Error messaging not working properly

watson100

Hello,

Once again i am making a post with a problem i am encountering, this time its with showing errors on the registration form.

First off here are the register process file and the register form file -

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>

<?php $startError ?>
<form action="reg_process.php" method="POST">
<p<?php if (!empty($formErrors['email'])) echo ' class="formerror"'; ?>>Email: <input type="text" name="email" value="<?php (isset($_POST['email'])) ?>" />
<?php if (!empty($formErrors['email'])) echo '<img src="" width="16" height="16" hspace="5" alt=""><br /><span class="errortext">'.$formErrors['email'].'</span>';
if (!empty($formErrors['checkemail'])) echo '<img src="" width="16" height="16" hspace="5" alt=""><br /><span class="errortext">'.$formErrors['checkemail'].'</span>';
if (!empty($formErrors['checkemail2'])) echo '<img src="" width="16" height="16" hspace="5" alt=""><br /><span class="errortext">'.$formErrors['checkemail2'].'</span>'; ?></p>
<p<?php if (!empty($formErrors['username'])) echo ' class="formerror"'; ?>>Username: <input type="text" name="username" value="<?php (isset($_POST['username'])) ?>" />
<?php if (!empty($formErrors['username'])) echo '<img src="" width="16" height="16" hspace="5" alt=""><br /><span class="errortext">'.$formErrors['username'].'</span>';
if (!empty($formErrors['checkuser'])) echo '<img src="" width="16" height="16" hspace="5" alt=""><br /><span class="errortext">'.$formErrors['checkuser'].'</span>'; ?></p>
<p<?php if (!empty($formErrors['password'])) echo ' class="formerror"'; ?>>Password: <input type="password" name="password" /><?php if (!empty($formErrors['password'])) echo '<img src="" width="16" height="16" hspace="5" alt=""><br /><span class="errortext">'.$formErrors['password'].'</span>'; ?></p>
<p<?php if (!empty($formErrors['repeatpass'])) echo ' class="formerror"'; ?>>Re-type Password: <input type="password" name="re-password" /><?php if (!empty($formErrors['repeatpass'])) echo '<img src="" width="16" height="16" hspace="5" alt=""><br /><span class="errortext">'.$formErrors['repeatpass'].'</span>'; ?></p>
<input type="submit" name="Submit" id="Submit" />
</form>

</body>
</html>

and here is the process file -

<?php
require_once("db/connect.php"); 

session_start(); 

//Declare Variables

$Username = $_POST['username'];
$Email = $_POST['email'];
$Email1 = "@";
$Email_Check = strpos($Email,$Email1);
$Password = sha1($_POST['password']); 
$Re_Password = sha1($_POST['re-password']);

$formErrors = array();

if (!empty($_POST['Submit'])){

//Check To See If All Information Is Correct
if($Email == "")
	$formErrors['email'] = "You have not entered your email!";
else if($Email_Check === false)
	$formErrors['checkemail'] = "Your email is incorrect!";
//Check to see if the email address is already in use
$email_add = mysql_query("SELECT * FROM users WHERE email='$Email'");
if (mysql_num_rows($email_add) > 0)
	$formErrors['checkemail2'] = "That email is already in use";
else if($Username == "")
	$formErrors['username'] = "You didn't enter a username!";
//Check to see if the username is already in use
$user = mysql_query("SELECT * FROM users WHERE username='$Username'");
if (mysql_num_rows($user) > 0)
	$formErrors['checkuser'] = "That username is already taken";
else if($Password == "" || $Re_Password == "")
	$formErrors['password'] = "You didn't enter a password!";
else if($Password != $Re_Password)
	$formErrors['repeatpass'] = "Your passwords don't match!";
if (count($formErrors) == 0){
//Insert Into Database
if(!mysql_query("INSERT INTO users (email, username, password) VALUES ('$Email', '$Username', '$Password')"))
{	die("We could not register you due to a error (Contact the website owner if this continues to happen.)");
}else{	die("User Created");	}
							}else{
									$startError = '<div class="formError"><p><img src="" width="16" height="16">Please check the follwing:</p><ul>';
									foreach ($formErrors as $error) {
										$startError .= "<li>$error</li>";
									}
									$startError .='</ul></div>';
								 }

}
?>

When i press submit to sign up and i know there are errors that i have made it takes me through the process file and stops on it and it is a blank page. What i want it to do go back to the register form and display the error messages by the field but unfortunately that is not working.

Any ideas how i could fix it to make it do what i want?

Cetera

Right I first made the code a bit easier to read and debug

<?php
require_once("db/connect.php"); 

session_start(); 

//Declare Variables 

$Username = $_POST['username']; 
$Email = $_POST['email']; 
$Email1 = "@"; 
$Email_Check = strpos($Email,$Email1); 
$Password = sha1($_POST['password']); 
$Re_Password = sha1($_POST['re-password']); 

$formErrors = array(); 

if (!empty($_POST['Submit']))
{ 

//Check To See If All Information Is Correct 
if($Email == "")
{ 
	$formErrors['email'] = "You have not entered your email!"; 
}
elseif($Email_Check === false)
{
	$formErrors['checkemail'] = "Your email is incorrect!"; 
	//Check to see if the email address is already in use 
	$email_add = mysql_query("SELECT * FROM users WHERE email='$Email'"); 
	if (mysql_num_rows($email_add) > 0) 
	{
		$formErrors['checkemail2'] = "That email is already in use"; 
	}
}

if ($Username == "") 
{
	$formErrors['username'] = "You didn't enter a username!"; 
}
else
{
	//Check to see if the username is already in use 
	$user = mysql_query("SELECT * FROM users WHERE username='$Username'"); 
	if (mysql_num_rows($user) > 0) 
	{
		$formErrors['checkuser'] = "That username is already taken"; 
	}
}

if($Password == "" || $Re_Password == "") 
{
	$formErrors['password'] = "You didn't enter a password!"; 
}
elseif($Password != $Re_Password)
{		
	$formErrors['repeatpass'] = "Your passwords don't match!"; 
}


if (count($formErrors) == 0)
{ 
	//Insert Into Database 
	if(!mysql_query("INSERT INTO users (email, username, password) VALUES ('$Email', '$Username', '$Password')")) 
	{    
		die("We could not register you due to a error (Contact the website owner if this continues to happen.)"); 
	}
	else
	{    
		die("User Created");    
	} 
}
else
{ 
	$startError = '<div class="formError"><p><img src="" width="16" height="16">Please check the follwing:</p><ul>'; 
	foreach ($formErrors as $error) 
	{ 
		$startError .= "<li>$error</li>"; 
	} 
	$startError .='</ul></div>'; 
}
}
?>

I not had time to test the code to see if it works but I can say something:

<?php echo sha1(''); ?>

Will output: da39a3ee5e6b4b0d3255bfef95601890afd80709 this means

<?php
	if($Password == "" || $Re_Password == "") 
	{
		$formErrors['password'] = "You didn't enter a password!"; 
	}
?>

will never be true so people can infact post empty password.

Also, checking your form code you sending the form to reg_process.php I will assume that the above code is from reg_process.php and no where in reg_process.php do you output $formErrors.

I would do something in line with this (signup.php):

<?php
// Here we process the form:
$username = (isset($_POST['username'])) ? $_POST['username'] : ''; 
// If form been submitted 
if ( isset($_POST['Submit']) ) 
{
	if ( empty($username) ) 
	{
		$error['username'] = "Missing username";
	}

if ( !isset($error) )
{
	// No error found
	// insert the user
	echo 'Signup complete';
	exit;
}
}
?>
<html>
	<head></head>

<body>
	<?php
	// If error found
	if ( isset($error) ) {
		// Loop errors
		foreach($error AS $e) {
			echo $e . "<br />";
		}
	}
	?>
	<form action="signup.php" method="post">
		Username: <input type="text" name="username" /> <br />
		<input type="submit" name="Submit" value="Sign up" />
	</form>
</body>
</html>

watson100

So would you recommend me move most of the reg_process.php file into the register.php file so pretty much move everything from reg_process file to register file and delete reg_process file

also

do you know how i could show an error message incase the user doesn't enter a password?

Cetera

To your first question - Thats how I always done it, you can also send error message in a session.

To your second question:

Remove your SHA1 in the beginning of the file and hash the password when you put it into the database

watson100

Ah Success! Thanks! Only have one more question.

I want the information in certain fields to stay there so the user doesn't have to keep putting it in every time they accidently make a mistake, here is my register form atm -

<?php 
   // If error found 
   if ( isset($error) ) { 
   // Loop errors 
  foreach($error AS $e) { 
     echo "<div id='error'><ul><li>" . $e . "</li></ul></div>"; 
     } 
  } 
?> 

<form action="register.php" method="POST">
Email: <input type="text" name="email" value="<?php echo (isset($_POST['email'])); ?>" />
Username: <input type="text" name="username" value="<?php echo (isset($_POST['username'])); ?>" />
Password: <input type="password" name="password" />
Re-type Password: <input type="password" name="re-password" />
<input type="submit" name="Submit" id="Submit" />
</form>

As you can see i have put in the value -

value="<?php echo (isset($_POST['email'])); ?>"

But when i click the 'submit' button and have purposely made an error instead of echoing what the user has put in the fields it shows a '1' in the fields - email and username.

Know how i could make it echo what the user have actually entered in those fields?

Cetera

Isset cannot echo a variable, replace

<?php echo (isset($_POST['username'])); ?>

with

<?php echo (isset($_POST['username'])) ? $_POST['username'] : ''; ?>

The later is 'Ternary Operator' : http://php.net/manual/en/language.operators.comparison.php

watson100

Ah thankyou it works, thanks for your help