Please go back ' .' and try again.'; do_html_footer; exit; } // passwords not the same if $passwd != $passwd2 { do_html_heading'Problem:'; echo 'The passwords you entered do not match -
Trang 1Figure 24.4 The registration form retrieves the details we need for the data-base.We get users to type their passwords twice, in case they make a mistake
Listing 24.6 register_new.php—This Script Validates the New User’s Data and
Puts It in the Database
<?php // include function files for this application require_once('bookmark_fns.php');
//create short variable names
$email=$HTTP_POST_VARS['email'];
$username=$HTTP_POST_VARS['username'];
$passwd=$HTTP_POST_VARS['passwd'];
$passwd2=$HTTP_POST_VARS['passwd2'];
// start session which may be needed later // start it now because it must go before headers session_start();
// check forms filled in
if (!filled_out($HTTP_POST_VARS)) {
do_html_header('Problem:');
echo 'You have not filled the form out correctly - please go back' ' and try again.';
do_html_footer();
Trang 2exit;
}
// email address not valid
if (!valid_email($email)) {
do_html_header('Problem:');
echo 'That is not a valid email address Please go back ' ' and try again.';
do_html_footer();
exit;
}
// passwords not the same
if ($passwd != $passwd2) {
do_html_heading('Problem:');
echo 'The passwords you entered do not match - please go back' ' and try again.';
do_html_footer();
exit;
}
// check password length is ok // ok if username truncates, but passwords will get // munged if they are too long
if (strlen($passwd)<6 || strlen($passwd) >16) {
do_html_header('Problem:');
echo 'Your password must be between 6 and 16 characters.' 'Please go back and try again.';
do_html_footer();
exit;
} // attempt to register
$reg_result = register($username, $email, $passwd);
if ($reg_result === true) {
// register session variable
$HTTP_SESSION_VARS['valid_user'] = $username;
// provide link to members page do_html_header('Registration successful');
echo 'Your registration was successful Go to the members page ' Listing 24.6 Continued
Trang 3.'to start setting up your bookmarks!';
do_html_url('member.php', 'Go to members page');
} else { // otherwise provide link back, tell them to try again do_html_header('Problem:');
echo $reg_result;
do_html_footer();
exit;
}
// end page do_html_footer();
?>
This is the first script with any complexity to it that we have looked at in this applica-tion.
The script begins by including the application’s function files and starting a session (When the user is registered, we will create his username as a session variable as we did
in Chapter 20, “Using Session Control in PHP.”) Next, we validate the input data from the user.There are a number of conditions we must test for.They are
n Check that the form is filled out.We test this with a call to the function filled_out()as follows:
if (!filled_out($HTTP_POST_VARS)) This function is one we have written ourselves It is in the function library in the file data_valid_fns.php.We’ll look at this function in a minute.
n Check that the email address supplied is valid.We test this as follows:
if (valid_email($email)) Again, this is a function that we’ve written, which is in the data_valid_fns.php library.
n Check that the two passwords the user has suggested are the same, as follows:
if ($passwd != $passwd2)
n Check that the password is the appropriate length, as follows:
if (strlen($passwd)<6 || strlen($passwd) >16)
In our example, the password should be at least 6 characters long to make it harder
to guess, and fewer than 16 characters, so it will fit in the database.
Listing 24.6 Continued
Trang 4The data validation functions we have used here,filled_out()and valid_email(), are shown in Listing 24.7 and Listing 24.8, respectively.
Listing 24.7 filled_out() Function from data_valid_fns.php—This Function
Checks That the Form Has Been Filled Out
function filled_out($form_vars) {
// test that each variable has a value foreach ($form_vars as $key => $value) {
if (!isset($key) || ($value == '')) return false;
} return true;
}
Listing 24.8 valid_email() Function from data_valid_fns.php—This Function
Checks Whether an Email Address Is Valid
function valid_email($address) {
// check an email address is possibly valid
if (ereg('^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$', $address)) return true;
else return false;
} The function filled_out()expects to be passed an array of variables—in general, this will be the $HTTP_POST_VARSor $HTTP_GET_VARSarrays It will check whether they are all filled out, and return true if they are and false if they are not.
The valid_email()function uses the regular expression we developed in Chapter 4,
“String Manipulation and Regular Expressions,” for validating email addresses It returns true if an address appears valid, and false if it does not.
After we’ve validated the input data, we can actually try and register the user If you look back at Listing 24.6, you’ll see that we do this as follows:
$reg_result = register($username, $email, $passwd);
if ($reg_result === true) {
// register session variable
$HTTP_SESSION_VARS['valid_user'] = $username;
// provide link to members page do_html_header('Registration successful');
Trang 5echo 'Your registration was successful Go to the members page ' 'to start setting up your bookmarks!';
do_html_url('member.php', 'Go to members page');
}
As you can see, we are calling the register()function with the username, email address, and password that were entered If this succeeds, we register the username as a session variable and provide the user with a link to the main members’ page.This is the output shown in Figure 24.5.
Figure 24.5 Registration was successful—the user can now go to the members page
The register()function is in the included library called user_auth_fns.php.This function is shown in Listing 24.9.
Listing 24.9 register() Function from user_auth_fns.php—This Function
Attempts to Put the New User’s Information in the Database
function register($username, $email, $password) // register new person with db
// return true or error message {
// connect to db
$conn = db_connect();
if (!$conn) return 'Could not connect to database server - please try later.';