
//This makes sure the password typed 2nd time, matches the first (obviously).
        if ($pass != $pass1) {
            echo "<p class='error' style='width: 50%; margin: auto; background-color: white; font-family: verdana; font-size: .8em; color: red; text-align: center;'>Your password does not match.</p>";
        }
//Side note.  the else statements were removed temporarily  for debugging purposes.
      
    }

 

Thank you much, in advance.

[PFMaBiSmAd]

When you have a comparison that is failing, echo (or use var_dump(), if you need to see the type and length as well) on the value right before the comparison to make sure it contains what you expect.

[cags]

In the second block of code you have a couple of instances of code that looks like this...

 

if (strlen($user < 6)) {

 

This is not what you wish to do, it will compare if $user is less than 6 then find the strlen of then answer. I assume what your trying to do is...

 

if(strlen($user) < 6) {

 

As for the first block it's fairly complex and if I'm honest I can't be bothered to go through it with a fine tooth comb. I would recommend echo'ing out something before every individual check in the function, that way you should see how far though it's getting. If you can narrow it down to which bit is failing I'm sure we can give you a reason for it.

[Barabas69]

Thank you both for your replies, I was echoing the variables, and Cags, thank you for that illustration.  As far as the top block that wasn't the problematic section.  I just posted that in case someone wanted/needed to see what those functions were/what they did.

[Barabas69]

Thank you Cags, you made my day lol.

[cags]

No worries. Please remember to click the 'Mark Solved' button (located bottom left of topics you start) when you consider a topic to be solved.