Forum Moderators: coopster
///////////////////////////////////////////
email matchyour password is strong.Your passwords is strong.Your passwords is strong.
Warning: Cannot modify header information - headers already sent by (output started at RegisterP2.php:15) in /home/biznisfi/public_html/RegisterP2.php on line 59
//////////////////////////////////////////
the following is my code:
index.php
<?php
session_start(); //error massage for validate form
$_SESSION['register_errorM_Email']="";
$_SESSION['register_errorM_Password']="";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<title> Welcome to login </title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<head>
<style type="text/css">
body{
padding: 0px;
margin: 0px;
border: 0px;
background-color: white;
}
#container{
padding: 0px;
border-top: 2px solid #1d2add;
border-bottom: 2px solid #1d2add;
border-left: 1px solid #3b44b5;
border-right: 1px solid #3b44b5;
margin-left: auto;
margin-right: auto;
margin-top: 5%;
margin-bottom: auto;
width: 330px;
height: 370px;
}
#t1{
font-weight: bold;
font-size: 18px;
color: white;
background-color:#3542eb;
}
form{
padding:0px;
border: 0px;
margin: auto;
width: 280px;
}
#JoinMe
{
background-color: #41ac1c;
padding: 2px;
border: 2px solid #94e07a;
color: white;
font-size: 12px;
font-weight: bold;
}
#JoinMe:hover
{
background-color: #237516;
border: 2px solid #104108;
padding: 2px;
}
td{
padding: 0;
border: 0;
margin: 0;
}
</style>
</head>
<body>
<div id="container">
<form action="/RegisterP2.php" method="post">
<table>
<tr><td colspan="2" id="t1">Welcome to join #*$!x</td></tr>
<tr><td>
Email Address:</td><td><input type="text" name="email" maxlength="60"><?php if($_SESSION['register_errorM_Email']!="") echo $_SESSION['register_errorM_Email']; ?></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass1" maxlength="30"><?php if($_SESSION['register_errorM_Password']!="") echo $_SESSION['register_errorM_Password']; ?></td></tr>
<tr><td>Confirm Password:</td><td><input type="password" name="pass2" maxlength="30"><?php if($_SESSION['register_errorM_Password']!="") echo $_SESSION['register_errorM_Password']; ?></td></tr>
<tr><td colspan="2"><hr></td></tr>
<tr><td>
Display Name:</td><td><input type="text" name="DisplayName" maxlength="30"></td></tr>
<tr><td>
First Name:</td><td><input type="text" name="FirstName" maxlength="30"></td></tr>
<tr><td>Last Name:</td><td><input type="text" name="LastName" maxlength="30"></td></tr>
<tr><td>Country:</td><td><input type="text" name="Country" maxlength="30"></td></tr>
<tr><td>State or City:</td><td><input type="text" name="StateCity" maxlength="30"></td></tr>
<tr><td colspan="2"><hr></td></tr>
<tr><td>Age</td><td><input type="text" name="age" maxlength="30"></td></tr>
<tr><td>Gender:</td><td><input type="radio" checked="checked"
name="Sex" value="male">Male <input type="radio" checked="checked"
name="Sex" value="female">Female </td></tr>
<tr><td colspan="2" align="right"> <input type="submit" name="Join" value="Sign Up" id="JoinMe"></td></tr>
</table>
</form>
</container>
</body>
</html>
////////////////////////////////////////////////
RegisterP2.php
<?php
session_start();
//flag to check user input, 1=valid, 0=invalid
$flag=1;
if(isset($_POST['Join'])){
$email_pattern = '#.*@.*\..*#';
$email = $_POST['email'];
if (preg_match($email_pattern, $_POST['email']) > 0) {
echo " email match";
}
else{
echo " email don't match";
$_SESSION['register_errorM_Email']="*";
$flag=0;
}
$password1 = $_POST['pass1'];
$password2 = $_POST['pass2'];
if ($password2==$password1) {
echo "your password is strong.";
} else {
echo "Your password 2 is weak.";
$_SESSION['register_errorM_Password']="*";
$flag=0;
}
if (preg_match("/^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $password1))
{
echo "Your passwords is strong.";
} else {
echo "Your password is weak.";
$_SESSION['register_errorM_Password']="*";
$flag=0;
}
if (preg_match("/^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $password2))
{
echo "Your passwords is strong.";
} else {
echo "Your password is weak.";
$_SESSION['register_errorM_Password']="*";
$flag=0;
}
if($flag==1)
header('Location:RegisterP3.php');
}
?>
$flag=1;
if(isset($_POST['Join'])){
$email_pattern = '#.*@.*\..*#';
$email = $_POST['email'];
if (preg_match($email_pattern, $_POST['email']) > 0) {
echo " email match";
}
else{
echo " email don't match";
$_SESSION['register_errorM_Email']="*";
$flag=0;
}
...
if($flag==1)
header('Location:RegisterP3.php');
}
I would also suggest that you set $flag = 0; at the beginning. As at the moment your default is to allow people through, as this is security you should default to kicking people out and only allow them through if they pass all of your checks. While you are setting $flag = 0; if something goes wrong it only takes a small mistake and people get through. Call me paranoid (many do) but I would always default to kicking people out, not letting them in.
Also 1 = true or anything else that evaluates to true. So (paranoid I know) use if ($flag === 1) so that only the integer 1 will work, not just an expression that evaluates to true.
