Can anyone help me figure out what is wrong in the code below. It is singup.php
When the user just enters the name in the username field and hits register, he is able to register, which is not supposed to happen until he fills in the password and the email field.
Below is the code, can anyone tell me what is the problem.
<?php
//signup.php
include 'connect.php';
include 'header.php';
echo '<h3>Sign up for Idea Forum</h3><br />';
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
echo '<form method="post" action="">
Username: <input type="text" name="user_name" /><br />
Password: <input type="password" name="user_pass"><br />
Password again: <input type="password" name="user_pass_check"><br />
E-mail: <input type="email" name="user_email"><br />
<input type="submit" value="Register" />
</form>';
}
else
{
/* this is to process the data, checking date, making user refill wrong fileds */
$errors = array(); /* declaring the array for later use */
if(isset($_POST['user_name']))
{
//the user name exists
if(!ctype_alnum($_POST['user_name']))
{
$errors[] = 'The username can only contain letters and digits.';
}
if(strlen($_POST['user_name']) > 30)
{
$errors[] = 'The username cannot be longer than 30 characters.';
}
}
else
{
$errors[] = 'The username field must not be empty.';
}
if(isset($_POST['user_pass']))
{
if($_POST['user_pass'] != $_POST['user_pass_check'])
{
$errors[] = 'The two passwords did not match.';
}
}
else
{
$errors[] = 'The password field cannot be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array */
{
echo 'Please fill all the fields..<br /><br />';
echo '<ul>';
foreach($errors as $key => $value) /* go through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this will generates a error list */
}
echo '</ul>';
}
else
{
//the form has been posted
$sql = "INSERT INTO
users(user_name, user_pass, user_email ,user_date, user_level)
VALUES('" . mysql_real_escape_string($_POST['user_name']) . "',
'" . sha1($_POST['user_pass']) . "',
'" . mysql_real_escape_string($_POST['user_email']) . "',
NOW(),
0)";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while registering. Please try again later.';
//echo mysql_error();
}
else
{
echo 'Succesfully registered. You can now <a href="signin.php">sign in</a> and start posting!';
}
}
}
include 'footer.php';
?>
}
else
{
/* validation /
$errors = array(); / declaring the array for later use */
if(isset($_POST['user_name']))
{
//the user name exists
if(!ctype_alnum($_POST['user_name']))
{
$errors[] = 'The username can only contain letters and digits.';
}
if(strlen($_POST['user_name']) > 30)
{
$errors[] = 'The username cannot be longer than 30 characters.';
}
}
else
{
$errors[] = 'The username field must not be empty.';
}
if(isset($_POST['user_pass']) && !ctype_alnum($_POST['user_name']))
{
if($_POST['user_pass'] != $_POST['user_pass_check'])
{
$errors[] = 'The two passwords did not match.';
}
}
else
{
$errors[] = 'The password field cannot be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array */
{
echo 'Please fill all the fields..<br /><br />';
echo '<ul>';
foreach($errors as $key => $value) /* go through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this will generates a error list */
}
echo '</ul>';
}
else
{
//the form has been posted
$sql = "INSERT INTO
users(user_name, user_pass, user_email ,user_date, user_level)
VALUES('" . mysql_real_escape_string($_POST['user_name']) . "',
'" . sha1($_POST['user_pass']) . "',
'" . mysql_real_escape_string($_POST['user_email']) . "',
NOW(),
0)";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while registering. Please try again later.';
//echo mysql_error();
}
else
{
echo 'Succesfully registered. You can now <a href="signin.php">sign in</a> and start posting!';
}
}
The database is updated due to the errors array being empty. Why is errors empty?
The errors array is empty because nothing has been added to it. Why is nothing added to the errors array?
if(isset($_POST['user_pass'])) {
if($_POST['user_pass'] != $_POST['user_pass_check']) {
$errors[] = 'The two passwords did not match.';
}
} else {
$errors[] = 'The password field cannot be empty.';
}
The only possible way for the error array to not have anything added, is for the first if statement to be true and the second one to be false.
The second one will be false when both passwords are the same. Even if both passwords are empty strings.
Kalon, what you mentioned is the exact problem that I am facing. Any idea how to fix it would be of great help. I am completely new to php so i am not be able to solve it myself …
Thanks for the reply. I am also from Christchurch. I just started learning php.
What you said is correct , there is no validation for email, but I am confused as to how the registration process is working with just entering the username field.
This is the only error. But when i click on the register button without filling any other field, it works fine saying “fields are not filled in correctly…”
Regarding if($_POST[‘user_pass’] != $_POST[‘user_pass_check’]). it is for the two password fields while registering i.e… first user_pass to enter a password and user_pass_check to confirm the password.
Follow pmw57’s advice and you should then be able to get your script working.
What pmw57 advises is essentially the “general” steps a programmer needs to take to debug logic errors in code.
But given that prevention is better than to cure, another approach to getting code to work correctly is to follow the principle of “code a little - test a lot”.
As you are writing code to perform a combination of various tasks, after you code each task (and that might be only 5 - 10 lines of code), test it thoroughly to make sure it works correctly before moving on to coding the next task. If you follow this general process then you are much more likely to have a correctly working script when you get to the end.
Imho it is much easier debugging small blocks of code than a whole script in one go, especially if you are not sure what is causing the error.
Many programmers code up their script from to start to finish, with little or no testing along the way, and when the script more often than not doesn’t work correctly at the end they get stuck on how to go about fixing the problem.
Another approach could be to draw up a flow diagram (although that is probably “old school” now being replaced by UML diagrams, but I still use them on occassions) of how your script is to work before starting to write any code. That should help in getting the logic of your script correct.
Kalon what you said is true. after he is added into database, when i checked in phpmyadim, i can see only his username but the password and email fields are blank.
