[SOLVED] form validation

[AdRock]

I have a registration form (the bulk of it anyway) and all validation passes and throws up errors if anything doesn't pass.

 

The last field is a text fiels so the user has to enter the captcha image and throws an error if they don't match.

 

What I would like to know is, is there a way i can store the passwords if they match along with everything else when the validation has failed on the captcha text.

 

It would be a pain for the user having to re-enter their password if they entered the wrong captcha text or is it common practice to leave them blank.

 

Anyway, here is the form

 

<?php session_start(); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 
<html> 
<head> 
<title>Form Validation</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
</head> 

<body> 
<? 
$self = $_SERVER['REQUEST_URI'];
$register = $_POST['register'];



function error_bool($error, $field) { 
         if($error[$field]) { 
             print("style=background-color:pink"); 
         } 
         else {
     print("style=background-color:white");
}
    } 

function show_form() { 
global $_POST, $print_again, $error; 
?> 
<form method="post" action="">

    <fieldset>
<legend>Your details</legend>
    	<p><label for="first_name">Forename:</label>
    	<input type="text" <?php error_bool($error, "first_name"); ?> title="Please enter your first name" id="first_name" name="first_name" size="30" value="<?php echo $first_name; ?>" /></p>

    	<p><label for="last_name">Surname:</label>
    	<input type="text" <?php error_bool($error, "last_name"); ?> title="Please enter your last name" id="last_name" name="last_name" size="30" value="<?php echo $last_name; ?>" /></p>

<p style="text-align:left"><label for="sex">Sex:</label>
    	<input style="border:none" type="radio" value="male" checked name="sex">Male <input style="border:none" type="radio" value="female" name="sex">Female</p>

    	<p><label for="email">Email address:</label>
    	<input type="text" <?php error_bool($error, "email"); ?> title="Enter your email address" id="email" name="email" size="30" value="<?php echo $email; ?>" /></p>
    </fieldset>
    <br />
    <fieldset>
    	<legend>Login details</legend>
    	<p><label for="username">Username:</label>
    	<input type="text" <?php error_bool($error, "username"); ?> title="Please enter a username" id="username" name="username" size="30" value="<?php echo $username; ?>" /></p>

    	<p><label for="password1">Password:</label>
    	<input type="password" <?php error_bool($error, "password1"); ?> title="Please enter a password" id="password1" name="password1" size="30" ></p>

    	<p><label for="password2">Re-enter Password:</label>
    	<input type="password" title="Please re-enter password" id="password2" name="password2" size="30"></p>
    </fieldset>
    <fieldset>
<legend>Anti-spam key</legend>
    	<p>For security purposes, please enter the Anti-Spam key shown in the text box below.<br />If you have trouble reading the image, refresh the page to display a new one.</p>

    	<p><label for="captcha"></label>
    	<div class="captcha"><img src="includes/captcha.php" alt="captcha image"></div></p>

    	<p><label for="verify">Anti-Spam key:</label>
    	<input type="text" <?php error_bool($error, "verify"); ?> title="Please enter the image text" name="verify" id="verify" size="9"/></p>
    </fieldset>
    <p><label for="submit">&nbsp</label>
    <input type="submit" name="register" value="Register" class="submit-button"/>
</form>
<? 
} 
if(isset($register)) { 
    check_form(); 
} else { 
    show_form(); 
} 

function check_email_address($email) { 
  // First, we check that there's one @ symbol, and that the lengths are right 
  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { 
    // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. 
    return false; 
  } 
  // Split it into sections to make life easier 
  $email_array = explode("@", $email); 
  $local_array = explode(".", $email_array[0]); 
  for ($i = 0; $i < sizeof($local_array); $i++) { 
     if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { 
      return false; 
    } 
  } 
  if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name 
    $domain_array = explode(".", $email_array[1]); 
    if (sizeof($domain_array) < 2) { 
        return false; // Not enough parts to domain 
    } 
    for ($i = 0; $i < sizeof($domain_array); $i++) { 
      if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { 
        return false; 
      } 
    } 
  } 
  return true; 
} 


function check_form() { 
    global $_POST, $error, $print_again;

    $first_name = stripslashes($_POST['first_name']);
    $last_name = stripslashes($_POST['last_name']);
    $email = stripslashes($_POST['email']);
    $username = stripslashes($_POST['username']);
    $password1 = stripslashes($_POST['password1']);
    $password2 = stripslashes($_POST['password2']);
    $sex = $_POST['sex'];

    $error['first_name'] = false;

    if(empty($first_name)) { 
        $error['first_name'] = true; 
         $print_again = true; 
        $message="The name field is empty<br>"; 
    }
    else if(!ereg("^[A-Za-z]{2,30}$",$first_name)) {
$error['first_name'] = true; 
         $print_again = true; 
        $message="First name must contain letters only<br>";
    }

    if(empty($last_name)) { 
        $error['last_name'] = true; 
         $print_again = true; 
        $message.="The last name field is empty<br>"; 
    }
    else if(!ereg("^[A-Za-z\-]{2,30}$",$last_name)) {
$error['last_name'] = true; 
         $print_again = true; 
        $message.="Surname must contain letters only<br>";
    }

    if(empty($email)) { 
        $error['email'] = true; 
         $print_again = true; 
        $message.="Field Empty<br>"; 
    }
    else if(!check_email_address($email)) { 
        $error['email'] = true; 
         $print_again = true; 
        $message.="Invalid Email ID <br>"; 
    } 
    
    if(empty($username)) { 
        $error['username'] = true; 
         $print_again = true; 
        $message.="The username field is empty<br>"; 
    }
    else if(!ereg("^[A-Za-z0-9\-]{2,30}$",$username)) {
$error['username'] = true; 
         $print_again = true; 
        $message.="Username must contain letters and numbers only<br>";
    }  

    if(empty($password1)) { 
        $error['password1'] = true; 
         $print_again = true; 
        $message.="The password field is empty<br>"; 
    }
    else if(!ereg("^[A-Za-z0-9]{2,30}$",$password1)) {
$error['password1'] = true; 
         $print_again = true; 
        $message.="Password must contain letters and numbers only<br>";
    }  

    if (strcmp( $password1,$password2 ) !=0){
$error['password1'] = true; 
         $print_again = true; 
        $message.="Passwords didn't match<br>";
    }

    if (empty($_POST['verify']) && $_POST['verify'] == $_SESSION['captchstr']) {
$error['verify'] = true; 
         $print_again = true; 
        $message.="Please enter Anti-Spam key<br>";
    }

    if($print_again) { 
        show_form(); 

        } else {

        show_form(); 
           $message="All Fields are valid <br> 
        Now, In this way you can validate the other textfield as well<br> 
        You can insert data into table<br><br>"; 
    }

    echo "$message";
}  

?> 

</body> 
</html>

[MadTechie]

try this

<input name="password1" type="password" value="{$_POST['password1']}" />
<input name="password2" type="password" value="{$_POST['password2']}" />

 

but many forms do clear the password.. the reason is that if you use the above the password is displayed on the page (via view source) so can be cached

[AdRock]

Thanks..MadTechie

 

I did think that I was thinking about security so that's why I had to ask...I think i'll have the user re-enter password