darkfreaks Posted March 6, 2008 Share Posted March 6, 2008 ok i need someone to thoroughly look at the following function and tell me why it would submit even though it detects empty and errors ??? <?php $username=RemoveXSS(trim(strip_tags($username))); $username = (!empty($_POST['username']) && (isset($_POST['username']) && $this-> validate_username($_POST['username']))) ? $this->qls->Security->make_safe($_POST['username']) : false; $password = (isset($_POST['password']) && $this->validate_password ($_POST['password'])) ? $this->qls-> Security->make_safe($_POST['password']) : false; $confirm_password = (isset($_POST['password_c']) && $_POST['password_c'] == $password) ? true : false; $email = (isset($_POST['email']) && strlen($_POST['email']) > 6 && strlen ($_POST['email']) < 256 && eregi ('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+) *(\.[a-z]{2,3})$', $_POST['email'])) ? $this->qls->Security->make_safe($_POST['email']) : false; $confirm_email = (isset($_POST['email_c']) && $_POST['email_c'] == $email) ? true : false; if ($this->qls->config['security_image'] == 'yes') { // The random id of the image $random_id =(isset($_POST['random_id']) && preg_match('/^[a-fA-F0-9]{40}$/', $_POST['random_id'])) ? $this->qls->Security->make_safe($_POST['random_id']) : false; // The security code entered by the user $security_code = (isset($_POST['security_code']) && preg_match('/[a-zA-Z1-9]{5,8}/', $_POST['security_code'])) ? $_POST['security_code'] : false; if ($this->qls->Security-> check_security_image($random_id, $security_code)) { $security_check = true; } } else { $security_check = true; } if ($username === false||$username==""|| !isset($username)||empty($username)) { $this->register_error = REGISTER_USERNAME_ERROR; return false; } if ($this->check_username_existance($username)) { $this->register_error = REGISTER_USERNAME_EXISTS; return false; } if ($password === false || $confirm_password === false) { $this->register_error = REGISTER_PASSWORD_ERROR; return false; } if ($email === false || $confirm_email === false) { $this->register_error = REGISTER_EMAIL_ERROR; return false; } if ($security_check === false) { $this->register_error = REGISTER_SECURITY_ERROR; return false; } if(!empty($username)||!empty($password)||!empty($email)){ $this->insert_registration_data($username, $password, $email, $save);} }?> Quote Link to comment Share on other sites More sharing options...
bradkenyon Posted March 6, 2008 Share Posted March 6, 2008 are you using any javascript validation on this page? if not, you should, it will alert the user to complete the form before being able to successfully submit it. Quote Link to comment Share on other sites More sharing options...
soycharliente Posted March 6, 2008 Share Posted March 6, 2008 Not all users have JS enabled. Using PHP to process the errors will ALWAYS work. Quote Link to comment Share on other sites More sharing options...
bradkenyon Posted March 6, 2008 Share Posted March 6, 2008 try javascript, it's easy to implement, if you're worried w/ users not enabling js, then keep trying. Quote Link to comment Share on other sites More sharing options...
Naez Posted March 6, 2008 Share Posted March 6, 2008 Is this just a snip of code? I'm trying to figure out what your doing because it looks like you're using the $this-> operator in a global scope (which I suppose might theoretically work but I don't see why you would). Also you should clean up your code (like real bad), tabs are your friend Try to keep elements of your code contained within other elements to allow ease of visibility and readability or wuteva <?php class yourclass { //tab, open public function myfunction() { //tab, open if ($whatever == 'whatever') { //tab, open echo "whatever"; } // untab, close } // untab, close } // untab, close ?> for example your code i would fix <?php $username = (!empty($_POST['username']) && (isset($_POST['username']) && $this->validate_username($_POST['username']))) ? $this->qls->Security->make_safe($_POST['username']) : false; $password = (isset($_POST['password']) && $this->validate_password($_POST['password'])) // etc; ?> The easier it is to read, the better it is to debug. No offense or anything but I dropped it into dreamweaver and tried to tab it up but still couldn't figure out what you were trying to do there. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.