Posted by Kevin Raleigh on 07/07/07 00:16

Actually that is what I am doing. I just left out the top of the script
containing all of my validation functions.

If I use header('location: XXX'); I get a very nasty error that I haven't
been able to resolve.

Warning: Cannot modify header information - headers already sent by (output
started at G:\xampp\htdocs\bethel\1purpose_bethel\register.php:8) in
G:\xampp\htdocs\bethel\1purpose_bethel\register.php on line 107

I was working with some other people and they suggested the JS to get by
this error.
Can you advise on how I can work with the header error?
I guess I should work with it first then move on to the validation

Kevin


If your interested in the code I have here it is without the validation
functions. I extracted them and put them into an include file so that I
could clean up the code a bit.

<?php
// database connection, session_start(), and validation functions are
included

// has form been submitted
if (isset($_POST['submit'])) {

// lets check the output of each function call for data and load it into a
session variable if it
if ($userNameErr = userNameCheck(trimWhiteSpace($_POST['username']))){
$_SESSION['SES_userNameErr'] = $userNameErr;
}else{
unset($_SESSION['SES_userNameErr']);
}
if($userPassErr = userPassCheck(trimWhiteSpace($_POST['pass']),
trimWhiteSpace($_POST['pass2']))){
$_SESSION['SES_userPassErr'] = $userPassErr;
}else{
unset($_SESSION['SES_userPassErr']);
}


if($nameErr = nameCheck(trimWhiteSpace($_POST['fName']),
trimWhiteSpace($_POST['lName']))){
$_SESSION['SES_nameErr'] = $nameErr;
}else{
unset($_SESSION['SES_nameErr']);
}


if($passHintErr = passHintCheck(trimWhiteSpace($_POST['passHint']))){
$_SESSION['SES_passHintErr'] = $passHintErr;
}else{
unset($_SESSION['SES_passHintErr']);
}


if($emailErr = emailCheck(trimWhiteSpace($_POST['email']))){
$_SESSION['SES_emailErr'] = $emailErr;
}else{
unset($_SESSION['SES_emailErr']);
}

if($emailErr || $passHintErr || $nameErr || $userPassErr || $userNameErr){
//header('Location: register.php');
?>
<script language="javascript">
window.location = "register.php";
</script>
<?php
}else{

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);

if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
$_POST['fName'] = addslashes($_POST['fName']);
$_POST['lName'] = addslashes($_POST['lName']);
$_POST['passHint'] = addslashes($_POST['passHint']);
$_POST['email'] = addslashes($_POST['email']);
}

//if there are no errors in data validation load the data into the database
// now we insert it into the database
$insert = "INSERT INTO user (username, password, fName, lName, passHint,
email, bMonth)
VALUES ('".$_POST['username']."',
'".$_POST['pass']."','".$_POST['fName']."','".$_POST['lName']."','".$_POST['
passHint']."','".$_POST['email']."','".$_POST['bMonth']."')";
$add_member = mysql_query($insert);
?>

<p>Thank you, <?php $fName = $_POST['fName']; $lName = $_POST['lName'];
print "$fName $lName" ?> you have registered - you may now <a
href="login.php">login</a>.</p>
<?php
}// end if error
}// end if (isset($_POST['submit']))
else
{ // if not posted display form

?>

<!-- This is what they see before they have registered -->

<p class="textpadded"><br/><br/><br/>
Please enter your information in the form below. This information can
only be accessed by Pastor Art and the Administrator for this website. When
Pastor Art contacts us he would like to address us by name. It would also be
nice if we could remember when a person is having a birthday. No years if
you please ;-) </p>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table width="448" border="0" cellpadding="5" align="center">
<tr>
<td width="101" align="left">First Name </td>
<td width="156" align="left">
<input name="fName" type="text" id="fName" maxlength="25" value="<?php
$fName = $_POST['fName']; print $fName ?>"/>
</td>
<td width="153" rowspan="2" align="left">
<?php if(isset($_SESSION['SES_nameErr'])) { $name =
$_SESSION['SES_nameErr']; echo $name;} ?>
</td>
</tr>
<tr>
<td align="left">Last Name </td>
<td align="left"><input name="lName" type="text" id="lName"
maxlength="25" value="<?php echo $_POST['lName']; ?>"/></td>
</tr>
<tr>
<td align="left">Birth Month </td>
<td align="left"><label>
<select name="bMonth" id="bMonth">
<option value="0">Enter birthmonth</option>
<option value="1">January</option>
<option value="2">February</option>
<option value="3">March</option>
<option value="4">April</option>
<option value="5">May</option>
<option value="6">June</option>
<option value="7">July</option>
<option value="8">August</option>
<option value="9">September</option>
<option value="10">October</option>
<option value="11">November</option>
<option value="12">December</option>
</select>
</label></td>
<td align="left">&nbsp;</td>
</tr>
<tr>
<td align="left">Email:</td>
<td align="left"><input type="text" name="email" maxlength="60"
value="<?php echo $_POST['email']; ?>"/></td>
<td align="left">
&nbsp;
<?php if($myEmail = $_SESSION['SES_emailErr']){ echo $myEmail;} ?>
</td>
</tr>
<tr>
<td align="left">Username:</td>
<td align="left"><input type="text" name="username" maxlength="15"
value="<?php echo $_POST['username']; ?>"/></td>
<td align="left">
&nbsp;
<?php if($myUserName = $_SESSION['SES_userNameErr']){ echo $myUserName;}
?>
</td>
</tr>
<tr>
<td align="left">Password:</td>
<td align="left"><input type="password" name="pass" maxlength="10"
/></td>
<td rowspan="2" align="left">
&nbsp;
<?php if($myPass = $_SESSION['SES_userPassErr']){ echo $myPass;} ?>

</td>
</tr>
<tr>
<td align="left">Confirm Password:</td>
<td align="left"><input type="password" name="pass2" maxlength="10"
/></td>
</tr>
<tr>
<td align="left">Password Hint:</td>
<td align="left"><input type="text" name="passHint" maxlength="25"
value="<?php echo $_POST['passHint'] ?>"/></td>
<td align="left">
&nbsp;

<?php if($passHint = $_SESSION['SES_passHintErr']){ echo $passHint;} ?>
</td>
</tr>
<tr>
<th colspan="4"><input type="submit" name="submit" value="Register"
/></th>
</tr>
</table>
</form>

<?php
}
?>

insight would be greatly appreciated
thank you
kevin
"Virginner" <the.bin@LOSEITvirgin.net> wrote in message
news:f6kv3m$2hu$1@aioe.org...
> "Kevin Raleigh" <kraleigh@sbcglobal.net> wrote in message
> news:__GdnXgHRsh2aBDbnZ2dnUVZ_v23nZ2d@giganews.com...
> >I have a set of function that work beautifully the first time that the
form
> > is processed, but the second time that I hit the submit button if any
> > field
> > contains data the form by passes all of my carefully planned validation
> > and
> > dumps the data into the DB.
>
> <SNIP>
>
> > if($emailErr | $passHintErr | $nameErr | $userPassErr | $userNameErr){
> > ?>
> > <script language="javascript">
> > window.location = "register.php";
> > </script>
> > <?php
> > }else{
>
> The first thing I can ask is why do you have *any* JavaScript in this
code?
> If it's just for redirection, then use header('Location: xxx'). If you
have
> JavaScript, then nasty people can easily automate adding data by simply
> switching off the JavaScript.
>
> Next, it loks like you are using two scripts - one with the form
> (register.php), which POSTs to the validation script, which then redirects
> back to the to the form on errors. Howabout doing it all in one script?
>
> if form submitted then process form
> {
> if form data OK add data to database, display thank you and link to
> login
> }
> else
> {
> (re)display form, populating form fields with $_POSTed variables, and
> display any hints
> }
>
>

[Back to original message]