yesganesh
Reputation: 35
Validation Display in Registration form with Bootstrap
In the following code in crudindex.php if I enter password with length less than 6 characters error message is not showing using the span command.Required pattern is working. But messages using span command is not displaying ex : if i enter length less than 6 in password no error message displays
What is wrong in this code?
<?php
$con = mysqli_connect("127.0.0.1", "kkits996_ganesh", "", "kkits996_testmysql") or die("Error " . mysqli_error($con));
$error=false;
if (isset($_POST) && (!empty($_POST))){
$uname=mysqli_real_escape_string($con,$_POST["uname"]);
$pwd=mysqli_real_escape_string($con,$_POST["pwd"]);
$cpwd=mysqli_real_escape_string($con,$_POST["cpwd"]);
$password_error="";
$cpassword_error="";
if(strlen($pwd) < 6) {
$error = true;
$password_error = "Password must be minimum of 6 characters";
}
if($pwd != $cpwd) {
$error = true;
$cpassword_error = "Password and Confirm Password doesn't match";
}
if (isset($_POST['register'])) {
# Register-button was clicked
$createsql1="INSERT INTO cruduser(id,username,password) VALUES
('','$uname','$pwd')";
if (mysqli_query($con,$createsql1)) {
echo "Insert Successful in Table cruduser";
mysqli_close($con);
//Redirect because we need to consider the post request from crudadd.php
header( 'Location: crudaddusr.php' ) ;
//include ("crudadd.php");
}
else
{
die(mysqli_error($con));
}
}
if (isset($_POST['login'])) {
# Login-button was clicked
session_start();
$SESSION['suname']=$uname;
$SESSION['spwd']=$pwd;
if ($uname=='admin' && $pwd=='admin') {
include('crudview.php');
}
else
{
header( "Location: crudeditusr.php?suname=$uname&spwd=$pwd");
}
}
mysqli_close($con);
}
?>
<!--DocType HTML -->
<! bootstrap link is downloaded from bootstrapcdn.com for css and js -->
<! col-mod-6 col-mod-offset are bootstrap related-->
<HTML>
<head>
<title>"Add records in CRUD Table"</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="row">
<form method="post" class="form-horizontal col-mod-6 col-mod-offset-3">
<h2>Create The table CRUD</h2>
<div class="form-group">
<label for="input" class="col-sm-2 control-label">Username : </label>
<div class="col-sm-10">
<input type="text" name="uname" required pattern="^[A-Za-z0-9]+" class="form-control" id="input1" placeholder="Username"/>
</div>
</div>
<div class="form-group">
<label for="input" class="col-sm-2 control-label">Password: </label>
<div class="col-sm-10">
<input type="password" name="pwd" required pattern="^[A-Za-z0-9]+" class="form-control" id="input1" placeholder="Password"/>
<span class="error"><?php if (isset($password_error)) echo $password_error;?></span>
</div>
</div>
<div class="form-group">
<label for="input" class="col-sm-2 control-label">Confirm Password : </label>
<div class="col-sm-10">
<input type="password" name="cpwd" required pattern="^[A-Za-z0-9]+" class="form-control" id="input1" placeholder="Confirm Password"/>
<span class="text-danger"><?php if (isset($cpassword_error)) echo $cpassword_error; ?></span>
</div>
</div>
<div class="row">
<div class="col-mod-6 col-mod-offset-3">
<button id="submit1" name="register" class="btn btn-primary pull-right">Register</button>
<button id="submit2" name="login" class="btn btn-secondary pull-right">Login</button>
</div>
</div>
</form>
</body>
</html>
Upvotes: 0
Views: 963
Answers (2)
Michael GEDION
Reputation: 939
This is a working example to display your errors and prevent some security problems. I have removed the required pattern from your html. You didn't properly set errors. You can handle errors with php and display them. Plus you didn't use action="path/to/handleform.php".
And your redirect should be in login: header( "Location: crudeditusr.php?suname=".$uname."&spwd=".$pwd);
There are 3 security problems here:
- SQL injection. SOLUTION=> prepared statement
- Password saved as plain text. SOLUTION=> password_hash()
Cross-Site Request Forgery (CSRF). SOLUTION=> input hidden with a token
<?php $con = mysqli_connect("127.0.0.1", "kkits996_ganesh", "", "kkits996_testmysql") or die("Error " . mysqli_error($con)); // Declare array for errors $error=array(); //-----------------------------------------------------// //---------------------CSRF PROTECT--------------------// //-----------------------------------------------------// //generate a token/ function generateToken( $formName ) { //secret_key change it $secretKey ='?@GEskki58668445744!Erpoejsj48'; if ( !session_id() ) { session_start(); } $sessionId = session_id(); return hash('sha512', $formName.$sessionId.$secretKey ); } //check if the token is valid function checkToken( $token, $formName) { return $token === generateToken( $formName ); } //Separate REGISTER AND LOGIN TO NOT BE CONFUSED// //-----------------------------------------------------// //---------------------REGISTRATION--------------------// //-----------------------------------------------------// if ( isset($_POST['register']) && checkToken( $_POST['csrf_token'], 'userFromRegistration' ) ) { //if the username required if(!preg_match('/^[A-Za-z0-9]+$/',$_POST['uname'])) { $error['username'] = "Username must have alphanumeric characters "; } //if password has less than 6 characters if(strlen($_POST['pwd']) < 6) { $error['password'] = "Password must be minimum of 6 characters"; } //if password does not match if($_POST['pwd'] !== $_POST['cpwd'] OR empty($_POST['cpwd']) ) { $error['passwordmatch'] = "Password and Confirm Password doesn't match"; } //if empty error array if( !array_filter($error) ) { //trim data $username = trim( $_POST['uname'] ); // Hash you password, never save PASSWORD AS PLAIN TEXT!!!!!!! // MYSQL! : Allow your storage to expand past 60 characters (VARCHAR 255 would be good) $password = password_hash( $_POST['pwd'], PASSWORD_DEFAULT); //if the id is autoincremented leave id //----------USE PREPARED STATEMENT FOR SQL INJECTION---// $query = 'INSERT INTO cruduser (username, password) VALUES (?,?)'; $stmt = $con->prepare($query); $stmt->bind_param("ss", $username, $password); $stmt->execute(); $stmt->close(); $con->close(); //Redirect because we need to consider the post request from crudadd.php header( 'Location: crudaddusr.php' ) ; } } //-----------------------------------------------------// //------------------------LOGIN------------------------// //-----------------------------------------------------// if (isset($_POST['login'])) { //what ever you want //Use password_verify() and session_regenerate_id() //to compare passwords and to generate a session id to prevent session fixation. session_start(); $uname = $_POST['uname']; $pwd = $_POST['pwd']; //if you don't need it delete it $SESSION['suname']=$unmane; $SESSION['spwd']=$pwd; if ($uname=='admin' && $pwd=='admin') { include('crudview.php'); } else { header( "Location: crudeditusr.php?suname=".$uname."&spwd=".$pwd); } } ?> <!--HTMl PART--> <!DOCTYPE html> <html> <head> <title>"Add records in CRUD Table"</title> <!-- bootstrap link is downloaded from bootstrapcdn.com for css and js --> <!-- col-mod-6 col-mod-offset are bootstrap related--> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> </head> <body> <div class="container"> <div class="row"> <form method="post" action="" class="form-horizontal col-mod-6 col-mod-offset-3"> <input type="hidden" name="csrf_token" value="<?php echo generateToken('userFromRegistration'); ?>" required/> <h2>Create The table CRUD</h2> <div class="form-group"> <label for="input" class="col-sm-2 control-label">Username : </label> <div class="col-sm-10 <?php if( !empty( $error['username'] ) ){ echo 'has-error';} ?> "> <input type="text" name="uname" class="form-control" id="input1" placeholder="Username"/> <span class="help-block"><?php if (!empty($error['username'])) echo $error['username'];?></span> </div> </div> <div class="form-group"> <label for="input" class="col-sm-2 control-label">Password: </label> <div class="col-sm-10 <?php if( !empty( $error['password'] ) ){ echo 'has-error';} ?>"> <input type="password" name="pwd" class="form-control" id="input1" placeholder="Password"/> <span class="help-block"><?php if (!empty($error['password'])) echo $error['password'];?></span> </div> </div> <div class="form-group"> <label for="input" class="col-sm-2 control-label">Confirm Password : </label> <div class="col-sm-10 <?php if( !empty( $error['passwordmatch'] ) ){ echo 'has-error';} ?>"> <input type="password" name="cpwd" class="form-control" id="input1" placeholder="Confirm Password"/> <span class="help-block"><?php if (!empty($error['passwordmatch'])) echo $error['passwordmatch'];?></span> </div> </div> <div class="row"> <div class="col-mod-6 col-mod-offset-3"> <button id="submit1" name="register" class="btn btn-primary pull-right">Register</button> <button id="submit2" name="login" class="btn btn-secondary pull-right">Login</button> </div> </div> </form> </body>
Upvotes: 1
S4NDM4N
Reputation: 924
Change this line from this,
$pwd=mysqli_real_escape_string($con,$_POST["pwd"]);
to this,
$pwd=mysqli_real_escape_string($_POST["pwd"]);
You don't need to add $con to assign your password to another variable but it's better use the direct $_POST variable no need to assign it to another.
if(strlen($_POST["pwd"]) < 6) {
$error = true;
$password_error = "Password must be minimum of 6 characters";
}
Upvotes: 0
Related Questions
- How To Bootstrap Integrate with Codeigniter Form Validation
- I Try to validate data by database to login by use Bootsrap model and ajax with PHP but It's not working
- Validate signup form in modal bootstrap
- Validate Registration Form in Modal And Submit data in database
- Using Bootstrap validation to validate form fields
- Struggling with PHP validation
- some issues in my jquery validation registration form
- How to use jquery validation in my registration form
- Registration form Bootstrap PHP
- Solution Bootstrap form validation