php user registration

Question

Lensva -6 Junior Poster in Training

15 Years Ago

hello gents,
i have two pages: page1.php takes user input, page2.php should process it and then return page1 either error or success messages.
there seem to be an error(s) i cant figure out:
when you fill the form with correct data you get:

Warning: Invalid argument supplied for foreach() in C:\Users\admin\Desktop\xampp\xampp\htdocs\examples\user registration\page1.php on line 31

page2 is made of functions to hopefully increase readability;
me being new to php, will probably make a lot of flawed logical decisions, so tips on what to change would be even better than the solution itself;
page1:

<?php session_start();
		$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
?>
<html>
<head>
<title>Untitled Document</title>
	<style type="text/css">
	#registration div { 
		width:150px;
		height:30px;
		float:left;}
	#registration span { 
		font-size:12px;}
	br {
		clear:both;}
	</style>
</head>
<body>
<form id="registration" action="page2.php" method="post">
<div>Username:</div> <input type="text" maxlength="15" name="username"> <span> 3-15 characters </span> <br>
<div>Password:</div> <input type="password" maxlength="15" name="password"> <span>5-20 characters</span> <br>
<div>Verify password:</div> <input type="password" maxlength="20" name="password_verify"> <br>
<div>E-mail:</div> <input type="text" maxlength="30" name="email"> <span>40 characters max</span> <br>
<input type="reset"> 
<input type="submit" name="submit" value="Register">
<input type="submit" name="delete_session" value="delete session">
</form>
<br>
<?php
	if( !empty($_SESSION['error_list']) )
	foreach($_SESSION['error_list'] as $key => $value)
	echo $value;
?>
</body>
</html>

page2:

<?php 
	session_start(); 
	$error_list = array();
//delete session==========================================================================================	
	if( isset($_POST['delete_session']) ) 
	{
		session_destroy();
		header('Location:page1.php');
	}
//validation start===============================================================================	
	if( parameter_check(&$error_list) )
	{
		non_db_username_check(&$error_list);
		password_check(&$error_list);
		non_db_email_check(&$error_list);
		mysql_data_check(&$error_list);
		$_SESSION['error_list'] = $error_data;
		header('Location:page1.php');
	}
	else 
	{
		$_SESSION['error_list'] = $error_list;
		header('Location:page1.php');
	}
	
//functions================================================================================================
function parameter_check(&$error_list)
{
	if( (isset($_POST['submit']) ) &&
		(!empty($_POST['username']) ) &&
		(!empty($_POST['password']) ) &&
		(!empty($_POST['password_verify']) ) &&
		(!empty($_POST['email']) ) );
	else 
	{
		array_push(&$error_list, "<li>fill in all fields</li>");
		return false;
	}
	return true;
}
//functions================================================================================================
function non_db_username_check(&$error_list)
{
	$username = $_POST['username'];
//----------------------------------------
	if( (strlen($username) >= 3) && (strlen($username) <= 15));
	else 
		{
			array_push(&$error_list, "<li>enter 3 - 15 characters username</li>");
			 return false;
		}
//----------------------------------------	
	if( !ereg("^[A-Za-z0-9.-_]$",$username)) 
		{ 
			array_push(&$error_list, "<li>invalid characters in username</li>");
			return false;
		}
//----------------------------------------
	return true;
}
//===========================================================================================================
function password_check(&$error_list)
{
	$password1 = $_POST['password'];
	$password2 = $_POST['password_verify'];
//----------------------------------------	
	if( strcmp($password1,$password2) != 0)
	{
		array_push(&$error_list, "<li>passwords dont match</li>");
		return false;
	}
//----------------------------------------	
	if( (strlen($password1) >= 5) && (strlen($password1) <= 20));
	else 
	{
		array_push(&$error_list, "<li>enter 3 - 20 characters password</li>");
		return false;
	}			
//----------------------------------------
	return true;
}
//===========================================================================================================
function non_db_email_check(&$error_list)
{
	$email = $_POST['email'];
//----------------------------------------
	if( ereg("^[^.] [A-Za-z0-9.-_]{1,20} @ [^@.][A-Za-z0-9.-_]{1,40}$",$email) );
	else	
	{
		array_push(&$error_list, "<li>email is invalid</li>");
		return false;
	}
//----------------------------------------
	return true;
}
//===========================================================================================================
function mysql_data_check(&$error_list)
{
	if( strlen(&$error_list)>0 )
	{
		$_SESSION['error_list'] = &$error_list;
		header('Location:page1.php');
		return false;
	}
//----------------------------------------
	mysql_connect('localhost','root','root') or die(mysql_error());
	mysql_select_db('users') or die(mysql_error());
	
	$safe_username = mysql_real_escape_string($_POST['username']);
	$safe_email = mysql_real_escape_string($_POST['email']);	
												  
	$query_username = mysql_query("SELECT username WHERE username=\"$safe_username\"");
	$query_email = mysql_query("SELECT email WHERE email=\"$safe_email\"");
//----------------------------------------		
	if( mysql_num_rows($query_username) != 0 )
		array_push(&$error_list, "<li>username already exists</li>");
	
	if( mysql_num_rows($query_email) !=0 )
		array_push(&$error_list, "<li>email already exists</li>");
		
	if( (mysql_num_rows($query_username) || mysql_num_rows($query_email)) !=0 ) return false;
//----------------------------------------	
	array_push(&$error_data, "registration data correct");
	return true;		
}		   
//===========================================================================================================	  
?>

mysql:

<?php
	mysql_connect('localhost','root','root') or die(mysql_error());
	mysql_query("CREATE DATABASE users") or die(mysql_error());
	mysql_select_db('users') or die(mysql_error());
	
	$user_info = "CREATE TABLE user_info (  user_id INT(5) NOT NULL AUTO_INCREMENT,
			username VARCHAR(15) NOT NULL UNIQUE,
			password VARCHAR(20) NOT NULL,
			mail VARCHAR(40) NOT NULL UNIQUE,
			ip VARCHAR(15) NOT NULL,
			activated VARCHAR(1) NOT NULL DEFAULT 0,
			session_id VARCHAR(32) NOT NULL,
			PRIMARY KEY(user_id)
			)";
	mysql_query($user_info) or die(mysql_error());
?>

php

2 Contributors
9 Replies
222 Views
1 Day Discussion Span
Latest Post 15 Years Ago Latest Post by Lensva

All 9 Replies

mschroeder 251 Bestower of Knowledge

15 Years Ago

in you functions you add string data to $_SESSION instead of actually making $_SESSION an array of multiple errors.

Then when you call foreach it is not finding an array because one does not exist.

Try adding [] after each place where you add error data to the error_list session value. This will create a numerically indexed array of multiple errors. $_SESSION[] = $error_data;

mschroeder 251 Bestower of Knowledge

15 Years Ago

I wasn't sure what you were doing on line 101 I assumed you were basically looking to see if there was an error and if so you were redirecting to page1 to handle the errors.

In which case you would want to do something like if (!empty( $_SESSION )){ //redirect code }

if you do a print_r($_SESSION); what is the structure that is being returned.

mschroeder 251 Bestower of Knowledge

15 Years Ago

in your parameter_check function
$_SESSION[] = $error_list;

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Lensva -6 Junior Poster in Training · Answer 1 · 2009-01-12T20:37:04+00:00

mschroeder,
added the [ ] tags on lines 17 and 101, however now when all data is entered, no matter valid or not, the output on page1 is

Array

Lensva -6 Junior Poster in Training · Answer 2 · 2009-01-12T21:00:28+00:00

to make it more clear to you and others,
lines 99-104 check if there are errors in functions
non_db_username_check(&$error_list);
password_check(&$error_list);
non_db_email_check(&$error_list);
so that if there are, there wouldnt be connection to mysql, else it conects;
changed it to

function mysql_data_check(&$error_list)
{
	if( !empty($_SESSION['error_list']) )
	{
		$_SESSION['error_list'][] = &$error_list;
		header('Location:page1.php');
		return false;
	}

like you suggested, however the output on page1 is the same

EDIT: ok the output in fact changed, but not for the better, more errors, all coming from the function mysql_data_check(&$error_list)

EDIT EDIT: sample data filled after changed were made:
username: user1; password:user1; password_verify:user2; email: user1
output on page2

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Users\admin\Desktop\xampp\xampp\htdocs\examples\user registration\page2.php on line 115

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Users\admin\Desktop\xampp\xampp\htdocs\examples\user registration\page2.php on line 118

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Users\admin\Desktop\xampp\xampp\htdocs\examples\user registration\page2.php on line 121

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Users\admin\Desktop\xampp\xampp\htdocs\examples\user registration\page2.php on line 121

Warning: array_push() [function.array-push]: First argument should be an array in C:\Users\admin\Desktop\xampp\xampp\htdocs\examples\user registration\page2.php on line 123

Warning: Cannot modify header information - headers already sent by (output started at C:\Users\admin\Desktop\xampp\xampp\htdocs\examples\user registration\page2.php:115) in C:\Users\admin\Desktop\xampp\xampp\htdocs\examples\user registration\page2.php on line 18

Lensva -6 Junior Poster in Training · Answer 3 · 2009-01-13T02:06:08+00:00

===major update===
after fixing a few bugs the situation seems for the much better;
updated version:

<?php 
	session_start(); 
	$error_list = array();
//delete session==========================================================================================	
	if( isset($_POST['delete_session']) ) 
	{
		session_destroy();
		header('Location:page1.php');
	}
//validation start===============================================================================	
	if( parameter_check(&$error_list) )
	{
		non_db_username_check(&$error_list);
		password_check(&$error_list);
		non_db_email_check(&$error_list);
		mysql_data_check(&$error_list);
		$_SESSION['error_list'][] = $error_list;
		header('Location:page1.php');
	}
	else 
	{
		$_SESSION['error_list'] = $error_list;
		header('Location:page1.php');
	}
	
//functions================================================================================================
function parameter_check(&$error_list)
{
	if( (isset($_POST['submit']) ) &&
		(!empty($_POST['username']) ) &&
		(!empty($_POST['password']) ) &&
		(!empty($_POST['password_verify']) ) &&
		(!empty($_POST['email']) ) );
	else 
	{
		array_push(&$error_list, "<li>fill in all fields</li>");
		return false;
	}
	return true;
}
//===========================================================================================================
function non_db_username_check(&$error_list)
{
	$username = $_POST['username'];
//----------------------------------------
	if( (strlen($username) >= 3) && (strlen($username) <= 15));
	else 
		{
			array_push(&$error_list, "<li>enter 3 - 15 characters username</li>");
			 return false;
		}
//----------------------------------------	
	if( !ereg("^[A-Za-z0-9.-_]$",$username)) 
		{ 
			array_push(&$error_list, "<li>invalid characters in username</li>");
			return false;
		}
//----------------------------------------
	return true;
}
//===========================================================================================================
function password_check(&$error_list)
{
	$password1 = $_POST['password'];
	$password2 = $_POST['password_verify'];
//----------------------------------------	
	if( strcmp($password1,$password2) != 0)
	{
		array_push(&$error_list, "<li>passwords dont match</li>");
		return false;
	}
//----------------------------------------	
	if( (strlen($password1) >= 5) && (strlen($password1) <= 20));
	else 
	{
		array_push(&$error_list, "<li>enter 3 - 20 characters password</li>");
		return false;
	}			
//----------------------------------------
	return true;
}
//===========================================================================================================
function non_db_email_check(&$error_list)
{
	$email = $_POST['email'];
//----------------------------------------
	if( ereg("^[^.] [A-Za-z0-9.-_]{1,20} @ [^@.][A-Za-z0-9.-_]{1,40}$",$email) );
	else	
	{
		array_push(&$error_list, "<li>email is invalid</li>");
		return false;
	}
//----------------------------------------
	return true;
}
//===========================================================================================================
function mysql_data_check(&$error_list)
{
	if( !empty($_SESSION['error_list']) )
	{
		$_SESSION['error_list'][] = &$error_list;
		header('Location:page1.php');
		return false;
	}
//----------------------------------------
	mysql_connect('localhost','root','root') or die(mysql_error());
	mysql_select_db('users') or die(mysql_error());
	
	$safe_username = mysql_real_escape_string($_POST['username']);
	$safe_email = mysql_real_escape_string($_POST['email']);	
												  
	$query_username = mysql_query("SELECT username FROM user_info WHERE username=\"$safe_username\"") or die(mysql_error());
	$query_email = mysql_query("SELECT email FROM user_info WHERE email=\"$safe_email\"") or die(mysql_error());
//----------------------------------------		
	if( mysql_num_rows($query_username) != 0 )
		array_push(&$error_list, "<li>username already exists</li>");
	
	if( mysql_num_rows($query_email) !=0 )
		array_push(&$error_list, "<li>email already exists</li>");
		
	if( (mysql_num_rows($query_username) || mysql_num_rows($query_email)) !=0 ) return false;
//----------------------------------------	
 	array_push(&$error_list, "registration data correct");

	return true;		
}		   
//===========================================================================================================	  
?>

page2 seems to be working, however on page1 $_SESSION displays

ArrayArray

('Array' number varies) instead of the actual messages. unless the form is submited empty, then everything works

mschroeder 251 Bestower of Knowledge Team Colleague · Answer 4 · 2009-01-13T02:17:25+00:00

that is because in the mysql_data_check function you are doing this:

$_SESSION[] = &$error_list;

which i believe is setting and entry of $_SESSION equal to an array. you don't need the []'s there

Produces:

$_SESSION = array(
1 => array (
1=> 'Error #1';
),
2 => array (
1 => 'Error #1',
2 => 'Error #2'
)
);

The only place you need the []'s is when you do $_SESSION[] = $error_data; This way you end up with one array that contains each error message.

Produces:
$_SESSION = array (
1 => 'Error #1',
2 => 'Error #2'
);

Lensva -6 Junior Poster in Training · Answer 5 · 2009-01-13T02:36:35+00:00

did as you adviced changed

function mysql_data_check(&$error_list)
{
	if( !empty($_SESSION['error_list']) )
	{
		$_SESSION['error_list'] = &$error_list;
		header('Location:page1.php');
		return false;
	}

and

$_SESSION['error_list'][] = $error_list;

seems it helped for the most part, but when i enter all data incorectly it displays:

[LIST]
[*]invalid characters in username
[*] passwords dont match
[*] email is invalid
[/LIST]
Array

one last piece of error somewhere i think

Lensva -6 Junior Poster in Training · Answer 6 · 2009-01-13T21:20:21+00:00

with the major guidance mschroeder provided i was able to cleanse my code of errors;
case solved - thx again

php user registration

Recommended Answers Collapse Answers

All 9 Replies

Recommended Answers