Nested if {} else{} statements not working

PHP
1

As usual, this is probably a matter of me just not seeing things very clearly, but I’ve got a piece of code I’ve been plugging at all day, and it simply DOES NOT want to play nice!
The background is: I’m creating a signup page that requires email verification before the user can choose a username, password or any details like that. I thought I was being easy on myself by creating two different signup tables:
Table 1: email_reg is where I store email addresses and a random md5 that is used for my verification link
Table2: users_login is where I store email addresses, usernames and passwords of folks who have clicked on the link I send them.
Where I’m having trouble is this:

I’ve got essentially 3 verifications of each email address that’s entered.
Step 1 is to check and see if it is indeed an email address,
if step 1 passes, then we check it against the first database to see if its “registered, but not verified”,
if step 2 turns up empty, then step 3 is to check if the email address is already assigned to a member of the site.
Once all three steps pass, a random md5 is generated, and an email (with a link) is sent.
If I remove all verification (for testing purposes this afternoon, everything works as it is supposed to ie: md5 generated, email sent, link works, etc.

Where I’m running into trouble is this: I’ve been doing these darn if-else statements all afternoon and gotten my head twisted, so I can’t figure out where I’m going wrong.
When I load the page as shown in code below, I’ve get the following error


Parse error: syntax error, unexpected T_ELSE in /var/www/public_html/testsite/register.php on line 30

So, if someone would be so kind as to quickly look this over and point out what I think is probably a fairly silly mistake, I’d appreciate it:


session_start();
require_once('script/fixedvars.php');
if (isset($_POST['submitted'])){
$errors = array();
require_once('script/dbcs.php');
require_once('script/is_email.php');
	if (is_email(stripslashes(trim($_POST['email'])) )){
	$email = mysql_real_escape_string($_POST['email']);
	$query = "SELECT email FROM $loginTable WHERE email = '$email'";
	$result = mysql_query($query);
	$num = mysql_num_rows($result);
		if ($num == 0) {
		$email = mysql_real_escape_string($_POST['email']);
		$query = "SELECT email FROM $regTable WHERE email = '$email'";
		$result = mysql_query($query);
		$num = mysql_num_rows($result);
			if ($num == 0) {
				$regkey = md5(uniqid(rand(), true));
				$regdate = date("Ymd");
				$query = "INSERT INTO $regTable (email, regkey, regdate) VALUES ('$email', '$regkey', '$regdate')";
				$result = @mysql_query($query);
					if (mysql_affected_rows() == 1) {
					$body = "Thank you for registering at TEST SITE. To activate your account, please click on this link:\
\
";
					$body .= "http://localhost/testsite/activate.php?regkey=$regkey";
					mail($_POST['email'], 'Registration Confirmation', $body, 'From: noreply@localhost');
					header("location: registerconf.php?email=$email");
					} else {
					$errors[] = 'sorry, we encountered a random error adding your email to our database, please try again in about 5 minutes';
//this is line 30, btw//	} else {
				$errors[] = 'sorry, that email is already registered, but it hasn\\'t been confirmed. Go check your email';
			} else {
			$errors[] = 'sorry, that email is already registered have you forgotten your login details?';
	} else {
	$errors[] = 'that doesn\\'t appear to be a valid email address';
}
}
}
}
}
}
}

Am I incorrect in thinking that I can nest if/else statements like this, drilling down until I encounter an error, or everything goes smoothly?
Obviously, in the html portion of the page, I have a php echo statement to handle the errors I’m throwing out.

2

After posting, I kept reading different articles on form validation, but couldn’t find EXACTLY what I was looking for, so I began removing the lines indicated by my php errors, one by one.
I knew that this wouldn’t “correct” my problem, but was hoping that by playing dumb, the issue might become more clear. And, it did… as usual…
So, here’s the corrected code that now passes when I want it to, and fails when its supposed to!!


session_start();
require_once('script/fixedvars.php');
if (isset($_POST['submitted'])){
$errors = array();
require_once('script/dbcs.php');
require_once('script/is_email.php');
	if (!is_email(stripslashes(trim($_POST['email'])) )){
		 $errors[] = 'that doesn\\'t appear to be a valid email address';
		 } else {
	$email = mysql_real_escape_string($_POST['email']);
	$query = "SELECT email FROM $loginTable WHERE email = '$email'";
	$result = mysql_query($query);
	$num = mysql_num_rows($result); 
	if ($num > 0) {
		$errors[] = 'sorry, that email is already registered have you forgotten your login details?';
		} else {
		$email = mysql_real_escape_string($_POST['email']);
		$query = "SELECT email FROM $regTable WHERE email = '$email'";
		$result = mysql_query($query);
		$num = mysql_num_rows($result);
			if ($num > 0) {
				$errors[] = 'sorry, that email is already registered, but it hasn\\'t been confirmed. Go check your email';
				} else {
				$regkey = md5(uniqid(rand(), true));
				$regdate = date("Ymd");
				$query = "INSERT INTO $regTable (email, regkey, regdate) VALUES ('$email', '$regkey', '$regdate')";
				$result = @mysql_query($query);
					if (!mysql_affected_rows() == 1) {
					$errors[] = 'sorry, we encountered a random error adding your email to our database, please try again in about 5 minutes';
					}	
					$body = "Thank you for registering at TEST SITE. To activate your account, please click on this link:\
\
";
					$body .= "http://www.addision.info/activate.php?regkey=$regkey";
					mail($_POST['email'], 'Registration Confirmation', $body, 'From: noreply@localhost');
					header("location: registerconf.php?email=$email");
						}
						}
						}
						}

Hopefully, someone else might find this useful if they ever decide to make a rube goldberg machine just for checking email addresses.

3

Make this a function and return when an error is encountered. That way you don’t need to get into deeper and deeper levels of logic which are very hard to follow.
Also use a text editor that does bracket or curly brace matching, so you can put your cursor on one and see where it is opened or closed.

4

Thanks,
I do use a text editor that does bracket matching (bluefish), so that was helpful.
I hadn’t thought of making it a function, which would greatly lower my overhead if I ever need to change (or re-create) this page in the future.
I’m still very new to the “guts and blood” of web development, so having the learn most things the hard way, as I tend to ignore good advice, and treat bad advice as if its gospel.

5

By the by, what kind of field is regdate in your database table?

Use describe table-name-here to find this out.

6

Its set up to be a date table, Using it as the basis for auto-expiring my verification links.

7

Certainly from the looks of your :


$regdate = date("Ymd");

You have that field as an INT, rather than a DATE field is that so?

8

No, its datatype is a date field… why? Should it be an integer?

9

No, should be a date, you have surprised me, thats all – I know that mysql is pretty lenient with what it accepts as a date – but I had not realised it apparently accepts “Ymd” – I’ve always used “Y-m-d”.

Sorry for dragging this thread off topic!

10

Oh, its not a problem, I prefer to express dates in the Ymd format (20111128) rather than (2011-11-28)