6

I made a registration validation in PHP and I'm troubleshooting each field to see if the code works to par. When I press the submit button the only part not working is the password / confirm password code block. I've been troubleshooting for hours and can't seem to find the issue.

Is possible someone can point out the issue? Thanks.

<?php
// define variables and set to empty values
$emailErr = $userErr = $passwordErr = $cpasswordErr = $firstErr = $lastErr = $teamErr = "";
$email = $username = $password = $cpassword = $firstname = $lastname = $teamname = "";

// The preg_match() function searches a string for pattern, returning true if the pattern exists, and false otherwise.
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    //Validates email
    if (empty($_POST["email"])) {
        $emailErr = "You Forgot to Enter Your Email!";
    } else {
        $email = test_input($_POST["email"]);
        // check if e-mail address syntax is valid
        if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
            $emailErr = "You Entered An Invalid Email Format"; 
        }
    }
    //Validates Username
    if (empty($_POST["username"])) {
        $userErr = "You Forgot to Enter Your Username!";
    } else {
        $username = test_input($_POST["username"]);
        }
    //Validates password & confirm passwords.
    if(!empty($_POST["password"]) && ($_POST["password"] == $_POST["cpassword"])) {
        $password = test_input($_POST["password"]);
        $cpassword = test_input($_POST["cpassword"]);
        if (strlen($_POST["password"]) <= '8') {
            $passwordErr = "Your Password Must Contain At Least 8 Characters!";
        }
        elseif(!preg_match("#[0-9]+#",$password)) {
            $passwordErr = "Your Password Must Contain At Least 1 Number!";
        }
        elseif(!preg_match("#[A-Z]+#",$password)) {
            $passwordErr = "Your Password Must Contain At Least 1 Capital Letter!";
        }
        elseif(!preg_match("#[a-z]+#",$password)) {
            $passwordErr = "Your Password Must Contain At Least 1 Lowercase Letter!";
        } else {
            $cpasswordErr = "Please Check You've Entered Or Confirmed Your Password!";
        }
    }
    //Validates firstname
    if (empty($_POST["firstname"])) {
        $firstErr = "You Forgot to Enter Your First Name!";
    } else {
        $firstname = test_input($_POST["firstname"]);
        //Checks if name only contains letters and whitespace
        if (!preg_match("/^[a-zA-Z ]*$/",$firstname)) {
            $firstErr = "Only letters and white space allowed"; 
        }
    }
   if (empty($_POST["lastname"])) {
        $lastErr = "You Forgot to Enter Your Last Name!";
    } else {
        $lastname = test_input($_POST["lastname"]);
        //Checks if name only contains letters and whitespace
        if (!preg_match("/^[a-zA-Z ]*$/",$lastname)) {
            $lastErr = "Only letters and white space allowed"; 
        }
    }
    if (empty($_POST["teamname"])) {
        $teamErr = "You Forgot to Enter Your Team Name!";
    } else {
        $teamname = test_input($_POST["teamname"]);
    }
}
/*Each $_POST variable with be checked by the function*/
function test_input($data) {
     $data = trim($data);
     $data = stripslashes($data);
     $data = htmlspecialchars($data);
     return $data;
}
?>
Improve this question
7
  • 2
    How does it not work? Commented Mar 20, 2014 at 20:24
  • all your validations are a problem there are names, email address that would fail, just let the user decide what to use. Commented Mar 20, 2014 at 20:29
  • @John Conde when I press submit no message is display. I'm purposely leaving the field empty and the passwords and confirm pw display no message. All the other field display the proper message and even the regexp are working. Commented Mar 20, 2014 at 20:47
  • @dagon The regex I have implemented does work when I submit the form, I have tested it already. It's just when I troubleshoot the password code block for each situation - no message is being display. Commented Mar 20, 2014 at 20:48
  • It is not a good idea to be so restrictive with passwords. First you narrow down the range of possible passwords, then people normally fall back to weak passwords if they are forced to follow too many rules, Password2014 would easily pass your test. If you want to test for minimum length is should be if (strlen($_POST["password"]) < 8) instead. Commented Mar 20, 2014 at 20:49

4 Answers 4

Reset to default
23 
if(!empty($_POST["password"]) && ($_POST["password"] == $_POST["cpassword"])) {
    $password = test_input($_POST["password"]);
    $cpassword = test_input($_POST["cpassword"]);
    if (strlen($_POST["password"]) <= 8) {
        $passwordErr = "Your Password Must Contain At Least 8 Characters!";
    }
    elseif(!preg_match("#[0-9]+#",$password)) {
        $passwordErr = "Your Password Must Contain At Least 1 Number!";
    }
    elseif(!preg_match("#[A-Z]+#",$password)) {
        $passwordErr = "Your Password Must Contain At Least 1 Capital Letter!";
    }
    elseif(!preg_match("#[a-z]+#",$password)) {
        $passwordErr = "Your Password Must Contain At Least 1 Lowercase Letter!";
    } else {
        $cpasswordErr = "Please Check You've Entered Or Confirmed Your Password!";
    }
}

Should be:

if(!empty($_POST["password"]) && ($_POST["password"] == $_POST["cpassword"])) {
    $password = test_input($_POST["password"]);
    $cpassword = test_input($_POST["cpassword"]);
    if (strlen($_POST["password"]) <= '8') {
        $passwordErr = "Your Password Must Contain At Least 8 Characters!";
    }
    elseif(!preg_match("#[0-9]+#",$password)) {
        $passwordErr = "Your Password Must Contain At Least 1 Number!";
    }
    elseif(!preg_match("#[A-Z]+#",$password)) {
        $passwordErr = "Your Password Must Contain At Least 1 Capital Letter!";
    }
    elseif(!preg_match("#[a-z]+#",$password)) {
        $passwordErr = "Your Password Must Contain At Least 1 Lowercase Letter!";
    }
}
elseif(!empty($_POST["password"])) {
    $cpasswordErr = "Please Check You've Entered Or Confirmed Your Password!";
} else {
     $passwordErr = "Please enter password   ";
}

Your check for the non-matching passwords was within an if that checked to see if they matched.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I can't edit the answer. It's almost correct so I'm up voting this answer too. Just change password length condtion. 8 should be INT and not Char. Using less than or equal sign will invalidate the password even if it already have 8 characters in length. It should compare using the less than symbol so it will be like " $pass < 8" not "$pass <= '8'". Happy coding!
What is test_input()?
I don't know but it was in the OP's code so I assume it was a function defined somewhere else in the code.
4

Use As provided :

if(!empty($_POST["password"]) && $_POST["password"] != "" ){

    if (strlen($_POST["password"]) <= '8') {
        $err .= "Your Password Must Contain At Least 8 Digits !"."<br>";
    }
    elseif(!preg_match("#[0-9]+#",$_POST["password"])) {
        $err .= "Your Password Must Contain At Least 1 Number !"."<br>";
    }
    elseif(!preg_match("#[A-Z]+#",$_POST["password"])) {
        $err .= "Your Password Must Contain At Least 1 Capital Letter !"."<br>";
    }
    elseif(!preg_match("#[a-z]+#",$_POST["password"])) {
        $err .= "Your Password Must Contain At Least 1 Lowercase Letter !"."<br>";
    }
    elseif(!preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $_POST["password"])) {
        $err .= "Your Password Must Contain At Least 1 Special Character !"."<br>";
    }
}else{
    $err .= "Please Enter your password"."<br>";
}
Improve this answer

2 Comments

Ok, but why use this?
thank you this works please use this , along with this we need to add that function that mentioned in top question i.e test_input and we need to declare password error variables
3

Use code below:

if(!empty($_POST["password"]) && isset( $_POST['password'] )) {
    $password = $_POST["password"];
    $cpassword = $_POST["cpassword"];
    if (mb_strlen($_POST["password"]) <= 8) {
        $passwordErr = "Your Password Must Contain At Least 8 Characters!";
    }
    elseif(!preg_match("#[0-9]+#",$password)) {
        $passwordErr = "Your Password Must Contain At Least 1 Number!";
    }
    elseif(!preg_match("#[A-Z]+#",$password)) {
        $passwordErr = "Your Password Must Contain At Least 1 Capital Letter!";
    }
    elseif(!preg_match("#[a-z]+#",$password)) {
        $passwordErr = "Your Password Must Contain At Least 1 Lowercase Letter!";
    }
    elseif(!preg_match("#[\W]+#",$password)) {
        $passwordErr = "Your Password Must Contain At Least 1 Special Character!";
    } 
    elseif (strcmp($password, $cpassword) !== 0) {
        $passwordErr = "Passwords must match!";
    }
} else {
    $passwordErr = "Please enter password   ";
}
Improve this answer

Comments

1

I don't think regular expressions are the best solution here. I would just have a loop with boolean variables set to false before the loop (e.g. $OneLCLetter=$OneUCLetter=$OneDigit=false;), and then set to true if a certain type of character is encountered in the loop (no problem setting a variable to true multiple times). After the loop it would be simple to go through the booleans one by one to see if any are still false.

You probably also need to check for invalid characters, such as space, tab, vertical tab, NUL etc.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.