errors echo on empty data but does not stop it?

[darkfreaks]

ok i need someone to thoroughly look at the following function and tell me why it would submit even though it detects empty and errors ???

 

 

<?php

 $username=RemoveXSS(trim(strip_tags($username)));
$username = (!empty($_POST['username']) 
&& (isset($_POST['username']) && $this->
validate_username($_POST['username'])))
? $this->qls->Security->make_safe($_POST['username']) : false;
$password = (isset($_POST['password']) 
&& $this->validate_password
($_POST['password'])) ? $this->qls->
Security->make_safe($_POST['password']) : false;
$confirm_password = (isset($_POST['password_c'])
&& $_POST['password_c'] == $password) ? true : false;
$email = (isset($_POST['email']) 
&& strlen($_POST['email']) > 6 && strlen
($_POST['email']) < 256 
&& eregi
('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)
*(\.[a-z]{2,3})$', $_POST['email'])) 
? $this->qls->Security->make_safe($_POST['email']) : false;
$confirm_email = 
(isset($_POST['email_c']) && $_POST['email_c'] == $email) ? true : false;
	if ($this->qls->config['security_image'] == 'yes') {
	// The random id of the image
	$random_id =(isset($_POST['random_id'])
&& preg_match('/^[a-fA-F0-9]{40}$/', 
$_POST['random_id']))
? $this->qls->Security->make_safe($_POST['random_id']) : false;

	// The security code entered by the user
	$security_code =
(isset($_POST['security_code']) 
&& preg_match('/[a-zA-Z1-9]{5,8}/', $_POST['security_code'])) 
? $_POST['security_code'] : false;
		if ($this->qls->Security->
check_security_image($random_id, $security_code)) {
		$security_check = true;
		}
	}
	else {
	$security_check = true;
	}

	if ($username === false||$username==""||
!isset($username)||empty($username)) {
	$this->register_error = REGISTER_USERNAME_ERROR;
	return false;
	}

	if ($this->check_username_existance($username)) {
	$this->register_error = REGISTER_USERNAME_EXISTS;
	return false;
	}

	if ($password === false || $confirm_password === false) {
	$this->register_error = REGISTER_PASSWORD_ERROR;
	return false;
	}

	if ($email === false || $confirm_email === false) {
	$this->register_error = REGISTER_EMAIL_ERROR;
	return false;
	}

	if ($security_check === false) {
	$this->register_error = REGISTER_SECURITY_ERROR;
	return false;
	}
	if(!empty($username)||!empty($password)||!empty($email)){
$this->insert_registration_data($username, $password, $email, $save);}
}?>

[bradkenyon]

are you using any javascript validation on this page?

 

if not, you should, it will alert the user to complete the form before being able to successfully submit it.

[soycharliente]

Not all users have JS enabled. Using PHP to process the errors will ALWAYS work.

[bradkenyon]

try javascript, it's easy to implement, if you're worried w/ users not enabling js, then keep trying.

[Naez]

Is this just a snip of code?  I'm trying to figure out what your doing because it looks like you're using the $this-> operator in a global scope (which I suppose might theoretically work but I don't see why you would).

 

Also you should clean up your code (like real bad), tabs are your friend

 

Try to keep elements of your code contained within other elements to allow ease of visibility and readability or wuteva

 

<?php

class yourclass
{
//tab, open
public function myfunction()
{
	//tab, open
	if ($whatever == 'whatever')
	{
		//tab, open
		echo "whatever";
	} // untab, close
} // untab, close
} // untab, close

?>

 

for example your code i would fix

 

<?php

$username = (!empty($_POST['username']) && 
		(isset($_POST['username']) && 
		$this->validate_username($_POST['username'])))
				? $this->qls->Security->make_safe($_POST['username']) : false;
$password = (isset($_POST['password']) && 
		$this->validate_password($_POST['password'])) // etc;

?>

 

 

 

The easier it is to read, the better it is to debug.  No offense or anything but I dropped it into dreamweaver and tried to tab it up but still couldn't figure out what you were trying to do there.