Problem with form validation...

[Vigilant Psyche]

Hi guys, my problem is that "You left the username field blank." is always echoed no matter whether the field has been left blank or not... here is the code:

 

<CENTER>

<form action="index.php?body=register" method="post" class="black">

Username:<br><input type="text" name="username"/><br><br>

Password:<br><input type="password" name="password"/><br><br>

Confirm passowrd:<br><input type="password" name="password2"/><br><br>

Email:<br><input type="text" name="mail"/><br><br>

 

<input align=center type="submit" value="Register!"/>

<br><br>

 

<?php

 

$t_user=$_POST['username'];

$t_pass=$_POST['password'];

$t_pass2=$_POST['password2'];

$t_mail=$_POST['mail'];

 

if  (isset($_POST['username']) or isset($_POST['password']) or isset($_POST['password2']) or isset($_POST['mail']))

{

echo "<div class='border_red padding_mid back_red'>";

 

if ($t_user=='')

echo "You left the username field blank.";

else

if ($t_pass!=$t_pass2)

echo "The passwords you typed did not match. Please type them again.";

else

if ($t_pass=='' or $t_pass2=='')

echo "You left the password field blank.";

else

if ($t_mail=='')

echo "You left the email field blank.";

else

{

echo "Thankyou for registering. An email has been sent to the <br> email address you supplied. As soon as you click the <br> link in that email, you'll be able to start posting!";

 

//register

}

}

 

?>

</CENTER>

[frijole]

Have you tried using double quotes at this point:

 if ($t_user=='')
                  echo "You left the username field blank.";

 

Like this:

 if ($t_user=="")
                  echo "You left the username field blank.";

 

That might work but you could also just check the length of the username with strlen() and if it is greater than zero then the user has entered a username in to the form.

[Caesar]

Check your if/else statements. They're not structured right.

 

<?php

  if(This is true) {
    // Code here.
  }

  elseif(This is true) {
    // Code here.
  }

  elseif(This is true) {
    // Code here.
  }

    else
    {
       // Code here.
     }

?>

[Northern Flame]

you were telling the script to echo the error if the user submitted a value,

that was your problem.... try this:

 

<CENTER>
                  <form action="index.php?body=register" method="post" class="black">
                  Username:
<input type="text" name="username"/>


                  Password:
<input type="password" name="password"/>


                  Confirm passowrd:
<input type="password" name="password2"/>


                  Email:
<input type="text" name="mail"/>



                  <input align=center type="submit" value="Register!"/>
               


               
               <?php
               
               $t_user=$_POST['username'];
               $t_pass=$_POST['password'];
               $t_pass2=$_POST['password2'];
               $t_mail=$_POST['mail'];
               
               if  (empty($_POST['username']) or empty($_POST['password']) or empty($_POST['password2']) or empty($_POST['mail']))
               {
                  echo "<div class='border_red padding_mid back_red'>";
               
                  if ($t_user=='')
                  echo "You left the username field blank.";
                  else
                  if ($t_pass!=$t_pass2)
                  echo "The passwords you typed did not match. Please type them again.";
                  else
                  if ($t_pass=='' or $t_pass2=='')
                  echo "You left the password field blank.";
                  else
                  if ($t_mail=='')
                  echo "You left the email field blank.";
                  else
                  {
                     echo "Thankyou for registering. An email has been sent to the
email address you supplied. As soon as you click the
link in that email, you'll be able to start posting!";
                  
                     //register
                  }
               }
               
               ?>
               </CENTER>

[uniflare]

try using preg_match, you can then practically snitize imformation at the same time. eg

 

preg_match("/\A[A-Za-z0-9_]{4,16}$/i",$string);

 

this preg_match has the REGEX Pattern of "/\A[A-Za-z0-9_]{4,16}$/i" an explanation of the regex continues;

 

the \A at the start just says "From the start of string"

anything inside [ and ] brackets is like "Match any of these characters in any order"

the {4,16} means the above match MUST be between 4-16 characters long

finally the $ dollar symbol means "The end of the string".

 

Basically it will return 1 (match) as long as the $string is entirely made from a-z, 0-9 and _ (underscore), must be between 4 and 16 characters long form start to finish.

 

---

the / at start and / before the i at the end is like the wall of the regex, preg needs this. the i at the end means "Case-Insensitive".

---

 

you can modify this regex for passwords by removing the unsderscore, then only letters and numbers will  be allowed.

 

you can change the required length by literally changing the number min,max.

 

you can also add certain characters but be careful with - and . etc as you may need to escape them, eg:

 

"/\A[A-Za-z0-9_\.]{4,16}$/i" would match the same as above but also allow . (period/dot) characters as well.

---

 

normally a . in regex means "Anything except Newlines" by default, so for it to mean a literal dot, you need to escape it, much like escaping double quotes inside a string when defining it.

 

 

 

 

hope this helps,

[uniflare]

An example would be:

 

              <?php
               
               $t_user=$_POST['username'];
               $t_pass=$_POST['password'];
               $t_pass2=$_POST['password2'];
               $t_mail=$_POST['mail'];
               
               if  (isset($_POST['username']) or isset($_POST['password']) or isset($_POST['password2']) or isset($_POST['mail']))
               {
                  echo "<div class='border_red padding_mid back_red'>";
                  $error_str = null;
                  if (preg_match("/\A[A-Za-z0-9_]{4,16}$/i",$t_user) != 1){
                          $error_str .=  "Your Username Must Be 4-16 caracters long and be comprised of A-Z, 0-9 or underscores ( _ ) only!. <br>";
                  }
                  if ($t_pass!=$t_pass2){
                          $error_str .= "The passwords you typed did not match. Please type them again. <br>";
                  }
                  if (preg_match("/\A[A-Za-z0-9]{6,12}$/i",$t_pass) != 1){
                          $error_str .= "The Password you provided must contain Letters and Numbers only, and must be between 6 to 12 characters long. <br>";
                  }
                  if (preg_match("/\A[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i",$t_mail) != 1){
                          $error_str .= "The Email you provided in in an Invalid Format. <br>";
                  }
                  if($error_str == null){
                     echo "Thankyou for registering. An email has been sent to the 
email address you supplied. As soon as you click the 
link in that email, you'll be able to start posting!";
                  
                     //register
                  }else{
                        echo($error_str);
                  }
               }
               
               ?>

 

hope this helps,

 

i even added an email validation regex for you. checks wether the email address  syntax is valid or not.

[uniflare]

FYI you might want to test for active email domain, grab the part after the @ symbol and do a host lookup to see if you can get an ip-address, if you cant it usually means its a fake email or the server is down, in which case the email may never get received.