Form Validation for register.php

puplookup · 08-07-2008, 08:27 PM

Thanks for the great user registration script! After a user registers I have "mkdir" create a directory that is the same as their username. So all usernames have to be directory friendly names. I would like to set up form validation for register.php that only allows letter/number/dashes and no spaces in the username field.

I have read a few tutorials and it looks like I will need to implement the code below but I'm not sure how to do it. Also, will that code stop spaces?

/[^a-zA-Z0-9\-\ ]+$/

Thanks, Brandon

Register.php:

<?php
require_once('login/settings.php');

if ( array_key_exists ( '_submit_check', $_POST ) )
{
if ( $_POST['username'] != '' && $_POST['password'] != '' && $_POST['password'] == $_POST['password_confirmed'] && $_POST['email'] != '' && valid_email ( $_POST['email'] ) == TRUE )
{
if ( ! checkUnique ( 'Username', $_POST['username'] ) )
{
$error = 'Username already taken. Please try again!';
}
elseif ( ! checkUnique ( 'Email', $_POST['email'] ) )
{
$error = 'The email you used is associated with another user. Please try again or use the "forgot password" feature!';
}
else {
$query = $db->query ( "INSERT INTO " . DBPREFIX . "users (`Username` , `Password`, `date_registered`, `Email`, `Random_key`) VALUES (" . $db->qstr ( $_POST['username'] ) . ", " . $db->qstr ( md5 ( $_POST['password'] ) ).", '" . time () . "', " . $db->qstr ( $_POST['email'] ) . ", '" . random_string ( 'alnum', 32 ) . "')" );

$getUser = "SELECT ID, Username, Email, Random_key FROM " . DBPREFIX . "users WHERE Username = " . $db->qstr ( $_POST['username'] ) . "";

if ( $db->RecordCount ( $getUser ) == 1 )
{
$row = $db->getRow ( $getUser );

$subject = "Activation email from " . DOMAIN_NAME;

$message = "Dear ".$row->Username.", this is your activation link to join our website. In order to confirm your membership please click on the following link: <a href=\"" . APPLICATION_URL . "confirm.php?ID=" . $row->ID . "&key=" . $row->Random_key . "\">" . APPLICATION_URL . "confirm.php?ID=" . $row->ID . "&key=" . $row->Random_key . "</a> <br /><br />Thank you for joining";

if ( send_email ( $subject, $row->Email, $message ) ) {
$msg = 'Account registered. Please check your email for details on how to activate it.';
}
else {
$error = 'I managed to register your membership but failed to send the validation email. Please contact the admin at ' . ADMIN_EMAIL;
}
}
else {
$error = 'User not found. Please contact the admin at ' . ADMIN_EMAIL;
}
}
}
else {
$error = 'There was an error in your data. Please make sure you filled in all the required data, you provided a valid email address and that the password fields match one another.';
}
}
?>
<?php
session_start();
include ("../include/doctype.php");
?>
<title>New User Registration</title>
</head>
<body>
<div id="login">
<?php
include ("login_div_master.php");
?>
</div>
<div id="puplogo"></div>
<?php
include ("../include/menu.php");
?><div id="teaser">
<div class="wrap">
<div class="box">
</div>
</div>
</div>

<?php
include ("../include/bar.php");
?><div class="wrap">
<div class="fullpage"> <div id="log">
<?php if ( isset ( $error ) ) { echo ' <p class="error">' . $error . '</p>' . "\n"; } ?>
<?php if ( isset ( $msg ) ) { echo ' <p class="msg">' . $msg . '</p>' . "\n"; } else {//if we have a mesage we don't need this form again.?>
</div>

<div id="container" style="width:230px;">
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="hidden" name="_submit_check" value="1"/>

<label for="username">Username</label>
<input class="input" type="text" id="username" name="username" size="32" value="<?php if(isset($_POST['username'])){echo $_POST['username'];}?>" />

<label for="password">Password</label>
<input class="input" type="password" id="password" name="password" size="32" value="" />

<label for="password_confirmed">Re-Password</label>
<input class="input" type="password" id="password_confirmed" name="password_confirmed" size="32" value="" />

<label for="email">Email</label>
<input class="input" type="text" id="email" name="email" size="32" value="<?php if(isset($_POST['email'])){echo $_POST['email'];}?>" />

<input type="image" name="register" value="register" class="submit-btn" src="login/images/btn.gif" alt="submit" title="submit" />
<div class="clear"></div>
</form>
</div>
<? } ?>
</div>
</div>
<div class="clear"></div>
<div class="clear"></div>
<?php
include ("../include/footer.php");
?><?php
include ("../include/analytics.php");
?></body>
</html>

puplookup · 08-11-2008, 01:46 PM

Solved using ctype_alnum:

elseif ( ! ctype_alnum($username))
{
$error = 'Username must contain only letters and/or numbers. No spaces or special characters.';
}

ipodfansmail · 08-12-2008, 09:23 AM

Wow! This post rocks

sne4mi · 08-16-2008, 05:32 PM

pls help,i have some errors.
Before showing u my errors i'd like to ask few questions:

1. Those 3 external funtions(checkUnique, randomStrings and vali_email), shud i create a "funtions.php" file for them?

2. Can i take the "checkLogin" function and paste at the top of "members.php"?.

3. In "register.php" i see this line: require_once('db.php'); is the "db.php" the connection script? i.e: <?php
mysql_connect("localhost", "$username", "$paassword")or die("cannot connect");
mysql_select_db("$database");
?>

2. Again where it is "localhost", do i put my website url or leave it as it is..im using cpanel to create my database and tables.

Now these are the errors i've got:

Firstly my register.php always comes with the error msg:
There was an error in your data. Please make sure you filled in all the required data, you provided a valid email address and that the password fields match

And when i try to input the values (username,password and email address) here comes the error msg:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/statson/public_html/test/functions.php on line 7

The "funcions.php" is where my checkUnique function is.

The above error msg happened just after i've solved an error which pointed to this line:
function checkUnique($table= 'users', $field= 'Username', $compared= 'Username')
As u can see what i've assigned to the fiels"$table","$field","$compared", just did it with the hope that it was gonna fix the error.

Can u please help me, having a deadline for this tuesday.

Thanx

puplookup · 08-16-2008, 06:04 PM

There is no need to create a new functions.php. Did you download all the files for the login script? What changes are you trying to make to the members page? The members page already checks if the user is logged in the way it is. That is what this code is for:

<?php \\put this at the top of your page if it's not there
session_start();
require_once('settings.php');
?>

<?php
if ( $_SESSION['logged_in'] ): //this begins the block of code for if the user is signed in.
?>

User who are logged in see whatever is in here.

<?php
endif; //this ends the block of code for if the user is not signed in.
?>

<?php
if ( ! $_SESSION['logged_in'] ): //This begins the block of code for if the user is not signed in.
?>

Guests will see whatever is in this area.

<?php
endif; //this ends the block of code for if the user is not signed in.
?>

I can't remember what Db.php was, I must have renamed mine, but if I had to guess it probably is the connect script for logging into your database (which is required). You probably use "localhost" for your connect script. That depends on your website host though.

As for your error's, I need to see your code, although I'm not sure I can help that much since I'm new to php.

sne4mi · 08-16-2008, 06:50 PM

Hi puplookup,

Im happy to have recieved a reply so soon, thanks a lot I must say..

Ive copied roScripts's login coding from php login script page(cant place the url, access denied

)

I've taken all the scripts and saved them all as required. However when i run "register.php" i get an error:
"There was an error in your data. Please make sure you filled in all the required data, you provided a valid email address and that the password fields match" on top with a form to re-enter my details(username, password and email)

And in my "checkUnique" function i get an error in the line:
function checkUnique($table, $field, $compared)
together with this one: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in

OK, my code after all for errors is:
function checkUnique($table, $field, $compared)
{
$query = mysql_query('SELECT '.mysql_real_escape_string($field).' FROM '.mysql_real_escape_string($table).' WHERE "'.mysql_real_escape_string($field).'" = "'.mysql_real_escape_string($compared).'"');
if(mysql_num_rows($query)==0)
{
return TRUE;
}
else {
return FALSE;
}
}

errors: line 1 and 6

and the othe problem is i dnt know where to place the above code..when u talk about downloading funtions, im lost..

Thanx

puplookup · 08-16-2008, 07:07 PM

Post #4... need to post a url...

sne4mi · 08-16-2008, 07:09 PM

let me increase my posting first..

sne4mi · 08-16-2008, 07:10 PM

last one i guess..

sne4mi · 08-16-2008, 07:10 PM

Think I can now: http://www.roscripts.com/PHP_login_script-143.html

08-07-2008, 08:27 PM	#1 (permalink)
puplookup Junior Member Join Date: Aug 2008 Posts: 6 Rep Power: 0	Form Validation for register.php Thanks for the great user registration script! After a user registers I have "mkdir" create a directory that is the same as their username. So all usernames have to be directory friendly names. I would like to set up form validation for register.php that only allows letter/number/dashes and no spaces in the username field. I have read a few tutorials and it looks like I will need to implement the code below but I'm not sure how to do it. Also, will that code stop spaces? /[^a-zA-Z0-9\-\ ]+$/ Thanks, Brandon Register.php: <?php require_once('login/settings.php'); if ( array_key_exists ( '_submit_check', $_POST ) ) { if ( $_POST['username'] != '' && $_POST['password'] != '' && $_POST['password'] == $_POST['password_confirmed'] && $_POST['email'] != '' && valid_email ( $_POST['email'] ) == TRUE ) { if ( ! checkUnique ( 'Username', $_POST['username'] ) ) { $error = 'Username already taken. Please try again!'; } elseif ( ! checkUnique ( 'Email', $_POST['email'] ) ) { $error = 'The email you used is associated with another user. Please try again or use the "forgot password" feature!'; } else { $query = $db->query ( "INSERT INTO " . DBPREFIX . "users (`Username` , `Password`, `date_registered`, `Email`, `Random_key`) VALUES (" . $db->qstr ( $_POST['username'] ) . ", " . $db->qstr ( md5 ( $_POST['password'] ) ).", '" . time () . "', " . $db->qstr ( $_POST['email'] ) . ", '" . random_string ( 'alnum', 32 ) . "')" ); $getUser = "SELECT ID, Username, Email, Random_key FROM " . DBPREFIX . "users WHERE Username = " . $db->qstr ( $_POST['username'] ) . ""; if ( $db->RecordCount ( $getUser ) == 1 ) { $row = $db->getRow ( $getUser ); $subject = "Activation email from " . DOMAIN_NAME; $message = "Dear ".$row->Username.", this is your activation link to join our website. In order to confirm your membership please click on the following link: <a href=\"" . APPLICATION_URL . "confirm.php?ID=" . $row->ID . "&key=" . $row->Random_key . "\">" . APPLICATION_URL . "confirm.php?ID=" . $row->ID . "&key=" . $row->Random_key . "</a> <br /><br />Thank you for joining"; if ( send_email ( $subject, $row->Email, $message ) ) { $msg = 'Account registered. Please check your email for details on how to activate it.'; } else { $error = 'I managed to register your membership but failed to send the validation email. Please contact the admin at ' . ADMIN_EMAIL; } } else { $error = 'User not found. Please contact the admin at ' . ADMIN_EMAIL; } } } else { $error = 'There was an error in your data. Please make sure you filled in all the required data, you provided a valid email address and that the password fields match one another.'; } } ?> <?php session_start(); include ("../include/doctype.php"); ?> <title>New User Registration</title> </head> <body> <div id="login"> <?php include ("login_div_master.php"); ?> </div> <div id="puplogo"></div> <?php include ("../include/menu.php"); ?><div id="teaser"> <div class="wrap"> <div class="box"> </div> </div> </div> <?php include ("../include/bar.php"); ?><div class="wrap"> <div class="fullpage"> <div id="log"> <?php if ( isset ( $error ) ) { echo ' <p class="error">' . $error . '</p>' . "\n"; } ?> <?php if ( isset ( $msg ) ) { echo ' <p class="msg">' . $msg . '</p>' . "\n"; } else {//if we have a mesage we don't need this form again.?> </div> <div id="container" style="width:230px;"> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> <input type="hidden" name="_submit_check" value="1"/> <label for="username">Username</label> <input class="input" type="text" id="username" name="username" size="32" value="<?php if(isset($_POST['username'])){echo $_POST['username'];}?>" /> <label for="password">Password</label> <input class="input" type="password" id="password" name="password" size="32" value="" /> <label for="password_confirmed">Re-Password</label> <input class="input" type="password" id="password_confirmed" name="password_confirmed" size="32" value="" /> <label for="email">Email</label> <input class="input" type="text" id="email" name="email" size="32" value="<?php if(isset($_POST['email'])){echo $_POST['email'];}?>" /> <input type="image" name="register" value="register" class="submit-btn" src="login/images/btn.gif" alt="submit" title="submit" /> <div class="clear"></div> </form> </div> <? } ?> </div> </div> <div class="clear"></div> <div class="clear"></div> <?php include ("../include/footer.php"); ?><?php include ("../include/analytics.php"); ?></body> </html>

Sponsored Ads	#1.5
Advertisement Sponsored posting Join Date: The beginning Posts: lots	Sponsored by... WM Media - Sell Your Website at above market prices!

08-11-2008, 01:46 PM	#2 (permalink)
puplookup Junior Member Join Date: Aug 2008 Posts: 6 Rep Power: 0	Re: Form Validation for register.php Solved using ctype_alnum: elseif ( ! ctype_alnum($username)) { $error = 'Username must contain only letters and/or numbers. No spaces or special characters.'; }

08-12-2008, 09:23 AM	#3 (permalink)
ipodfansmail Junior Member Join Date: Aug 2008 Posts: 3 Rep Power: 0	reply3 Wow! This post rocks

08-16-2008, 05:32 PM	#4 (permalink)
sne4mi Junior Member Join Date: Aug 2008 Posts: 7 Rep Power: 0	Re: Form Validation for register.php pls help,i have some errors. Before showing u my errors i'd like to ask few questions: 1. Those 3 external funtions(checkUnique, randomStrings and vali_email), shud i create a "funtions.php" file for them? 2. Can i take the "checkLogin" function and paste at the top of "members.php"?. 3. In "register.php" i see this line: require_once('db.php'); is the "db.php" the connection script? i.e: <?php mysql_connect("localhost", "$username", "$paassword")or die("cannot connect"); mysql_select_db("$database"); ?> 2. Again where it is "localhost", do i put my website url or leave it as it is..im using cpanel to create my database and tables. Now these are the errors i've got: Firstly my register.php always comes with the error msg: There was an error in your data. Please make sure you filled in all the required data, you provided a valid email address and that the password fields match And when i try to input the values (username,password and email address) here comes the error msg: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/statson/public_html/test/functions.php on line 7 The "funcions.php" is where my checkUnique function is. The above error msg happened just after i've solved an error which pointed to this line: function checkUnique($table= 'users', $field= 'Username', $compared= 'Username') As u can see what i've assigned to the fiels"$table","$field","$compared", just did it with the hope that it was gonna fix the error. Can u please help me, having a deadline for this tuesday. Thanx

08-16-2008, 06:04 PM	#5 (permalink)
puplookup Junior Member Join Date: Aug 2008 Posts: 6 Rep Power: 0	Re: Form Validation for register.php There is no need to create a new functions.php. Did you download all the files for the login script? What changes are you trying to make to the members page? The members page already checks if the user is logged in the way it is. That is what this code is for: <?php \\put this at the top of your page if it's not there session_start(); require_once('settings.php'); ?> <?php if ( $_SESSION['logged_in'] ): //this begins the block of code for if the user is signed in. ?> User who are logged in see whatever is in here. <?php endif; //this ends the block of code for if the user is not signed in. ?> <?php if ( ! $_SESSION['logged_in'] ): //This begins the block of code for if the user is not signed in. ?> Guests will see whatever is in this area. <?php endif; //this ends the block of code for if the user is not signed in. ?> I can't remember what Db.php was, I must have renamed mine, but if I had to guess it probably is the connect script for logging into your database (which is required). You probably use "localhost" for your connect script. That depends on your website host though. As for your error's, I need to see your code, although I'm not sure I can help that much since I'm new to php.

08-16-2008, 06:50 PM	#6 (permalink)
sne4mi Junior Member Join Date: Aug 2008 Posts: 7 Rep Power: 0	Re: Form Validation for register.php Hi puplookup, Im happy to have recieved a reply so soon, thanks a lot I must say.. Ive copied roScripts's login coding from php login script page(cant place the url, access denied) I've taken all the scripts and saved them all as required. However when i run "register.php" i get an error: "There was an error in your data. Please make sure you filled in all the required data, you provided a valid email address and that the password fields match" on top with a form to re-enter my details(username, password and email) And in my "checkUnique" function i get an error in the line: function checkUnique($table, $field, $compared) together with this one: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in OK, my code after all for errors is: function checkUnique($table, $field, $compared) { $query = mysql_query('SELECT '.mysql_real_escape_string($field).' FROM '.mysql_real_escape_string($table).' WHERE "'.mysql_real_escape_string($field).'" = "'.mysql_real_escape_string($compared).'"'); if(mysql_num_rows($query)==0) { return TRUE; } else { return FALSE; } } errors: line 1 and 6 and the othe problem is i dnt know where to place the above code..when u talk about downloading funtions, im lost.. Thanx

08-16-2008, 07:07 PM	#7 (permalink)
puplookup Junior Member Join Date: Aug 2008 Posts: 6 Rep Power: 0	Re: Form Validation for register.php Post #4... need to post a url...

08-16-2008, 07:09 PM	#8 (permalink)
sne4mi Junior Member Join Date: Aug 2008 Posts: 7 Rep Power: 0	Re: Form Validation for register.php let me increase my posting first..

08-16-2008, 07:10 PM	#9 (permalink)
sne4mi Junior Member Join Date: Aug 2008 Posts: 7 Rep Power: 0	Re: Form Validation for register.php last one i guess..

08-16-2008, 07:10 PM	#10 (permalink)
sne4mi Junior Member Join Date: Aug 2008 Posts: 7 Rep Power: 0	Re: Form Validation for register.php Think I can now: http://www.roscripts.com/PHP_login_script-143.html

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode