Jump to content

Getting un-wanted error's

andy_b_1502

By andy_b_1502
in PHP Coding Help

 Share

Recommended Posts

andy_b_1502 Regular Member

andy_b_1502

Posted
Posted

Hi,

 

I am getting un-wanted error messages with this register form. It should just go through to insert into db table but i keep getting:

 

"You must enter a valid address

Your invalid company description was:"

 

Here's the code.... register00.php:

 

<?PHP
session_start();
include('db.php');
/* set some validation variables */	 
if (isset($_POST['Submit'])){
$error_message = "";

/* DEFINE THE FUNCTION */
/* ============================================== */
/* ============================================== */
/* DO NOT MODIFY THIS FUNCTION */
function Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path) {
$s_path = trim($s_path);
$o_path = trim($o_path);
$save = $s_path . $save;
$file = $o_path . $file;
//	$ext = strtolower(end(explode('.',$save)));	
$a = explode('.', $save);
$ext = strtolower(end($a)); unset($a);

list($width, $height) = getimagesize($file) ; 
if(($width>$t_w) OR ($height>$t_h)) {
	$r1 = $t_w/$width;
	$r2 = $t_h/$height;
	if($r1<$r2) {
	  $size = $t_w/$width;
	}else{
	  $size = $t_h/$height;
	}
}else{
	$size=1;
}
$modwidth = $width * $size; 
$modheight = $height * $size; 
$tn = imagecreatetruecolor($modwidth, $modheight) ; 
switch ($ext) {
	case 'jpg':
	case 'jpeg':
				$image = imagecreatefromjpeg($file) ; 
	break;
	case 'gif':
				$image = imagecreatefromgif($file) ; 
	break;
	case 'png':
				$image = imagecreatefrompng($file) ; 
	break;
}
imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; 
imagejpeg($tn, $save, 100) ; 
return;
}
/* 		END OF RESIZE FUNCTION */

//This is the directory where images will be saved 
$target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES/"; 
$target = $target . basename( $_FILES['upload']['name']); 

// Connects to your Database 
// session_start();
// include ('db.php');

//This gets all the other information from the form 
/* ============================================== */
/* ============================================== */
/* YOU NEED TO DO SOME VALIDATION AND SANITIZING OF YOUR FORM DATA */


if((!isset($_POST['company_name'])) || (strlen(trim($_POST['company_name'])) <5) || (trim($_POST['company_name']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['company_name'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid company name<br>";
$error_message .= "Valid names  are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .="Your invalid company name was: <font color=\"red\">" . $_POST['company_name'] . "</font><hr>";
}
/* END validating company_name */
/* =============================================== */

if((!isset($_POST['contact_name'])) || (strlen(trim($_POST['contact_name'])) <5) || (trim($_POST['contact_name']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['contact_name'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid contact name<br>";
$error_message .= "Valid names are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid contact name was: <font color=\"red\">" . $_POST['contact_name'] . "</font><hr>";
}
/* END validating contact_name */
/* =============================================== */



if((!isset($_POST['phone'])) || (strlen(trim($_POST['phone'])) <5) || (trim($_POST['phone']) != preg_replace("/[^0-9\s\-\_]/", "", trim($_POST['phone'])))) {
/* if it is NOT set, then set the error variable and start building the error message */
$error_message .= "You must enter a valid phone<br>";
$error_message .= "Valid phones are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid phone was: <font color=\"red\">" . $_POST['phone'] . "</font><hr>";
}else{
$phone = trim($_POST['phone']);
}

/* END validating phone */
/* =============================================== */

/* =============================================== */
/* validating the email */
/* create a function */
function validateEmailAddress($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email);
}
if(!isset($_POST['email']) || validateEmailAddress($_POST['email']) !=1) {
$error_message .= "You must enter a valid email address<br>";
$error_message .= "The invalid email was: <font color=\"red\">" . $_POST['email'] . "</font><hr>";
}
/* END validating email */
/* =============================================== */

if((!isset($_POST['street1'])) || (strlen(trim($_POST['street1'])) <5) || (trim($_POST['street1']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['street1'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid address<br>";
$error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['street1'] . "</font><hr>";
}
/* END validating street1 */
/* =============================================== */
/*
if((!isset($_POST['street2'])) || (strlen(trim($_POST['street2'])) <5) || (trim($_POST['street2']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['street2'])))) { 
*/
/* if username is bad start building the error message */
/*
$error_message = "You must enter a valid address<br>";
$error_message = $error_message . 'Your invalid name was: <font color="red">' . $_POST['street2'] . "</font><hr>";
}
*/
/* END validating street2 */
/* =============================================== */

if((!isset($_POST['premiumuser_description'])) || (strlen(trim($_POST['premiumuser_description'])) <5) || (trim($_POST['premiumuser_description']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['premiumuser_description'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a Please add a Company Description<br>";
$error_message .= "Your invalid Please add a Company Description was: <font color=\"red\">" . $_POST['premiumuser_description'] . "</font><hr>";
}
/* END validating premiumuser_description */
/* =============================================== *


/* =============================================== */
/*
this section of code will set up an error message for the
username if ANY of the conditions occur
1) checks to see if $_POST['username'] is NOT set
2) if length of username is less than 5
3) if username has anything other than letter, numbers or underscores
*/
if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid username<br>";
$error_message .= "Valid usernames are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['username'] . "</font><hr>";
}
/* END validating username */
/* =============================================== */


/* =============================================== */
/*
this section of code will set up an error message for the
password if ANY of the conditions occur
1) checks to see if $_POST['upassword'] is NOT set
2) if length of upassword is less than 5
3) if upassword has anything other than letter, numbers or underscores
*/
if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))) {
/* if it is NOT set, then set the error variable and start building the error message */
$error_message .= "You must enter a valid password<br>";
$error_message .= "Valid passwords are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid password was: <font color=\"red\">" . $_POST['password'] . "</font><hr>";
}else{
$password = trim($_POST['password']);
}
/* END validating password */
/* =============================================== */

/* =============================================== */
/* check to see if username is already taken */
$username = mysql_real_escape_string(trim($_POST['username']));

$query1 = "SELECT username from companies WHERE username = '$username'";
$result1 = mysql_query($query1)  or die(mysql_error());
$count = mysql_num_rows($result1);
if($count>0) {
$error_message .= "The username: <font color=\"red\">" . $_POST['username'] . "</font> is taken.<hr>";
}

/* =============================================== */
/* if any of the post variables are invalid */
/* set the session variable and send back to the form page */
/*
NOT USED IN THIS EXAMPLE
if(strlen(trim($error_message))>0) {
$_SESSION['error_message'] =$error_message;
//	header("Location: register00.php");
//	exit();
}
*/
/* =============================================== */

$uploadDir = 'images/COMPANIES'; /* main picture folder */
$max_height = 450;	/* 	largest height you allowed; 0 means any */
$max_width = 450; /*  largest width you allowed; 0 means any */
$max_file = 2000000;  /*  set the max file size in bytes */
$image_overwrite = 1;	 /* 0 means overwite; 1 means new name */
/* add or delete allowed image types */
$allowed_type01 = array(	"image/gif", 	"image/pjpeg", "image/jpeg", 	"image/png", "image/x-png", "image/jpg");
$do_thumb = 1;	 /*  1 make thumbnails; 0 means do NOT make */
$thumbDir = "/images/thumbs";  /*  thumbnail folder */
$thumb_prefix = "";  /*  prefix for thumbnails */
$thumb_width = 90; /*  max thumb width */
$thumb_height = 70;	// max thumb height

//Writes the photo to the server 
if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { 
/* HERE IS WHERE WE WILL DO THE ACTUAL RESIZING */ 
/* ============================================== */
/* ============================================== */
/* THESE SIX PARAMETERS MAY BE CHANGED TO SUIT YOUR NEEDS */
$upload = $_FILES['upload']['name'];
$o_path ="images/COMPANIES/";
$s_path = "images/thumbs/";
$file = $upload;
$save = $file;
$t_w = 200;
$t_h = 150;
/* ============================================== */
/* ============================================== */
/* DO NOT CHANGE THIS NEXT LINE */
Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path);

 //Tells you if its all ok 
/* ============================================== */
/* ============================================== */
/* PROVIDE A WAY FOR THEM TO GO SOMWHERE */
$error_message .= "The file ". $file . " has been uploaded, and your information has been added to the directory"; 

}else { 
//Gives and error if its not 
/* ============================================== */
/* ============================================== */
/* PROVIDE A WAY FOR THEM TO GO SOMWHERE */
$error_message .= "Sorry, there was a problem uploading your file."; 
}


/* =============================================== */
/* PREPARE DATA FOR INSERTION INTO TABLE */
/* FUNCTION TO CREATE SALT */
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}


//Writes the information to the database 
/* ============================================== */
/* ============================================== */
/* 
ALWAYS WRITE YOUR QUERIES AS STRINGS
THAT WAY WHEN TESTING, YOU CAN MAKE
SURE THAT THE VALUES CONTAIN WHAT YOU EXPECT
*/

if(empty($error_message)){  
$salt = createsalt();
$password = trim($_POST['password']);
$hash = hash('sha256', $salt, $password);
$approved = 0; 

$company_name = mysql_real_escape_string(trim($_POST['company_name']));
$contact_name = mysql_real_escape_string(trim($_POST['contact_name']));
$location = mysql_real_escape_string(trim($_POST['location']));
$postcode = mysql_real_escape_string(trim($_POST['postcode']));
$street1 = mysql_real_escape_string(trim($_POST['street1']));
$street2 = mysql_real_escape_string(trim($_POST['street2']));
$city = mysql_real_escape_string(trim($_POST['city']));
$phone = mysql_real_escape_string(trim($_POST['phone']));
$email = mysql_real_escape_string(trim($_POST['email']));
$premiumuser_description = mysql_real_escape_string(trim($_POST['premiumuser_description']));
$salt = mysql_real_escape_string($salt);
$upload = mysql_real_escape_string($upload);	
$query ="INSERT INTO `companies` (company_name, contact_name, location, postcode, street1, street2, city, phone, email, premiumuser_description, password, salt, approved, upload) VALUES ('$company_name', '$contact_name', '$location', '$postcode', '$street1', '$street2', '$city', '$phone', '$email', '$premiumuser_description', '$password', '$salt', '$approved', '$upload')";
$result = mysql_query($query) or die(mysql_error()); 
/* =============================================== */

/*
at this point we can send an email to the admin as well
as the user. 
DO NOT send the user's password to ANYONE!!!!
*/ 

}//if(empty($error_message))
}//if (isset($_POST['submit']))
?>

<html>
<body>
<?php
if (!empty($error_message)){ echo $error_message; }
?>
<form enctype="multipart/form-data" method="post" action="register00.php">
<table width="316" border="0"> 
<tr><td colspan=2><h1>Register/Sign Up</h1></td></tr> 
<tr><td>Company Name:</td><td> 
<input name="company_name" type="text" id="company_name" value="<?php
if (isset($_POST['company_name'])){ echo $_POST['company_name']; } ?>" />
</td></tr>
<tr><td>Contact Name:</td><td> 
<input name="contact_name" type="text" id="contact_name" value="<?php
if (isset($_POST['contact_name'])){ echo $_POST['contact_name']; } ?>" />
</td></tr>
<tr><td>Contact Number:</td><td> 
<input name="phone" type="number" id="phone" value="<?php
if (isset($_POST['phone'])){ echo $_POST['phone']; }else{ echo "incl. area code";} ?>" />
</td></tr>
<tr><td>Address line 1:</td><td> 
<input name="street1" type="text" id="street1" value="<?php
if (isset($_POST['street1'])){ echo $_POST['street1']; } ?>" />
</td></tr>
<tr><td>Address line 2:</td><td> 
<input name="street2" type="text" id="street2" value="<?php
if (isset($_POST['street2'])){ echo $_POST['street2']; } ?>" />
</td></tr>
<tr><td>Area:</td><td> 
<input name="location" type="text" id="location" value="<?php
if (isset($_POST['location'])){ echo $_POST['location']; } ?>" />
</td></tr>
<tr><td>City:</td><td> 
<input name="city" type="text" id="city" value="<?php
if (isset($_POST['city'])){ echo $_POST['city']; } ?>" />
</td></tr>
<tr><td>Postcode:</td><td> 
<input name="postcode" type="text" id="postcode" value="<?php
if (isset($_POST['postcode'])){ echo $_POST['postcode']; } ?>" />
</td></tr>
<tr><td>Username:</td><td> 
<input name="username" type="text" id="username" value="<?php
if (isset($_POST['username'])){ echo $_POST['username']; } ?>" />
</td></tr> 
<tr><td>Password:</td><td> 
<input name="password" type="password" class="style7" id="password" value="<?php
if (isset($_POST['password'])){ echo $_POST['password']; } ?>" /> 
</td></tr> 
<tr><td>Email:</td><td> 
<input name="email" type="text" class="style7" id="email" value="<?php
if (isset($_POST['email'])){ echo $_POST['email']; } ?>" />
</td></tr> 
<tr><td>Company Logo:</td><td> 
<input name="upload" type="file" class="style7" id="upload">
</td></tr>
<tr><td>Company Description:</td><td> 
<textarea rows="20" cols="50" name="premiumuser_description" id="premiumuser_description"><?php
if (isset($_POST['premiumuser_description'])){ echo "{$_POST['premiumuser_description']}"; } ?></textarea>
</td></tr>
<tr><td>
<input name="Submit" type="submit" value="Register" /> 
</td></tr> 
</table> 
</form>
</body>
</html>

 

Just a note to say that the image DOES upload to the folder(s) /COMPANIES and /thumbs but DOES NOT show up on display of the table? all other information isnt inserted/uploaded...

Link to comment
Share on other sites
cpd Member

cpd

Posted
Posted

I can't even find the phrase "Your invalid company description was". Are you sure this is your error?

 

Moreover, you need to rethink your password validation as it prevents people from using common characters found in passwords...

Link to comment
Share on other sites
andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted

Its this bit:

 

if((!isset($_POST['premiumuser_description'])) || (strlen(trim($_POST['premiumuser_description'])) <5) || (trim($_POST['premiumuser_description']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['premiumuser_description'])))) {
/* if username is bad start building the error message */
$error_message .= "Please add a Company Description<br>";
$error_message .= "Please add a Company Description was: <font color=\"red\">" . $_POST['premiumuser_description'] . "</font><hr>";
}
/* END validating premiumuser_description */
/* =============================================== *

 

The error message im getting is:

 

Please add a Company Description

YPlease add a Company Description was: If you require a fast and reliable transport service here\'s bit about 360 Transport Solutions Ltd... 360 Transport Solutions LTD are a small independent, Midland\'s-based company just off the M6 toll road, Transporting goods from emergency parcels to high value products nationwide. We are open 24 hours a day seven days a week. We offer competitive based pricing on an easy: postcode to postcode structure. Our vehicle range at this current moment is 8 long wheel based sprinters with a capacity of 1.3 tonne in weight per vehicle and a maximum of 5 pallets. Our aim is to give you the customer a first class service keeping you up to date with your delivery goods. We deliver throughout the UK and Europe, same day/ next day, All our colleagues are fully uniformed and put 100% effort into creating the best delivery service we can provide.

--------------------------------------------------------------------------------

The file 360transportheader2012.jpg has been uploaded, and your information has been added to the directory

 

 

Its odd becasue ive just put in the company description as: "testtesttesttesttesttesttesttesttesttesttesttest" and it uploaded??

 

Any light?

Link to comment
Share on other sites
andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted

Please add a Company Description

Please add a Company Description was: If you require a fast and reliable transport service here\'s bit about 360 Transport Solutions Ltd... 360 Transport Solutions LTD are a small independent, Midland\'s-based company just off the M6 toll road, Transporting goods from emergency parcels to high value products nationwide. We are open 24 hours a day seven days a week. We offer competitive based pricing on an easy: postcode to postcode structure. Our vehicle range at this current moment is 8 long wheel based sprinters with a capacity of 1.3 tonne in weight per vehicle and a maximum of 5 pallets. Our aim is to give you the customer a first class service keeping you up to date with your delivery goods. We deliver throughout the UK and Europe, same day/ next day, All our colleagues are fully uniformed and put 100% effort into creating the best delivery service we can provide.

--------------------------------------------------------------------------------

The file 360transportheader2012.jpg has been uploaded, and your information has been added to the directory

 

 

 

Nothing is inserted to the db.?

Link to comment
Share on other sites
andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted

Changed the normal_pattern to upper case P on patteren.

 

I get this error message:

 

Please add a Company Description

Please add a Company Description was:

 

If you require a fast and reliable transport service here\\\'s bit about 360 Transport Solutions Ltd... 360 Transport Solutions LTD are a small independent, Midland\\\'s-based company just off the M6 toll road, Transporting goods from emergency parcels to high value products nationwide. We are open 24 hours a day seven days a week. We offer competitive based pricing on an easy: postcode to postcode structure. Our vehicle range at this current moment is 8 long wheel based sprinters with a capacity of 1.3 tonne in weight per vehicle and a maximum of 5 pallets. Our aim is to give you the customer a first class service keeping you up to date with your delivery goods. We deliver throughout the UK and Europe, same day/ next day, All our colleagues are fully uniformed and put 100% effort into creating the best delivery service we can provide.

--------------------------------------------------------------------------------

The file 360transportheader2012.jpg has been uploaded, and your information has been added to the directory

Link to comment
Share on other sites
andy_b_1502 Regular Member

andy_b_1502

Posted
  • Author
Posted 
<?PHP
session_start();
include('db.php');
/* set some validation variables */	 
if (isset($_POST['Submit'])){
$error_message = "";

/* DEFINE THE FUNCTION */
/* ============================================== */
/* ============================================== */
/* DO NOT MODIFY THIS FUNCTION */
function Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path) {
$s_path = trim($s_path);
$o_path = trim($o_path);
$save = $s_path . $save;
$file = $o_path . $file;
//	$ext = strtolower(end(explode('.',$save)));	
$a = explode('.', $save);
$ext = strtolower(end($a)); unset($a);

list($width, $height) = getimagesize($file) ; 
if(($width>$t_w) OR ($height>$t_h)) {
	$r1 = $t_w/$width;
	$r2 = $t_h/$height;
	if($r1<$r2) {
	  $size = $t_w/$width;
	}else{
	  $size = $t_h/$height;
	}
}else{
	$size=1;
}
$modwidth = $width * $size; 
$modheight = $height * $size; 
$tn = imagecreatetruecolor($modwidth, $modheight) ; 
switch ($ext) {
	case 'jpg':
	case 'jpeg':
				$image = imagecreatefromjpeg($file) ; 
	break;
	case 'gif':
				$image = imagecreatefromgif($file) ; 
	break;
	case 'png':
				$image = imagecreatefrompng($file) ; 
	break;
}
imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; 
imagejpeg($tn, $save, 100) ; 
return;
}
/* 		END OF RESIZE FUNCTION */

//This is the directory where images will be saved 
$target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES/"; 
$target = $target . basename( $_FILES['upload']['name']); 

// Connects to your Database 
// session_start();
// include ('db.php');

//This gets all the other information from the form 
/* ============================================== */
/* ============================================== */
/* YOU NEED TO DO SOME VALIDATION AND SANITIZING OF YOUR FORM DATA */


if((!isset($_POST['company_name'])) || (strlen(trim($_POST['company_name'])) <5) || (trim($_POST['company_name']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['company_name'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid company name<br>";
$error_message .= "Valid names  are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .="Your invalid company name was: <font color=\"red\">" . $_POST['company_name'] . "</font><hr>";
}
/* END validating company_name */
/* =============================================== */

if((!isset($_POST['contact_name'])) || (strlen(trim($_POST['contact_name'])) <5) || (trim($_POST['contact_name']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['contact_name'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid contact name<br>";
$error_message .= "Valid names are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid contact name was: <font color=\"red\">" . $_POST['contact_name'] . "</font><hr>";
}
/* END validating contact_name */
/* =============================================== */



if((!isset($_POST['phone'])) || (strlen(trim($_POST['phone'])) <5) || (trim($_POST['phone']) != preg_replace("/[^0-9\s\-\_]/", "", trim($_POST['phone'])))) {	/* if it is NOT set, then set the error variable and start building the error message */
$error_message .= "You must enter a valid phone<br>";
$error_message .= "Valid phones are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid phone was: <font color=\"red\">" . $_POST['phone'] . "</font><hr>";
}else{
$phone = trim($_POST['phone']);
}

/* END validating phone */
/* =============================================== */

/* =============================================== */
/* validating the email */
/* create a function */
function validateEmailAddress($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email);
}
if(!isset($_POST['email']) || validateEmailAddress($_POST['email']) !=1) {
$error_message .= "You must enter a valid email address<br>";
$error_message .= "The invalid email was: <font color=\"red\">" . $_POST['email'] . "</font><hr>";
}
/* END validating email */
/* =============================================== */

if((!isset($_POST['street1'])) || (strlen(trim($_POST['street1'])) <5) || (trim($_POST['street1']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['street1'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid address<br>";
$error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['street1'] . "</font><hr>";
}
/* END validating street1 */
/* =============================================== */
/*
if((!isset($_POST['street2'])) || (strlen(trim($_POST['street2'])) <5) || (trim($_POST['street2']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['street2'])))) { 
*/
/* if username is bad start building the error message */
/*
$error_message = "You must enter a valid address<br>";
$error_message = $error_message . 'Your invalid name was: <font color="red">' . $_POST['street2'] . "</font><hr>";
}
*/
/* END validating street2 */
/* =============================================== */
$normal_Pattern = "/[^a-zA-Z0-9\s\-\'\,\.\_\(\)\&\"\!\`\~\!\@\#\$\%\^\*\+\[\]\{\}\:\;\?\/]/";
if((!isset($_POST['premiumuser_description'])) || (strlen(trim($_POST['premiumuser_description'])) <5) || (trim($_POST['premiumuser_description']) != 
preg_replace($normal_Pattern, "", 
trim($_POST['premiumuser_description'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a Company Description<br>";
$error_message .= "Your invalid Company Description was: <font color=\"red\">" . $_POST['premiumuser_description'] . "</font><hr>";
}
/* END validating premiumuser_description */
/* =============================================== *


/* =============================================== */
/*
this section of code will set up an error message for the
username if ANY of the conditions occur
1) checks to see if $_POST['username'] is NOT set
2) if length of username is less than 5
3) if username has anything other than letter, numbers or underscores
*/
if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid username<br>";
$error_message .= "Valid usernames are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['username'] . "</font><hr>";
}
/* END validating username */
/* =============================================== */


/* =============================================== */
/*
this section of code will set up an error message for the
password if ANY of the conditions occur
1) checks to see if $_POST['upassword'] is NOT set
2) if length of upassword is less than 5
3) if upassword has anything other than letter, numbers or underscores
*/
if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))) {
/* if it is NOT set, then set the error variable and start building the error message */
$error_message .= "You must enter a valid password<br>";
$error_message .= "Valid passwords are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid password was: <font color=\"red\">" . $_POST['password'] . "</font><hr>";
}else{
$password = trim($_POST['password']);
}
/* END validating password */
/* =============================================== */

/* =============================================== */
/* check to see if username is already taken */
$username = mysql_real_escape_string(trim($_POST['username']));

$query1 = "SELECT username from companies WHERE username = '$username'";
$result1 = mysql_query($query1)  or die(mysql_error());
$count = mysql_num_rows($result1);
if($count>0) {
$error_message .= "The username: <font color=\"red\">" . $_POST['username'] . "</font> is taken.<hr>";
}

/* =============================================== */
/* if any of the post variables are invalid */
/* set the session variable and send back to the form page */
/*
NOT USED IN THIS EXAMPLE
if(strlen(trim($error_message))>0) {
$_SESSION['error_message'] =$error_message;
//	header("Location: register00.php");
//	exit();
}
*/
/* =============================================== */

$uploadDir = 'images/COMPANIES'; /* main picture folder */
$max_height = 450;	/* 	largest height you allowed; 0 means any */
$max_width = 450; /*  largest width you allowed; 0 means any */
$max_file = 2000000;  /*  set the max file size in bytes */
$image_overwrite = 1;	 /* 0 means overwite; 1 means new name */
/* add or delete allowed image types */
$allowed_type01 = array(	"image/gif", 	"image/pjpeg", "image/jpeg", 	"image/png", "image/x-png", "image/jpg");
$do_thumb = 1;	 /*  1 make thumbnails; 0 means do NOT make */
$thumbDir = "/images/thumbs";  /*  thumbnail folder */
$thumb_prefix = "";  /*  prefix for thumbnails */
$thumb_width = 90; /*  max thumb width */
$thumb_height = 70;	// max thumb height

//Writes the photo to the server 
if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { 
/* HERE IS WHERE WE WILL DO THE ACTUAL RESIZING */ 
/* ============================================== */
/* ============================================== */
/* THESE SIX PARAMETERS MAY BE CHANGED TO SUIT YOUR NEEDS */
$upload = $_FILES['upload']['name'];
$o_path ="images/COMPANIES/";
$s_path = "images/thumbs/";
$file = $upload;
$save = $file;
$t_w = 200;
$t_h = 150;
/* ============================================== */
/* ============================================== */
/* DO NOT CHANGE THIS NEXT LINE */
Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path);

 //Tells you if its all ok 
/* ============================================== */
/* ============================================== */
/* PROVIDE A WAY FOR THEM TO GO SOMWHERE */
$error_message .= "The file ". $file . " has been uploaded, and your information has been added to the directory"; 

}else { 
//Gives and error if its not 
/* ============================================== */
/* ============================================== */
/* PROVIDE A WAY FOR THEM TO GO SOMWHERE */
$error_message .= "Sorry, there was a problem uploading your file."; 
}


/* =============================================== */
/* PREPARE DATA FOR INSERTION INTO TABLE */
/* FUNCTION TO CREATE SALT */
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}


//Writes the information to the database 
/* ============================================== */
/* ============================================== */
/* 
ALWAYS WRITE YOUR QUERIES AS STRINGS
THAT WAY WHEN TESTING, YOU CAN MAKE
SURE THAT THE VALUES CONTAIN WHAT YOU EXPECT
*/

if(empty($error_message)){  
$salt = createsalt();
$password = trim($_POST['password']);
$hash = hash('sha256', $salt, $password);
$approved = 0; 

$company_name = mysql_real_escape_string(trim($_POST['company_name']));
$contact_name = mysql_real_escape_string(trim($_POST['contact_name']));
$location = mysql_real_escape_string(trim($_POST['location']));
$postcode = mysql_real_escape_string(trim($_POST['postcode']));
$street1 = mysql_real_escape_string(trim($_POST['street1']));
$street2 = mysql_real_escape_string(trim($_POST['street2']));
$city = mysql_real_escape_string(trim($_POST['city']));
$phone = mysql_real_escape_string(trim($_POST['phone']));
$email = mysql_real_escape_string(trim($_POST['email']));
$premiumuser_description = mysql_real_escape_string(trim($_POST['premiumuser_description']));
$salt = mysql_real_escape_string($salt);
$upload = mysql_real_escape_string($upload);	
$query ="INSERT INTO `companies` (company_name, contact_name, location, postcode, street1, street2, city, phone, email, premiumuser_description, password, salt, approved, upload) VALUES ('$company_name', '$contact_name', '$location', '$postcode', '$street1', '$street2', '$city', '$phone', '$email', '$premiumuser_description', '$password', '$salt', '$approved', '$upload')";
$result = mysql_query($query) or die(mysql_error()); 
/* =============================================== */

/*
at this point we can send an email to the admin as well
as the user. 
DO NOT send the user's password to ANYONE!!!!
*/ 

}//if(empty($error_message))
}//if (isset($_POST['submit']))
?>

<html>
<body>
<?php
if (!empty($error_message)){ echo $error_message; }
?>
<form enctype="multipart/form-data" method="post" action="register00.php">
<table width="316" border="0"> 
<tr><td colspan=2><h1>Register/Sign Up</h1></td></tr> 
<tr><td>Company Name:</td><td> 
<input name="company_name" type="text" id="company_name" value="<?php
if (isset($_POST['company_name'])){ echo $_POST['company_name']; } ?>" />
</td></tr>
<tr><td>Contact Name:</td><td> 
<input name="contact_name" type="text" id="contact_name" value="<?php
if (isset($_POST['contact_name'])){ echo $_POST['contact_name']; } ?>" />
</td></tr>
<tr><td>Contact Number:</td><td> 
<input name="phone" type="number" id="phone" value="<?php
if (isset($_POST['phone'])){ echo $_POST['phone']; }else{ echo "incl. area code";} ?>" />
</td></tr>
<tr><td>Address line 1:</td><td> 
<input name="street1" type="text" id="street1" value="<?php
if (isset($_POST['street1'])){ echo $_POST['street1']; } ?>" />
</td></tr>
<tr><td>Address line 2:</td><td> 
<input name="street2" type="text" id="street2" value="<?php
if (isset($_POST['street2'])){ echo $_POST['street2']; } ?>" />
</td></tr>
<tr><td>Area:</td><td> 
<input name="location" type="text" id="location" value="<?php
if (isset($_POST['location'])){ echo $_POST['location']; } ?>" />
</td></tr>
<tr><td>City:</td><td> 
<input name="city" type="text" id="city" value="<?php
if (isset($_POST['city'])){ echo $_POST['city']; } ?>" />
</td></tr>
<tr><td>Postcode:</td><td> 
<input name="postcode" type="text" id="postcode" value="<?php
if (isset($_POST['postcode'])){ echo $_POST['postcode']; } ?>" />
</td></tr>
<tr><td>Username:</td><td> 
<input name="username" type="text" id="username" value="<?php
if (isset($_POST['username'])){ echo $_POST['username']; } ?>" />
</td></tr> 
<tr><td>Password:</td><td> 
<input name="password" type="password" class="style7" id="password" value="<?php
if (isset($_POST['password'])){ echo $_POST['password']; } ?>" /> 
</td></tr> 
<tr><td>Email:</td><td> 
<input name="email" type="text" class="style7" id="email" value="<?php
if (isset($_POST['email'])){ echo $_POST['email']; } ?>" />
</td></tr> 
<tr><td>Company Logo:</td><td> 
<input name="upload" type="file" class="style7" id="upload">
</td></tr>
<tr><td>Company Description:</td><td> 
<textarea rows="20" cols="50" name="premiumuser_description" id="premiumuser_description"><?php
if (isset($_POST['premiumuser_description'])){ echo "{$_POST['premiumuser_description']}"; } ?></textarea>
</td></tr>
<tr><td>
<input name="Submit" type="submit" value="Register" /> 
</td></tr> 
</table> 
</form>
</body>
</html>

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The reason your validation of the description is failing is because magic_quotes_gpc is turned on and it is adding \ escape characters to the data (don't simply add the \ character to the preg_replace pattern because that will create a mess, you must fix what magic_quotes_gpc is doing to the data.)

 

You either need to turn magic_quotes_gpc off or you need to detect if magic_quotes_gpc is on (see get_magic_quotes_gpc ) and remove the \ characters (see stripslashes) from all external data (thanks php.net for more wasted time btw.) If you don't do this, your data will be double escaped (because you are properly escaping it using mysql_real_escape_string before putting it into the query statement) and you will end up with a mess in your database (thanks again php.net for creating a mess.)

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Here's some code that will fix what magic_quotes_gpc (get/post/cookie) does, in case you cannot turn the setting off or you want your code to work on any server without needing to mess with a setting that cannot be turned off at runtime -

 

<?php
if(get_magic_quotes_gpc()){
$_GET = array_map('stripslashes',$_GET);
$_POST = array_map('stripslashes',$_POST);
$_COOKIE = array_map('stripslashes',$_COOKIE);
}

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

That validation logic is foobar. The isset() doesn't do anything because text/textarea form fields are set, even if they are empty (you already know the form has been submitted with the isset($_POST['Submit']) statement). When validating user supplied input, you should NEVER lump tests together. You need to specifically tell the user what was wrong with his input.

 

Here is what that specific validation logic should do -

 

<?php
$min_description_length = 5; // the minimum you want to allow
$max_description_length = 2000; // set to your database table field size

$_POST['premiumuser_description'] = trim($_POST['premiumuser_description']); // condition input
if($_POST['premiumuser_description'] == ''){
// empty string
$error_message .= "You must enter a Company Description<br>";
$error_message .= "Your Company Description was empty<hr>";
} else {
// not empty
$desc_length = strlen($_POST['premiumuser_description']);
if($desc_length < $min_description_length){
	// less than minimum characters (this bed is too small)
	$error_message .= "You must enter a Company Description<br>";
	$error_message .= "Your Company Description was less than $min_description_length characters<hr>";
}
if($desc_length > $max_description_length){
	// greater than maximum (this bed is too big)
	$error_message .= "You must enter a Company Description<br>";
	$error_message .= "Your Company Description was: " . number_format($desc_length) . "characters. The maximum permitted is: " . number_format($max_description_length) ." characters<hr>";
}
if($desc_length >= 5 && $desc_length <= $max_description_length){
	// length is okay (this bed is just right)
	// check for invalid characters
	// NOTE: This is not the same anti (^) pattern that was used in the starting code
	$rep = preg_replace("/[a-zA-Z0-9\s\-\'\,\.\_]/", "", $_POST['premiumuser_description']); // strip out allowed characters
	if($rep != ''){
		// some invalid characters found
		$error_message .= "You must enter a Company Description<br>";
		$error_message .= "Your Company Description contained the following invalid characters: <font color='red'>$rep</font><hr>";	

		// if you want to display the whole message for reference, do that here...
	}
}
}

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

And if you really wanted to maximize the user's experience on your site, you can even highlight the invalid characters when you redisplay the data -

 

<?php
	if($rep != ''){
		// some invalid characters found
		$search = str_replace('/','\/',addslashes(implode('|',array_unique(str_split($rep))))); // form a replace pattern
		$string = preg_replace("/($search)/i",'<span class="highlight">[ \1 ]</span>',$_POST['premiumuser_description']);
		$error_message .= "You must enter a Company Description<br>";
		$error_message .= "Your Company Description contained the following invalid characters: <span class='highlight'>$rep</span>, ";
		$error_message .= "highlighted in the following:<br><br>$string<hr>";
	}

 

The css for the above would be -

 

<style type="text/css">
span.highlight {font-weight:bold; color:red;} 
</style>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.