PHP Registration Form Help?

[BorysSokolov]

Hello.

 

Recently, I've been learning about registration forms in PHP, and I'm wandering how I could improve the one I've already written(this is only an excerpt, obviously):

 

if(!empty($username) &&
!empty($password) &&
!empty($re_password) &&
!empty($firstname) &&
!empty($lastname)){


if($password === $re_password){
$query_run = mysql_query("SELECT username FROM users WHERE username = '$username'");
if(mysql_num_rows($query_run)==1){
echo 'User '."<strong>".$username."</strong>".' Already Exists!';
}else{
mysql_query("INSERT INTO users VALUES ('','".mysql_real_escape_string($username)."','".mysql_real_escape_string($hashed_password)."','".mysql_real_escape_string($firstname)."','".mysql_real_escape_string($lastname)."')");

header('Location: my119file.php?pass_username='.$username);
}
}else{
echo 'The Re-Entered Password Doesn\'t Match';
}
}else{
echo 'Please Fill Out All The Fields';
}
}
}else{
echo 'You\'re already logged in';
}

 

I'm mainly concerned about the fact that, if the user inputs invalid information into the fields, he will only be notified of the first error encountered; if there happen to be multiple errors with the filled-out information, the user will not know until the first error is solved. For instance, if the user omits one of the required fields, AND the "confirm password" does't match, only the "Please Fill Out All The Fields" error will be displayed, and the "Password Don't Match" error will be ignored until the first issue is resolved. I would much rather prefer if the form recognized all errors in a single run, but I'm not sure how to do that...

 

Any ideas?

 

Thanks.

[RobertP]

Simply append a variable, and echo it out at the end.

[PFMaBiSmAd]

See this reply - http://forums.phpfreaks.com/topic/273391-when-empty-prevent-insert-but-display-a-message/#entry1407090

[BorysSokolov]

  On 1/21/2013 at 6:30 AM, PFMaBiSmAd said:

See this reply - http://forums.phpfre...e/#entry1407090

 

Thanks for replying.

 

Sorry, I'm still relatively new to programming. Would something like this be adequate?

 

<?php
$string = 'Hello!';
$verifyString = array('checkLength' => NULL, 'checkMatch' => NULL);


if(strlen($string) >= 10){
$verifyString['checkLength'] = 'Input Too Long!';
}
if($string != 'Hello!'){
$verifyString['checkMatch'] = 'Wrong Input!';
}



if($verifyString['checkLength'] == NULL && $verifyString['checkMatch'] == NULL){
echo 'Logged In!';//continue on...
}else{
if($verifyString['checkLength'] != NULL){
 echo $verifyString['checkLength'];
}
if($verifyString['checkMatch'] != NULL){
 echo $veryString['checkMatch'];
}
}
?>

[PFMaBiSmAd]

That method requires more code and the test for empty/not-empty is more complicated.

[White_Lily]

To check if a a post variable is empty you could just use:

 

<?php
foreach($_POST as $key => $value){
if(empty($value))
    $error = "Please fill out all fields of the form";
}
?>

[Jessica]

A posted variable wont be empty. It will be a string.

Not to mention your code is only going through what was actually posted. 

 

Edit: damn iPhone! fixed typos.

[PFMaBiSmAd]

@White_Lily,

 

Please read the question that was asked in the thread.

[White_Lily]

If you want multiple errors to appear should there be more than one fault in the form submitted, try using something that displays the errors in a list, like this:

 

<?php


$connect = mysqli_connect("localhost", "web113-social-1", "innov8er", "web113-social-1");


if(!$connect){
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}

include "conf.php";
include "functions.php";


$error = array();

foreach($_POST as $key => $value){
if(empty($value) && $value == "undefined")
$error[] = "Please fill in any blank fields. ".$key.":".$value;
}

$name = mysqli_real_escape_string($connect, $_POST["name"]);
$email = mysqli_real_escape_string($connect, $_POST["email"]);
$username = mysqli_real_escape_string($connect, $_POST["username"]);
$password = mysqli_real_escape_string($connect, $_POST["password"]);
$confirmPassword = mysqli_real_escape_string($connect, $_POST["confirmPassword"]);



$getData = select("*", "users", "username = '$username'", NULL, 1);
$data = mysqli_fetch_assoc($getData);

if($username == $data["username"])
$error[] = "That username is already taken, please choose another.";

if($email == $data["email"])
$error[] = "That email address is already in use.";

if($password != $confirmPassword)
$error[] = "The passwords you entered do not match.";

if(strlen($username) < 6)
$error[] = "That username is too short, it should be at least 6 characters long.";
if(strlen($username) > 30)
$error[] = "That username is too long, it should be no longer than 30 characters.";
if(!preg_match('/^[a-zA-Z0-9]+$/', $username))
$error[] = "Invalid username, there should be no spaces or special charaters, please choose another.";

if(!preg_match('/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}$/', $password))
$error[] = "Invalid password, there should be 1 uppercase and lowercase letter, 1 digit, it must also be a minimum of 6 characters, and a maximum of 30 charaters.";

if(count($error) == 0){
if(!mkdir($GLOBALS["siteRoot"]."social/users/".$username))
$error[] = "Could not create your account, either try again later, or contact the webmaster.";
if(!mkdir($GLOBALS["siteRoot"]."social/users/".$username."/avatars"))
$error[] = "Could not create your account, either try again later, or contact the webmaster.";
if(!mkdir($GLOBALS["siteRoot"]."social/users/".$username."/images"))
$error[] = "Could not create your account, either try again later, or contact the webmaster.";
if(!mkdir($GLOBALS["siteRoot"]."social/users/".$username."/images/albums"))
$error[] = "Could not create your account, either try again later, or contact the webmaster.";
}

if(count($error) > 0){
for($i = 0; $i < count($error); $i++)
echo "<li class=\"error\">".$error[$i]."</li>";
}

$password = hash('sha256', $password);

if(count($error) == 0){
$regUser = insert("users", "first_name, username, password, directory, email", "'$name', '$username', '$password', '".$GLOBALS["siteRoot"]."social/users/".$username."', '$email'");

if($regUser)
echo 'correct';
}


?>

 

and before anyone starts to disagree: yes the foreach($_POST as $key => $value) DOES check to see if the form is empty, should you not believe me click the social network development link in my signature and click "Sign Up" and you will see that it works.