CODEWITHSUNDEEP
phpregistrationuser-input
user2044997
user2044997

Reputation: 1

How do I redirect to the registration page with an error message upon submit error

I am trying to create a registration form that checks to see if the Email and passwords entered by the user match, if all forms are complete, and if the email has been previously used to register. When there is in fact an error, I would like the code to display the error message at the top of the registration form.

However, I cannon't figure out how to make the error message display above the registration inputs. Instead, what happens is that the error message replaces the registration inputs and appears alone (requiring the user to refresh the page to try registering again). This is my first post on stackoverflow, so please excuse me if my coding jargon is off! Below is the code I have been trying to use.

<?php

// Connect to database server
mysql_connect("localhost", "root") or die (mysql_error ());

// Select database
mysql_select_db("mydatabase") or die(mysql_error());

    //Checks to make sure form has been submitted
    if (isset($_POST['submit'])) { 

//Checks to make sure all fields are complete
if (!$_POST['FirstName'] | !$_POST['LastName'] | !$_POST['Username']| !$_POST['Username2']| !$_POST['Password']| !$_POST['Password2'] ) {
    die('You did not complete all of the required fields');
}

//Check to see if email has already been used to reigster
if (!get_magic_quotes_gpc()) {
    $_POST['Username'] = addslashes($_POST['Username']);
}

$usercheck = $_POST['Username'];

$check = mysql_query("SELECT Username FROM people WHERE Username = '$usercheck'") 
or die(mysql_error());

$check2 = mysql_num_rows($check);

//Email has already been used to register message
if ($check2 != 0) {
    die('Sorry, the Email '.$_POST['Username'].' has already been used to register.');
}

//Confirm that Emails match
if ($_POST['Username'] != $_POST['Username2']) {
    die('The Email addresses you entered do not match. ');
}

//Confirm that passwords match
if ($_POST['Password'] != $_POST['Password2']) {
    die('The passwords you entered do not match. ');
}

//Encrypt the password and add slashes if needed
$_POST['Password'] = md5($_POST['Password']);
if (!get_magic_quotes_gpc()) {
    $_POST['Password'] = addslashes($_POST['Password']);
    $_POST['Username'] = addslashes($_POST['Username']);
    }

    // now we insert it into the database
$insert = "INSERT INTO people(FirstName,LastName,Username,Password) VALUES ('" . $_POST["FirstName"] . "','" . $_POST["LastName"] . "','" . $_POST["Username"] . "','" . $_POST["Password"] . "')";

$add_member = mysql_query($insert);
?>

Registered

Thank you, you have registered - you may now login.

    <?php 
    } 
    else 
    {   
    ?>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
        <table border="0">
            <tr><td>First Name:</td><td>
                <input type="text" name="FirstName" maxlength="60">
            </td></tr>
            <tr><td>Last Name:</td><td>
                <input type="text" name="LastName" maxlength="60">
            </td></tr>
            <tr><td>Email Address:</td><td>
                <input type="text" name="Username" maxlength="60">
            </td></tr>
            <tr><td>Confirm Email Address:</td><td>
                <input type="text" name="Username2" maxlength="60">
            </td></tr>
            <tr><td>Password (8 character minimum):</td><td>
                <input type="password" name="Password">
            </td></tr>
            <tr><td>Confirm Password:</td><td>
                <input type="password" name="Password2">
            </td></tr>
            <tr><th colspan=2>
        <input type="submit" name="submit" value="Register"></th></tr> </table>
    </form>
    <?php
    }
    ?>

Upvotes: 0

Views: 365

Answers (2)

NOOB
NOOB

Reputation: 63

try using this

if(isset($_POST['submit'])){
//you can manually define a value for each of the input fields(safer) or use extract($_POST); like below
$FirstName = $_POST["FirstName"];
$LastName = $_POST["LastName"];
$Username = $_POST['Username'];
$Username2 = $_POST['Username2'];
$Password = $_POST['Password'];
$Password2 = $_POST['Password2'];
$namevalidation = "/^[a-zA-Z ]+$/";
$emailValidation = "/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9]+(\.[a-z]{2,4})$/";
    if(!preg_match($namevalidation,$FirstName)){
    $displayer.= "
        <div class='alert alert-warning'>
            <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>
            <b>$FirstName is not valid name..!</b>
        </div>
    ";
}
elseif(!preg_match($namevalidation,$LastName)){
    $displayer.= "
        <div class='alert alert-warning'>
            <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>
            <b>$LastName is not valid name..!</b>
        </div>
    ";
}
elseif(!preg_match($emailValidation,$Username)){
    $displayer.= "
        <div class='alert alert-warning'>
            <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>
            <b>$Username is not valid email..!</b>
        </div>
    ";
}
elseif(strlen($Password) < 8 ){
    $displayer.= "
        <div class='alert alert-warning'>
            <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>
            <b>Password is too weak, try using a stronger password</b>
        </div>
    ";
}

elseif($Password != $Password2){
    $displayer.= "
        <div class='alert alert-warning'>
            <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>
            <b>Password character mismatch.</b>
        </div>
    ";
}
else{
   //existing email address in our database
$sql = "SELECT * FROM account WHERE Username = '$username' LIMIT 1" ;//change table name and row name accordingly
$check_query = mysqli_query($connect,$sql);//replace $connect with your own connection
$count_email = mysqli_num_rows($check_query);
if($count_email > 0){
    $displayer.= "
        <div class='alert alert-danger'>
            <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>
            <b>An existing account has been found with this email address, please log in to continue.</b>
        </div>
    ";
}else{
//Execute your signup code here
}

then above your form you echo displayer to get the error messages <?php echo $displayer; ?>

Upvotes: 0

Mike
Mike

Reputation: 24383

As I mentioned in the comment above, almost every line of your code has some sort of bad practice. Here's a quick summary.

  • As Geek Num 88 mentioned, you should be using PDO or mysqli. See his comment above for links.
  • Assuming ext/mysql, addslashes is not good enough for escaping values. Neither is relying on get_magic_quotes_gpc. The appropriate function is mysql_real_escape_string. However from the previous point, you should not be using that either. Use parametrized queries without any form of escaping.
  • When coding, it is good practice to put error_reporting(-1); at the top of your file. This will force you to code a bit more stricter to standards.
  • You are using a bitwise or | in your comparisons instead of ||. If you don't know what 'bitwise or' even means, just use ||.
  • Instead of doing if (!$_POST['FirstName']) you should instead check if it is set and then check to see if it is empty using strlen()
  • Instead of doing die() for each error, append them to an array and iterate through it at the end. Using die() is bad because it's possible that more than one error is occurring and the user will then have to fill out the form multiple times, and also your HTML may no longer be valid if you are omitting the normal footer that appears at the bottom of your page.
  • For goodness sake, do not use md5 for hashing your passwords. You might as well be storing them in plain text. Instead use bcrypt.
  • Never echo $_SERVER['PHP_SELF'] to the browser because this makes your script vulnerable to XSS attacks.

So to actually answer your question, this is what I would do:

  1. See if the form has been posted. This can be done with a hidden field in the HTML. If it is set, do the validation
  2. Go through all your possible errors and append all errors to an array. Say, $errors[].
  3. If errors are present, echo them back to the user
  4. If no errors, securely hash the password and store all values in the database
  5. Redirect the browser upon success to some sort of success page. This prevents users from pushing refresh and resubmitting the form.
  6. If the form hasn't been submitted or if there was an error, show the form with any values still populated so that they don't have to fill it out again or push back

Upvotes: 1

Related Questions