Hi Everyone, I'm having a hard time confirming passwords in my sign up form. My email confirming is working fine but if a user signs up for my website with two different passwords they automatically get signed up. In other words, my error checking isn't taking care of the problem. I've been working on this for quite a while and not sure what the problem is. Any help would be appreciated it. Thanks. http://whatsmyowncarworth.com/class-work/sign/join_form.php <?php// Set error message as blank upon arrival to page // This is a function that I can apply to any words/phrasesfunction letscapthis($element){$element = strtolower($element);return ucwords($element);}// Above is the function called "letscapthis" $errorMsg = "";// First we check to see if the form has been submittedif (isset($_POST['username'])){//Connect to the database through our includeinclude_once "connect_to_mysql.php";// Filter the posted variables$username = ereg_replace("[^A-Za-z0-9]", "", $_POST['username']); // filter everything but numbers and letters$country = ereg_replace("[^A-Z a-z0-9]", "", $_POST['country']); // filter everything but spaces, numbers, and letters$state = ereg_replace("[^A-Z a-z0-9]", "", $_POST['state']); // filter everything but spaces, numbers, and letters$state = letscapthis($state);$city = ereg_replace("[^A-Z a-z0-9]", "", $_POST['city']); // filter everything but spaces, numbers, and letters$city = letscapthis($city); $email = stripslashes($_POST['email']);$email = strip_tags($email);$email = mysql_real_escape_string($email); $email2 = stripslashes($_POST['email2']);$email2 = strip_tags($email2);$email2 = mysql_real_escape_string($email2); $password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters$password2 = ereg_replace("[^A-Za-z0-9]", "", $_POST['password2']); // filter everything but numbers and letters// Check to see if the user filled all fields with// the "Required"(*) symbol next to them in the join form// and print out to them what they have forgotten to put inif((!$username) || (!$country) || (!$state) || (!$city) || (!$email) || (!$email2) || (!$password) || (!$password2) ){ $errorMsg = "You did not submit the following required information!<br /><br />";if(!$username){$errorMsg .= "--- User Name";} if(!$country){$errorMsg .= "--- Country";} if(!$state){$errorMsg .= "--- State";} if(!$city){$errorMsg .= "--- City";} else if($email !== $email2){$errorMsg = 'ERROR: Your Email fields below do not match<br />';} else if($password !== $password2){$errorMsg = 'ERROR: Your Password fields below do not match<br />';}} else {// Database duplicate Fields Check$sql_username_check = mysql_query("SELECT id FROM members WHERE username='$username' LIMIT 1");$sql_email_check = mysql_query("SELECT id FROM members WHERE email='$email' LIMIT 1");$username_check = mysql_num_rows($sql_username_check);$email_check = mysql_num_rows($sql_email_check);if ($username_check > 0){$errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside our system. Please try another.";} else if ($email_check > 0){$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside our system. Please try another.";} else {// Add MD5 Hash to the password variable$hashedPass = md5($password);// Add user info into the database table, claim your fields then values$sql = mysql_query("INSERT INTO members (username, country, state, city, email, password, signupdate)VALUES('$username','$country','$state','$city','$email','$hashedPass', now())") or die (mysql_error()); echo 'Thanks for submitting your information.<br /><br />To return to the homepage, <a href="index.php">click here</a>'; } // Close else after database duplicate field value checks} // Close else after missing vars check} //Close if $_POST?> PHP:
Please reformat the PHP code before asking help, this code is just one big line of scripting and much isn't runned because its commented..
Do your email addresses confirm? Your code is quite messy but why don't you confirm the passwords before stripping slashes/tags? Also MD5 is not secure enough. SHA5 is better. <?php $password = ""; $password2 = ""; if ($password != $password2){ echo "Passwords do not match"; } else { echo "Yay, your passwords match"; //Carry on with code here //Escape chars/tags //Proceed to rest of code } ?> PHP:
Hi Everyone, My apol. for the delayed response. Below is my syntax. Give me your thoughts. Thanks! <?php // Set error message as blank upon arrival to page // This is a function that I can apply to any words/phrases function letscapthis($element){ $element = strtolower($element); return ucwords($element); } // Above is the function called "letscapthis" $errorMsg = ""; // First we check to see if the form has been submitted if (isset($_POST['username'])){ //Connect to the database through our include include_once "connect_to_mysql.php"; // Filter the posted variables // preg_replace <-- I should prob. use this function $username = ereg_replace("[^A-Za-z0-9]", "", $_POST['username']); // filter everything but numbers and letters $country = ereg_replace("[^A-Z a-z0-9]", "", $_POST['country']); // filter everything but spaces, numbers, and letters $state = ereg_replace("[^A-Z a-z0-9]", "", $_POST['state']); // filter everything but spaces, numbers, and letters $state = letscapthis($state); $city = ereg_replace("[^A-Z a-z0-9]", "", $_POST['city']); // filter everything but spaces, numbers, and letters $city = letscapthis($city); // $accounttype = ereg_replace("[^a-z]", "", $_POST['accounttype']); // filter everything but lowercase letters $email = stripslashes($_POST['email']); $email = strip_tags($email); // mysqli_real_escape_string <-- should prob. use this function $email = mysql_real_escape_string($email); $email2 = stripslashes($_POST['email2']); $email2 = strip_tags($email2); $email2 = mysql_real_escape_string($email2); $password = stripslashes($_POST['password']); $password = strip_tags($password); // $password = mysql_real_escape_string($password); $password2 = stripslashes($_POST['password2']); $password2 = strip_tags($password2); // $password2 = mysql_real_escape_string($password2); // $password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters // $password2 = ereg_replace("[^A-Za-z0-9]", "", $_POST['password2']); // filter everything but numbers and letters // Check to see if the user filled all fields with // the "Required"(*) symbol next to them in the join form // and print out to them what they have forgotten to put in if((!$username) || (!$country) || (!$state) || (!$city) ){ $errorMsg = "You did not submit the following required information!<br /><br />"; if (!$username){ $errorMsg .= "--- User Name<br/>"; } if (!$country){ $errorMsg .= "--- Country<br/>"; } if (!$state){ $errorMsg .= "--- State<br/>"; } if (!$city){ $errorMsg .= "--- City<br/>"; } } if ($email !== $email2){ $errorMsg .= 'ERROR: Your Email fields below do not match<br />'; } if ($password !== $password2){ $errorMsg .= 'ERROR: Your Password fields below do not match<br />'; } else { $password = eregi_replace("[^A-Za-z0-9]", "", $password); $password = mysql_real_escape_string($password); // Database duplicate Fields Check $sql_username_check = mysql_query("SELECT id FROM members WHERE username='$username' LIMIT 1"); $sql_email_check = mysql_query("SELECT id FROM members WHERE email='$email' LIMIT 1"); // mysqli_stmt_num_rows <-- should prob. use this function $username_check = mysql_num_rows($sql_username_check); $email_check = mysql_num_rows($sql_email_check); if ($username_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside our system. Please try another."; } else if ($email_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside our system. Please try another."; } else { // Add MD5 Hash to the password variable $hashedPass = md5($password); // Add user info into the database table, claim your fields then values $sql = mysql_query("INSERT INTO members (username, country, state, city, email, password, signupdate) VALUES('$username','$country','$state','$city','$email','$hashedPass', now())") or die (mysql_error()); echo 'Thanks for submitting your information.<br /><br /> To return to the homepage, <a href="index.php">click here</a>'; // exit(); } // Close else after database duplicate field value checks } // Close else after missing vars check } //Close if $_POST ?> Code (markup):
You are not doing a check to see if the passwords are the same? Try: if($password != $password2) { //add to error message here }