Jump to content
xisto Community
Sign in to follow this  
Jez

Logic Of A Multi Purpose Form Advice Needed

Recommended Posts

Just a question on my own logic here needed really.

I have written parts of an application a register and a login script done in PHP, here's the purpose of it.

It's called say login.php, has a GET super global variable, with the key called action and it's value is either 'login' or 'register' with the actual heading of the page changing on a tanery operator (eventually anyways) to make it so I don't have to change any of the logic right, should I need to change what the action is, for maintainable code basically right?

Here it is anyways:

<?phpini_set('display_errors', 1);require_once 'header.html';// now set out some logic for different conditions maybe?if(isset($_GET['action'])) {    switch ($_GET['action']) {    case 'register':		  		break;		case 'login':	  	  	  	break;  }  }?>  <h2>Register</h2>      <p><?=(isset($message)) ? $message : '';?> </p>    <form id="register" name="register" method="post" action="<?=$_SERVER['PHP_SELF'];?>">    <table>      <tr>        <td><label for="username">Username: </label></td>        <td><input type="text" id="username" name="username" value="" /></td>      </tr>	        <tr>        <td><label for="email">Email: </label></td>        <td><input type="text" id="email" name="email" value="" /></td>      </tr>	        <tr>        <td><label for="password">Password: </label></td>        <td><input type="text" id="password" name="password" value="" /></td>      </tr>	        <tr>        <td><label for="password2">Confirm: </label></td>        <td><input type="text" id="password2" name="password2" value="" /></td>      </tr>    </table>  </form><?php  require_once 'footer.html';?>

When I come to amend the form elements like password2 won't be needed for example in the login action, would I just put say a tanery operator like with the (<condition here>) ? true statement : false statement ; <terminate command>

to show either the element or not like so <?=($_GET['action'] === 'register') ? '<input type="password" id="password2" />' : '' //display nothing if actions value is not register, are you with me still?

I mean that will work obviously but it's just I am questioning if I can improve this, any thoughts?

Share this post


Link to post
Share on other sites

This is what I have managed to come up with.

Will actually explain it once I have it working and then show you what happens and when.

It's actually not overly complex, using some set logical flow I have adapted on illustrating how to use one form and conditionally show form elements based on a users intentions.

Not so sure it's entirely secure, but it does work for what it does (albeit not much), looking at briefly aswell with regular expressions, their allot of fun but very precise logic for evaluation of either user input strings, or if you have access to a Nix based platform (Unix/Linux) then you can use Grep or even Find with regex's (their abbreviation in the software (in general development world).

This is more like just remind myself on how I did something though, but thought I would show you what I am up to, finally here's my logic:

<?phprequire_once 'init.php';require_once 'header.html';if(array_key_exists('action', $_GET)){  switch ($_GET['action']) {    case 'register':	  $message = 'Please use the form below to register on this site:';	  // $error = '';	break;	  	case 'login':	  $message = 'Please use the form below to login to this site:';	  // $error = '';	break;		default:	  // if no other actions are present send user back like below:	  header('location: index.php?error=1');	break;  }  ?>  <form id="<?=$_GET['action'];?>" name="<?=$_GET['action'];?>" method="post" action="<?=$_SERVER['PHP_SELF'];?>?action=<?=$_GET['action'];?>">      <p><?=(isset($message)) ? $message : '';?></p>		<table>	  <tr>	    <td><label for="username">Username: </label></td>		<td><input type="text" id="username" name="username" maxlength="25" size="27" value="" /></td>	  </tr>	    	  <?php	    // if register then show email:	   	if(isset($_GET['action']) && $_GET['action'] === 'register') {	   ?>	   <tr>	     <td><label for="email">Email: </label></td>	  	 <td><input type="text" id="email" name="email" maxlength="25" size="27" value="" /></td>	   </tr>      <?php	   }	  ?>	  <tr>	    <td><label for="password">Password: </label></td>		<td><input type="password" id="password" name="password" size="27" value="" /></td>	  </tr>	  	  <?php	    // if register then show email:	   	if(isset($_GET['action']) && $_GET['action'] === 'register') {	   ?>	   <tr>	     <td><label for="password2">Confirm: </label></td>	  	 <td><input type="password" id="password2" name="password2" maxlength="25" size="27" value="" /></td>	   </tr>      <?php	   }	  ?>	  <tr>	    <td colspan="2">		  <input type="submit" id="<?=$_GET['action'];?>" name="<?=$_GET['action'];?>" value="<?=ucfirst($_GET['action']);?>" />        </td>	  </tr>	</table>	<p><?=(isset($error)) ? $error : '';?></p>  </form><?phprequire_once 'footer.html';} else {  header('location: index.php?error=1');}

Should make some sense, but I will be explaining it fully in the days or weeks to come, it's essentially a user register and login form twined together.

Thanks,
Jez.

Share this post


Link to post
Share on other sites

This is some more of it I have covered over the last few days:

<?phprequire_once 'init.php';require_once 'header.html';if(array_key_exists('action', $_GET)){  switch ($_GET['action']) {    case 'register':	  	  require_once 'inc.database.php';	  	  if(array_key_exists('register', $_POST)) {	  	  foreach($_POST as $v) {	    trim($v);	  }	  	  if(strlen($_POST['username']) === 0 ||	     strlen($_POST['email']) === 0 ||		 strlen($_POST['password']) === 0 ||		 strlen($_POST['password2']) === 0) {		  		  $error = 'You missed out some required fields, please try again';		  		 } else {		   		   // now make true vars out of them:		   $username = mysql_real_escape_string($_POST['username']);		   $email = mysql_real_escape_string($_POST['email']);		   $password = mysql_real_escape_string(sha1($_POST['password']));		   $password2 = mysql_real_escape_string(sha1($_POST['password2']));		   $salt = md5($username.date('U'));		   	       // make up the remaining variables:           $host_ip = $_SERVER['REMOTE_ADDR'];      	       //creates the unix time stamp (entirely based on BST if its applicable! 	       if(date('I') === '1'){ // if you check date('I') in the php manual, this outputs if you put echo infront of it 1 or 0 (bool value). 1 = BST = 1 kind of!             $time = date('U') + 3600; // plus 1 hour if BST holds true!           } else {             $time = date('U');	       }		   		   // process the registration further:		   // firstly by validating the username against a set criteria using regex's:		   		   if(preg_match('/^[A-Za-z](?=[A-Za-z0-9_.]{4,31}$)[a-zA-Z0-9_]*\.?[a-zA-Z0-9_]*$/', $_POST['username'])) { // i want a non regex function to do this!		   // if(preg_match('/^[A-Za-z](?=[A-Za-z0-9_.]$)[a-zA-Z0-9_]*\.?[a-zA-Z0-9_]*$/', $_POST['username'])) {		   		     if(strlen($_POST['username']) < 5) {			   			   $error = 'The username must be 5 characters or longer';			   			 } else {               // if the username is of alphanumeric chars of _. and a-z (uppercase allowed too), 0-9 then:			   $sql = "SELECT username			           FROM blog_users			           WHERE username = '$username'";					                $result = mysql_query($sql);			 			   if(mysql_num_rows($result) > 0) {			   			     $error = 'Username is already taken, please try another';			   			   } else {			   			     $sql = "SELECT email				         FROM blog_users						 WHERE email = '$email'";				 				 $result = mysql_query($sql);				 				 if(mysql_num_rows($result) > 0) {				   				   $error = 'The email address you entered is already taken, please try a different email address';				   				 } else {			   			     // now check the email address is a valid and then if the domain actually exists!				 if(filter_var($email, FILTER_VALIDATE_EMAIL)) {				 				   // now check if the domain exists:				   $split_email = split('@', $email);				   				   $host = $split_email[1];				   				   // now use the dns checker function in php:				   if(checkdnsrr($host, 'ANY')) {				     					 if(strlen($password) >= 5) {					 					   if($password2 === $password) {					     						 // now process login with mysql database:						 $sql = "INSERT INTO blog_users (user_id, user_type, username, password, email, user_ip, register_date, last_logged_in, salt, active) VALUES (NULL, 'U', '$username', '$password', '$email', '$host_ip', $time, $time, '$salt', '0');";						 						 $result = mysql_query($sql);						 if($result) {						   						   // send off email for verification of email address:						   						   						 } else {						   $error 'An unexpected error occured, please try again later';						 }						 					   } else {					     $error = 'The password you entered does not match, please try again';						 print_r($_POST);					   }					   					 } else {					   $error = 'Your password is too short, must be a minimum of 5 characters long and it can contain any value you want';					 }					 				   } else {				     $error = 'Email domain does not exist, please try again';				   }				   				 } else {				   				   $error = 'The email address you entered was not valid, please try again';				   				 }				 			   }			 }			 }		   			 		   } else {		     $error = 'You entered some illegal characters in your username please try again!';		   }		 }		 	  } else {	    $message = 'Please use the form below to register on this site:';	  }	break;	  	case 'login':	  $message = 'Please use the form below to login to this site:';	  // $error = '';	break;		default:	  // if no other actions are present send user back like below:	  header('location: index.php?error=1');	break;  }  ?>  <form id="<?=$_GET['action'];?>" name="<?=$_GET['action'];?>" method="post" action="<?=$_SERVER['PHP_SELF'];?>?action=<?=$_GET['action'];?>">      <p><?=(isset($message)) ? $message : '';?></p>		<table>	  <tr>	    <td><label for="username">Username: </label></td>		<td><input type="text" id="username" name="username" maxlength="25" size="27" value="" /><?=($_GET['action']==='register') ? '*':'';?></td>	  </tr>	    	  <?php	    // if register then show email:	   	if(isset($_GET['action']) && $_GET['action'] === 'register') {	   ?>	   <tr>	     <td><label for="email">Email: </label></td>	  	 <td><input type="text" id="email" name="email"  size="27" value="" /><?=($_GET['action']==='register') ? '*':'';?></td>	   </tr>      <?php	   }	  ?>	  <tr>	    <td><label for="password">Password: </label></td>		<td><input type="password" id="password" name="password" size="27" value="" /><?=($_GET['action']==='register') ? '*':'';?></td>	  </tr>	  	  <?php	    // if register then show email:	   	if(isset($_GET['action']) && $_GET['action'] === 'register') {	   ?>	   <tr>	     <td><label for="password2">Confirm: </label></td>	  	 <td><input type="password" id="password2" name="password2" maxlength="25" size="27" value="" /></td>	   </tr>      <?php	   }	  ?>	  <tr>	    <td colspan="2">		  <input type="submit" id="<?=$_GET['action'];?>" name="<?=$_GET['action'];?>" value="<?=ucfirst($_GET['action']);?>" />        </td>	  </tr>	</table>	<p><?=(isset($error)) ? $error : '';?></p>  </form><?phprequire_once 'footer.html';} else {  header('location: index.php?error=1');}

Basically the same script just far more robust for user authentication, just a register and login page still though, but the active column in my database will only read 1 when the user has verified their email address.

Might work on a method for checking the whole email address but not sure of a method for going about doing that, this is quite an advanced script using regular expressions to stop users from entering certain values as their usernames.

I can go over some of the details regarding this at some point but regular expressions are technically slower than conditions on strings, though they are far more robust than having say 10 lines of code for 1 row of code in a regular expression if you get my meaning.

Hope you enjoy it,
Jez.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.