Jump to content


Photo

Form validation


  • Please log in to reply
5 replies to this topic

#1 Mouse

Mouse
  • Members
  • PipPipPip
  • Advanced Member
  • 95 posts
  • LocationToo Close to LONDON

Posted 03 April 2006 - 08:25 AM

Hi… I am in a pickle… I have followed a couple of tutorials on building a membership login and have come up with a hybrid that works ( [a href=\"http://www.sitepoint.com/article/users-php-sessions-mysql\" target=\"_blank\"]http://www.sitepoint.com/article/users-php-sessions-mysql[/a] )… then I got a little more adventurous and tried to tie in a another tutorial on adding a Captcha (http://www.sitepoint...-security-image ) basicly I want to do the same thing as PHP Freaks do for their login…
The problem I have is the validation scripts… I don’t know how to make them into one working form validation.
Session based Login script
<?php
  exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
$sql = "SELECT * FROM user WHERE
        userid = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
  error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact you@example.com.');
}
if (mysql_num_rows($result) == 0) {
  unset($_SESSION['uid']);
  unset($_SESSION['pwd']);
  ?>
Captcha validation code
<?php
      // check for posted form
      if (isset($_POST['login'])) {
         // see if the code the user typed matched the generated code
         if (strtoupper($_POST['code']) == $_SESSION['code']) {
            echo 'Congratulations, you entered the correct code.';
         } else {
            echo 'You have entered the wrong code. Please <a href="index.php">try again</a>.';
         }
      } else {
   ?>
if anyone wants to have a look at this and walk me through a finished form validation code I would be truly grateful…
many thanks in advance…
Mouse


#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 03 April 2006 - 09:19 AM

make sure you have session_start as the first line in every php file you use session for.

Also the guru status is about your post count not your actual skill/knowledge of PHP itself.

#3 Mouse

Mouse
  • Members
  • PipPipPip
  • Advanced Member
  • 95 posts
  • LocationToo Close to LONDON

Posted 03 April 2006 - 09:53 AM

[!--quoteo(post=361159:date=Apr 3 2006, 10:19 AM:name=wildteen88)--][div class=\'quotetop\']QUOTE(wildteen88 @ Apr 3 2006, 10:19 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
make sure you have session_start as the first line in every php file you use session for.

Also the guru status is about your post count not your actual skill/knowledge of PHP itself.
[/quote]
the session_start issue has been addressed, thank you. what i was aiming for is one flowing validation script that checks all the fields are filled and puts together the appropriate responce if not...


#4 hadoob024

hadoob024
  • Members
  • PipPipPip
  • Advanced Member
  • 192 posts

Posted 03 April 2006 - 04:07 PM

How about something like:
<?php

// check for posted form
if (isset($_POST['login']))
{
    // see if the code the user typed matched the generated code
    if (strtoupper($_POST['code']) == $_SESSION['code'])
    {
        $_SESSION['uid'] = $uid;
        $_SESSION['pwd'] = $pwd;
        $sql = "SELECT * FROM user WHERE userid = '$uid' AND password = PASSWORD('$pwd')";
        $result = mysql_query($sql);
        if (!$result)
        {
            error('A database error occurred while checking your '.'login details.\\nIf this error persists, please '.
        'contact you@example.com.');
        }
        if (mysql_num_rows($result) == 0)
        {
            unset($_SESSION['uid']);
            unset($_SESSION['pwd']);
        }
        echo 'Congratulations, you entered the correct code.';
    }
    else
    {
        echo 'You have entered the wrong code. Please <a href="index.php">try again</a>.';
    }
}
else
{
   ?>


#5 complex05

complex05
  • Members
  • PipPipPip
  • Advanced Member
  • 124 posts

Posted 03 April 2006 - 05:57 PM

I don't have time to give the exact code for your validation, but a simple way to structure your validation is as follows:

if (!$_POST['variable'])
{
$validate = 1;
$error .= "you left some variable blank";
}

if (!$_POST['variable'])
{
$validate = 1;
$error .= "you left some variable blank";
}

if (!$_POST['variable'])
{
$validate = 1;
$error .= "you left some variable blank";
}

THEN, final validation

if ($validate == 1)
{
echo $error;
} else {
mysql_query("INSERT INTO users (username,pass) VALUES ('$username','$pass')");
echo("successful registration");
}

That's how I typically do it, hope it helps.

#6 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 03 April 2006 - 07:33 PM

You really should consider using a different password encryption method as the PASSWORD() hashing could cause compability problems from mysql version 4.1
Consider using md5() or sha() instead.
[a href=\"http://dev.mysql.com/doc/refman/4.1/en/application-password-use.html\" target=\"_blank\"]http://dev.mysql.com/doc/refman/4.1/en/app...ssword-use.html[/a]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users