Please help me with my confirmation email scripts (scripts included)

**Rosalie** · 08-11-2010, 05:22 PM

This is part of my data:

Code:

	//If there are input validations, redirect back to the registration form
	if($errflag) {
		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
		session_write_close();
		header("location: register-form.php");
		exit();
	}

and this is data in my: register-form.php

<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>

**bluewalrus** · 08-11-2010, 05:40 PM

I'd need to see the form but basically. If it were...

Code:

<form action="this.php" method="post">
Name: <input type="text" name="name" />
Address: <input type="text" name="address" />
</form>

this.php

PHP Code:


<?php
$error = false;
$errormsg = "";
if(isset($_POST['name']) {
$name = $_POST['name'];
} else {
$error = true;
$errormsg = "name ";
}
if(isset($_POST['address']) {
$address = $_POST['address'];
} else {
$error = true;
$errormsg = $errormsg . "address";
}
if ($error) {
echo "please enter $errormsg.";
?>
<form action="this.php" method="post">
Name: <input type="text" name="name" <?php if(isset($name)){ echo "value=\"$name\"";}?> />
Address: <input type="text" name="address" <?php if(isset($address)){ echo "value=\"$address\"";}?> />
</form>
<?php
} else {
//process cause correct
}
?>

**Rosalie** · 08-11-2010, 06:38 PM

Bluewalrus,
Thanks a lot for taking the time to help me out. I have been trying and trying with your suggestion however it is still not working. Every time I forget to fill in something I get the error message but all the other info disappears. I will show you my code and hope you have time to look

Thank you very much in advance.

Originally Posted by bluewalrus

I'd need to see the form but basically. If it were...

Code:

<form action="this.php" method="post">
Name: <input type="text" name="name" />
Address: <input type="text" name="address" />
</form>

this.php

PHP Code:


<?php

$error = false;

$errormsg = "";

if(isset($_POST['name']) {

$name = $_POST['name'];

} else {

$error = true;

$errormsg = "name ";

}

if(isset($_POST['address']) {

$address = $_POST['address'];

} else {

$error = true;

$errormsg = $errormsg . "address";

}

if ($error) {

echo "please enter $errormsg.";

?>

<form action="this.php" method="post">

Name: <input type="text" name="name" <?php if(isset($name)){ echo "value=\"$name\"";}?> />

Address: <input type="text" name="address" <?php if(isset($address)){ echo "value=\"$address\"";}?> />

</form>

<?php

} else {

//process cause correct

}

?>

**Rosalie** · 08-11-2010, 06:43 PM

registration-form.html

Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Form</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
</body>
  </table>
<?php
	if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
		echo '<ul class="err">';
		foreach($_SESSION['ERRMSG_ARR'] as $msg) {
			echo '<li>',$msg,'</li>'; 
		}
		echo '</ul>';
		unset($_SESSION['ERRMSG_ARR']);
	}
?>
<form id="loginForm" name="loginForm" method="post" action="reg.php">
  <table width="405" border="0" align="left" cellpadding="2" cellspacing="0">
    <tr>
      <th><div align="left">Name</div></th>
      <td><input name="name" type="text" class="textfield" id="name" size="45" /></td>
    </tr>
    <tr>
      <th><div align="left">Email </div></th>
      <td><input name="email" type="text" class="textfield" id="email" size="45" /></td>
    </tr>
  <tr>
      <th><div align="left">Confirm email </div></th>
      <td><input name="confemail" type="text" class="textfield" id="confemail" size="45" /></td>
    </tr>
    <tr>
      <th><div align="left">Password </div></th>
      <td><input name="pw" type="password" class="textfield" id="pw" size="45" /></td>
    </tr>
    </tr>
    <tr>
      <th><div align="left">Confirm Password </div></th>
      <td><input name="confpw" type="password" class="textfield" id="confpw" size="45" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Register" /></td>
    </tr>
  </table>
</form>


</body>
</html>

reg.php

PHP Code:


<?php

include('confform.php');
    //Start session
    session_start();

    //Array to store validation errors
    $errmsg_arr = array();
    
    //Validation error flag
    $errflag = false;

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }
    

//Sanitize the POST values
    $name = clean($_POST['name']);
    $email = clean($_POST['email']);
    $confemail = clean($_POST['confemail']);

//Input Validations
    if($name == '') {
        $errmsg_arr[] = 'Name missing';
        $errflag = true;
    }
    if($email == '') {
        $errmsg_arr[] = 'Email missing';
        $errflag = true;
    }
    if($confemail == '') {
        $errmsg_arr[] = 'Confirmation email missing';
        $errflag = true;
    }
    if($pw == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }
    if($confpw == '') {
        $errmsg_arr[] = 'Confirmation password missing';
        $errflag = true;
    }
    
    //If there are input validations, redirect back to the registration form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: register-form.php");
        exit();
    }
    
    
//test to see if username is alphanumeric
$test=$_POST['name'];

if(!eregi("[^A-Za-z0-9]",$test))
{


   $query="SELECT * FROM mfc WHERE name ='$_POST(name)'";
   $result=mysql_query($query);
   $num=mysql_num_rows($result);
   
   if($num == 0)
   {
      
         $query2="SELECT * FROM mfc WHERE name ='$_POST(email)'";
         $result2=mysql_query($query2);
         $num2=mysql_num_rows($result2);
   
         if ($num2 == 0)
         {
            if(($_POST[pw]==$_POST[confpw])&&($_POST[email]==$_POST[confemail]))
         
            {
               $confirm_code=md5(uniqid(rand()));
               
               
               $name=strip_tags($_POST['name']);
               $email=strip_tags($_POST['email']);
               $pw=strip_tags($_POST['pw']);
               

               
               $sql="INSERT INTO tmp SET code='$confirm_code', name='$name', email='$email', pw='$pw'";
               $result=mysql_query($sql);
               
                  if($result)
                  {
                  $message="Your Confirmation link \r\n";
                  $message.="Click on this link to activate your account \r\n";
                  $message.="http://----------.com/confirmation.php?passkey=$confirm_code";
                  
                  $sent_mail = mail("$email", "Registration Confirmation", "$message");
                  header("Location:thankyou.html");
                  }
                  else
                  {
                   echo "Not found your e-mail in our database";
                  }
                  
                  if($sentmail)
                  {
                  echo "Your Confirmation link has been sent to your e-mail account";
                  }
                  else
                  {
                  echo "cannot send confirmation link to your e-mail adress";
                  }
            }
         }
         else
         {
         header("location:badmatch.html");                              
         }
   }   
   else
   {
   header("Location:emailinuse.html");
   }
      
      
}   
else
{
header("Location:nameinuse.html");
}

?>

**Rosalie** · 08-11-2010, 09:09 PM

I have a good working register script.
When people leave one field blank they get the message that they have to fill in all the fields. I do this with the following code:

Code:

//Sanitize the POST values
	$name = clean($_POST['name']);
	$email = clean($_POST['email']);
	$confemail = clean($_POST['confemail']);

//Input Validations
	if($name == '') {
		$errmsg_arr[] = 'Name missing';
		$errflag = true;
	}
	if($email == '') {
		$errmsg_arr[] = 'Email missing';
		$errflag = true;
	}
	if($confemail == '') {
		$errmsg_arr[] = 'Confirmation email missing';
		$errflag = true;
	}
	if($pw == '') {
		$errmsg_arr[] = 'Password missing';
		$errflag = true;
	}
	if($confpw == '') {
		$errmsg_arr[] = 'Confirmation password missing';
		$errflag = true;
	}

	//If there are input validations, redirect back to the registration form
	if($errflag) {
		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
		session_write_close();
		header("location: register-form.php");
		exit();
}

The problem is that all the information that already was entered.. disappears.
I want to solve this with the following php, but I don´t know where to place it in the script.

PHP Code:


?> 

<form action="this.php" method="post"> 

Name: <input type="text" name="name" <?php if(isset($name)){ echo "value=\"$name\"";}?> /> 

Address: <input type="text" name="address" <?php if(isset($address)){ echo "value=\"$address\"";}?> /> 

</form> 

<?php

**bluewalrus** · 08-11-2010, 09:53 PM

Dont post the same question multiple times. Someone will answer you when they have a chance. I don't have a chance now.

**bluewalrus** · 08-12-2010, 02:17 AM

I'd recommend a mod merge these two threads and delete the third and any others.

PHP Code:


<?php

//Sanitize the POST values

    if (isset($_POST['name'])) {

        $name = clean($_POST['name']);

    }

    if (isset($_POST['email'])) {

        $email = clean($_POST['email']);

    }

    if (isset($_POST['confemail'])) {

        $confemail = clean($_POST['confemail']);

    }

//Input Validations

    if($name == '') {

        $errmsg_arr[] = 'Name missing';

        $errflag = true;

    }

    if($email == '') {

        $errmsg_arr[] = 'Email missing';

        $errflag = true;

    }

    if($confemail == '') {

        $errmsg_arr[] = 'Confirmation email missing';

        $errflag = true;

    }

//THESE AREN'T DELCARED    v

    if($pw == '') {

        $errmsg_arr[] = 'Password missing';

        $errflag = true;

    }

    if($confpw == '') {

        $errmsg_arr[] = 'Confirmation password missing';

        $errflag = true;

    }

    if ($pw != $confpw) {

        $errmsg_arr[] = 'Passwords don\'t match.';

        $errflag = true;

    }

//THESE AREN'T DELCARED    ^

    //If there are input validations, redirect back to the registration form

    if($errflag) {

        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;

        session_write_close();

    ?>

     <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">

    Name: <input type="text" name="name" <?php if ($name != "") { echo "value=\"$name\"";}?> /><br />

    Email: <input type="text" name="email" <?php if ($name != "") { echo "value=\"$email\"";}?> /><br />

     Confirm Email: <input type="text" name="confemail" <?php if ($name != "") { echo "value=\"$confemail\"";}?> /><br />

    Password: <input type="password" name="pw" <?php if ($name != "") { echo "value=\"$pw\"";}?>/><br />

    Confirm Password: <input type="password" name="confpw" <?php if ($name != "") { echo "value=\"$confpw\"";}?> /><br />

     <input type="submit" />

    </form>

     <?php

        exit();

}

?>

**Rosalie** · 08-14-2010, 07:29 PM

Thank you so much bluewalrus. I managed to make the script working.

However I still have one question. When there is an error message (for example: name missing) the message is displayed boring in black. I wanted to add a css file so that I could colour it, however it gives the message: cannot modify header information. Does anyone knows how to solve this?

Thanks very much!

**Rosalie** · 08-14-2010, 07:31 PM

This is my script:

PHP Code:


<?php
    session_start();

include('confform.php');

    //Array to store validation errors
    $errmsg_arr = array();
    
    //Validation error flag
    $errflag = false;

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }
    

//Sanitize the POST values 
    if (isset($_POST['name'])) { 
        $name = clean($_POST['name']); 
    } 
    if (isset($_POST['email'])) { 
        $email = clean($_POST['email']); 
    } 
    if (isset($_POST['confemail'])) { 
        $confemail = clean($_POST['confemail']); 
    } 
//Input Validations 
    if($name == '') { 
        $errmsg_arr[] = 'Name missing'; 
        $errflag = true; 
    } 
    if($email == '') { 
        $errmsg_arr[] = 'Email missing'; 
        $errflag = true; 
    } 
    if($confemail == '') { 
        $errmsg_arr[] = 'Confirmation email missing'; 
        $errflag = true; 
    } 
//THESE AREN'T DELCARED    v 
    if($pw == '') { 
        $errmsg_arr[] = 'Password missing'; 
        $errflag = true; 
    } 
    if($confpw == '') { 
        $errmsg_arr[] = 'Confirmation password missing'; 
        $errflag = true; 
    } 
    if ($pw != $confpw) { 
        $errmsg_arr[] = 'Passwords don\'t match.'; 
        $errflag = true; 
    } 
//THESE AREN'T DELCARED    ^ 
    //If there are input validations, redirect back to the registration form 
    if($errflag) { 
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr; 
        session_write_close(); 
    ?> 
    <?php
    if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
        echo '<ul class="err">';
        foreach($_SESSION['ERRMSG_ARR'] as $msg) {
            echo '<li>',$msg,'</li>'; 
        }
        echo '</ul>';
        unset($_SESSION['ERRMSG_ARR']);
    }
?>
     <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> 
    Name: <input type="text" name="name" <?php if ($name != "") { echo "value=\"$name\"";}?> /><br /> 
    Email: <input type="text" name="email" <?php if ($email != "") { echo "value=\"$email\"";}?> /><br /> 
     Confirm Email: <input type="text" name="confemail" <?php if ($confemail != "") { echo "value=\"$confemail\"";}?> /><br /> 
    Password: <input type="password" name="pw" <?php if ($pw != "") { echo "value=\"$pw\"";}?>/><br /> 
    Confirm Password: <input type="password" name="confpw" <?php if ($confpw != "") { echo "value=\"$confpw\"";}?> /><br /> 
     <input type="submit" /> 
      </table>
    </form> 
     <?php 
        exit(); 
} 

    
//test to see if username is alphanumeric
$test=$_POST['name'];

if(!eregi("[^A-Za-z0-9]",$test))
{


   $query="SELECT * FROM mfc WHERE name ='$_POST(name)'";
   $result=mysql_query($query);
   $num=mysql_num_rows($result);
   
   if($num == 0)
   {
      
         $query2="SELECT * FROM mfc WHERE name ='$_POST(email)'";
         $result2=mysql_query($query2);
         $num2=mysql_num_rows($result2);
   
         if ($num2 == 0)
         {
            if(($_POST[pw]==$_POST[confpw])&&($_POST[email]==$_POST[confemail]))
         
            {
               $confirm_code=md5(uniqid(rand()));
               
               
               $name=strip_tags($_POST['name']);
               $email=strip_tags($_POST['email']);
               $pw=strip_tags($_POST['pw']);
               

               
               $sql="INSERT INTO tmp SET code='$confirm_code', name='$name', email='$email', pw='$pw'";
               $result=mysql_query($sql);
               
                  if($result)
                  {
                  $message="Your Confirmation link \r\n";
                  $message.="Click on this link to activate your account \r\n";
                  $message.="http://------------.com/confirmation.php?passkey=$confirm_code";
                  
                  $sent_mail = mail("$email", "Registration Confirmation", "$message");
                  header("Location:thankyou.html");
                  }
                  else
                  {
                   echo "Not found your e-mail in our database";
                  }
                  
                  if($sentmail)
                  {
                  echo "Your Confirmation link has been sent to your e-mail account";
                  }
                  else
                  {
                  echo "cannot send confirmation link to your e-mail adress";
                  }
            }
         }
         else
         {
         header("location:badmatch.html");                              
         }
   }   
   else
   {
   header("Location:emailinuse.html");
   }
      
      
}   
else
{
header("Location:nameinuse.html");
}

?>

**djr33** · 08-15-2010, 04:38 AM

All text output to the browser (anything in the source code, including content, html tags, and even blank lines/spaces) must occur after any "header" functions. Usually this is header(), but it can also happen with functions like start_session() and setcookie() because they use HTTP headers too.
This is because the browser first receives HTTP headers (they tell the browser what to do), then it receives the text data (this is just the content, displayed according to the headers).

Therefore, if you send a header after you send text, it will not work and PHP will display an error message.

The solution may not be easy because you must entirely re-order your script: any header functions MUST go first, and any text output must go after that.

In other words, you may not display your errors before you have done the header redirects.

Depending on how this changes your system, it may require using a different method for the errors or the redirects, or both...