 |
|
|
| View previous topic :: View next topic |
| Author |
Message |
fram3rate
Joined: 06 Apr 2008
Posts: 2
|
 Posted: Sun May 04, 2008 10:08 pm Post subject: Problem with 'password' value |
 |
|
I am new to QuickForm (and coding in general) and seem to be having problems sending value from a "password" field through to my database.
After the user fills out the form, including a username and password, I validate the form, freeze it, then display it so that the user can double-check the information. If you view source, the "password" field is just "*******", which I am assuming is expected behavior, but I also assumed the the value of that field would get passed through to the confirmation form.
Once the user submits the confirmed, frozen form, the information gets put in my "Members" table. A record is created in my "auth" table after they click the email link. For some reason, after the submit on the confirmation page, the "password" field is blank because the call to $form->validate() displays "Password is a required field" as per my rule. Any idea how to grab the raw password field text so I can store it? Or should I drop it into the "auth" table before I even do anything else? I'm a little confused on this point.
Thanks for any help.
(In order to try and get the confirmation form working, I created a $saveform variable that stores whether or not the user accepted the confirmation page. And I check that before validating the form. Probably not the best way to do this...)
| Code: | <?
include("inc.php");
include("dbconnect.php");
include("header.php");
require_once('HTML/QuickForm.php');
#
# Setup the form
#
$form = new HTML_QuickForm('register');
$username = $form->addElement('text', 'username', 'Username:', array('size'=>50));
$password = $form->addElement('password', 'password', 'Password:', array('size'=>32));
$confirmpw = $form->addElement('password', 'confirmpw', 'Confirm password:', array('size'=>32));
$hint = $form->addElement('text', 'hint', 'Password hint:', array('size'=>50));
$form->addElement('html','<tr><td><br><br></td></tr>');
$email = $form->addElement('text', 'email', 'Email address:', array('size'=>50));
$firstname = $form->addElement('text', 'firstname', 'First name:', array('size'=>50));
$lastname = $form->addElement('text', 'lastname', 'Last name:', array('size'=>50));
$address = $form->addElement('text', 'address', 'Address:', array('size'=>50));
$city = $form->addElement('text', 'city', 'City:', array('size'=>50));
$state = $form->addElement('select', 'state', 'State:', array(
'' => 'Choose one',
'AL' => 'Alabama',
'AK' => 'Alaska',
'AZ' => 'Arizona',
'AR' => 'Arkansas',
'CA' => 'California',
'CO' => 'Colorado',
'CT' => 'Connecticut',
'DE' => 'Delaware',
'FL' => 'Florida',
'GA' => 'Georgia',
'HI' => 'Hawaii',
'ID' => 'Idaho',
'IL' => 'Illinois',
'IN' => 'Indiana',
'IA' => 'Iowa',
'KS' => 'Kansas',
'KY' => 'Kentucky',
'LA' => 'Louisiana',
'ME' => 'Maine',
'MD' => 'Maryland',
'MA' => 'Massachusetts',
'MI' => 'Michigan',
'MN' => 'Minnesota',
'MS' => 'Mississippi',
'MO' => 'Missouri',
'MT' => 'Montana',
'NE' => 'Nebraska',
'NV' => 'Nevada',
'NH' => 'New Hampshire',
'NJ' => 'New Jersey',
'NM' => 'New Mexico',
'NY' => 'New York',
'NC' => 'North Carolina',
'ND' => 'North Dakota',
'OH' => 'Ohio',
'OK' => 'Oklahoma',
'OR' => 'Oregon',
'PA' => 'Pennsylvania',
'RI' => 'Rhode Island',
'SC' => 'South Carolina',
'SD' => 'South Dakota',
'TN' => 'Tennessee',
'TX' => 'Texas',
'UT' => 'Utah',
'VT' => 'Vermont',
'VA' => 'Virginia',
'WA' => 'Washington',
'DC' => 'Washington D.C.',
'WV' => 'West Virginia',
'WI' => 'Wisconsin',
'WY' => 'Wyoming',
));
$zip = $form->addElement('text', 'zip', 'ZIP:', array('size'=>10));
$telephone = $form->addElement('text', 'telephone', 'Telephone:', array('size'=>15));
$fax = $form->addElement('text', 'fax', 'Fax:', array('size'=>15));
$gender = $form->addElement('select', 'gender', 'Gender:', array(
'' => 'Choose one',
'male' => 'Male',
'female' => 'Female'
));
$ethnicity = $form->addElement('select', 'ethnicity', 'Ethnicity:', array(
'' => 'Choose one',
'indian' => 'American Indian',
'asian' => 'Asian or Pacific Islander',
'black' => 'Black or African American',
'white' => 'White or Caucasian',
'hispanic' => 'Hispanic or Latino',
'other' => 'Other'
));
$form->addElement('html','<tr><td><br></td></tr>');
$saveform = $form->addElement('hidden', 'saveform', '0');
#
# Set the validation rules
#
$form->addRule('username', 'Username is a required field', 'required');
$form->addRule('password', 'Password is a required field', 'required');
$form->addRule('confirmpw', 'Confirm password is a required field', 'required');
$form->addRule('hint', 'Password hint is a required field', 'required');
$form->addRule('email', 'Email address is a required field', 'required');
$form->addRule('email', 'Email address does not look correct', 'email');
$form->addRule('firstname', 'First name is a required field', 'required');
$form->addRule('lastname', 'Last name is a required field', 'required');
$form->addRule('address', 'Address is a required field', 'required');
$form->addRule('city', 'City is a required field', 'required');
$form->addRule('state', 'State is a required field', 'required');
$form->addRule('zip', 'ZIP is a required field', 'required');
#
# Validate the form and check certain fields
#
if ($form->validate()) {
#
# If saveform flag set, then save confirmed form to the DB and send out confirmation email
#
if ($saveform->getValue()) {
$date = date("Y-m-d h:i:s");
$data = $form->getSubmitValues();
$username = $data["username"];
$member_id = uniqid();
$temppass = $data["password"];
$email = $data["email"];
$hint = addslashes($data["hint"]);
$firstname = addslashes($data["firstname"]);
$lastname = addslashes($data["lastname"]);
$address = addslashes($data["address"]);
$city = addslashes($data["city"]);
$state = $data["state"];
$zip = $data["zip"];
$telephone = $data["telephone"];
$fax = $data["fax"];
$gender = $data["gender"];
$ethnicity = $data["ethnicity"];
$signup = $date;
$lastlogin = $date;
$confirm = uniqid(md5(rand()));
$active = 0;
$sql = "insert into Members (
member_id,
username,
email,
hint,
firstname,
lastname,
address,
city,
state,
zip,
telephone,
fax,
gender,
ethnicity,
signup,
lastlogin,
confirm,
temppass,
active
) values (
'$member_id',
'$username',
'$email',
'$hint',
'$firstname',
'$lastname',
'$address',
'$city',
'$state',
'$zip',
'$telephone',
'$fax',
'$gender',
'$ethnicity',
'$signup',
'$lastlogin',
'$confirm',
'$temppass',
'$active' )";
#
# Enter record into the DB
#
if (!mysql_db_query($db, $sql, $cid)) {
echo("ERROR: " . mysql_error() . "\n");
}
#
# Setup and send out the confirm email
#
$subject = "Welcome to Example.com";
$body = "Please click the link below to confirm your membership to Example:<br><br>\n";
$body .= "<a href='http://www.example.com/confirm.php?confirm=$confirm'>";
$body .= "http://www.example.com/confirm.php?confirm=$confirm</a><br><br>\n";
$body .= "Thank you!<br>The Example Team<br><br>\n";
$headers .= "From: Example <info@example.com>\n";
$headers .= "Reply-To: <info@example.com>\n";
$headers .= "Return-Path: <info@example.com>\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "X-Priority: 3\n";
$headers .= "X-MSMail-Priority: High\n";
$headers .= "X-Mailer: PHP4\n";
$headers .= "X-Sender: <info@example.com>\n";
if (mail($email, $subject, $body, $headers)) {
echo ("Please check your email for a confirmation link.<br><br>");
}
else {
echo ("There was a problem sending the email.");
}
}
else {
$freeze = 1;
#
# Check username
#
$username_check = $username->getValue();
$sql = "select username from Members where username='$username_check'";
#echo ("$sql<br>");
$res = mysql_db_query($db, $sql, $cid) or die(mysql_error());
$num = mysql_num_rows($res);
if ($num) {
$freeze = 0;
echo("That username is already taken.<br>");
}
#
# Check email address
#
$email_check = $email->getValue();
$sql = "select email from Members where email='$email_check'";
#echo ("$sql<br>");
$res = mysql_db_query($db, $sql, $cid) or die(mysql_error());
$num = mysql_num_rows($res);
if ($num) {
$freeze = 0;
echo("That email address is already taken.<br>");
}
#
# Check password fields
#
if ($password->getValue() != $confirmpw->getValue()) {
$freeze = 0;
echo("Your password fields do not match.<br>");
}
#
# Redisplay the form to make changes
#
if ($freeze == 0) {
$form->addElement('submit', null, 'Continue');
$form->display();
}
#
# If the form confirms, freeze it then set the saveform flag
#
else {
$form->removeElement(confirmpw);
$form->freeze();
$form->addElement('submit', null, 'Save Changes');
$saveform->setValue(1);
$form->display();
}
}
}
else {
$form->addElement('submit', null, 'Continue');
$form->display();
}
include("footer.php");
?> |
|
|
| Back to top |
|
 |
mark
Joined: 07 Jan 2007
Posts: 1053
|
| Posted: Sun May 04, 2008 10:50 pm Post subject: |
|
|
At first, please replace addslashes() by mysql_real_escape_string(), as only the latter ensures safety for your SQL queries.
The behaviour of the password form element is expected behaviour. Instead of submitting the frozen form, I'd write all submitted values into a session. Below the confirmation display of the form, you could place two links, e.g. "correct entries" (here you would populate setDefaultValues() with the values from the session) and "proceed" (here you could send an email or do whatever is appropriate). |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
