PHP check for errors in input, if no errors execute and upload
I\'m currently working on a registration system and ran into some problem.
I\'ll start with pasting a simplified version of the code before:
session_start(
-
got bored. this is not for internet points.
new user created
"; } } else error('passwords did not match'); } } elseif ($action=='login_user') { $verified = verify_credentials($mysqli,$user,$pass); if ($verified) { print "
user logged in
"; } } elseif ($action=='update_pass') { $verified = verify_credentials($mysqli,$user,$pass); $validpass = validate_password($pass); if ($verified && $validpass && $pass!=$pass2) { if (update_password($mysqli,$user,$pass,$pass2)) { print "
new user created
"; } } else error('cannot update to same password'); } $mysqli->close(); } } function error($message) { print "
$message
"; } function update_password($mysqli,$user,$pass,$pass2) { $hash = password_hash($pass, PASSWORD_BCRYPT); $stmt = $mysqli->prepare('update user set password = ? where username = ?'); $stmt->bind_param('ss',$user,$hash); $stmt->execute(); $msql_error = $mysqli->error; $updated = !(empty($msql_error)); error($msql_error); // for debugging only return $updated; } function make_new_user($mysqli,$user,$pass) { $userid = false; $hash = password_hash($pass, PASSWORD_BCRYPT); $stmt = $mysqli->prepare('insert into user (username,password) values (?,?)'); $stmt->bind_param('ss',$user,$hash); $stmt->execute(); $msql_error = $mysqli->error; if (empty($msql_error)) { $userid = $mysqli->insert_id; } else error($msql_error); // for debugging only return $userid; } // really, this should be done with javascript instantaneously function validate_password($pass) { $error = false; if (strlen($pass) < 8) { error('please enter a password with at least 8 characters'); } elseif (!preg_match('`[A-Z]`', $pass)) { error('please enter at least 1 capital letter'); } else $error = true; return $error; } function verify_credentials($mysqli,$user,$pass) { $row = get_user_info($mysqli,$user); $verified = false; if ($row) { if (password_verify($pass, $row['pass'])) { $verified = true; } } else error('username and password did not match'); return $verified; } function get_user_info($mysqli,$user) { $row = array(); $stmt = $mysqli->prepare('select userid, username, password from user where username = ?'); $stmt->bind_param('s',$user); $stmt->execute(); $stmt->bind_result($row['userid'],$row['user'],$row['pass']); if (!$stmt->fetch()) $row = false; $stmt->close(); return $row; } ?>
