Random String Verification help

[psychowolvesbane]

In a form I've made I have tried to create a random string variable that is displayed on the form and for the users to copy into another text box for comparison and validation, however it doesn't seem to work as I had hoped, take a look at the code near the bottom of the script.

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<?php
session_Start();

include "admin/connect_details.php";

$random_str= $_SESSION['Rand_str'];
$Forename = $_POST['Forename'];
$Surname = $_POST['Surname'];
$Email = $_POST['Email'];
$ConfirmEmail = $_POST['ConfirmEmail'];
$User = $_POST['Username'];
$UserPass = $_POST['Password'];
$ConfirmUserPass = $_POST['ConfirmPassword'];
$Verify = $_POST['Verify'];

$conn = mysql_connect($Host,$Username,$Password) or die(mysql_error());
$db = mysql_select_db($Dbname, $conn);
$sql = "SELECT Username FROM UserAccount WHERE Username='$User'";
$rs = mysql_query($sql,$conn) or die('Problem with query: ' . $sql . '<br />' . mysql_error());

$Row = mysql_fetch_array($rs);
$ExistingUser = $Row['Username'];

if (isset($_POST['SubmitB']))
{
   if(empty($Forename))
   {
      $Errors++;
      $MsgForename = "! Please enter your Forename";
   }

   if(empty($Surname))
   {
      $Errors++;
      $MsgSurname = "! Please enter your Surname";
   }

   if (!preg_match('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $Email)) 
   {   
      $Errors++;
      $MsgEmail = "! Please Enter a valid Email Address";          
   }
   elseif($Email != $ConfirmEmail)
   {
      $Errors++;
      $MsgEmail = "! The Email Addresses do not match please re-confirm them";         
   }

   if(empty($User))
   {
      $Errors++;
      $MsgUser = "! Please enter a Username";
   }
   elseif($ExistingUser == $User)
   {
      $Errors++;
      $MsgUser = "! That Username has already been taken, please enter a new one";
   }

   if(empty($UserPass))
   {
      $Errors++;
      $MsgPassword = "! Please enter a Password";
   }
   elseif($UserPass != $ConfirmUserPass)
   {
      $Errors++;
      $MsgPassword = "! Please re-enter your Password";
   }   

   if($Errors==0)
   {
      $UserPass=sha1($Userpass);
      $conn = mysql_connect($Host,$Username,$Password) or die(mysql_error());
      $db = mysql_select_db($Dbname, $conn);
      $sql1 = "SELECT UserID FROM UserAccount WHERE UserID='User*'";
      $rs1 = mysql_query($sql1,$conn) or die('Problem with query: ' . $sql1 . '<br />' . mysql_error());
      $NoOfUsers = mysql_num_rows($rs1);
      $UserID = "User".($NoOfUsers+1);
      $X = 1;

      while($OkUserID == false)
      {
         $sql2 = "SELECT UserID FROM UserAccount WHERE UserID='$UserID'";
         $rs2 = mysql_query($sql2,$conn) or die('Problem with query: ' . $sql2 . '<br />' . mysql_error());
      
         if(mysql_num_rows($rs2)==1)
         {
            $OkUserID = false;
            $UserID = "User".$X;
         }
         else
         {
            $OkUserID = true;
         }
         $X++;
      }

      $sqlNew = "INSERT INTO UserAccount (UserID,Username,Password,Forename,Surname,Email,AccountType,Status) VALUES('$UserID','$User','$UserPass','$Forename','$Surname','$Email','Student','0')";
      $rsNew = mysql_query($sqlNew,$conn)or die('Problem with query: ' . $sqlNew . '<br />' . mysql_error());
      
      if(mysql_num_rows($rsNew)==0)
      {
     $ValidReg = false;
      }
      else   
      {
         $ValidReg = true;          
      }
      mysql_close($conn);
   }
}

?>

<html>
<head>
<title>Clothing Line</title>
<link href="admin/stylesheetCL.css" rel="stylesheet">
<?php require('admin/jscript.inc');

if($ValidLogin==true)
{
   ?>
   <meta HTTP-EQUIV="REFRESH" content="0; url=index.php">
   <?php
}
?>

<script language='JavaScript' type='text/JavaScript'>
<!--
function random_string($len=5, $str='')
{
   For($i=1; $i<=$len; $i++)
   {
      $ord=rand(48, 90);
      if((($ord >= 48) && ($ord <= 57)) || (($ord >= 65) && ($ord<= 90))) 
      {
         $str.=chr($ord);
      }
      else
      {
         $str.=random_string(1);
      }	                                       
   }
   return $str;
}

function Validate(f){
   return (ValidateValues(f)==0 ? true : false );
}

function ValidateValues(f)
{
   var Errors = 0
   if((document.registration_form.Forename.value+'').length<1)
   {
      document.getElementById('mySpan1').innerHTML='! Please Enter your Forename!';
      Errors++;
   }
   else
   {
      document.getElementById('mySpan1').innerHTML='';
   }

   if((document.registration_form.Surname.value+'').length<1)
   {
      document.getElementById('mySpan2').innerHTML='! Please Enter your Surname!';
      Errors++;
   }
   else
   {
      document.getElementById('mySpan2').innerHTML='';
   }

   if(document.registration_form.Email.value =="")
   {
      Errors++
      document.getElementById('mySpan3').innerHTML='! Please Enter an Email Address!';
   }
   else if(!document.registration_form.Email.value.match(/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/))
   {
      Errors++
      document.getElementById('mySpan3').innerHTML='! Please Enter a Valid Email Address!';
   }
   else if(document.registration_form.Email.value !== document.registration_form.ConfirmEmail.value)
   {
      Errors++
      document.getElementById('mySpan3').innerHTML='! The Email Addresses do not match, please re-confirm them!';
   }
   else
   {
      document.getElementById('mySpan3').innerHTML='';
   }

   if((document.registration_form.Username.value+'').length<1)
   {
      document.getElementById('mySpan4').innerHTML='! Please Enter a Username!';
      Errors++;
   }
   else
   {
      document.getElementById('mySpan4').innerHTML='';
   }

   if((document.registration_form.Password.value+'').length<1)
   {
      document.getElementById('mySpan5').innerHTML='! Please Enter a Password!';
      Errors++;
   }
   else if(document.registration_form.Password.value !== document.registration_form.ConfirmPassword.value)
   {
      Errors++
      document.getElementById('mySpan5').innerHTML='! The Email Addresses do not match, please re-confirm them!';
   }
   else
   {
      document.getElementById('mySpan5').innerHTML='';
   }
   return Errors;
}

//-->
</script>
</head>
<body>

<?php require('admin/header.inc');
require('menu.inc') ?>

<div class="DivMain">
<span class="head2">Registration Form</span><br>
<span class="errmsg">* All Marked fields required</span><br>
  
  <form method="post" name="registration_form" action="registration_form.php" onSubmit="return Validate(this);">

  <table style="width: auto; position: absolute;">
   <tr><td width="194"><span id="mySpan1" class="errmsg"><?php echo $MsgForename?></span></td>
   </tr>
   <tr><td><span class="errmsg">* </span><span class="head4">Forename:</span></td>
   <td width="302"><label><input type="text" maxlength="15" name="Forename" value="<?php echo $Forename?>"/></label>
   
   <tr><td><span id="mySpan2" class="errmsg"><?php echo $MsgSurname?></span></td></tr>
   <tr><td><span class="errmsg">* </span><span class="head4">Surname:</span></td>
   <td><label><input type="text" maxlength="20" name="Surname" value="<?php echo $Surname?>"/></label></td></tr>
   <tr></tr>
   
   <tr><td><span id="mySpan3" class="errmsg"><?php echo $MsgEmail?></span></td></tr>
   <tr><td><span class="errmsg">* </span><span class="head4"> Email:</span></td>
   <td><label> <input type="text" maxlength="50" name="Email" value="<?php echo $Email?>"/>
   </label></td></tr>
   <tr><td><span class="errmsg">* </span><span class="head4">Confirm Email:</span></td>
   <td><label><input type="text" maxlength="50" name="ConfirmEmail" value="<?php echo $ConfirmEmail?>"/>
   </label></td></tr>
   <tr></tr>
   
   <tr><td><span id="mySpan4" class="errmsg"><?php echo $MsgUser?></span></td></tr>
   <tr><td><span class="errmsg">* </span><span class="head4">Username:</span></td>
   <td><label><input type="text" name="Username" value="<?php echo $User?>"/></label></td></tr>
   <tr></tr>
   
   <tr><td><span id="mySpan5" class="errmsg"><?php echo $MsgPassword?></span><br></td></tr>
   <tr><td><span class="errmsg">* </span><span class="head4">Password:</span></td>
   <td><label><input name="Password" type="Password" value="<?php echo $UserPass?>" maxlength="15"/>
   </label></td></tr>
   <tr><td><span class="errmsg">* </span><span class="head4">Confirm Password:</span></td>
   <td><label><input name="ConfirmPassword" type="password" value="<?php echo $ConfirmUserPass?>" maxlength="15"/>
   </label></td></tr>
   <tr></tr>
      
   <tr><td><span id="mySpan5" class="errmsg"><?php echo $MsgVerify?></span></td></tr>
   <tr><td><span class="errmsg">* </span><span class="head4">Verify Registration <br />(Copy the text exactly):</span>
   </td><td><?php $rand_str=random_string(5);?> 
   <span class"head2"><?php echo $rand_str?></span> 
   <?php $_SESSION['Rand_str']= $rand_str?></td></tr>
   <tr><td></td><td><label><input type="text" maxlength="5" name="Verify"/></label> <?php unset($rand_str)?></td></tr>
   <tr><td></td><td> 

   <input type="submit" style="overflow:visible; width:auto" class="buttonS" 
   name="SubmitB" value="Submit" onMouseOver="OverMouse(this)"; onMouseOut="OutMouse(this)"/>
   <input type="reset" class="buttonS" name="ResetB" value="Reset" onmouseover="OvermOuse(this)"; 
   onmouseout="OutMouse(this)"/></td></tr>
  </table>
  </form>

</div>
</body>
</html>

 

Can anyone help with this?

[BlueSkyIS]

"it doesn't seem to work as I had hoped"

 

more details?

[psychowolvesbane]

Okay it doesn't display anything on the page beyond the Verification Required: table column and misses out the Submit and Reset buttons.

[psychowolvesbane]

Does anyone have any idea what I can do?

[BlueSkyIS]

your code as written has content before session_start(). session_start() must come before ANY content output to the browser, including any space or text at the beginning of the file.

 

next: do you have error_reporting turned on? to make sure, put this before session_start();

 

error_reporting(E_ERROR | E_WARNING | E_PARSE);

 

i think you'll find the error that way.

[psychowolvesbane]

It looks like the issue is Javascript based so I shall have to call this solved for now.