//This is my php for the registration: <?php
/* Program name: checkBlankOnly_2.php
* Description: Program displays the blank form and checks
* all the form fields for blank fields.
*/
if(isset($_POST['submitted']) and $_POST['submitted'] == "yes")
{
foreach($_POST as $field => $value)
{
if(empty($value))
{
if($field != "firstname")
{
$blank_array[] = $field;
}
}
else
{
$good_data[$field] = strip_tags(trim($value));
}
}
if($blank_array > 0)
{
$message = "<p style='color: red; margin-bottom: 0;
font-weight: bold'>
You didn't fill in one or more required fields.
You must enter:
<ul style='color: red; margin-top: 0;
list-style: none' >";
/* display list of missing information */
foreach($blank_array as $value)
{
$message .= "<li>$value</li>";
}
$message .= "</ul>";
echo $message;
extract($good_data);
include("logic.inc");
exit();
}
foreach($_POST as $field => $value)
{
if(!empty($value))
{
$name_patt2 = "/^[a-z]\w{2,23}[^_]$/i";
$name_patt = "/^[A-Za-z' -]{1,50}$/";
$pass_patt = "/^[a-zA-Z][0-9a-zA-Z_!$@#^&]{5,20}$/";
$phone_patt = "/^[0-9)(xX -]{7,20}$/";
$addr_patt = "/^[A-Za-z0-9 .,'-]{1,50}$/";
$zip_patt = "/^[0-9]{5}(\-[0-9]{4})?$/";
$postal_patt = "/^[A-Za-z0-9]{6}$/";
$email_patt = "/^. @. \\.. $/";
$radio_patt = "/Canada|USA/";
if(preg_match("/uname/i",$field))
if(!preg_match($name_patt2,$value))
{
$error_array [] = "$value is not a valid username";
}
if(preg_match("/name/i",$field))
{
if(!preg_match($name_patt,$value))
{
$error_array[] = "$value is not a valid name";
}
}
if(preg_match("/phone/i",$field))
{
if(!preg_match($phone_patt,$value))
{
$error_array[] = "$value is not a valid phone number";
}
} // endif phone format check
if(preg_match("/country/i",$field))
{
if(!preg_match($radio_patt,$value))
{
$error_array[] = "$value is not a valid status";
}
}
}
$clean_data[$field] = strip_tags(trim($value));
}
if($error_array > 0)
{
$message = "<ul style='color: red; list-style: none' >";
foreach($error_array as $value)
{
$message .= "<li>$value</li>";
}
$message .= "</ul>";
echo $message;
extract($clean_data);
include("logic.inc");
exit();
}
else
{
$cxn = mysqli_connect($host,$user,$passwd,$dbname)
or die("Couldn't Connect to Server");
foreach($clean_data as $field => $value)
{
$clean_data[$field] = mysqli_real_escape_string($cxn,$value);
}
$sql = "INSERT INTO users (uname,password,lastname,firstname,city,address,state_province,country,phone,email,date) VALUES ('$clean_data[uname]','$clean_data[password]','$clean_data[lastname]','$clean_data[firstname]','$clean_data[city]','$clean_data[address]','$clean_data[state_province]','$clean_data[country]','$clean_data[phone]','$clean_data[email]','$clean_data[date]')";
$result = mysqli_query($cxn,$sql)
or die("Couldn't Execute Query");
include("stored.inc");
}
}
else
{
include("logic.inc");
}
?>
\\ This is my HTML code:
<!doctype html>
<?php
ini_set("display_errors","on");
error_reporting(E_ALL | E_STRICT);
ini_set("include_path","./includes");
include("dbinfo.inc");
?>
<?php
/* Program Name: logic.inc
* Created by: Clayton Korth
* Created On: 2022-05-20
* Description: Defines a form that collects a user's information */
$labels = array ("uname" => "Username","firstname" => "First Name","lastname" => "Last Name","address" => "Address","city" => "City","zip_postal" => "Zip Code","phone" => "Phone","email" => "Email");
$country = array("Canada","US");
$submit = "Submit Information";
$empty_array = array();
$blank_array = array();
?>
<?php
$cxn = mysqli_connect($host,$user,$passwd,$dbname)
or die ("Couldn't Connect to Server");
$query = "SELECT DISTINCT name FROM states ORDER BY `id` ASC";
$result = mysqli_query($cxn,$query) or die ("Couldn't Execute Query.")
?>
<html>
<head>
<style type='text/css'>
<!--
form {
margin: 1.5em 0 0 0;
padding: 0;
align-content: center;
}
.field {padding-bottom: 1em;}
h1 {text-align: center;}
label {
font-weight: bold;
float: left;
width: 20%;
margin-right: 1em;
text-align: right;
}
#submit {margin-left: 35%}
--></style>
<meta charset="utf-8">
<title>Form Script</title>
</head>
<body>
<?php
/* loop that displays the form */
echo "<div class='row'><div class='col-lg-6>'";
echo "<h3>Sign Up Form</h3>";
echo "<form id='sForm' form action='checkBlankOnly2.php' method='post'>";
foreach ( $labels as $field => $label)
{
echo "<div class='field'>
<label for='$field' style='font-weight: bold;'>$label</label>
<input id='$field' name='$field' type='text' placeholder='$label'
size='42' /></div>";
if($field == "uname")
{
echo "<div class='field'><label for='password'>Password</label><input id='password' placeholder='Password' name='password' type='password' size='42'></div>";
}
if($field == "city")
{
echo "<form action='checkBlankOnly2.php' method='POST' style='margin-left: 3em'>
<label for'name' style='font-weight: bold'>State/Province:</label>
<select id='name' name='name' style='margin-top: 3em'>";
while($row = mysqli_fetch_assoc($result))
{
extract($row);
echo "<option value='$name'>$name</option>";
}
echo "</select>";
echo "<div class='field'><label for='country'>Country</label><input type='radio' name='country' checked='checked' value='Canada' >$country[0]
<input type='radio' name='country' value='US' style='margin-left: 1.5em'>$country[1]</div>";
}
}
echo "<div class='field'><input type='hidden' name='submitted' value='yes'</div>";
echo "<div id='submit'><input type='submit' value='$submit'></div>";
echo "</div></div>"
?>
</body>
</html>
Above is my code for my registration.php as I am tasked to create an Login Application. What happens is that when I submit the form it validates everything except the username causing it to be validated by using name instead of username. I am wondering if I had done something wrong with my code. I am fairly new to PHP and Dynamic Web Design
CodePudding user response:
You'll probably want to read up on regular expressions, which is what preg_match() uses.
https://www.php.net/manual/en/function.preg-match.php
The following code will first get a positive match of uname against /uname/i, and then compare the value against $name_patt2, but then it will also get a positive match of uname against /name/i, because the pattern isn't anchored to the beginning with ^.
if(preg_match("/uname/i",$field))
{
if(!preg_match($name_patt2,$value))
{
$error_array [] = "$value is not a valid username";
}
}
if(preg_match("/name/i",$field))
{
if(!preg_match($name_patt,$value))
{
$error_array[] = "$value is not a valid name";
}
}
You can go one of 3 ways, if you're leaving the rest of the program alone:
One is to replace the $field checks with anchored regexes, like this:
if(preg_match("/^uname/i", $field))
...
A second option is to elseif so you won't check the other patterns for $field if the first one already matched:
if(preg_match("/uname/i",$field))
{
if(!preg_match($name_patt2,$value))
{
$error_array [] = "$value is not a valid username";
}
}
elseif(preg_match("/name/i",$field))
{
if(!preg_match($name_patt,$value))
{
$error_array[] = "$value is not a valid name";
}
}
The third option (depending on what the field naming actually looks like), would be to use exact string matches instead of regex matches:
if($field == "uname")
{
if(!preg_match($name_patt2,$value))
{
$error_array [] = "$value is not a valid username";
}
}
if($field == "name")
{
if(!preg_match($name_patt,$value))
{
$error_array[] = "$value is not a valid name";
}
}