[RESOLVED] PHP tricks W3C validator?

spookztar

Hi guys,

I need a litte assist on something:

in the following:

<?php
session_start();
include 'music_files/music_includes/dbconnect.php'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1- transitional.dtd">
<html xml:lang="da" lang="da"
xmlns="http://www.w3.org/1999/xhtml">
 <head>
   <title></title>
    <meta name="title" content="?" />
    <meta name="keywords" content="?" />
    <meta name="description" content="?" />
    <meta name="robot" content="?" />
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
    <link rel="stylesheet" href="music.css" type="text/css" />
   </head>
  <body>
<div class="applicationarea">
<?php
function loginform() {
?>
 <form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
  <fieldset>
   <legend>LOG-IN</legend>
<p><label>name:</label><input name="formusername" type="text" size="15" maxlength="15" /></p>
<p><label>password:</label><input name="formpassword" type="password" size="15" maxlength="15" /></p>
<p class="submit"><input type="submit" value="Log-in" name="log-in"/></p>
</fieldset>
</form>
<?php
}
//
// end of form function
//
if (!isset($_POST['Log-in'])) {
die(loginform());
}
else $formusername = trim($_POST['formusername']) && $formpassword = md5(Trim($_POST['formpassword']));
//sanitize... and die if rotten
If (!ereg("^[A-Za-z0-9]{5-20}$", $formusername) || $formusername ="") Die('<h3 class="warning">Invalid username or empty field. Please adhere to the specifications given.</3>');
//else, pull db info out and compare. If allowed = god, else die.
if ($formusername !== $siteuser || $formpassword !== $password) die('<h3 class"warning">Incorrect log-in parameters given.</3>'); 
//stuff
?>
</div> <!-- applicationarea end --> 
</body>
</html>

- the last three tags </div> 
</body>
</html>

Fail to output, so validation fails. Why?

alimadzi

You're telling the script to die if the 'Log-in' POST variable is not set... and it's certainly not set when the HTML validator checks your page.

spookztar

Yes, so it will output the form, but that doesn't mean that the rest of the straight html shouldn't be outputted, does it?

alimadzi

Yes, it does actually. When you say die(), your script dies at that moment. No more output... even HTML.

spookztar

sigh The plight of the newbie.

So how do I get around this the best way?

NogDog

The quick-and-dirty fix:

if (!isset($_POST['Log-in'])) {
   loginform();
   echo "</div></body></html>";
   exit;
}

spookztar

NogDog: haha, well ok! I just finished a re-write of the entire IF else block:

if (!isset($_POST['log-in'])) {
echo (loginform());
}
if (isset($_POST['log-in'])) {
$formusername = trim($_POST['formusername']);
$formpassword = md5(Trim($_POST['formpassword']));
    if (!ereg("^[A-Za-z0-9]{5-20}$", $formpassword) || $formpassword ="") {
          echo '<h3 class="warning">Invalid password or empty field. Please adhere to the specifications given.</3>';
                die(loginform());
         if ($formusername !== $siteuser || $formpassword !== $password) {
               echo'<h3 class"warning">Incorrect log-in parameters given.</3>';
                     die(loginform());
         }
    }
}

Thanks for the input guys, much appreciated.🙂

alimadzi

spookztar wrote:
sigh The plight of the newbie.

So how do I get around this the best way?

I would recommend displaying an error message at the top of the form so the user can fix their mistakes. Much more usable than just dying...

spookztar

Of course. Thanks. I guess this whole thing was about me learning how to use die() properly.

I think I have it now.