Well, let's look at your app logic here....
<?php
// here, we check if the form has been submitted, because we need to handle
// redirection before we handle outputting the HTML stuff.
if (isset($_POST['submit']))
{
$errors = array();
// Check if user registered an email address
if (!empty($_REQUEST['email']))
$email = $_REQUEST['email'];
else
$errors[] = 'Please enter a email.';
// Check if user entered a password
if (!empty($_REQUEST['password']))
$password = $_REQUEST['password'];
else
$errors[] = 'Please enter a desired password.';
}
else
{
// If the user entered an e-mail address check the syntax.
if (eregi ('^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', $_POST['email']))
{
$email = $_REQUEST['email'];
}
else
{
$errors[] = 'Please enter a valid e-mail address.';
}
}
// MAKE CONNECTION
include ('db_connect.php');
// connect to the mysql server
$link = mysql_connect($host, $username, $password) or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database) or die ("Could not select database because ".mysql_error());
$error = "";
$email = $_POST['email'];
$pwd = $_POST['password'];
// check if the email is taken (safe query):
$query = sprintf("SELECT `email` FROM `users` WHERE `email` = '%s'",
mysql_real_escape_string($_POST['email']));
$qry = mysql_query($query) or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows < 1)
{
// Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON.
if(get_magic_quotes_gpc())
{
$product_name = stripslashes($_POST['email']);
$product_description = stripslashes($_POST['password']);
}
else
{
$product_name = $_POST['email'];
$product_description = $_POST['password'];
}
// Make a safe query
$query = sprintf("INSERT INTO users (`email`, `password`) VALUES ('%s', '%s')",
mysql_real_escape_string($email, $link),
md5(mysql_real_escape_string($password, $link)));
$result = mysql_query($query, $link);
// If there is no result, or there was not at least 1 row affected, die...
if(!$result || mysql_affected_rows() < 1)
{
$error = 'Could not insert user because ' . mysql_error();
}
else
{
// redirect them to the user account page, because we successfully ran the SQL
// notice how we haven't output ANYTHING to the browser yet- header() works
header('Location: user.php');
exit();
}
}
else {
$error = 'That email is already in use, please select a different one.';
}
// If they've posted but there was an error, kindly show their email address for them again.
if(isset($_POST['email']))
$email = $_POST['email'];
else
$email = '';
?>
Okay, the first if() statement looks to see if the form is posted. If it is, then it looks for empty values. If the form has NOT been posted, then it tries to do the eregi.
You need to do the eregi() when the form is posted, otherwise it should always show as an error. Here's a stripped down version of what your code should be:
<?php
// here, we check if the form has been submitted, because we need to handle
// redirection before we handle outputting the HTML stuff.
if (isset($_POST['submit']))
{
/* Is the password empty? If so, add to $errors array */
/* Is the email address empty? If so add to the $errors array.
If not, then do the eregi() to make sure it's in proper format.
If it is not in proper format, add to $errors array.
If it is in proper format, then we need to find if a user is already registered with it. If they are,
add to the $errors array; otherwise, just keep on truckin. */
/* Now check to see if $errors is not an empty array */
if(!empty($errors))
{
/* A non-empty array means that there are errors, display the messages & login form so they can try again. */
}
else
{
/* If we're here, it means that there were no errors, the user is "new" and they can register. */
}
}
else
{
/* Some default message about needing to post the form in order to use this page properly goes here. */
}
?>
I have to run out, but I'll be back later today. If you can understand my comments, then constructing the if() else{} statements should be a breeze 😉
}
