Jump to content

Archived

This topic is now archived and is closed to further replies.

Mouse

Form validation

Recommended Posts

Hi… I am in a pickle… I have followed a couple of tutorials on building a membership login and have come up with a hybrid that works ( [a href=\"http://www.sitepoint.com/article/users-php-sessions-mysql\" target=\"_blank\"]http://www.sitepoint.com/article/users-php-sessions-mysql[/a] )… then I got a little more adventurous and tried to tie in a another tutorial on adding a Captcha (http://www.sitepoint.com/article/toughen-forms-security-image ) basicly I want to do the same thing as PHP Freaks do for their login…
The problem I have is the validation scripts… I don’t know how to make them into one working form validation.
Session based Login script
[code]
<?php
  exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
$sql = "SELECT * FROM user WHERE
        userid = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
  error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact you@example.com.');
}
if (mysql_num_rows($result) == 0) {
  unset($_SESSION['uid']);
  unset($_SESSION['pwd']);
  ?>
[/code]
Captcha validation code
[code]
<?php
      // check for posted form
      if (isset($_POST['login'])) {
         // see if the code the user typed matched the generated code
         if (strtoupper($_POST['code']) == $_SESSION['code']) {
            echo 'Congratulations, you entered the correct code.';
         } else {
            echo 'You have entered the wrong code. Please <a href="index.php">try again</a>.';
         }
      } else {
   ?>
[/code]
if anyone wants to have a look at this and walk me through a finished form validation code I would be truly grateful…
many thanks in advance…
Mouse

Share this post


Link to post
Share on other sites
make sure you have session_start as the first line in every php file you use session for.

Also the guru status is about your post count not your actual skill/knowledge of PHP itself.

Share this post


Link to post
Share on other sites
[!--quoteo(post=361159:date=Apr 3 2006, 10:19 AM:name=wildteen88)--][div class=\'quotetop\']QUOTE(wildteen88 @ Apr 3 2006, 10:19 AM) [snapback]361159[/snapback][/div][div class=\'quotemain\'][!--quotec--]
make sure you have session_start as the first line in every php file you use session for.

Also the guru status is about your post count not your actual skill/knowledge of PHP itself.
[/quote]
the session_start issue has been addressed, thank you. what i was aiming for is one flowing validation script that checks all the fields are filled and puts together the appropriate responce if not...

Share this post


Link to post
Share on other sites
How about something like:
[code]
<?php

// check for posted form
if (isset($_POST['login']))
{
    // see if the code the user typed matched the generated code
    if (strtoupper($_POST['code']) == $_SESSION['code'])
    {
        $_SESSION['uid'] = $uid;
        $_SESSION['pwd'] = $pwd;
        $sql = "SELECT * FROM user WHERE userid = '$uid' AND password = PASSWORD('$pwd')";
        $result = mysql_query($sql);
        if (!$result)
        {
            error('A database error occurred while checking your '.'login details.\\nIf this error persists, please '.
        'contact you@example.com.');
        }
        if (mysql_num_rows($result) == 0)
        {
            unset($_SESSION['uid']);
            unset($_SESSION['pwd']);
        }
        echo 'Congratulations, you entered the correct code.';
    }
    else
    {
        echo 'You have entered the wrong code. Please <a href="index.php">try again</a>.';
    }
}
else
{
   ?>
[/code]

Share this post


Link to post
Share on other sites
I don't have time to give the exact code for your validation, but a simple way to structure your validation is as follows:

if (!$_POST['variable'])
{
$validate = 1;
$error .= "you left some variable blank";
}

if (!$_POST['variable'])
{
$validate = 1;
$error .= "you left some variable blank";
}

if (!$_POST['variable'])
{
$validate = 1;
$error .= "you left some variable blank";
}

THEN, final validation

if ($validate == 1)
{
echo $error;
} else {
mysql_query("INSERT INTO users (username,pass) VALUES ('$username','$pass')");
echo("successful registration");
}

That's how I typically do it, hope it helps.

Share this post


Link to post
Share on other sites
You really should consider using a different password encryption method as the PASSWORD() hashing could cause compability problems from mysql version 4.1
Consider using md5() or sha() instead.
[a href=\"http://dev.mysql.com/doc/refman/4.1/en/application-password-use.html\" target=\"_blank\"]http://dev.mysql.com/doc/refman/4.1/en/app...ssword-use.html[/a]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.