script bug, NEED Help finding error!

phence

In the Script(valid_m.php) below thier are two problems.

Problem ONE:

When i submit the form, the data obtained and is gathered
and validated by the 'valid_m.php' script.
When I Submit the form the page is relocated back to the form
page, with out creating any of the users, Im not sure what errors
are actually being found, that may be stopping the 'valid_m.php'
script and reloading the form page.

The Code I belive is causeing the problem from the 'valid_m.php' script:

if (count($errors) > 0)
{
     // There are errors. Relocate back to the costomer form
     header("Location: custform.php");
     exit;	
}

------------------------------------------------------------------

Problem #2

When i attempt to create a new user when another user has
already choosen the same e-mial or username, the 'valid_m.php' script just creates another user with the same username or e-
mail, instead of returning with an error to the New User attempting to join with current users e-mail or username.

I'm not sure why this is not working properly 😕

'valid_m.php' script is below in the following reply, due to lack of space in this entry

phence

<?php
	// This script validates customer data entered 

include 'include.inc';

set_error_handler("errorHandler");

// Initialize a session
session_start();

// Register an error array - just in case!
if (!session_is_registered("errors"))
	session_register("errors");

// Clear any errors that might have been found previously 
$errors = array();

// Set up a $formVars array with the POST variables and register with the session.
if (!session_is_registered("formVars"))
	session_register("formVars");

foreach($_POST as $varname => $value)
	$formVars[$varname] = trim(clean($value, 50));

// Validate the firstName
if (empty($formVars["firstName"])) 
	// First name cannot be a null string
	$errors["firstName"] = "The first name can field cannot be blank.";

elseif (!eregi("^[a-z'-]*$", $formVars["firstName"]))
	// First name cannot contain white space
	$errors["firstName"] = "The first name can only contain alphabetic " . "characters or \"-\ or \"'\"";

elseif (strlen($formVars["firstName"]) > 50)
	$errors["firstName"] = "The first name can be no longer thatn 50 " . "characters";

// Validate the Surname
if (empty($formVars["surname"]))
	// the user's  surname cannot be a null string
	$errors["surname"] = " The surname field cannot be a blank."; 		

elseif (strlen($formVars["surname"]) > 50)
	// the user's  surname cannot be a null string
	$errors["surname"] = " The surname can be no longer than 50 charaters.";

// Validate the address
if (empty($formVars["address1"]) && (empty($formVars["address2"])))
	// the user's address cannot be a null string
	$errors["address"] = " You must supply an address"; 
else
{
	if (strlen($formVars["address1"]) > 50)
		$errors["address1"] = "The address line 1 can be no longer " . "than 50 characters";
	if (strlen($formVars["address2"]) > 50)
		$errors["address2"] = "The address line 2 can be no longer " . "than 50 characters";
}		

// Valadate the city
if (empty($formVars["city"]))
	// the users city cannot be a null string
	$errors["city"] = "You Must Supply a City";
elseif (strlen($formVars["city"]) > 20)
	$errors["city"] = "The City Can be no longer than 20 charaters";

// Validate state 	
if (empty($formVars["state"]))
	// the users state cannot be a null string
	$errors["state"] = "You Must Supply a State";
elseif (strlen($formVars["state"]) > 20)
	$errors["state"] = "The State Can be no longer than 20 charaters";

// Validate Zip Code
if(!ereg("^([0-9]{4,5})$", $formVars["zipcode"]))
	$errors["zipcode"] = "The zipcode must be 4 or 5 digits in length";

// Validate Country
if (empty($formVars["country"]))
	// the users country cannot be a null string
	$errors["country"] = "You Must Supply a Country";
elseif (strlen($formVars["country"]) > 20)
	$errors["country"] = "The Country Can be no longer than 20 charaters";

// Validate Phone 
$validPhoneExpr = "^([0-9]{2,3}[ ]?)?[0-9]{3}[ ]?[0-9]{4}$";
if (empty($formVars["phone"]))
	// the users phone cannot be a null string
	$errors["phone"] = "You Must Supply a Phone Number";
elseif (!empty($formVars["phone"]) && !ereg($validPhoneExpr, $formVars["phone"]))
	// Correct phone Format
	$errors["phone"] ="The Phone Number Must Be in this format \"123 456 7890\", including your area code";

// Fax is optional
if (!empty($formVars["fax"]) && !ereg($validPhoneExpr, $formVars["fax"]))
	// Correct fax Format
	$errors["fax"] ="The fax Number Must Be in this format \"123 456 7890\", including your area code";

// Valid Date Of Birth
if(empty($formVars["dob"]))
	$errors["dob"] = "You Must Supply A Birth Date in the" . "format DD/MM/YYYY";

elseif (!ereg("^([0-9]{2})/([0-9]{2})/([0-9]{4})$", $formVars["dob"], $parts))
	// Check the format
	$errors["dob"] = "The data of birth is not a valid date in the "."format DD/MM/YYYY";	

elseif (!checkdate($parts[2], $parts[1], $parts[3])) 
	$errors["dob"] = "The Date Of Birth is Invalid. Please Check " . " that the month is between the 1 and 12, and the " . "day is valid for that month";

elseif (intval($parts[3]) < 1890)
	// Make sure that the user has a reasonable Birth Year
	$errors["dob"] = "You Must be Alive to use this Service!";

elseif 
// check if user is 18
(!((intval($parts[3]) < (intval(date("Y") - 19))) || (intval($parts[3]) == (intval(date("Y")) - 18) && (intval($parts[3]) < intval(date("m")))) || (intval($parts[3]) == (intval(date("Y")) - 18) && (intval($parts[2]) == intval(date("m"))) && (intval($parts[1]) <= intval(date("d"))))))
$errors["dob"] = "You Must Be 18+ Years of age to use this service.";

// Only valid E-mail if this is an INSERT
if(!session_is_registered("loginUsername"))
{
	// check syntax
	$validEmailExpr = "^[0-9a-z~`!#$%&_-]([.]?[0-9a-z~!#$%&_-])*" . "@[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*$";

	if(empty($formVars["email"]))
		// You must Supply an e-mail
		$errors["email"] = "You Must Supply an e-mail address";

	elseif (!eregi($validEmailExpr, $formVars["email"]))
		// The email must match the above regular expression
		$errors["email"] = "The e-mail address must be in the [email]jon@doe.com[/email] format.";

	elseif (strlen($formVars["email"]) > 50)
		// the length cannot excced 50 charaters	
		$errors["email"] = "The e-mail address can be no longer than 50 charaters.";

	/* elseif (!(getmxrr(substr(strstr($formVars["email"], '@'), 1), $temp)) || checkdnsrr(gethostbyname(substr(strstr($formVars["email"], '@'), 1)),"ANY"))
		$errors["email"] = "the domain does not exist."; */

	else
	{
		// Check if the e-mail address is allready in use
		if (!($connection = @ mysql_pconnect($hostName, $username, $password)))
			showerror();
		if(!mysql_select_db($databaseName, $connection))
			showerror();

		$query = "SELECT * FROM users WHERE user_name = '" . $formVars["email"] . "'";

		if(!($result = @ mysql_query ($query, $connection)))
			showerror();

		// Is Taken ??
		if (mysql_num_rows($result) == 1)
			$errors["email"] = "A Customer Already exisits with this" . " Login Name";

	}
}

// Only Validate password if this is an INSERT 
// Validate Password - between 8 and 15 characters
if (!session_is_registered("loginUsername") && (strlen($formVars["loginPassword"]) < 8 || strlen($formVars["loginPassword"] > 15)))
	$errors["loginPassword"] = "Your Passwords Must Be Between 8 and 12 charaters in length";

// Now the script has finished the validation, check if there were any errors

if (count($errors) > 0)
{
	// There are errors. Relocate back to the costomer form
	header("Location: custform.php");
	exit;	
} 

// if we made it here, then the data is valid
if (!isset($connection))
{
	if (!($connection = @ mysql_pconnect($hostName, $username, $password)))
		showerror();
	if (!mysql_select_db($databaseName, $connection))
		showerror();
}

// Reassemble the date of birth into database format
$dob = "\"$parts[3]-$parts[2]-$parts[1]\"";

// Is this an update
if (session_is_registered("loginUsername"))
{
	$custID = getCustomerID($loginUsername, $connection);

	$query = "UPDATE customer SET " . "title = \"" . $formVars["title"] . "\", " . 
	"surname = \"" . $formVars["surname"] . "\", " .
	"firstname = \"" . $formVars["firstName"] . "\", " .
	"addressline1 = \"" . $formVars["address1"] . "\", " .
	"addressline2 = \"" . $formVars["address2"] . "\", " .
	"city = \"" . $formVars["city"] . "\", " .
	"state = \"" . $formVars["state"] . "\", " .
	"zipcode = \"" . $formVars["zipcode"] . "\", " .
	"country = \"" . $formVars["country"] . "\", " .
	"phone = \"" . $formVars["phone"] . "\", " .
	"fax = \"" . $formVars["fax"] . "\", " .
	"birth_date = " . $dob . 
	" WHERE cust_id = $custID";
}
else
	$query = "INSERT INTO customer VALUES (" .
		"\"" . $formVars["surname"] . "\", " .
		"\"" . $formVars["firstName"] . "\", " .
		"\"" . $formVars["title"] . "\", " .
		"\"" . $formVars["address1"] . "\", " .
		"\"" . $formVars["address2"] . "\", " .
		"\"" . $formVars["city"] . "\", " .
		"\"" . $formVars["state"] . "\", " .
		"\"" . $formVars["zipcode"] . "\", " .
		"\"" . $formVars["country"] . "\", " .
		"\"" . $formVars["phone"] . "\", " .
		"\"" . $formVars["fax"] . "\", " .
		"\"" . $formVars["email"] . "\", " .
		$dob . ", " . 0 . ")";

// Run The Query On the customer table
	if (!(@ mysql_query ($query, $connection)))
		showerror();
// If this was an INSERT, we need to INSERT
if (!session_is_registered("loginUsername"))
{
	// Get the cutomer id that was created
	$custID = @ mysql_insert_id($connection);

	// Use the first two characters of the email address, as a salt for the passwd
	$salt = substr($formVars["email"], 0, 2);

	// Create the encrypted password
	$stored_password = crypt($formVars["loginPassword"], $salt);

	// INSERT a new user into the user table
	$query = "INSERT INTO users SET cust_id = $custID, password = '$stored_password', user_name = '" . $formVars["email"] . "'";

	if (!($result = @ mysql_query ($query, $connection)))
		showerror();

	// Log the user into their new account
	session_register("loginUsername");

	$loginUsername = $formVars["email"];
} 

// Clear the FormVars so a future <form> is blank
session_unregister("formVars");
session_unregister("errors");

// Now Show the user is a member
echo "Welcome New Member";
?>

pdaoust

If you could post custform.php as well, I'd be interested in seeing how it handles the errors that are passed to it through the session variable $errors.

phence

<?php
// Customer JOIN and UPDATE <FORM>

include 'include.inc';

set_error_handler("errorHandler");

// show an error in a red font
function fieldError($fieldName, $errors)
{
	if (isset($errors[$fieldName]))
		echo "<font color=\"red\">" . $errors[$fieldName] . "</font><br>";
}

//Connect to a session
session_start();

// Is the user logged in? do they have error?
if(session_is_registered("loginUsername") && empty($errors))
{ 
	if(!($connection = @ mysql_pconnect($hostName, $username, $password)))
		showerror();

if(!mysql_select_db($databaseName, $connection))
	showerror();

$custID = getCustomerID($loginUsername, $connection);

$query = "SELECT * FROM customer WHERE cust_id = " . $custID;

if(!($result = @ mysql_query($query, $connection)))
	showerror();

$row = mysql_fetch_array($result);

//Reset formVars, since we're loading from the table
$formVars = array();

// Reset the Errors
$errors = array();

// Load all the form Variables with customer data
$formVars["title"] = $row["title"];
$formVars["surname"] = $row["surname"];
$formVars["firstName"] = $row["firstname"];
$formVars["address1"] = $row["addressline1"];
$formVars["addressline2"] = $row["addressline2"];
$formVars["city"] = $row["city"];
$formVars["state"] = $row["state"];
$formVars["zipcode"] = $row["zipcode"];
$formVars["country"] = $row["country"];
$formVars["phone"] = $row["phone"];
$formVars["fax"] = $row["fax"];
$formVars["dob"] = $row["birth_date"]; 
$formVars["email"] = substr($formVars["dob"], 8, 2) . "/" . substr($formVars["dob"], 5, 2) . "/" . substr($formVars["dob"], 0, 4);
}
?>

<html>
<head><title>Customer Details</title></head>
<body bgcolor="white">

<?php
  //show login state
  showLogin();
?>

 <form method="post" action = "valid_m.php">
 <h1>Customer Details</h1>

<?php
  // Display any messages to the user
  showMessage();

  //Show meaningful instructions for UPDATE OR INSERT
  if (session_is_registered("loginUsername"))
	  echo "<h3>Please Amend your details below ". " All fields Are REQUIRED<h3>";

  else
	  echo "<h3>Please Fill in the details Below to Join!, All Fields Are REQUIRED</h3>";
?>
<table width="387" border="0" cellpadding="0" cellspacing="0">
  <!--DWLayoutTable-->
  <tr> 
	<td height="42" colspan="2"><font size="1" face="Verdana">Title:</font> 
	<td width="250" valign="top"> <select name ="title">
		<option <?php if($formVars["title"] == "Mr") echo "selected"; ?>>Mr 
		<option> 
		<?php if($formVars["title"] == "Mrs") echo "selected"; ?>
		Mrs 
		<option> 
		<?php if($formVars["title"] == "Ms") echo "selected"; ?>
		Ms 
		<option> 
		<?php if($formVars["title"] == "Dr") echo "selected"; ?>
		Dr </select> <br></tr>
  <tr> 
	<td height="20" colspan="2" valign="top"><font size="1" face="Verdana">First 
	  Name:</font></td>
	<? echo fieldError("firstName", $errors); ?> 
	<td valign="top"><input type="text" name="firstName" value ="<? echo $formVars["firstName"]; ?>" size="50"></td>
  </tr>
  <tr> 
	<td height="20" colspan="2" valign="top"><font size="1" face="Verdana">Last 
	  Name: </font></td>
	<? echo fieldError("surname", $errors); ?> 
	<td valign="top"><input type="text" name="surname" value ="<? echo $formVars["surname"]; ?>" size=50></td>
  </tr>
  <tr> 
	<td height="20" colspan="2" valign="top"><font size="1" face="Verdana">Address 
	  Line 1:</font></td>
	<? echo fieldError("address", $errors); ?> <? echo fieldError("address1", $errors); ?> 
	<td valign="top"><input type="text" name="address1" value ="<? echo $formVars["address1"]; ?>" size=50></td>
  </tr>
  <tr> 
	<td height="20" colspan="2" valign="top"><font size="1" face="Verdana">Address 
	  Line 2:</font></td>
	<? echo fieldError("address2", $errors); ?> 
	<td valign="top"><input type="text" name="address2" value ="<? echo $formVars["address2"]; ?>" size=50></td>
  </tr>
  <tr> 
	<td height="20" colspan="2" valign="top"><font size="1" face="Verdana">City:</font></td>
	<? echo fieldError("city", $errors); ?> 
	<td valign="top"><input type="text" name="city" value ="<? echo $formVars["city"]; ?>" size=50></td>
  </tr>
  <tr> 
	<td height="20" colspan="2" valign="top"><font size="1" face="Verdana">State:</font></td>
	<? echo fieldError("state", $errors); ?> 
	<td valign="top"><input type="text" name="state" value ="<? echo $formVars["state"]; ?>" size=50></td>
  </tr>
  <tr> 
	<td height="20" colspan="2" valign="top"><font size="1" face="Verdana">Zip 
	  Code:</font></td>
	<? echo fieldError("zipcode", $errors); ?> 
	<td valign="top"><input type="text" name="zipcode" value ="<? echo $formVars["zipcode"]; ?>" size=5></td>
  </tr>
  <tr> 
	<td height="23" colspan="2" valign="top"><font size="1" face="Verdana">Country:</font> 
	<td valign="top"> <select name ="title">
		<option <?php if($formVars["country"] == "United States") echo "selected"; ?>>United 
		States 
		<option> 
		<?php if($formVars["country"] == "Canada") echo "selected"; ?>
		Canada 
		<option> 
		<?php if($formVars["country"] == "United Kingdom") echo "selected"; ?>
		United Kingdom 
		<option> 
		<?php if($formVars["country"] == "Austrailia") echo "selected"; ?>
		Austrailia </select></tr>
  <tr> 
	<td width="136" height="23" valign="top"><font size="1" face="Verdana">Date Of Birth: <br> Ex. dd/mm/yyyy</font></td>
	<? echo fieldError("dob", $errors); ?> 
	<td colspan="2" valign="top"><input type="text" name="dob" value ="<? echo $formVars["dob"]; ?>" size=10></tr>
  <tr> 
	<td height="20" colspan="2" valign="top"><font size="1" face="Verdana">Phone 
	  :</font></td>
	<? echo fieldError("phone", $errors); ?> 
	<td valign="top"><input type="text" name="phone" value ="<? echo $formVars["phone"]; ?>" size=15></td>
  </tr>
  <tr> 
	<td height="20" colspan="2" valign="top"><font size="1" face="Verdana">Fax:</font></td>
	<? echo fieldError("fax", $errors); ?> 
	<td valign="top"><input type="text" name="fax" value ="<? echo $formVars["fax"]; ?>" size=15></td>
  </tr>

  <?php
  	// only show the username/email and password
	// <input> widgets to new users
	if(!session_is_registered("loginUsername"))
	{
  ?>

  <tr> 
	<td height="20" colspan="2" valign="top"><font size="1" face="Verdana">E-mail 
	  Address/Username:</font></td><? echo fieldError("email", $errors); ?> 
	<td valign="top"><input type="text" name="email" value ="<? echo $formVars["email"]; ?>" size=50></td>
  </tr>
  <tr><td><font size="1" face="Verdana">Password:</font></td>
  <td><? echo fieldError("loginPassword", $errors); ?><input type="password" name ="loginPassword" value="<? echo $formVars["loginPassword"]; ?>" size=15>
  </td></tr> 
  <?php
  }
  ?>
  <tr> 
	<td height="19"></td>
	<td width="1"></td>
	<td></td>
  </tr>

  <tr> 
	<td height="23" colspan="3" valign="top"> <div align="right"> 
		<input type="submit" name="Submit" value="Submit">
		<input type="reset" name="Submit2" value="Reset">
	  </div></td>
  </tr>
</table>
</form>
<br><a href="http://validator.w3.org/check/referer"><img src="http://www.w3.org/Icons/valid-html401" height ="31" width="88" align="right" border="0" alt="Valid HTML 4.01!"></a>