Problem with variables and ifs...?

MtPHP2

Can someone please tell me why the last if has no effect what so ever?

<?
$title = "Register with Warriorama";
include("header.phtml");
$register_process = $_POST['register_process'];
if($register_process == "")
{
?>
... bunch of HTML for a registration form is here ...
<?
} elseif($register_process == "1")
{
$register_banned_query = "SELECT * FROM banned_chars_words";
$register_banned_result = mssql_query($register_banned_query);
$register_username = $_POST['register_username'];
$register_password = $_POST['register_password'];
$register_confpassword = $_POST['register_confpassword'];
$register_fullname = $_POST['register_fullname'];
$register_email = $_POST['register_email'];
$register_gender = $_POST['register_gender'];
$register_country = $_POST['register_country'];
$register_agreeterms = $_POST['register_agreeterms'];
$register_agreepolicy = $_POST['register_agreeprivacy'];
$register_username_l = strtolower($register_username);
$register_check_username_query = "SELECT * FROM users WHERE username_l = '$register_username_l'";
$register_check_username_result = mssql_query($register_check_username_query);
if(strlen($register_username) < 4)
{
$ue_one = "true";
}
if(strlen($register_username) > 20)
{
$ue_two = "true";
}
while($register_banned_row = mssql_fetch_array($register_banned_result))
{
$words = $register_banned_row['words'];
$chars = $register_banned_row['chars'];
if(strstr($words, $register_username_l))
{
$ue_three = "true";
}
if(strstr($chars, $register_username))
{
$ue_four = "true";
}
}
if(mssql_num_rows($register_check_username_result) != 0)
{
$ue_five = "true";
}
if(strlen($register_password) < 6)
{
$pe_one = "true";
}
if(strlen($register_password) > 20)
{
$pe_two = "true";
}
if($register_password != $register_confpassword)
{
$pe_three = "true";
}
if($register_fullname == "")
{
$fne_one = "true";
}
if($register_fullname == " ")
{
$fne_two = "true";
}
if($register_email == "")
{
$ee_one = "true";
}
if(!ereg("^([0-9,a-z,A-Z]+)([.,_]([0-9,a-z,A-Z]+))*[@]([0-9,a-z,A-Z]+)([.,_,-]([0-9,a-z,A-Z]+))*[.]([0-9,a-z,A-Z]){2}([0-9,a-z,A-Z])?$",$register_email))
{
$ee_two = "true";
}
if($register_gender == "")
{
$ge_one = "true";
}
if($register_country == "")
{
$ce_one = "true";
}
if($register_agreeterms == "")
{
$ate_one = "true";
}
if($register_agreeprivacy == "")
{
$ape_one = "true";
}
if($ue_one == "true" or $ue_two == "true" or $ue_three == "true" or $ue_five == "true" or $pe_one == "true" or $pe_two == "true" or $pe_three == "true" or $fne_one == "true" or $fne_two == "true" or $ee_one == "true" or $ee_two == "true" or $ge_one == "true" or $ce_one == "true" or $ate_one == "true" or $ape_one == "true")
{

} else {
print "Great! You successfully registered with Warriorama! Your account information, as well as information on how to activate your account, has been sent to "; print $register_email; print ".";
}
}
include("footer.phtml");
?>

planetsim

I didnt even try to read the code where you wanted. But never use that many if's

I suggest getting rid of that and using a switch statement. Not only faster its more accurate as well. Well in your case anyway.

KevinMG

i agree...too much code to read....

but try using "||" instead of "or"

xblue

hmm. the last if is followed by an empty block {} - what effect would you expect if to have other than "do nothing"?

I indented the code for you, makes it easier to read.

<?
$title = "Register with Warriorama";
include("header.phtml");
$register_process = $_POST['register_process'];
if ($register_process == "") {
?>
... bunch of HTML for a registration form is here ...
<?
} else if ($register_process == "1") {
    $register_banned_query = "SELECT * FROM banned_chars_words";
    $register_banned_result = mssql_query($register_banned_query);
    $register_username = $_POST['register_username'];
    $register_password = $_POST['register_password'];
    $register_confpassword = $_POST['register_confpassword'];
    $register_fullname = $_POST['register_fullname'];
    $register_email = $_POST['register_email'];
    $register_gender = $_POST['register_gender'];
    $register_country = $_POST['register_country'];
    $register_agreeterms = $_POST['register_agreeterms'];
    $register_agreepolicy = $_POST['register_agreeprivacy'];
    $register_username_l = strtolower($register_username);
    $register_check_username_query = "SELECT * FROM users WHERE username_l = '$register_username_l'";
    $register_check_username_result = mssql_query($register_check_username_query);
    if (strlen($register_username) < 4) {
        $ue_one = "true";
    }
    if (strlen($register_username) > 20) {
        $ue_two = "true";
    }
    while ($register_banned_row = mssql_fetch_array($register_banned_result)) {
        $words = $register_banned_row['words'];
        $chars = $register_banned_row['chars'];
        if (strstr($words, $register_username_l)) {
            $ue_three = "true";
        }
        if (strstr($chars, $register_username)) {
            $ue_four = "true";
        }
    }
    if (mssql_num_rows($register_check_username_result) != 0) {
        $ue_five = "true";
    }
    if (strlen($register_password) < 6) {
        $pe_one = "true";
    }
    if (strlen($register_password) > 20) {
        $pe_two = "true";
    }
    if ($register_password != $register_confpassword) {
        $pe_three = "true";
    }
    if ($register_fullname == "") {
        $fne_one = "true";
    }
    if ($register_fullname == " ") {
        $fne_two = "true";
    }
    if ($register_email == "") {
        $ee_one = "true";
    }
    if (!ereg("^([0-9,a-z,A-Z]+)([.,_]([0-9,a-z,A-Z]+))*[@]([0-9,a-z,A-Z]+)([.,_,-]([0-9,a-z,A-Z]+))*[.]([0-9,a-z,A-Z]){2}([0-9,a-z,A-Z])?$",$register_email)) {
        $ee_two = "true";
    }
    if ($register_gender == "") {
        $ge_one = "true";
    }
    if ($register_country == "") {
        $ce_one = "true";
    }
    if ($register_agreeterms == "") {
        $ate_one = "true";
    }
    if ($register_agreeprivacy == "") {
        $ape_one = "true";
    }
    if ($ue_one == "true" or $ue_two == "true" or $ue_three == "true" or $ue_five == "true" or $pe_one == "true" or $pe_two == "true" or $pe_three == "true" or $fne_one == "true" or $fne_two == "true" or $ee_one == "true" or $ee_two == "true" or $ge_one == "true" or $ce_one == "true" or $ate_one == "true" or $ape_one == "true") {

} else {
    print "Great! You successfully registered with Warriorama! Your account information, as well as information on how to activate your account, has been sent to ";
    print $register_email;
    print ".";
}
}
include("footer.phtml");
?>

KevinMG

..helped a bit...

1) an empty if(...) {} will "do nothing"

2) is there possibly something with checking for a boolean value with these variables instead of a string value of true? (i.e. true, not "true")?

if($var == true || $var2 == true) {
//do something
} else {
//blah
}

tomhath

Put all the checks into a function. You might need to declare the $register_* variables global if you intend to use them later. I don't like setting and testing lots of flags, that's usually a sign of bad design.

This is untested but should give you the idea. You should have additional checks for maximum string length and invalid characters on every field (don't assume the form was posted from your page, anybody can write a page of their own and post to this one).


function okToRegister () {

  $register_username = $_POST['register_username'];

  if(strlen($register_username) < 4)  return 1;
  if(strlen($register_username) > 20) return 2;

  $register_banned_query = "SELECT * FROM banned_chars_words"; 
  $register_banned_result = mssql_query($register_banned_query); 

  while($register_banned_row = mssql_fetch_array($register_banned_result))  { 
    $words = $register_banned_row['words']; 
    $chars = $register_banned_row['chars']; 
    if(strstr($words, $register_username_l)) return 3; 

if(strstr($chars, $register_username)) return 4;
  }

  $register_username_l = strtolower($register_username); 
  $register_check_username_query = "SELECT * FROM users WHERE username_l = '$register_username_l'"; 
  $register_check_username_result = mssql_query($register_check_username_query); 
  if (mssql_num_rows($register_check_username_result) != 0) return 5

  $register_password = $_POST['register_password']; 

  if(strlen($register_password) < 6)  return 6;
  if(strlen($register_password) > 20)  return 7;

  $register_confpassword = $_POST['register_confpassword']; 
  if($register_password != $register_confpassword) return 8;

  $register_fullname = $_POST['register_fullname']; 
  if($register_fullname == "") return 9;
  if($register_fullname == " ") return 10;

  $register_email = $_POST['register_email']; 
  if($register_email == "") return 11;
  if(!ereg("^([0-9,a-z,A-Z]+)([.,_]([0-9,a-z,A-Z]+))*[@]([0-9,a-z,A-Z]+)([.,_,-]([0-9,a-z,A-Z]+))*[.]([0-9,a-z,A-Z]){2}([0-9,a-z,A-Z])?$",$register_email)) return 12;

  $register_gender = $_POST['register_gender']; 
  if($register_gender == "") return 13;

  $register_country = $_POST['register_country']; 
  if($register_country == "") return 14;

  $register_agreeterms = $_POST['register_agreeterms']; 
  if($register_agreeterms == "") return 15;

  $register_agreepolicy = $_POST['register_agreeprivacy']; 
  if($register_agreeprivacy == "") return 16;

  return 0;
}


if ($register_process == "1") 
  if (okToRegister() == 0) {
    do stuff...
  }
  else {
  ....
}

feldon23

if (!isset($_POST['register_process'])) {
?>
... bunch of HTML for a registration form is here ...
<?
} else {
    $register_banned_query = "SELECT * FROM banned_chars_words";
    $register_banned_result = mssql_query($register_banned_query);
    $register_username = $_POST['register_username'];
    $register_password = $_POST['register_password'];
    $register_confpassword = $_POST['register_confpassword'];
    $register_fullname = $_POST['register_fullname'];
    $register_email = $_POST['register_email'];
    $register_gender = $_POST['register_gender'];
    $register_country = $_POST['register_country'];
    $register_agreeterms = $_POST['register_agreeterms'];
    $register_agreepolicy = $_POST['register_agreeprivacy'];
    $register_username_l = strtolower($register_username);
    $register_check_username_query = "SELECT * FROM users WHERE username_l = '$register_username_l'";
    $register_check_username_result = mssql_query($register_check_username_query);

// I'll leave the MySQL up to other people.

$error = "";

if ((strlen($register_username) < 4) or (strlen($register_username) > 20))
  $error .= "Your username must be between 4 and 20 characters in length.<br>\n";

if ((strlen($register_password) < 6) or (strlen($register_password) > 20))
  $error .= "Your password must be between 6 and 20 characters in length.<br>\n";

if(!ereg("^([0-9,a-z,A-Z]+)([.,_]([0-9,a-z,A-Z]+))*[@]([0-9,a-z,A-Z]+)([.,_,-]([0-9,a-z,A-Z]+))*[.]([0-9,a-z,A-Z]){2}([0-9,a-z,A-Z])?$",$register_email))
  $error .=" You have not entered a valid e-mail address.<br>\n";

// code to concatenate the banned words and characters list into 2 single strings $words and $chars.

if ((strstr($words, $register_username_l)) or (strstr($chars, $register_username_l))
  $error .= "Your username cannot contain the characters $chars or any poor language.<br>\n";

if ($register_password != $register_confpassword)
  $error .= "Your passwords do not match. Please enter the same password in both boxes.<br>\n";

if (mssql_num_rows($register_check_username_result) != 0)
  $error .= "not sure what error goes here.<br>\n";

if ((!$register_fullname) or (!$register_fullname) or (!$register_email) or (!$register_gender) or (!$register_country) or (!$register_agreeterms) or (!$register_agreeprivacy))
  $error .= "You did not fill out one or more of the required fields.<br>\n";

if (!$error) {
    print "Great! You successfully registered with Warriorama! Your account information, as well as information on how to activate your account, has been sent to $register_email.<br>\n";
    // do registration
} else {
    print "Your registration could not be processed because of the following errors:<br>\n<br>\n";
    print $error;
}