Including form in view file to controller file PHP

Question

I'm creating simple registration form to my website and I'm having problems with showing errors. When I type incorrect data to my form and click submit button nothing happens, only when I click it again (even when textboxes are empty) error messages are shown. Is it a problem with including file, how to fix it without putting php logic and html layout all together?

register.php

<?php

session_start();

require_once 'business.php';

require 'views/register_view.php';

if (isset($_POST['email']) || isset($_POST['login']) || isset($_POST['pass1']))
{
    $ok_flag=true;

    $email = $_POST['email'];
    $email2 = filter_var($email, FILTER_SANITIZE_EMAIL);

    if ((filter_var($email2, FILTER_VALIDATE_EMAIL)==false) || ($email2!=$email))
    {
        $ok_flag=false;
        $_SESSION['err_email']="Podaj poprawny adres e-mail";
    }

    $login = $_POST['login'];

    if (strlen($login)<3) 
    {
        $ok_flag=false;
        $_SESSION['err_login']="Login musi posiadać od 3 do 20 znaków";
    }

    if (ctype_alnum($login)==false)
    {
        $ok_flag=false;
        $_SESSION['err_login']="Login może składać się tylko z liter i cyfr (bez polskich znaków)";
    }

    $pass1 = $_POST['pass1'];
    $pass2 = $_POST['pass2'];

    if ((strlen($pass1)<8) || (strlen($pass1)>20) || empty($pass1))
    {
        $ok_flag=false;
        $_SESSION['err_pass']="Hasło musi posiadać od 8 do 20 znaków";
    }

    if ($pass1!=$pass2)
    {
        $ok_flag=false;
        $_SESSION['err_pass']="Podane hasła nie są identyczne";
    }   

    $pass_hash = password_hash($pass1, PASSWORD_DEFAULT);

    //Zapamiętaj wprowadzone dane
    $_SESSION['email'] = $email;
    $_SESSION['login'] = $login;
    $_SESSION['pass1'] = $pass1;
    $_SESSION['pass2'] = $pass2;

    if ($ok_flag==true) {
        //dodaj gracza do bazy danych
    }
}


?>

register_view.php

<h1>Rejstracja</h1>

    <form method="post">

    Adres e-mail:<br />
    <input type="text" name="email"/><br />

    <?php
        if (isset($_SESSION['err_email']))
        {
            echo '<div class="error">'.$_SESSION['err_email'].'</div>';
            unset($_SESSION['err_email']);
        }
    ?>

    Login:<br />
    <input type="text" name="login" maxlength="20" /><br />

    <?php
        if (isset($_SESSION['err_login']))
        {
            echo '<div class="error">'.$_SESSION['err_login'].'</div>';
            unset($_SESSION['err_login']);
        }
    ?>

    Hasło:<br />
    <input type="password" name="pass1"/><br />

    <?php
        if (isset($_SESSION['err_pass']))
        {
            echo '<div class="error">'.$_SESSION['err_pass'].'</div>';
            unset($_SESSION['err_pass']);
        }
    ?>      

    Powtórz hasło:<br />
    <input type="password" name="pass2"/><br /><br />

    <input type="submit" value="Zarejestruj się"/>

    </form>

Answer 1

This is your problem:

<?php

session_start();

require_once 'business.php';

// here you include the view
require 'views/register_view.php';

if (isset($_POST['email']) || isset($_POST['login']) || isset($_POST['pass1']))
{
    ...

You are including the view before the logic where you are handling the form submit. So the first time the session variable will not be set yet.

You need to move require 'views/register_view.php'; to after the if statement.

In general you should always do your processing before you start output to the browser. That will also allow you to start sessions, use header() redirects, etc. depending on the results.