Password Confirmation

by **kelvin24** » Wed Sep 05, 2012 8:43 am

Im trying to add a user and it requires to enter its password once again but when I enter a different password in the re type field it still records the data to the database. Here's my code

Code: Select all: <?php $con = mysql_connect('mysql16.000webhost.com', 'a1969010_root', 'kelvin0324') OR die("Error: ".mysql_error()); mysql_select_db('a1969010_softeng', $con) OR die("Error: ".mysql_error()); function protect($string){ $string = mysql_real_escape_string($string); $string = strip_tags($string); $string = addslashes($string); return $string; } { $username = protect($_POST['username']); $password = protect($_POST['password']); $confirm = protect($_POST['repassword']); $name = protect($_POST['name']); $type = 'user'; $errors = array(); if(!$username){ $errors[] = "Username is not defined!"; } if(!$password){ $errors[] = "Password is not defined!"; } if($password){ if(!$confirm){ $errors[] = "Confirmation password is not defined!"; } elseif($confirm!=$password){ $errors[] = "Password did not match!"; } } if($password!=$confirm){ $errors[] = "Passwords do not match!"; } if(!$name){ $errors[] = "Name is not defined!"; } if($username){ if(!ctype_alnum($username)){ $errors[] = "Username can only contain numbers and letters!"; } $range = range(1,15); if(!in_array(strlen($username),$range)){ $errors[] = "Username must be between 1 and 15 characters!"; } } if($username){ $sql = "SELECT * FROM `login` WHERE `username`='".$username."'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0){ $errors[] = "The username you supplied is already in use!"; } } if($name){ $sql2 = "SELECT * FROM `login` WHERE `name`='".$name."'"; $res2 = mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($res2) > 0){ $errors[] = "The Name you supplied is already in use of another user!"; } } if(count($errors) > 0){ foreach($errors AS $error){ echo $error . " \n"; } }else { $sql4 = "INSERT INTO `login` (`username`,`password`,`name`,`type`) VALUES ('".$username."','".$password."','".$name."','".$type."')"; $res4 = mysql_query($sql4) or die(mysql_error()); echo " You have successfully registered with the username ".$username." and the password ".$password."!Click here to return to the <a href='Main.php'>Home Page</a>"; } } ?>

by **engrmudasirmalik** » Thu Oct 04, 2012 10:17 pm

kelvin24 wrote:Im trying to add a user and it requires to enter its password once again but when I enter a different password in the re type field it still records the data to the database. Here's my code

Code: Select all
<?php $con = mysql_connect('mysql16.000webhost.com', 'a1969010_root', 'kelvin0324') OR die("Error: ".mysql_error()); mysql_select_db('a1969010_softeng', $con) OR die("Error: ".mysql_error()); function protect($string){ $string = mysql_real_escape_string($string); $string = strip_tags($string); $string = addslashes($string); return $string; } { $username = protect($_POST['username']); $password = protect($_POST['password']); $confirm = protect($_POST['repassword']); $name = protect($_POST['name']); $type = 'user'; $errors = array(); if(!$username){ $errors[] = "Username is not defined!"; } if(!$password){ $errors[] = "Password is not defined!"; } if($password){ if(!$confirm){ $errors[] = "Confirmation password is not defined!"; } elseif($confirm!=$password){ $errors[] = "Password did not match!"; } } if($password!=$confirm){ $errors[] = "Passwords do not match!"; } if(!$name){ $errors[] = "Name is not defined!"; } if($username){ if(!ctype_alnum($username)){ $errors[] = "Username can only contain numbers and letters!"; } $range = range(1,15); if(!in_array(strlen($username),$range)){ $errors[] = "Username must be between 1 and 15 characters!"; } } if($username){ $sql = "SELECT * FROM `login` WHERE `username`='".$username."'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0){ $errors[] = "The username you supplied is already in use!"; } } if($name){ $sql2 = "SELECT * FROM `login` WHERE `name`='".$name."'"; $res2 = mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($res2) > 0){ $errors[] = "The Name you supplied is already in use of another user!"; } } if(count($errors) > 0){ foreach($errors AS $error){ echo $error . " \n"; } }else { $sql4 = "INSERT INTO `login` (`username`,`password`,`name`,`type`) VALUES ('".$username."','".$password."','".$name."','".$type."')"; $res4 = mysql_query($sql4) or die(mysql_error()); echo " You have successfully registered with the username ".$username." and the password ".$password."!Click here to return to the <a href='Main.php'>Home Page</a>"; } } ?>

You just need to add one simple thing into your code,

Code: Select all: if($password!=$confirm){ $errors[] = "Passwords do not match!"; header('location:samepage.php'); exit(); }

Try this hope this would work for your.

Password Confirmation

Password Confirmation

Re: Password Confirmation

Who is online