Jump to content

Form validation


Mouse

Recommended Posts

Hi… I am in a pickle… I have followed a couple of tutorials on building a membership login and have come up with a hybrid that works ( [a href=\"http://www.sitepoint.com/article/users-php-sessions-mysql\" target=\"_blank\"]http://www.sitepoint.com/article/users-php-sessions-mysql[/a] )… then I got a little more adventurous and tried to tie in a another tutorial on adding a Captcha (http://www.sitepoint.com/article/toughen-forms-security-image ) basicly I want to do the same thing as PHP Freaks do for their login…
The problem I have is the validation scripts… I don’t know how to make them into one working form validation.
Session based Login script
[code]
<?php
  exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
$sql = "SELECT * FROM user WHERE
        userid = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
  error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact you@example.com.');
}
if (mysql_num_rows($result) == 0) {
  unset($_SESSION['uid']);
  unset($_SESSION['pwd']);
  ?>
[/code]
Captcha validation code
[code]
<?php
      // check for posted form
      if (isset($_POST['login'])) {
         // see if the code the user typed matched the generated code
         if (strtoupper($_POST['code']) == $_SESSION['code']) {
            echo 'Congratulations, you entered the correct code.';
         } else {
            echo 'You have entered the wrong code. Please <a href="index.php">try again</a>.';
         }
      } else {
   ?>
[/code]
if anyone wants to have a look at this and walk me through a finished form validation code I would be truly grateful…
many thanks in advance…
Mouse
Link to comment
Share on other sites

[!--quoteo(post=361159:date=Apr 3 2006, 10:19 AM:name=wildteen88)--][div class=\'quotetop\']QUOTE(wildteen88 @ Apr 3 2006, 10:19 AM) [snapback]361159[/snapback][/div][div class=\'quotemain\'][!--quotec--]
make sure you have session_start as the first line in every php file you use session for.

Also the guru status is about your post count not your actual skill/knowledge of PHP itself.
[/quote]
the session_start issue has been addressed, thank you. what i was aiming for is one flowing validation script that checks all the fields are filled and puts together the appropriate responce if not...
Link to comment
Share on other sites

How about something like:
[code]
<?php

// check for posted form
if (isset($_POST['login']))
{
    // see if the code the user typed matched the generated code
    if (strtoupper($_POST['code']) == $_SESSION['code'])
    {
        $_SESSION['uid'] = $uid;
        $_SESSION['pwd'] = $pwd;
        $sql = "SELECT * FROM user WHERE userid = '$uid' AND password = PASSWORD('$pwd')";
        $result = mysql_query($sql);
        if (!$result)
        {
            error('A database error occurred while checking your '.'login details.\\nIf this error persists, please '.
        'contact you@example.com.');
        }
        if (mysql_num_rows($result) == 0)
        {
            unset($_SESSION['uid']);
            unset($_SESSION['pwd']);
        }
        echo 'Congratulations, you entered the correct code.';
    }
    else
    {
        echo 'You have entered the wrong code. Please <a href="index.php">try again</a>.';
    }
}
else
{
   ?>
[/code]
Link to comment
Share on other sites

I don't have time to give the exact code for your validation, but a simple way to structure your validation is as follows:

if (!$_POST['variable'])
{
$validate = 1;
$error .= "you left some variable blank";
}

if (!$_POST['variable'])
{
$validate = 1;
$error .= "you left some variable blank";
}

if (!$_POST['variable'])
{
$validate = 1;
$error .= "you left some variable blank";
}

THEN, final validation

if ($validate == 1)
{
echo $error;
} else {
mysql_query("INSERT INTO users (username,pass) VALUES ('$username','$pass')");
echo("successful registration");
}

That's how I typically do it, hope it helps.
Link to comment
Share on other sites

You really should consider using a different password encryption method as the PASSWORD() hashing could cause compability problems from mysql version 4.1
Consider using md5() or sha() instead.
[a href=\"http://dev.mysql.com/doc/refman/4.1/en/application-password-use.html\" target=\"_blank\"]http://dev.mysql.com/doc/refman/4.1/en/app...ssword-use.html[/a]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.