just aftee a little help, i’ve have created a form which registers details to a members table. It also has some simple checks which makes sure the passwords is correct, username doesnt already exist and so on. If any of this is detected it throws an error. What i want is to be able to keep the existing value in the input fields when an error is echoed. Ive managed to get this to work with a basic input field but cant work out how to do it with a drop down menu. Any help would greatly be appreciated and also if any was has the time could you advise me on any more security which could be added. I know it can never be 100% secure but any help would be appreciated. thank you
<?php
//database connect
require 'connection.php';
//set error defaults
$missingfields = "false";
$nopassmatch = "false";
$userexists = "false";
$passwordcheck = "false";
//declare variables
$username = '';
$fname = '';
$sname = '';
$dob = '';
$address1 = '';
$city = '';
$postcode = '';
$tel = '';
$mobile = '';
$email = '';
$qualification = '';
$sex = '';
if (isset($_POST["submit1"])){
$username = $_POST["username"];
$password = $_POST["password"];
$password2 = $_POST["password2"];
$fname = $_POST["fname"];
$sname = $_POST["sname"];
$dob = $_POST["dob"];
$qualification = $_POST["qualification"];
$sex = $_POST["sex"];
$address1 = $_POST["addressone"];
$city = $_POST["city"];
$postcode = $_POST["postcode"];
$tel = $_POST["tel"];
$mobile = $_POST["mobile"];
$email = $_POST["email"];
//protection
$values = $_POST;
foreach ($values as &$value) {
$value = mysql_real_escape_string($value);
}
//combine address for table input
$address = ($address1.",".$city.",".$postcode);
//check usernname field with table
$checkuser = mysql_query("SELECT username FROM members WHERE username='$username'");
$username_exists = mysql_num_rows($checkuser);
//check password for incorrect characters
//encrypt password
$salt = 'f78d45t55';
$encryptedpassword = sha1($salt . $password);
//check for empty fields
if($username == NULL|$password == NULL|$password2 == NULL|$fname == NULL|$sname == NULL|$dob == NULL|$email == NULL) {
$missingfields = "true";
}else
//check pass match
if($password != $password2) {
$nopassmatch = "true";
//check passwords correct formation
}else if(strlen($password)<8){
$passwordcheck = "true";
}else if(!preg_match("#[a-z]+#", $password)) {
$passwordcheck = "true";
}else if(!preg_match("#[0-9]+#", $password)) {
$passwordcheck = "true";
//check for username
}else if($username_exists) {
$userexists = "true";
}else{
$query ="INSERT INTO members (username, password, fname, sname, dob, qualification, address, tel, mobile, email)
VALUES('$username','$encryptedpassword','$fname','$sname','$dob','$qualification','$address','$tel','$mobile','$email')"; mysql_query($query)
or die(mysql_error());
}
}
?>
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Roboto+Condensed|Kavoon">
<style type="text/css">
body { color:#fff; background-color:#000; margin:0 auto; width:1024px; }
#registerform { display:block; }
#registerd {
margin:auto 0;
width:1024px;
font-family:"Kavoon", Courier, monospace;
}
#registerd legend {
font-size:18px;
}
#register {
width:1024px;
height:auto:
margin:0 auto;
}
#register fieldset { width:400px; float:left;}
#about {
}
#register input {
display:block;
width:200px;
height:auto;
}
#register input:active { background-color:#0FF; color:#000; }
#register label {
font-family:"Roboto Condensed", Courier, monospace;
font-size:16px;
}
#register legend {
font-family:"Kavoon", Courier, monospace;
}
.error {
font-family:"Kavoon", Courier, monospace;
color:red;
}
#formerrors { color:red; margin-top:10px; font-family:"arial", Courier, monospace; font-size:16px; font-weight:bolder; }
</style>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Register form</title>
</head>
<body>
<div id="formerrors"><?php if($missingfields == "true"){
echo "You have not filled in all the manditory fields";
}
if($nopassmatch == "true"){
echo "<p class=error>The passwords you entered do not match.</p>";
}
if($userexists == "true"){
echo "<p class=error>The username: <strong>$username</strong> already exists. Please choose an alternative.</p>";
}
if($passwordcheck == "true"){
echo "<p class=error>Your password must be 8 or more characters and contain at least one numeric and one alpha numeric character.</p>";
}
?><fieldset id="reisterform">
<legend>Register</legend>
<form id="register" name="register" action="register.php" method="post">
<p style= color:#fff>All fields marked with a * are mandatory</p>
<fieldset id="login">
<legend>Log in details</legend>
<label >Username*</label><input type="text" name="username" value="<?php print($username); ?>" />
<label>Password*</label><input type="password" name="password" />
<label>Confirm Password*</label><input type="password" name="password2" />
</fieldset>
<fieldset id="Contactdet">
<legend>Contact Details</legend>
<label>Address</label><input type="text" name="addressone" value="<?php print($address1); ?>"/>
<label>City/Town</label><input type="text" name="city" value="<?php print($city); ?>"/>
<label>Postcode</label><input type="text" name="postcode" value="<?php print($postcode); ?>"/>
<label>Telephone</label><input type="text" name="tel" value="<?php print($tel); ?>"/>
<label>Mobile Number</label><input type="text" name="mobile" value="<?php print($mobile); ?>"/>
<label>Email*</label><input type="text" name="email" value="<?php print($email); ?>"/>
</fieldset>
<fieldset id="about">
<legend>About Me</legend>
<label>First Name*</label><input type="text" name="fname" value="<?php print($fname); ?>" />
<label>Second Name*</label><input type="text" name="sname" value="<?php print($sname); ?>"/>
<label>D.O.B* e.g. 26/04/87</label><input type="text" name="dob" value="<?php print($dob); ?>"/>
<label>Sex:*</label></br><select name="sex" size="1" value="<?php print($sex); ?>">
<option value="Female">Female</option>
<option value="Male">Male</option>
</select></br>
<label>Qualification*</label></br><select name="qualification" size="1" value="<?php print($qualification); ?>">
<option value="open water">Open water</option>
<option value="Advanced open water"> Advanced Open water</option>
<option value="Rescue diver">Rescue Diver</option>
<option value="Divemaster">Divemaster</option>
<option value="Instructor">Instructor</option>
<option value="Course Director">Course Director</option>
<option value="other">other</option>
</select>
</fieldset>
<input type="submit" value="Register" class="submit1" name="submit1"/>
<input type="reset" value="Reset" class="submit1"/>
</form><!----end of form--->
</fieldset>
</body>
</html>