PHP form, how to return error in same page rather then die() on new page? -


have been trying output errors on same page of form, using php form.

<?php       // first execute our common code connection database , start session      require("common.php");       // if statement checks determine whether registration form has been submitted      // if has, registration code run, otherwise form displayed      if(!empty($_post))      {           // ensure user has entered non-empty name          if(empty($_post['full_name']))          {              return("please enter full name.");          }           // ensure user has entered non-empty username          if(empty($_post['username']))          {              // note die() terrible way of handling user errors              // this.  better display error form              // , allow user correct mistake.  however,              // exercise implement yourself.              //die("please enter username.");              return("pufta kollok");         }            // ensure user has entered non-empty password          if(empty($_post['password']))          {              die("please enter password.");          }             // make sure user entered valid e-mail address          // filter_var useful php function validating form input, see:          // http://us.php.net/manual/en/function.filter-var.php          // http://us.php.net/manual/en/filter.filters.php          if(!filter_var($_post['email'], filter_validate_email))          {              die("invalid e-mail address");          }           // use sql query see whether username entered          // user in use.  select query used retrieve data database.          // :username special token, substitute real value in place when          // execute query.          $query = "              select                  1              users_pharm                              username = :username          ";           // contains definitions special tokens place in          // our sql query.  in case, defining value token          // :username.  possible insert $_post['username'] directly          // $query string; doing insecure , opens          // code sql injection exploits.  using tokens prevents this.          // more information on sql injections, see wikipedia:          // http://en.wikipedia.org/wiki/sql_injection          $query_params = array(              ':username' => $_post['username']          );           try          {              // these 2 statements run query against database table.              $stmt = $db->prepare($query);              $result = $stmt->execute($query_params);          }          catch(pdoexception $ex)          {              // note: on production website, should not output $ex->getmessage().              // may provide attacker helpful information code.               die("failed run query: " . $ex->getmessage());          }           // fetch() method returns array representing "next" row          // selected results, or false if there no more rows fetch.          $row = $stmt->fetch();           // if row returned, know matching username found in          // database , should not allow user continue.          if($row)          {              die("this username in use");          }           // perform same type of check email address, in order          // ensure unique.          $query = "              select                  1              users_pharm                               email = :email          ";           $query_params = array(              ':email' => $_post['email']          );           try          {              $stmt = $db->prepare($query);              $result = $stmt->execute($query_params);          }          catch(pdoexception $ex)          {              die("failed run query: " . $ex->getmessage());          }           $row = $stmt->fetch();           if($row)          {              die("this email address registered");          }           // insert query used add new rows database table.          // again, using special tokens (technically called parameters)          // protect against sql injection attacks.          $query = "              insert users_pharm (                  username,                  password,                  salt,                  email,                 full_name,                 pharmacy                 ) values (                  :username,                  :password,                  :salt,                  :email,                 :full_name,                 :pharmacy              )          ";           // salt randomly generated here protect again brute force attacks          // , rainbow table attacks.  following statement generates hex          // representation of 8 byte salt.  representing in hex provides          // no additional security, makes easier humans read.          // more information:          // http://en.wikipedia.org/wiki/salt_%28cryptography%29          // http://en.wikipedia.org/wiki/brute-force_attack          // http://en.wikipedia.org/wiki/rainbow_table          $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));           // hashes password salt can stored securely          // in database.  output of next statement 64 byte hex          // string representing 32 byte sha256 hash of password.  original          // password cannot recovered hash.  more information:          // http://en.wikipedia.org/wiki/cryptographic_hash_function          $password = hash('sha256', $_post['password'] . $salt);           // next hash hash value 65536 more times.  purpose of          // protect against brute force attacks.  attacker must compute hash 65537          // times each guess make against password, whereas if password          // hashed once attacker have been able make 65537 different           // guesses in same amount of time instead of one.          for($round = 0; $round < 65536; $round++)          {              $password = hash('sha256', $password . $salt);          }           // here prepare our tokens insertion sql query.  not          // store original password; hashed version of it.  store          // salt (in plaintext form; not security risk).          $query_params = array(              ':username' => $_post['username'],              ':password' => $password,              ':salt' => $salt,              ':email' => $_post['email'],             ':full_name' => $_post['full_name'],             ':pharmacy' => $_post['pharmacy']             );           try          {              // execute query create user              $stmt = $db->prepare($query);              $result = $stmt->execute($query_params);          }          catch(pdoexception $ex)          {              // note: on production website, should not output $ex->getmessage().              // may provide attacker helpful information code.               die("failed run query: " . $ex->getmessage());          }           // redirects user login page after register          header("location: login.php");           // calling die or exit after performing redirect using header function          // critical.  rest of php script continue execute ,          // sent user if not die or exit.          die("redirecting login.php");      }     ?>  <html> <head> <!--document's css styling --> <link href="css/testcss.css" rel="stylesheet" type="text/css" /> </head>  <div id="header" style="text-align:left"> <body> <h1>pharmacists registration</h1>  <form action="register2.php" method="post"> <br />      full name:<br />     <input type="text" name="full_name" value="" />      <br /><br />       username:<br />      <input type="text" name="username" value="" />      <br /><br />       pharmacy :<br />      <input type="text" name="pharmacy" value="" />      <br /><br />       e-mail:<br />      <input type="text" name="email" value="" />      <br /><br />       password:<br />      <input type="password" name="password" value="" />      <br /><br />       <table>         <tr>     <input type="submit" value="register" />  </form> <form action="login.php" method="post">     <input type="submit" value="back"> </form> </body> </div>  </html>

have researched , found ajax, in no position revamp form scratch. have tried print(), return() error() returning on new page error apart return returns blank on new page.

this login page able require, of display erro on same page. have tried down bit in achieving this.. i'm noticing validation in curly brackets , trigger boolean. if false print error.. i've tried print() yet it's achieving ouutput on new page form on same page login...here's login page's code..

<?php       // first execute our common code connection database , start session      require("common.php");       error_reporting(0);      // variable used re-display user's username them in      // login form if fail enter correct password.  initialized here      // empty value, shown if user has not submitted form.      $submitted_username = '';       // if statement checks determine whether login form has been submitted      // if has, login code run, otherwise form displayed      if(!empty($_post))      {          if($_post['login_type']=="doctor_login") {          // query retreives user's information database using          // username.          $query = "              select                  id,                  username,                  password,                  salt,                  email,                 full_name             users                               username = :username          ";           // parameter values          $query_params = array(              ':username' => $_post['username']          );           try          {              // execute query against database              $stmt = $db->prepare($query);              $result = $stmt->execute($query_params);          }          catch(pdoexception $ex)          {              // note: on production website, should not output $ex->getmessage().              // may provide attacker helpful information code.               die("failed run query: " . $ex->getmessage());          }           // variable tells whether user has logged in or not.          // initialize false, assuming have not.          // if determine have entered right details, switch true.          $login_ok = false;           // retrieve user data database.  if $row false, username          // entered not registered.          $row = $stmt->fetch();          if($row)          {              // using password submitted user , salt stored in database,              // check see whether passwords match hashing submitted password              // , comparing hashed version stored in database.              $check_password = hash('sha256', $_post['password'] . $row['salt']);              for($round = 0; $round < 65536; $round++)              {                  $check_password = hash('sha256', $check_password . $row['salt']);              }               if($check_password === $row['password'])              {                  // if do, flip true                  $login_ok = true;              }          }           // if user logged in successfully, send them private members-only page          // otherwise, display login failed message , show login form again          if($login_ok)          {              // here preparing store $row array $_session              // removing salt , password values it.  although $_session              // stored on server-side, there no reason store sensitive values              // in unless have to.  thus, best practice remove these              // sensitive values first.              unset($row['salt']);              unset($row['password']);               // stores user's data session @ index 'user'.              // check index on private members-only page determine whether              // or not user logged in.  can use retrieve              // user's details.              $_session['user'] = $row;               // redirect user private members-only page.              header("location: private.php");              die("redirecting to: private.php");          }          else          {              // tell user failed              print("login failed.");               // show them username again have enter new              // password.  use of htmlentities prevents xss attacks.  should              // use htmlentities on user submitted values before displaying them              // users (including user submitted them).  more information:              // http://en.wikipedia.org/wiki/xss_attack              $submitted_username = htmlentities($_post['username'], ent_quotes, 'utf-8');          }         }          else if($_post['login_type']=="pharmacist_login")         {              // query retreives user's information database using          // username.          $query = "              select                  id,                  username,                  password,                  salt,                  email,                 full_name             users_pharm                               username = :username          ";           // parameter values          $query_params = array(              ':username' => $_post['username']          );           try          {              // execute query against database              $stmt = $db->prepare($query);              $result = $stmt->execute($query_params);          }          catch(pdoexception $ex)          {              // note: on production website, should not output $ex->getmessage().              // may provide attacker helpful information code.               die("failed run query: " . $ex->getmessage() );          }           // variable tells whether user has logged in or not.          // initialize false, assuming have not.          // if determine have entered right details, switch true.          $login_ok = false;           // retrieve user data database.  if $row false, username          // entered not registered.          $row = $stmt->fetch();          if($row)          {              // using password submitted user , salt stored in database,              // check see whether passwords match hashing submitted password              // , comparing hashed version stored in database.              $check_password = hash('sha256', $_post['password'] . $row['salt']);              for($round = 0; $round < 65536; $round++)              {                  $check_password = hash('sha256', $check_password . $row['salt']);              }               if($check_password === $row['password'])              {                  // if do, flip true                  $login_ok = true;              }          }           // if user logged in successfully, send them private members-only page          // otherwise, display login failed message , show login form again          if($login_ok)          {              // here preparing store $row array $_session              // removing salt , password values it.  although $_session              // stored on server-side, there no reason store sensitive values              // in unless have to.  thus, best practice remove these              // sensitive values first.              unset($row['salt']);              unset($row['password']);               // stores user's data session @ index 'user'.              // check index on private members-only page determine whether              // or not user logged in.  can use retrieve              // user's details.              $_session['user'] = $row;               // redirect user private members-only page.              header("location: private2.php");              die("redirecting to: private2.php");          }          else          {              // tell user failed              print("login failed.");               // show them username again have enter new              // password.  use of htmlentities prevents xss attacks.  should              // use htmlentities on user submitted values before displaying them              // users (including user submitted them).  more information:              // http://en.wikipedia.org/wiki/xss_attack              $submitted_username = htmlentities($_post['username'], ent_quotes, 'utf-8');          }          }     }   ?>   <html>  <head> <!--document's css styling --> <link href="css/testcss.css" rel="stylesheet" type="text/css" /> </head>  <body>  <div id="header" style="text-align:left"> <br /> <h1>login</h1>  <form action="login.php" method="post">      username:<br />      <input type="text" name="username" value="<?php echo $submitted_username; ?>" />      <br /><br />      password:<br />      <input type="password" name="password" value="" />      <br /><br />      <!--<form>-->         <input type="radio" name="login_type" value="pharmacist_login" id="pharmacist_login"/> pharmacist login         <br /><input type="radio" name="login_type" value="doctor_login" id="doctor_login"/> g.p login<br />     <!--</form>-->     <br />     <input type="submit" value="login" />       <form action="forgotpassword.php" method="post">      <input type="submit" value="forgot password" />      </form>   </form>   <br /> <a href="register.php">general practitioner's registration</a> <br /> <a href="register2.php">pharmacist's registration</a> <br /> <a href="forgot_password.php">forgot password</a> </div> </body>  </html>

when using $_post , $_get(or other php coding ) page send server , current page waiting result page server. if means show error on same page of form clause can this(an editing of code ) :

<?php       // first execute our common code connection database , start session      require("common.php");       // if statement checks determine whether registration form has been submitted      // if has, registration code run, otherwise form displayed      $errortest="";     if(!empty($_post))      {           // ensure user has entered non-empty name          if(empty($_post['full_name']))          {              $errortest="please enter full name.";         }           // ensure user has entered non-empty username          if(empty($_post['username']))          {              // note die() terrible way of handling user errors              // this.  better display error form              // , allow user correct mistake.  however,              // exercise implement yourself.              //die("please enter username.");              $errortest .="pufta kollok";         }            // ensure user has entered non-empty password          if(empty($_post['password']))          {              $errortest.="please enter password.";          }             // make sure user entered valid e-mail address          // filter_var useful php function validating form input, see:          // http://us.php.net/manual/en/function.filter-var.php          // http://us.php.net/manual/en/filter.filters.php          if ($errortest=="")  // add line want avoid run          if(!filter_var($_post['email'], filter_validate_email))          {             $errortest="invalid e-mail address"=;              // use sql query see whether username entered          // user in use.  select query used retrieve data database.          // :username special token, substitute real value in place when          // execute query.          $query = "              select                  1              users_pharm                              username = :username          ";           // contains definitions special tokens place in          // our sql query.  in case, defining value token          // :username.  possible insert $_post['username'] directly          // $query string; doing insecure , opens          // code sql injection exploits.  using tokens prevents this.          // more information on sql injections, see wikipedia:          // http://en.wikipedia.org/wiki/sql_injection          if ($errortest=="")          $query_params = array(              ':username' => $_post['username']          );            try          {              // these 2 statements run query against database table.              $stmt = $db->prepare($query);              $result = $stmt->execute($query_params);          }          catch(pdoexception $ex)          {              // note: on production website, should not output $ex->getmessage().              // may provide attacker helpful information code.               $errortest="failed run query: " . $ex->getmessage());          }           // fetch() method returns array representing "next" row          // selected results, or false if there no more rows fetch.            $row = $stmt->fetch();           // if row returned, know matching username found in          // database , should not allow user continue.            if($row)          {              $errortest="this username in use";          }           // perform same type of check email address, in order          // ensure unique.          $query = "              select                  1              users_pharm                               email = :email          ";           $query_params = array(              ':email' => $_post['email']          );           try          {              $stmt = $db->prepare($query);              $result = $stmt->execute($query_params);          }          catch(pdoexception $ex)          {              $errortest="failed run query: " . $ex->getmessage();          }           $row = $stmt->fetch();           if($row)          {              $errortest="this email address registered";          }           // insert query used add new rows database table.          // again, using special tokens (technically called parameters)          // protect against sql injection attacks.          $query = "              insert users_pharm (                  username,                  password,                  salt,                  email,                 full_name,                 pharmacy                 ) values (                  :username,                  :password,                  :salt,                  :email,                 :full_name,                 :pharmacy              )          ";           // salt randomly generated here protect again brute force attacks          // , rainbow table attacks.  following statement generates hex          // representation of 8 byte salt.  representing in hex provides          // no additional security, makes easier humans read.          // more information:          // http://en.wikipedia.org/wiki/salt_%28cryptography%29          // http://en.wikipedia.org/wiki/brute-force_attack          // http://en.wikipedia.org/wiki/rainbow_table          $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));           // hashes password salt can stored securely          // in database.  output of next statement 64 byte hex          // string representing 32 byte sha256 hash of password.  original          // password cannot recovered hash.  more information:          // http://en.wikipedia.org/wiki/cryptographic_hash_function          $password = hash('sha256', $_post['password'] . $salt);           // next hash hash value 65536 more times.  purpose of          // protect against brute force attacks.  attacker must compute hash 65537          // times each guess make against password, whereas if password          // hashed once attacker have been able make 65537 different           // guesses in same amount of time instead of one.          for($round = 0; $round < 65536; $round++)          {              $password = hash('sha256', $password . $salt);          }           // here prepare our tokens insertion sql query.  not          // store original password; hashed version of it.  store          // salt (in plaintext form; not security risk).          $query_params = array(              ':username' => $_post['username'],              ':password' => $password,              ':salt' => $salt,              ':email' => $_post['email'],             ':full_name' => $_post['full_name'],             ':pharmacy' => $_post['pharmacy']             );           try          {              // execute query create user              $stmt = $db->prepare($query);              $result = $stmt->execute($query_params);          }          catch(pdoexception $ex)          {              // note: on production website, should not output $ex->getmessage().              // may provide attacker helpful information code.               $errortest="failed run query: " . $ex->getmessage();          }           // redirects user login page after register          header("location: login.php");           // calling die or exit after performing redirect using header function          // critical.  rest of php script continue execute ,          // sent user if not die or exit.          $errortest="redirecting login.php";      }     ?>  <html> <head> <!--document's css styling --> <link href="css/testcss.css" rel="stylesheet" type="text/css" /> </head>  <div id="header" style="text-align:left"> <body> <h1>pharmacists registration</h1>  <?php> if ($errortest!="")   echo "<br />error:".$errortest."<br />"; if (empty($_post) || $errortest!="" )  { <?> <form action="register2.php" method="post"> <br />      full name:<br />     <input type="text" name="full_name" value="" />      <br /><br />       username:<br />      <input type="text" name="username" value="" />      <br /><br />       pharmacy :<br />      <input type="text" name="pharmacy" value="" />      <br /><br />       e-mail:<br />      <input type="text" name="email" value="" />      <br /><br />       password:<br />      <input type="password" name="password" value="" />      <br /><br />       <table>         <tr>     <input type="submit" value="register" />  </form> <?php> } <?> <form action="login.php" method="post">     <input type="submit" value="back"> </form> </body> </div>  </html>

you can using if condition want in code

   if ($errortest=="")       next step

Comments

Post a Comment

Popular posts from this blog

c# - Send Image in Json : 400 Bad request -

from android trying send image class of data, iis webservice. (c#) the problem 400 bad request . the image being encoded base64 . , placed json rest of class elements. my guess base64 not valid inside json. server not understand it. if set string "" , post accepted fine. so question is, how make base64 valid within json array? ( tried url.encode no success). or how should send image android webservice? gson gson = new gson(); string json = gson.tojson(record); // record has param { string base64photo } how big image? i'm pretty sure surpassing iis json size limit (default 4 mb). check http://geekswithblogs.net/frankw/archive/2008/08/05/how-to-configure-maxjsonlength-in-asp.net-ajax-applications.aspx or http://www.webtrenches.com/post.cfm/iis7-file-upload-size-limits good luck!
Read more

javascript - addthis share facebook and google+ url -

i attempting use addthis create simple url shares whichever current page user on when click share button. of right now, have twitter working. when user clicks, able see url populated in tweet box. when user clicks facebook or google+, url doesn't seem show in share box. <ul class="addthis_toolbox addthis_default_style "> <li><a class="addthis_button_facebook"><img src="/img/facebook-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_twitter"><img src="/img/twitter-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_google_plusone_share"><img src="/img/google-social.png" width="20" height="20" border="0" alt="s
Read more

ios - Show keyboard with UITextField in the input accessory view -

i have buttona , when buttona clicked, want keyboard show uitextfield in inputaccessoryview. there way have keyboard show manually , set inputaccessoryview without having uitextfield initially? thanks. you cannot summon keyboard without object can become first responder. there 2 ways work around: subclass uiview , implement uikeyinput protocol in it. example: in .h file: @interface inputobject : uiview<uikeyinput> @property (nonatomic, copy) nsstring *text; @property (nonatomic, strong) uiview *inputaccessoryview; // must override inputaccessoryview , since it's readonly default @end in .m file, implement protocol: - (bool)canbecomefirstresponder { return yes; } - (bool)hastext { return [self.text length]; } - (void)inserttext:(nsstring *)text { nsstring *selftext = self.text ? self.text : @""; self.text = [selftext stringbyappendingstring:text]; [[nsnotificationcenter defaultcenter] postnotificationname:kinputobjec
Read more