Sign Up Form Trouble?


#1

Hi,

I’m trying to create a php sign up form and I’m having some trouble with it’s “Error Handling”

When I am trying to make it have required fields, check and confirm the email addresses,passwords, and the desired username. (I haven’t added in the desired user name, yet)

The problem I’m having is that when I test the script it doesn’t do… Well any of it. It will allow me to leave all the fields blank, have different email addresses/passwords, and it still posts to my database. I am not sure where exactly I am going wrong with the script but it seems like I’m having trouble just about everywhere.

Here is my code

[php]<?php
$errorMSG="";
$companyname= “”;
$state= “”;
$zip="";
$phone="";
$username="";
$website="";
$youtube="";
$email="";
$email2="";
$password="";
$password2="";
$username="";

if (isset ($_POST[‘companyname’])){

$companyname= $_POST['companyname'];
$companytype=$_POST['companytype'];
$dropship=$_POST['dropship'	];
$country=$_POST['country'];
$state=$_POST['state'];
$zip=$_POST['zip'];
$phone=$_POST['state'];
$username=$_POST['username'];
$website=$_POST['website'];
$youtube=$_POST['youtube'];
$email=$_POST['email'];
$email2=$_POST['email2'];
$password=$_POST['password'];
$password2=$_POST['password2'];

$companyname=stripslashes($companyname);
$companytype=stripslashes($companytype);
$dropship=stripslashes($dropship);
$country=stripslashes($country);
$state=stripslashes($state);
$zip=stripslashes($zip);
$phone=stripslashes($phone);
$username=stripslashes($username);
$website=stripslashes($website);
$youtube=stripslashes($youtube);
$email=stripslashes($email);
$email2=stripslashes($email2);
$password=stripslashes($email2);
$password2=stripslashes($password2);

$companyname=strip_tags ($companyname);
$companytype=strip_tags($companytype);
$dropship=strip_tags($dropship);
$country=strip_tags($country);
$state=strip_tags($state);
$zip=strip_tags($zip);
$phone=strip_tags($phone);
$username=strip_tags($username);
$website=strip_tags($website);
$youtube=strip_tags($youtube);
$email=strip_tags($email);
$email2=strip_tags($email2);
$password=strip_tags($email2);
$password2=strip_tags($password2);

//Connect To Dataebase
include_once"includes/db_connect.php";

//Check For Duplicate Emails

$sql_email_check = mysql_query("SELECT email from members WHERE email='$email'");
$emailcheck =mysql_num_rows($sql_email_check);

if ($emailcheck > 0){ 
          $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside our database. Please use another.<br />"; 
}
//Error Handling Missing Data
if ((!$companyname) || (!$companytype) || (!$dropship) || (!$country) ||(!$state) || (!$zip) || (!$username) || (!$email) || (!$email2) ||(!$password) || (!$password2)){
	
$errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';

if(!$companyname){
	$errorMSG = 'Comany Name <br />';		
}
if(!$state){
	$errorMSG= 'State/Province <br />';	
}

if(!$zip){
	$errorMSG="Zip Code <br />";	
}

if(!$username){
	$errorMSG="Desired User Name <br />";	
}

if(!$email){
	$errorMSG="Email Address <br />";	
}

if(!$email2){
	$errorMSG="Confirm Email Address <br />";
}
if(!$password){
	$errorMSG="Password <br />";	
}
if(!$password2){
	$errorMSG="password2 <br />";		
}

else if($email !=$email2){
	$errorMSG="ERROR: Your Email Addresses Didn't Match <br />";
	print $errorMsg;	
}
else if($password != $password2){
	$errorMSG="ERROR: Your Passwords Don't Match <br />";	
}
else if ($email_check > 0){
	$errorMSG="ERROR: Your Email Address Is Already In Use<br />";	
}

}else{
	
$companyname=mysql_real_escape_string ($companyname);
$companytype=mysql_real_escape_string($companytype);
$dropship=mysql_real_escape_string($dropship);
$country=mysql_real_escape_string($country);
$state=mysql_real_escape_string($state);
$zip=mysql_real_escape_string($zip);
$phone=mysql_real_escape_string($phone);
$username=mysql_real_escape_string($username);
$website=mysql_real_escape_string($website);
$youtube=mysql_real_escape_string($youtube);
$email=mysql_real_escape_string($email);
$email2=mysql_real_escape_string($email2);
$password=mysql_real_escape_string($email2);
$password2=mysql_real_escape_string($password2);
}







 //Password Hash
$db_password=md5($password);

$sql= mysql_query("INSERT INTO members (companyname,companytype,dropship,country,state,zip,phone,username,website,youtube,email,password)
VALUES('$companyname','$companytype','$dropship','$country','$state','$zip','$phone','$username','$website','$youtube','$email','$db_password')")
or die(mysql_error());

$id=mysql_insert_id();	 
mkdir("member/$id",0755);



}
else{
	$errorMSG="Field Marked With [*] are required";
	$companyname="";
	$zip="";
	$state="";
	$email="";
	$email2="";
	$password="";
	$password2="";
	
	
}

?>[/php]


#2

here is fully defined login and sign up script check it out

http://www.maaking.com/files/maaking_users_1.2.zip


#3

why are you adding this at the beginning?
[php]
$errorMSG="";
$companyname= “”;
$state= “”;
$zip="";
$phone="";
$username="";
$website="";
$youtube="";
$email="";
$email2="";
$password="";
$password2="";
$username="";
[/php]

also I don’t see anywhere, where you actually die $errorMSG;, you need to add something like if($errorMSG){die $errorMSG;}


#4

I put that at the start of the code because I use it to remember what someone has typed in if they get an error. I got the code going I had a misplaced } closing my checks early resulting in unexpected behavior. I can’t see how much of the script I posted earlier but in the form fields value I use [php]<?php echo "$field_var"?> [/php] this allows the script to save any text the user types in so they don’t have to type it in again if there is an error.

If I don’t have the $var=""; at the beggining I get an undefined variable error, only inside my test environment tho.