Jump to content

Show Me How To Add Php Validations On User Inputs


2020

Recommended Posts

Hi,

I built this reg-login file.

Note, login.php asks for your login details. The webform (so to speak) uses SELECT sql query to check your login credentials.

The reg.php asks for your new acc details. The webform (so to speak) uses INSERT sql query to add your details to db.

I got my webform not displayed to you either as registration form or login form. It is a neutral form. It justs asks you for your email.

Then checks against db. If it exists, it assumes you existing member and login() function takes over and logs you in. Else, registration() functions takes over and registers you.

Note:

On the login(), at the end when user is logged into his member account, his personal details get displayed on screen.
I need you to check if this following line (especially) is correct or not:

if($row = mysqli_fetch_array($result_3,MYSQLI_ASSOC))

 

1. I want you to see if there any errors in my code that will result in malfunction or hacker sql injecting or hacking.

2. I need you to show me how to VALIDATE user input. VALIDATE email using 1). html5 & 2). php 7 email validation function plus 3.) with REGEX so nothing but email is inputted. Show me these 3 ways to check for email.

I need you to show me how to VALIDATE user password. VALIDATE password using 1). html5 & 2). php 7 & 3.) with REGEX so nothing but password (A-Z, 0-9 ONLY) is inputted. And no other chars. Show me these 3 ways to check for password.

From there,  I should pick on fast from you and manage to VALIDATE username input.

 

I don't know how to do these above 2 so kindly teach me by showing snippet with comments so i understand your snippet.

NOTE:

I did not complete the password prompt because I have forgotten how to do it with SHA256. Can someone show me a typical example how to query for password with SHA256 or whatever the latest strong algorithm is ? Show me code with comments so I understand what you doing with your code.
I will the modify your snippet a little to suit my purpose and add it on the login().
I know I need to add the password prompt on the registration() too but you don't have to deal with that as I will complete it once I finish learning from you. You just teach me how to do it in the login() and from there I will take it on to add it on the registration().

 

Thank You!

<?php
	session_start();
	if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    if(!isset($_POST['email_account']) || !isset($_POST['email_service']))
    {
        $email_error = "<font color='red'>Input Email Address!</color>";
    }
    else
    {
        //Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
        $conn = mysqli_connect("localhost","root","","powerpage");
        $conn->set_charset('utf8mb4'); //Always set Charset.
        
        if($conn === false)
        {
            die("ERROR: Connection Error!. " . mysqli_connect_error());
        }
        else
        {
            //Set Parameters.
            $email = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);
            $_SESSION['email'] = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);//If this fails on test then replace it with above line
            echo "line 25 triggered: $email<br>";
            
            $sql_query = "SELECT COUNT(personal_email) FROM users WHERE personal_email = ?";
            $stmt = mysqli_prepare($conn,$sql_query);
            if($stmt == False)
            {
                //Close Connection.
                mysqli_close($conn);
                echo "Line 33<br>";//DELETE THIS
                die("<pre>Mysqli Prepare Failed!\n".mysqli_stmt_error($stmt)."\n$sql_query</pre>");
            }
            else
            {
                mysqli_stmt_bind_param($stmt,'s',$email);
                
                if(!mysqli_stmt_execute($stmt))
                {
                    //Close Connection.
                    mysqli_close($conn);                    
                    die("Could not mysqli_stmt_execute! Please try again later!");
                }
                
                $result = mysqli_stmt_get_result($stmt);
                
                if(mysqli_fetch_array($result, MYSQLI_NUM)[0])//WHY THIS NOT WORK UNLESS NUM ARRAY GIVEN ?
                {
                    echo "Line 57 triggered: Function login() will trigger!<br>"; //DELETE THIS
                    $_SESSION['session_type'] = 'login';
                    login();
                
                }
                else
                {
                    echo "Line 61 triggered: Function register() will trigger!<br>"; //DELETE THIS
                    $_SESSION['session_type'] = 'register';
                    register();
                }
            }
        }
    }
}
	function register()
{
    //if(!isset($_SESSION['session_type'] or $_SESSION['session_type'] != 'registration')//Nog Dog's copied & pasted line
    if(!isset($_SESSION['session_type']) || $_SESSION['session_type'] != 'register')
    {
        //Close Statement.
        mysqli_stmt_close($stmt);
        //Close Connection.
        mysqli_close($conn);
        
        die("Line 86: Could not check email! Please try again later!");
    }
    
    //$email = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);
    $email = $_SESSION['email'];//If this fails on test then replace it with above line
    
    //Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
    $conn = mysqli_connect("localhost","root","","powerpage");
    
    //Prepare an INSERT Statement.
    $sql_query_2 = "INSERT INTO users (personal_email) VALUES (?)";
    
    if(!$stmt_2 = mysqli_prepare($conn,$sql_query_2))
    {
        //Close Connection.
        mysqli_close($conn);
        die("Could not register! Please try again later!");
    }
    else
    {
        //Bind Variables to the Prepared Statement as parameters.
        mysqli_stmt_bind_param($stmt_2,'s',$email);
        
        //Attempt to execute the Prepared Statement.
        if(!mysqli_stmt_execute($stmt_2))
        {
            //Close Statement.
            mysqli_stmt_close($stmt_2);
            //Close Connection.
            mysqli_close($conn);
            die("Could not register! Please try again later!");
        }
        mail();
    }
}
	function login()
{
    if(!isset($_SESSION['session_type']) || $_SESSION['session_type'] != 'login')
    {
        //Close Statement.
        mysqli_stmt_close($stmt);                
        //Close Connection.
        mysqli_close($conn);
        
        die("Could not check email! Please try again later!");
    }
    
    //$email = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);
    $email = $_SESSION['email'];//If this fails on test then replace it with above line
    
    //Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
    $conn = mysqli_connect("localhost","root","","powerpage");
    
    //Prepare a Select Statement.
    $sql_query_3 = "SELECT id,username,first_name,middle_name,surname,gender,age_range FROM users WHERE personal_email = ?";
    if(!$stmt_3 = mysqli_prepare($conn,$sql_query_3))
    {
        //Close Statement.
        mysqli_stmt_close($stmt_3);
        //Close Connection.
        mysqli_close($conn);
        
        die("Could not check email! Please try again later!");
    }
    else
    {
        //Bind Variables to the Prepared Statement as parameters.
        mysqli_stmt_bind_param($stmt_3,'s',$email);
        
        //Attempt to execute the Prepared Statement.
        if(!mysqli_stmt_execute($stmt_3))
        {
            //Close Statement.
            mysqli_stmt_close($stmt_3);
            //Close Connection.
            mysqli_close($conn);
            
            die("Could not check email! Please try again later!");
        }
        //mysqli_stmt_bind_result($stmt,$email);        
        
        $result_3 = mysqli_stmt_get_result($stmt_3);
        
        //if(mysqli_fetch_array($result_3, MYSQLI_NUM))
        
        //Fetch result row as an associative array. Since the result set contains only one row, we don't need to use the 'While loop'.
        //mysqli_stmt_fetch($stmt);//use this if you use 'mysqli_stmt_bind_result($stmt,$email).
        if($row = mysqli_fetch_array($result_3,MYSQLI_ASSOC)) //Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of 'mysqli_stmt_bind_result($stmt,$email)'.
        {
            //Retrieve Values.
            $id = $row["id"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $username = $row["username"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $first_name = $row["first_name"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $middle_name = $row["middle_name"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $surname = $row["surname"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $gender = $row["gender"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $age_range = $row["age_range"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
        
            echo "Id: $id<br>";
            echo "Username: $username<br>";
            echo "First Name: $first_name<br>";
            echo "Middle Name: $middle_name<br>";
            echo "Surname: $surname<br>";
            echo "Gender: $gender<br>";
            echo "Age Range: $age_range<br>";
            
            //Close Statement.
            mysqli_stmt_close($stmt_3);
            //Close Connection.
            mysqli_close($conn);
        }
    }
}
	//DO NOT NEED TO REDO THE HTML CODE BELOW AS WAS NOT COPY & PASTE FROM ELESEWHERE ....
?>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
	<head>
<meta name="viewport" content="width=device=width, initial-scale=1">
</head>
	<body>
	<form action="" method="post">
<label for="email_account">Email:</label>
<input type="text" name="email_account" id="email_first_part" placeholder="Email Address before '@'">
<label for="email_service"><b>@</b></label>
<input type="text" name="email_service" id="email_last_part" placeholder="Email Address after '@'">
<?php if(!empty($email_error)){echo $email_error;}?>
<br>
<button type="submit" class="login_register" name="login_register">Register/Login</button>
</body>
<html>
<?php
?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.