move error messages

JakeForest

How do I move error messages?

This is the script as provided. The site is www.printxpress.us/sign-in.php. The script plopps the error messages on the top of the page. I'd like to move each, respectively, to a place at the form. Any ideas? ...and thank you.

<?php # sign-in.php
// This is the registration page for the site.

// Include the configuration file for error management and such.
require_once ('./includes/config.inc');

// Set the page title, subtitle and include the header.
$page_title = 'Print X Press Register / Sign-in';
$page_subtitle = 'Register / Sign-in';
include ('includes/header.inc');

if (isset($_POST['submit1'])) { // Handle the form.

require_once ('./mysql_connect.php'); // Connect to the database.

// Check for a first name.
if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['first_name'])))) {
	$fn = escape_data($_POST['first_name']);
} else {
	$fn = FALSE;
	echo '<p><font color="red" size="+1">Please enter your first name!</font></p>';
}

// Check for a last name.
if (eregi ("^[[:alpha:].' -]{2,30}$", stripslashes(trim($_POST['last_name'])))) {
	$ln = escape_data($_POST['last_name']);
} else {
	$ln = FALSE;
	echo '<p><font color="red" size="+1">Please enter your last name!</font></p>';
}

// Check for a title.
if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['title'])))) {
	$t = escape_data($_POST['title']);
} else {
	$t = FALSE;
	echo '<p><font color="red" size="+1">Please enter your title!</font></p>';
}

// Check for a company.
if (eregi ("^[[:alpha:].' -]{2,30}$", stripslashes(trim($_POST['company'])))) {
	$c = escape_data($_POST['company']);
} else {
	$c = FALSE;
	echo '<p><font color="red" size="+1">Please enter your company!</font></p>';
}

// Check for an email address.
if (eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$", stripslashes(trim($_POST['email'])))) {
	$e = escape_data($_POST['email']);
} else {
	$e = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid email address!</font></p>';
}

// Check for a username.
if (eregi ("^[[:alnum:]_]{4,24}$", stripslashes(trim($_POST['username'])))) {
	$u = escape_data($_POST['username']);
} else {
	$u = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid username!</font></p>';
}

// Check for a password and match against the confirmed password.
if (eregi ("^[[:alnum:]]{4,20}$", stripslashes(trim($_POST['password1'])))) {
	if ($_POST['password1'] == $_POST['password2']) {
		$p = escape_data($_POST['password1']);
	} else {
		$p = FALSE;
		echo '<p><font color="red" size="+1">Your password did not match the confirmed password!</font></p>';
	}
} else {
	$p = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';
}

if ($fn && $ln &&$t &&$c &&$e && $u && $p) { // If everything's OK.

	// Make sure the username is available.
	$query = "SELECT user_id FROM users WHERE username='$u'";		
	$result = @mysql_query ($query);

	if (mysql_num_rows($result) == 0) { // Available.

		// Add the user.
		$query = "INSERT INTO users (username, first_name, last_name, email, password, registration_date) VALUES ('$u', '$fn', '$ln', '$e', PASSWORD('$p'), NOW() )";		
		$result = @mysql_query ($query); // Run the query.

		if ($result) { // If it ran OK.

			// Send an email, if desired.
			echo '<h3>Thank you for registering!</h3>';
			include ('includes/footer.inc'); // Include the footer.
			exit();				

		} else { // If it did not run OK.
			// Send a message to the error log, if desired.
			echo '<p><font color="red" size="+1">You could not be registered due to a system error. We apologize for any inconvenience.</font></p>'; 
		}		

	} else { // The username is not available.
		echo '<p><font color="red" size="+1">That username is already taken.</font></p>'; 
	}

	mysql_close(); // Close the database connection.

} else { // If one of the data tests failed.
	echo '<p><font color="red" size="+1">Please try again.</font></p>';		
}

} // End of the submit1 conditional.
?>

<?php #login

if (isset($_POST['submit2'])) { // Check if the form has been submitted.

require_once ('./mysql_connect.php'); // Connect to the database.

if (empty($_POST['username'])) { // Validate the username.
	$u = FALSE;
	echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>';
} else {
	$u = escape_data($_POST['username']);
}

if (empty($_POST['password'])) { // Validate the password.
	$p = FALSE;
	echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
} else {
	$p = escape_data($_POST['password']);
}

if ($u && $p) { // If everything's OK.

	// Query the database.
	$query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')";		
	$result = @mysql_query ($query);
	$row = mysql_fetch_array ($result, MYSQL_NUM); 

	if ($row) { // A match was made.

			// Start the session, register the values & redirect.
			$_SESSION['first_name'] = $row[1];
			$_SESSION['user_id'] = $row[0];

			ob_end_clean(); // Delete the buffer.

			header ("Location:  [url]http://[/url]" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
			exit();

	} else { // No match was made.
		echo '<p><font color="red" size="+1">The username and password entered do not match those on file.</font></p>'; 
	}

	mysql_close(); // Close the database connection.

} else { // If everything wasn't OK.
	echo '<p><font color="red" size="+1">Please try again.</font></p>';		
}

} // End of submit2 conditional.
?>

bunner_bob

What I've been doing is, instead of echoing my error messages directly, I stick them in an array called $error.

So you get (paraphrasing):

if ([error in first name]) {
$error['first'] == "First name wrong";
}

if ([error in last name]) {
$error['last'] == "Last name wrong";
}

and so on for address, phone, hat size, number of pantslegs, etc.

Then down in your form you can have something like.

<input type="text" name="first" />
<?php
if ($error['first']) {
echo "<br><font color="red">" . $error['first'] . "<br";
}
?>

<input type="text" name="last" />
<?php
if ($error['last']) {
echo "<br><font color="red">" . $error['first'] . "<br";
}
?>

That's the skeleton version of it anyway. The errors and their formatting and all only show up if that particular error element has been set in the array.

You could also have a "master" error message that appears at the top - say "ERROR! There is a problem with the form. See below." - if ANY of the error messages are set by writing:
if ($error) {
echo [ the master error message];
}

Hope that helps

bunner_bob

Oops - I should have said:

if (isset($error['first'])) { (etc.)

right gurus? Though I suppose either will work.
Bob

JakeForest

Thanks for the input. When I tried your strings I recieved an immediate parse error message. So you know, I'm an absolute novice with PHP. Could you clear up my confusion on the parse error message? I won't be embarassed if you spoon feed it to me.

Thanks again, Jake

bunner_bob

Sorry - I was posting very abbreviated code. I hesitate to even CALL it code...

When you get a parse error it's usually one of a few simple things:
-no close-parenthesis when you have an open-parenthesis () (or vice versa - you forgot an open-parenthesis but put in the close)
- ditto with square brackets - []
- ditto with curly brackets - {}
- forgot a semicolon at the end of a statement (or typed a colon by mistake)
- forgot "$" at beginning of a variable

Now back to your question - we can take it one step at a time:

First, let's look at a typical errorcheck instance. When you check first name and it fails, you have:
echo '<p><font color="red" size="+1">Please enter your first name!</font></p>';

This line could instead read:
$error['first'] = '<p><font color="red" size="+1">Please enter your first name!</font></p>';

now personally, I would escape all the quotes that occur within the statement, though you may not have to. Just one less thing to go wrong - so:

$error['first'] = '<p><font color=\"red\" size=\"+1\">Please enter your first name!</font></p>';

So what we've done is store your entire error message in one of the elements of an array called "$error". The particular element is called "first". We refer to it by $error['first'] - single or double quotes ok.

OK - you don't show your form in your example code, but I'm guessing it is included in the same page that contains your script - or at least it's all rendered to the same page that the viewer sees - so they get error messages (currently at the top) and the form below - right?

In that case you're either "escaping" php at the end of the script/beginning of the form:

// preceding php script stuff
?> // escape from PHP
<form method="post" action="whatever" />
// and so on for the rest of the form

OR - you're doing the whole form as echoes

// preceding php script stuff
echo "<form method=\"post\" action=\"whatever\" />";
// and so on for the rest of the form

If you're using the former method, your first name form field might look like this (without considering whether you're re-echoing the user's content when they make a mistake and are returned to the form):

followed by the last name form field, and so on throughout the form.

If you're using the latter method (form all done as "echo" within php), you'll have:

echo "<input type="text" name="first" />";
if ($error['first']) {
echo $error['first'];
}

and so on through the form.

Does this help at all?

JakeForest

Excellent tutorial Bob. I really appreciate it. Very clear and concise. You're presumptions about the layout were right on the money.

Script first, form second.
and
Error message plop at the top of the form.

Only, I did have an error message appear ...
"Undefined variable: error"

Here's the code snippets:

// Check for a first name.
if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($POST['first_name'])))) {
$fn = escape_data($POST['first_name']);
} else {
$fn = FALSE;
$error['first']='<font color=\"red\" size=\"+1\"><--</font>';

At the form is:

              <tr> 
                <td width="43%" height="22" align="left" valign="bottom"><font color="#0000FF" size="2" face="Arial, Helvetica, sans-serif">Your 
                  first name</font><?php if($error['first']) {echo $error['first'];}?></td>
                <td width="57%" align="left" valign="top"><input name="first_name" type="text" id="first_name" size="40" maxlength="15" size- value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /> 
                </td>

I traced the error occurance to the installation of the message in the form. But I don't see the string as at fault, do you?

The site is at www.printxpress.us/sign-in.us

((sorry about the delay repsonding... I've developed vision problems and have been spending much time in office visits, exams, tests and so forth.))

My thanks, Jake

bunner_bob

Wow - sorry to hear about your vision. That's a scary one. Be strong - medicine is pretty amazing these days.

I can't see where the error is either. I suppose as a method of troubleshooting I might start by echoing $error['first'] right after it's set by your errorcheck. If that works start moving the echo line down through your script until it fails. That should point to where the problem is.

If it doesn't echo at all, well that's just weird.

Though I do have to ask:
$error['first']='<font color=\"red\" size=\"+1\"><--</font>';
- maybe the "<--" you're echoing is part of the problem. Try just a word or something.

All I can think of at the moment. Move it around (or temporarily cut out chunks of code) until it works, then start putting stuff back until it breaks.

You can imagine the fun I had when I recently installed a new build of PHP 4 that had error messages turned off. Couldn't figure out why I wasn't getting any error messages, so when something went wrong I had to limp my way through a couple of thousand lines of code to find the problem. This went on for days until I finally got wise to what was going on.

Oh - are you using PHP 5? I'm all PHP 4 myself - there might be a change I'm not aware of.

JakeForest

Hi Bob.

Thanks for the words of good cheer.

Yes, I'm using PHP 4 also. Here's what I've been able to crack:

This string is solid:

// Check for a first name.
if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['first_name'])))) {
	$fn = escape_data($_POST['first_name']);
} else {
	$fn = FALSE;
	$error['first'] = '<font color="red" size="2">*</font>';
}

Per you suggestion I tried a variety of display error messages, including the original arrow "<--" ...all worked okay (just the "<--" displayed ugly.

This is the problem string:

if ($error['first']) { echo $error['first']; } ?>

The system consistently complains:

An error occurred in ... "Undefined variable: error"

It needs something put in here (at the xxxx)

if (xxxx($error['first'])) { echo $error['first']; } ?>

For example: the following worked for the displaying the error message where I want, but interfered with the form processing:

if (isset($error['first'])) echo $error['first']; ?>

This is as close as I've gotten so far.

Jake

bunner_bob

Ya know, I was going to suggest "isset()" but I get away without it so often (i.e. most of the time) that I didn't think that could be it.

Strange that it would interfere with form processing - how does this manifest itself?

JakeForest

BOOM ... this is it, with one exception.

This part goes well, rock solid

// Check for a username.
if (eregi ("^[[:alnum:]_]{4,24}$", stripslashes(trim($_POST['username'])))) {
	$u = escape_data($_POST['username']);
} else {
	$u = FALSE;
	$error['UserName'] = '<font color="red" size="2">*</font>';
}

At the form, this part goes well, rock solid

<?php if (isset($error['UserName'])) echo $error['UserName']; ?>

Problems are encountered when there is an option of two error messages ...

This portion goes well, rock solid

	// Make sure the username is available.
	$query = "SELECT user_id FROM users WHERE username='$u'";		
	$result = @mysql_query ($query);

	if (mysql_num_rows($result) == 0) { // Available.
	} else { // The username is not available.
	$error['UserNameNA'] = '<font color="red" size="2">*...not available.</font>';

But at the form this does not work

                <td height="17" align="left" valign="bottom"><font color="#0000FF" size="2" face="Arial, Helvetica, sans-serif"> 
                  User Name</font><?php if (isset($error['UserName'])) echo $error['UserName']; ?><?php if (isset($error['UserNameNA'])) echo $error['UserNameNA']; ?></td>

Though there are no error messages, it doesn't like it. The screen shot gives appearance that the form has successfully processed, (even with a confirmation message), but no authentication email is sent to the register's address.

By the way, the scripts I use come from a variety of sources. But notably I'm using Larry Ullman's, "PHP and MySQL For Dynamic Web Sites" and Luke Wellington and Laura Thomson's "PHP and MySQL Web Development". For the fundamentals they're both excellent, then I glean scripts and tutorials to enrich the features of the site. Blending is a challenge in itself. I'll be glad when I can actually write this stuff from scratch...

JakeForest

I GOT IT TO WORK! How exciting.

By the number of views it appears this is a topic of interest to others, so what follows is as much of the script as the message board will allow.

What I need to do next is move the confimation messages such as: "... echo 'Registration authentication has been mailed to your email address. Please check it for confirmation.'; ..."

If anyone wants to join in I'm building a registration/login script with all the bells and whistles: email confirmation, auto login, encryption, password change, forgotten password, user levels.

Plus, the goal is to build it on one page for easy access.

<?php # sign-in.php
// This is the registration page for the site.

// Include the configuration file for error management and such.
require_once ('./includes/config.inc');

// Set the page title, subtitle and include the header.
$page_title = 'Print X Press Register / Sign-in';
$page_subtitle = 'Register / Sign-in';
include ('./includes/header.inc');
?>

<?php
if (isset($_POST['submit1'])) { // Handle the form.

require_once ('./mysql_connect.php'); // Connect to the database.

// Check for a first name.
if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['first_name'])))) {
	$fn = escape_data($_POST['first_name']);
} else {
	$fn = FALSE;
	$error['FirstName'] = '<font color="red" size="2">*</font>';
}

// Check for a last name.
if (eregi ("^[[:alpha:].' -]{2,30}$", stripslashes(trim($_POST['last_name'])))) {
	$ln = escape_data($_POST['last_name']);
} else {
	$ln = FALSE;
	$error['LastName'] = '<font color="red" size="2">*</font>';
}

// Check for a title.
if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['title'])))) {
	$t = escape_data($_POST['title']);
} else {
	$t = FALSE;
	$error['Title'] = '<font color="red" size="2">*</font>';
}

// Check for a company.
if (eregi ("^[[:alpha:].' -]{2,30}$", stripslashes(trim($_POST['company'])))) {
	$c = escape_data($_POST['company']);
} else {
	$c = FALSE;
	$error['Company'] = '<font color="red" size="2">*</font>';
}

// Check for an email address.
if (eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$", stripslashes(trim($_POST['email'])))) {
	$e = escape_data($_POST['email']);
} else {
	$e = FALSE;
	$error['Email'] = '<font color="red" size="2">*</font>';
}

// Check for a username.
if (eregi ("^[[:alnum:]_]{4,24}$", stripslashes(trim($_POST['username'])))) {
	$u = escape_data($_POST['username']);
} else {
	$u = FALSE;
	$error['UserName'] = '<font color="red" size="2">*</font>';
}

if ($fn && $ln && $t && $c && $e && $u) { // If everything's OK.

	// Make sure the username is available.
	$query = "SELECT user_id FROM users WHERE username='$u'";		
	$result = @mysql_query ($query);

	if (mysql_num_rows($result) == 0) { // Available.

/ Everything has passed both error checks that we have done.
It's time to create the account! /

/ Random Password generator. We'll generate a random password for the
user and encrypt it, email it and then enter it into the db.
/

function makeRandomPassword() {
$totalChar = 7; // number of chars in the password
$salt = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789"; // salt to select chars from
srand((double)microtime()*1000000); // start the random generator
$password=""; // set the inital variable
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$password = $password . $tmp;
$i++;
}
return $password;
}

$random_password = makeRandomPassword();

$db_password = ($random_password);

		// Add the user.
		$query = "INSERT INTO users (username, first_name, last_name, title, company, email, password, registration_date) VALUES ('$u', '$fn', '$ln', '$t', '$c', '$e', password('$db_password'), NOW() )";		
		$result = @mysql_query ($query); // Run the query.

		if ($result) { // If it ran OK.

        $user_id = mysql_insert_id();
    	// Let's mail the user!
    	$subject = "Your registration at printxpress.us";
        $message = "Hi $first_name  ...Jake here.

        Thanks for registering at our website, Print X Press.

        To activate your registration, please click here:

		[url]http://www.printxpress.us/activate.php?id=[/url]$user_id&code=$db_password

		Once activated, you can sign-in with the following information:

    	Username: $username
        Password: $random_password

		After signing in you can change the security-generated password to one of your choosing.

        Enjoy your visit!
        Jake Forest";

        mail($email, $subject, $message, "Wrom: WRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAAL
        echo 'Registration authentication has been mailed to your email address. Please check it for confirmation.';
        }
		include ('includes/footer.inc'); // Include the footer.
		exit();

	    } else { // The username is not available.
	      		$error['UserNameNA'] = '<font color="red" size="2">* ...not available</font>';
				$error['TopMessage'] = '<font color="red" size="2" face="Arial, Helvetica, sans-serif"><strong>please try again</strong></font>';
	    }
		} else { // If it did not run OK.
			// Send a message to the error log, if desired.
        	$error['TopMessage'] = '<font color="red" size="2" face="Arial, Helvetica, sans-serif"><strong>please try again</strong></font>';
		}		

	mysql_close(); // Close the database connection.

} // End of the main submit1 conditional.
?>

<?php # sign-in

// Include the configuration file for error management and such.
require_once ('includes/config.inc');

if (isset($_POST['submit2'])) { // Check if the form has been submitted.

require_once ('./mysql_connect.php'); // Connect to the database.

if (empty($_POST['username'])) { // Validate the username.
	$u = FALSE;
	echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>';
} else {
	$u = escape_data($_POST['username']);
}

if (empty($_POST['password'])) { // Validate the password.
	$p = FALSE;
	echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
} else {
	$p = escape_data($_POST['password']);
}

if ($u && $p) { // If everything's OK.

	// Query the database.
	$query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')";		
	$result = @mysql_query ($query);
	$row = mysql_fetch_array ($result, MYSQL_NUM); 

	if ($row) { // A match was made.

			// Start the session, register the values & redirect.
			$_SESSION['first_name'] = $row[1];
			$_SESSION['user_id'] = $row[0];

			ob_end_clean(); // Delete the buffer.

			header ("Location:  [url]http://[/url]" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
			exit();

	} else { // No match was made.
		echo '<p><font color="red" size="+1">The username and password entered do not match those on file.</font></p>'; 
	}

	mysql_close(); // Close the database connection.

} else { // If everything wasn't OK.
	echo '<p><font color="red" size="+1">Please try again.</font></p>';		
}

} // End of submit2 conditional.