How Do I Do Script Checking & Validation In PHP?

I'm totally new to all this, and I've just done a registration/login script. It has 5 different files that I put stuff in, plus a database. When I try to see how it looks on my website, well, it just doesn't show up. What I want to know is, how can I tell what I'm doing wrong? I don't always understand what the editors in the script programs are trying to say. Is there anyone out there who can help? My scripts are written in PHP with a MySql database. Boy, this all gets confusing, but I sure love every minute of it!

You need some Editor that has autocompletion - in order to ease you out with the PHP syntax in the initial stages. Also you need syntax highlighting and error checking. There are several such editors out there - am sure the PHP gurus here will be able to point them out. As for myself, I'd suggest Zend Studio - although, it's a mighty expensive package.

I'm totally new to all this, and I've just done a registration/login script. It has 5 different files that I put stuff in, plus a database. When I try to see how it looks on my website, well, it just doesn't show up. What I want to know is, how can I tell what I'm doing wrong? I don't always understand what the editors in the script programs are trying to say. Is there anyone out there who can help? My scripts are written in PHP with a MySql database. Boy, this all gets confusing, but I sure love every minute of it!

 

Hi, here you can find a lot of people that will help you, including myself, but first you have to post your files to see the source code, if you want send me by mail your files preferebly compressed either in zip or rar format to this account: gustavo_DOT_cruzortiz_AT_gmail_DOT_COM.

 

regards,

Also, you can use the Forum's private messages to send us your files. first of all, show us your "index.html" or the "index.php" file.RegardsYordan

Edited May 3, 2006 by yordan (see edit history)

Post it here inside a [ code box ] and we'll all have a look at it and might be able to find out what the problem is. First question I have is: Are you running it Local or on a Host? If Local, are you running it through a web Browser as Localhost ( sillier mistakes have been made ). Is the Server running? and mysql server?Do a view source to see what html is being output and that might give you a clue as to what is happening. Error reporting On or Off? Set it 'On' for debugging purposes.

Everyone brings up alot of points. 1st point... I could use the private message system, but my index file was never really used for registration/login purposes. Maybe that is where I'm getting confused in how to get the registration page to start up. 2nd point... I don't know if I am supposed to be doing this coding through my XAMMP first or just do it on my Xisto acct. Right now, I am using everything available to me through the cpanel in my Xisto acct. I've done some things in PHP Designer and transfered it to the cpanel, but is that what I am supposed to do?But if anyone is up for looking at some (probably very messed up) php code, let me know and I will PM the coding I've done. I could put them here, if people would rather I do that. I just don't know if that is what is normally done, and I don't want to be a disruption.

I don't know if there is a 'right' way, but here is what I usually do:
I write the code locally and then run it through my local install of XAMPP to debug the script and when it is completed ( debugged to what i think it needs for the site it belongs to ) then I upload it and test the script again using the Host's versions of the php, mysql, etc. There can be version differences and the installations are never indentical, so there are bound to be 'some' difficulties appear.
If the problems are minor, I use the cpanel editor to fix the scripts/pages.
If there is a major difficulty, like a logic modification required, then I re-work the script locally and repeat the procedure.
Keeping the test phase local is easier since ftp is not required and the server load isn't a concern ( for me or the other users ). This also avoids putting the server into an infinite loop and hogging the server from other users, but, of course, that has never happened to me because all my Logic is rock solid right from the git-go ( yeah, right! )
Anyway, hope this helps.
Also, I am using a text editor by the name of ConTEXT which is a freeware product and is a very nicely designed, full function text editor. Highlighting by file extension, and lots of other good features for coding. Download it from http://blogic14.blogspot.de/

Incidently, post the code here would be good, or at least a link to a text/zip file.

Edited May 4, 2006 by jlhaslip (see edit history)

It would help if you posted the scripts that you currently have. It is hard to know what it going on without seeing some actual code. It would be a good idea to set up a webserver with PHP and MySQL on your local PC to test scripts with before you place them on the web that way they will work provided the setupas are similar to the host you are uploading the scripts to.

What exactly shows up? If nothing shows up it might be due to one of your sql statements being incorrect. I don't think that sql warnings are enabled on Xisto. You probably ought to try running it locally and turn on all error messages for debugging purposes. Like everyone says show us some of your source code, and maybe direct us to the site that you're working on, if it's stored on Xisto that is. Let us know what exactly your problem is. You say nothing's showing up. Is it just a blank screen? No errors? Try to view source and see what it says. Throw in a echo "this is a debug statement"; Make sure it's doing something.

If someone wants the complete solUtion i develop please PM me to send it, of course its not absolutely complete but for a start is good enough i think.best regards,

First of all, I don't really know how to get my registration/login page to be the first thing visitors see. But this is the error message I get:
Not Found
The requested URL /ftv_registration was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.34 Server at http://forums.xisto.com/no_longer_exists/ Port 80

As for the scripts, I will put them here, though they can be a bit much.

My login.php file:

<?php   mysql_connect ($server, $nickname, $password) or die (mysql_error);   mysql_connect_db($database) or die (mysql error);?>

My config.php file:

<?php$nickname = "nickname";$password = "password";$database = "lonebyrd_FTV";$server = "localhost";?>

My functions.php file:

<?phpfunction generateCode($length = 10){   $password="";   $char = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";   srand((double)microtime()*1000000);    for ($i=0; $i<$length; $i++)    {	  $password = $password . substr ($chars, rand() % strlen($chars), 1);    }    return $password; } ?>

My registration.php file

<?php require("config.php"); require("functions.php"); //echo some styles to spice it up... I can change this body     background=131313;    font-family=Verdana, Arial;    font-weight=bold;    font-size=9px;    color=FFFFFF; .register_box {    border: 1px solid #323232;    background: #202020;    font-family: Verdana, Arial;    font-weight: bold;    font-size: 9px;    color: #FFFFFF; } </style>//I can change things down to this point</head> switch($_GET['action']) {    case "new": //-------------------------------------- //	   [New Registration] //--------------------------------------    if(!isset($_POST['register']))    { 	  echo " 	  <form action='register.php?action=new' method='POST'> 	  Name: <br /> 	  <input type='text' name='name' class='register_box'> 	  <br /> 	  Email: <br /> 	  <input type='text' name='email' class='register_box'> 	  <br />	  Nickname: <br />	  <input type='text' name='nickname' class='register_box'>	  Password: <br /> 	  <input type='password' name='password' class='register_box'>										 	  <br /> 	  <input type='submit' name='register' value='New Registration!' class='register_box'> 	  </form> 	  ";    }    elseif(isset($_POST['register']))    {$name = mysql_real_escape_string($_POST['name']); 	  $email = mysql_real_escape_string($_POST['email']);	  $nickname = mysql_real_escape_string ($_POST['nickname']);	  $password = mysql_real_escape_string($_POST['password']); 	  $activation_code = generateCode(25); 	   	  $nameq = "SELECT name FROM registration WHERE username = '$name' LIMIT 1"; 	  $emailq = "SELECT email FROM registration WHERE email = '$email' LIMIT 1"; 	  //put errors into an array I need to change these if I change the db	  $errors = array(); 	  if(empty($name)) 	  { 		 $errors[] = "The name field was blank! <br />"; 	  } 	  if(mysql_num_rows(mysql_query($nameq)) > 0) 	  { 		 $errors[] = "The name given is already in use! Please try another one! <br />";	  if(empty($email)) 	  { 		 $errors[] = "The email field was blank! <br />"; 	  } 	  if(mysql_num_rows(mysql_query($emailq)) > 0) 	  { 		 $errors[] = "The email given is already in use! Please try another one! <br />";	  if (mysqul_num_rows (mysql_query ($nickname)) > 0	)	  {		 $error[] = "That nickname is already taken.  Please try another one.<br />"		   	  } 	  if(empty($password)) 	  { 		 $errors[] = "The password field was blank! <br />"; 	  } 	   	  } 	  if(count($errors) > 0) 	  { 		 foreach($errors as $err) 		 { 			echo $err; 		 } 	  } 	  else 	  { 		 $sqlq = "INSERT INTO registration (name, email, nickname, password,  is_activated, activation_code)"; 		 $sqlq .= " VALUES ('$name', '$email', '$nickname', '".md5($password).",  '0', '$activation_code')"; 		 mysql_query($sqlq) or die(mysql_error()); 		 echo "Thanks for registering! 		 You will recieve an email shortly containing your validation code, 		 and a link to activate your account!"; 		  		 mail($email, "New Registration, http://forums.xisto.com/no_longer_exists/;, " 		 Thanks for registering on FTV. 		  		 Here are your login details: 		  		 Nickname: ".$nickname." 		 Password: ".$password." 		  		 In order to login and gain full access, you must validate your account. 		  		 Click here to validate: 		  		 [url="http://forums.xisto.com/no_longer_exists/register.php?action=activate&user;"&; 		  		 Thanks! 			   [lonebyrd]		  		 "); 	  }    }    break; } ?>

My activate.php file:

<?    case "activate": //-------------------------------------- //	   [Activate Account] //--------------------------------------    if(isset($_GET['nickname']) && isset($_GET['code']))    { 	  $nickname = mysql_real_escape_string($_GET['nickname']); 		 	  if(mysql_num_rows(mysql_query("SELECT email FROM registration WHERE nickname = '$nickname'")) == 0) 	  { 		 echo "That username is not in the database!"; 	  } 	  else 	  { 		 $activate_query = "SELECT is_activated FROM registration WHERE nickname = '$nickname'"; 		 $is_already_activated = mysql_fetch_object(mysql_query($activate_query)) or die(mysql_error()); 		  		 if($is_already_activated->is_activated == 1) 		 { 			echo "This user is already activated!"; 		 } 		 else 		 { 			$code = mysql_real_escape_string($_GET['code']); 			$code_query = "SELECT activation_code FROM registration WHERE nickname = '$nickname' LIMIT 1"; 			$check_code = mysql_fetch_object(mysql_query($code_query)) or die(mysql_error()); 			 			if($code == $check_code->activation_code) 			{ 			   $update = "UPDATE registration SET is_activated = '1' WHERE nickname = '$nickname'"; 			   mysql_query($update) or die(mysql_error()); 			   echo "User $nickname has been activated! Thanks! You may now login!"; 			} 			else 			{ 			   echo "The activation code was wrong! Please try again!"; 			} 		 } 	  }    }    else    { 	  echo "No ID or user given to activate!";    }    break; ?>

Any advice for changing things, or if people see what I am doing wrong, PLEASE let me know. I'm trying my best to figure this out, but I am getting lost. A little explaination for changes would be nice too, if I'm not being too pushy. Thanks.
Edited May 8, 2006 by szupie (see edit history)

First of all, I don't really know how to get my registration/login page to be the first thing visitors see. But this is the error message I get:

Not Found

The requested URL /ftv_registration was not found on this server.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/1.3.34 Server at http://forums.xisto.com/no_longer_exists/ Port 80

 

If you want that your registration/login page be the first thing visitors see why you dont rename it to be index.php??? doing this you get what you want. Another way is to use the Apache Redirect directive in your httpd.conf file or in an .htaccess file.

 

# Redirect allows you to tell clients about documents which used to exist in

# your server's namespace, but do not anymore. This allows you to tell the

# clients where to look for the relocated document.

# Example:

# Redirect permanent /foo http://forums.xisto.com/no_longer_exists/

 

Also your url is not complete, in this case the server assumes that the browser is requesting the default file in the directory /ftv_registration, that would be index.html, index.php or whatever file that was set in your server configuration.

As for the scripts, I will put them here, though they can be a bit much.

 

My login.php file:

 

<?php   mysql_connect ($server, $nickname, $password) or die (mysql_error);//   mysql_connect_db($database) or die (mysql error); Error, this function not exist   mysql_select_db($database) or die (mysql_error()); ?>

My config.php file:

<?php$nickname = "nickname";  $password = "password";  $database = "lonebyrd_FTV";$server = "localhost";?>

You must replace your nickname and password variables with your username and password of your MySql database.

My functions.php file:

<?phpfunction generateCode($length = 10){   $password="";/***************ERROR because you define here the variable $char and in your loop below you use the variable $chars   $char = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; ***************/   $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";   srand((double)microtime()*1000000);    for ($i=0; $i<$length; $i++)    {	  $password = $password . substr ($chars, rand() % strlen($chars), 1);    }    return $password; } ?>

I completely change your registration.php file and your activation.php file because you have some errors, use this instead, also i join both files into only one file.

 

registration.php file

http://forums.xisto.com/no_longer_exists/;

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

<style type="text/css">

body {

background-color _linenums:0'><?php require("config.php"); // In your original file you never include this file, which is the one that connects to the databaseinclude("login.php"); require("functions.php"); ?><HTML><HEAD><TITLE>Registration http://forums.xisto.com/no_longer_exists/ HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"><style type="text/css">body { background-color:#131313; font-family:Verdana, Arial; font-weight:bold; font-size:9px; color:#FFFFFF;}.register_box { border: 1px solid #323232; background-color: #202020; font-family: Verdana, Arial; font-weight: bold; font-size: 9px; color: #FFFFFF; } </style></head><body><?php// The following line verifies which action is requested by the user // by default is setting to new if nothing is requested $action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : "new";switch($action) { //-------------------------------------- // [New Registration] //-------------------------------------- case "new": if(!isset($_POST['register'])) { echo " <form action='registration.php' method='POST'> Name: <br /> <input type='text' name='name' class='register_box'> <br /> Email: <br /> <input type='text' name='email' class='register_box'> <br /> Nickname: <br /> <input type='text' name='nickname' class='register_box'> <br /> Password: <br /> <input type='password' name='password' class='register_box'> <br /> <input type='submit' name='register' value='New Registration!' class='register_box'> <input type='hidden' name='action' value='new'> </form> "; } elseif(isset($_POST['register'])) { $name = mysql_real_escape_string($_POST['name']); $email = mysql_real_escape_string($_POST['email']); $nickname = mysql_real_escape_string ($_POST['nickname']); $password = mysql_real_escape_string($_POST['password']); $activation_code = generateCode(25); $nameq = "SELECT name FROM registration WHERE username = '$name' LIMIT 1"; $emailq = "SELECT email FROM registration WHERE email = '$email' LIMIT 1"; //put errors into an array I need to change these if I change the db $errors = array(); if(empty($name)) { $errors[] = "The name field was blank! <br />"; } if(mysql_num_rows(mysql_query($nameq)) > 0) { $errors[] = "The name given is already in use! Please try another one! <br />"; } if(empty($email)) { $errors[] = "The email field was blank! <br />"; } if(mysql_num_rows(mysql_query($emailq)) > 0) { $errors[] = "The email given is already in use! Please try another one! <br />"; } if(mysql_num_rows(mysql_query($nickname))>0) { $error[] = "That nickname is already taken. Please try another one.<br />"; } if(empty($password)) { $errors[] = "The password field was blank! <br />"; } if(count($errors) > 0) { foreach($errors as $err) { echo $err; } } else { $sqlq = "INSERT INTO registration (name, email, nickname, password, is_activated, activation_code)"; $sqlq .= " VALUES ('$name', '$email', '$nickname', '".md5($password)."', '0', '$activation_code')"; mysql_query($sqlq) or die(mysql_error()); echo "Thanks for registering! You will recieve an email shortly containing your validation code, and a link to activate your account!"; mail($email, "New Registration, http://forums.xisto.com/no_longer_exists/;, "Thanks for registering on FTV.\n\nHere are your login details:\n\nNickname: ".$nickname."\n\nPassword: ".$password."\n\nIn order to login and gain full access, you must validate your account.\n\nClick here to validate:\n\nhttp://forums.xisto.com/no_longer_exists/registration.php?action=activate&nickname;); // \n is equal to a new line// in your original version you use the variable user to send the nickname data // to your activation file and in that file you check for a variable nickname, so it never work. } } break; case "activate": //-------------------------------------- // [Activate Account] //-------------------------------------- if(isset($_GET['nickname']) && isset($_GET['code'])) { $nickname = mysql_real_escape_string($_GET['nickname']); if(mysql_num_rows(mysql_query("SELECT email FROM registration WHERE nickname = '$nickname'")) == 0) { echo "That username is not in the database!"; } else { $activate_query = "SELECT is_activated FROM registration WHERE nickname = '$nickname'"; $is_already_activated = mysql_fetch_object(mysql_query($activate_query)) or die(mysql_error()); if($is_already_activated->is_activated == '1') { echo "This user is already activated!"; } else { $code = mysql_real_escape_string($_GET['code']); $code_query = "SELECT activation_code FROM registration WHERE nickname = '$nickname' LIMIT 1"; $check_code = mysql_fetch_object(mysql_query($code_query)) or die(mysql_error()); if($code == $check_code->activation_code) { $update = "UPDATE registration SET is_activated = '1' WHERE nickname = '$nickname'"; mysql_query($update) or die(mysql_error()); echo "User $nickname has been activated! Thanks! You may now login!"; } else { echo "The activation code was wrong! Please try again!"; } } } } else { echo "No ID or user given to activate!"; } break; }?> </body></html>?>

Best regards, Edited May 8, 2006 by szupie (see edit history)

When I defined the $Char in the functions.php file, what I was trying to accomplish was to let the computer know that it could use any of those letters/numbers for the activation code. I'm not sure about that script exactly, I was following a tutorial, and it didn't really explain that part. But then I needed to change things around is where I got messed up.

Edited May 8, 2006 by lonebyrd (see edit history)

Yeah for me! I finally got the registration page to work, sort of. When I go to register, I get error messages,

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/lonebyrd/public_html/registration.php on line 83
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/lonebyrd/public_html/registration.php on line 90

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/lonebyrd/public_html/registration.php on line 94

These are the three lines:

if(mysql_num_rows(mysql_query($nameq)) > 0) {if(mysql_num_rows(mysql_query($emailq)) > 0) {if(mysql_num_rows(mysql_query($nickname))>0) {

Is this because in my database I put things as 'ad_name', 'ad_password' etc. Does it have to match exactly as it says in the db. I was just following the tutorial with no real explination. I guess i need to read more on databases and Mysql. They are just confusing.

The problem is with these lines:

$nickname = mysql_real_escape_string ($_POST['nickname']);$nameq = "SELECT __name__ FROM registration WHERE __username__ = '$name' LIMIT 1";$emailq = "SELECT __email__ FROM registration WHERE __email__ = '$email' LIMIT 1";

You have to change the name, username and email parts so that they match with the database. You can keep the variable names as they are, as they are just for reference in the PHP file.

 

P.S.: I've edited the previous posts to add in codeboxes. No one wants to scroll through a whole page of code before getting to the interesting part.