php - Validation Display in Registration form with Bootstrap -


in following code in crudindex.php if enter password length less 6 characters error message not showing using span command.required pattern working. messages using span command not displaying ex : if enter length less 6 in password no error message displays

what wrong in code?

<?php $con = mysqli_connect("127.0.0.1", "kkits996_ganesh", "", "kkits996_testmysql")  or die("error " . mysqli_error($con)); $error=false; if (isset($_post) && (!empty($_post))){  $uname=mysqli_real_escape_string($con,$_post["uname"]);  $pwd=mysqli_real_escape_string($con,$_post["pwd"]);  $cpwd=mysqli_real_escape_string($con,$_post["cpwd"]); $password_error=""; $cpassword_error=""; if(strlen($pwd) < 6) {         $error = true;         $password_error = "password must minimum of 6 characters";     }     if($pwd != $cpwd) {         $error = true;         $cpassword_error = "password , confirm password doesn't match";     }  if (isset($_post['register'])) {         # register-button clicked   $createsql1="insert cruduser(id,username,password) values                              ('','$uname','$pwd')";  if (mysqli_query($con,$createsql1)) { echo "insert successful in table cruduser"; mysqli_close($con); //redirect because need consider post request crudadd.php header( 'location: crudaddusr.php' ) ; //include ("crudadd.php"); } else { die(mysqli_error($con)); } } if (isset($_post['login'])) {         # login-button clicked session_start(); $session['suname']=$uname; $session['spwd']=$pwd; if ($uname=='admin' && $pwd=='admin') { include('crudview.php'); } else { header( "location: crudeditusr.php?suname=$uname&spwd=$pwd"); } } mysqli_close($con); } ?> <!--doctype html --> <! bootstrap link downloaded bootstrapcdn.com css , js --> <! col-mod-6 col-mod-offset bootstrap related--> <html> <head> <title>"add records in crud table"</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> </head> <body> <div class="container">  <div class="row"> <form method="post" class="form-horizontal col-mod-6 col-mod-offset-3"> <h2>create table crud</h2> <div class="form-group"> <label for="input" class="col-sm-2 control-label">username : </label> <div class="col-sm-10"> <input type="text" name="uname"  required pattern="^[a-za-z0-9]+" class="form-control" id="input1" placeholder="username"/> </div> </div> <div class="form-group"> <label for="input" class="col-sm-2 control-label">password: </label> <div class="col-sm-10"> <input type="password" name="pwd"  required pattern="^[a-za-z0-9]+" class="form-control" id="input1" placeholder="password"/> <span class="error"><?php if (isset($password_error)) echo $password_error;?></span> </div> </div> <div class="form-group"> <label for="input" class="col-sm-2 control-label">confirm password : </label> <div class="col-sm-10"> <input type="password" name="cpwd"  required pattern="^[a-za-z0-9]+" class="form-control" id="input1" placeholder="confirm password"/> <span class="text-danger"><?php if (isset($cpassword_error))  echo $cpassword_error; ?></span> </div> </div> <div class="row">                  <div class="col-mod-6 col-mod-offset-3">                    <button id="submit1" name="register" class="btn btn-primary pull-right">register</button>                   <button id="submit2" name="login" class="btn btn-secondary pull-right">login</button>                 </div>             </div> </form> </body> </html>

this working example display errors , prevent security problems. have removed required pattern html. didn't set errors. can handle errors php , display them. plus didn't use action="path/to/handleform.php".

and redirect should in login: header( "location: crudeditusr.php?suname=".$uname."&spwd=".$pwd);

there 3 security problems here:

  • sql injection. solution=> prepared statement
  • password saved plain text. solution=> password_hash()

  • cross-site request forgery (csrf). solution=> input hidden token

    <?php $con = mysqli_connect("127.0.0.1", "kkits996_ganesh", "", "kkits996_testmysql")  or die("error " . mysqli_error($con));  // declare array errors $error=array();  //-----------------------------------------------------// //---------------------csrf protect--------------------// //-----------------------------------------------------//  //generate token/ function generatetoken( $formname ) {        //secret_key change     $secretkey ='?@geskki58668445744!erpoejsj48';    if ( !session_id() )     {        session_start();    }    $sessionid = session_id();    return hash('sha512', $formname.$sessionid.$secretkey ); }  //check if token valid function checktoken( $token, $formname) {    return $token === generatetoken( $formname ); }  //separate register , login not confused//  //-----------------------------------------------------// //---------------------registration--------------------// //-----------------------------------------------------// if ( isset($_post['register']) && checktoken( $_post['csrf_token'], 'userfromregistration' )  )  {     //if username required     if(!preg_match('/^[a-za-z0-9]+$/',$_post['uname']))     {          $error['username'] = "username must have alphanumeric characters ";     }      //if password has less 6 characters     if(strlen($_post['pwd']) < 6)     {          $error['password'] = "password must minimum of 6 characters";     }      //if password not match    if($_post['pwd'] !== $_post['cpwd'] or empty($_post['cpwd']) )     {          $error['passwordmatch'] = "password , confirm password doesn't match";    }      //if empty error array     if( !array_filter($error) )     {          //trim data          $username = trim( $_post['uname'] );           // hash password, never save password plain text!!!!!!!          // mysql! : allow storage expand past 60 characters (varchar 255 good)          $password = password_hash( $_post['pwd'], password_default);           //if id autoincremented leave id          //----------use prepared statement sql injection---//           $query = 'insert cruduser (username, password) values (?,?)';          $stmt = $con->prepare($query);          $stmt->bind_param("ss", $username, $password);          $stmt->execute();          $stmt->close();          $con->close();           //redirect because need consider post request crudadd.php          header( 'location: crudaddusr.php' ) ;      } }  //-----------------------------------------------------// //------------------------login------------------------// //-----------------------------------------------------// if (isset($_post['login'])) {      //what ever want      //use password_verify() , session_regenerate_id()       //to compare passwords , generate session id prevent session fixation.       session_start();       $uname = $_post['uname'];       $pwd = $_post['pwd'];        //if don't need delete       $session['suname']=$unmane;       $session['spwd']=$pwd;        if ($uname=='admin' && $pwd=='admin')       {           include('crudview.php');       }       else       {           header( "location: crudeditusr.php?suname=".$uname."&spwd=".$pwd);       }     }  ?>  <!--html part--> <!doctype html> <html>     <head>         <title>"add records in crud table"</title>         <!-- bootstrap link downloaded bootstrapcdn.com css , js -->         <!-- col-mod-6 col-mod-offset bootstrap related-->         <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">         <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>     </head>     <body>     <div class="container">          <div class="row">             <form method="post" action="" class="form-horizontal col-mod-6 col-mod-offset-3">             <input type="hidden" name="csrf_token" value="<?php echo generatetoken('userfromregistration'); ?>" required/>             <h2>create table crud</h2>             <div class="form-group">                 <label for="input" class="col-sm-2 control-label">username : </label>                 <div class="col-sm-10 <?php if( !empty( $error['username'] ) ){ echo 'has-error';}  ?> ">                     <input type="text" name="uname" class="form-control" id="input1" placeholder="username"/>                     <span class="help-block"><?php if (!empty($error['username'])) echo $error['username'];?></span>                 </div>             </div>             <div class="form-group">                 <label for="input" class="col-sm-2 control-label">password: </label>                 <div class="col-sm-10 <?php if( !empty( $error['password'] ) ){ echo 'has-error';}  ?>">                     <input type="password" name="pwd"  class="form-control" id="input1" placeholder="password"/>                     <span class="help-block"><?php if (!empty($error['password'])) echo $error['password'];?></span>                 </div>             </div>             <div class="form-group">                 <label for="input" class="col-sm-2 control-label">confirm password : </label>                 <div class="col-sm-10 <?php if( !empty( $error['passwordmatch'] ) ){ echo 'has-error';}  ?>">                     <input type="password" name="cpwd" class="form-control" id="input1" placeholder="confirm password"/>                     <span class="help-block"><?php if (!empty($error['passwordmatch'])) echo $error['passwordmatch'];?></span>                 </div>             </div>             <div class="row">                  <div class="col-mod-6 col-mod-offset-3">                    <button id="submit1" name="register" class="btn btn-primary pull-right">register</button>                    <button id="submit2" name="login" class="btn btn-secondary pull-right">login</button>                </div>            </div>        </form>    </body>


Comments

Post a Comment

Popular posts from this blog

python Tkinter Capturing keyboard events save as one single string -

is possible store keyboard events 1 string? code below stores 1 char , prints it. card reader or bar code reader, contains collection of character/ string not 1 character @ time. goal save char pressed text variable. from tkinter import * root = tk() def key(event): text= event.char text+= event.char print ("pressed", text) def callback(event): frame.focus_set() print ("clicked at", event.x, event.y) frame = frame(root, width=100, height=100) frame.bind("<key>", key) frame.bind("<button-1>", callback) frame.pack() root.mainloop() currently, creating text variable , everytime key() function gets called, , text stores last character typed. you can define text module level variable , , use module level text inside key function - text = '' def key(event): global text text+= event.char print("pressed", text)
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m
Read more

javascript - Z-index in d3.js -

i have map , when hover effect on region of map below yellow line , circle, last ones disappear. how can solve problem? http://jsfiddle.net/ot21n9qx/ var arc = g.append("path") .style("fill", "none") .style("stroke", "yellow") .style("stroke-width", 2) .attr("d", "m" + pathorigin[0] + "," + pathorigin[1] + " q" + svgpoint[0] + "," + pathorigin[1] + " " + svgpoint[0] + "," + svgpoint[1]); var circlesize = d3.scale.linear() .domain([0, 0.5, 1]) .range([4, 10, 4]); svg not have z order draws objects in order created. need create path , circle after create highlight regions. here forked fiddle: http://jsfiddle.net/o00fzgaf/1/
Read more