Bellow is part of the code from register.php
if($_SERVER['REQUEST_METHOD'] == "POST") {
/* running some checks of an input*/
if(sizeof($errorArray)==0) {
// redirecting to avoid form resubmission
$_SESSION['registered'] = true;
header('location: success.php',true,303);
}
else{
$_SESSION['post']['email'] = $_POST['email'];
$_SESSION['post']['name'] = $_POST['name'];
$_SESSION['errorArray'] = $errorArray;
header('location: register.php',true,303);
}
}
Logic is simple -- if an errorArray is empty redirect to a success page, else redirect to register.php itself. To avoid form resubmission i tried to put post variables into session variable, so the user doesn't have to fill form again in case of error.
<?php
if (isset($_SESSION['errorArray'])) {
if (sizeof($_SESSION['errorArray']) != 0) {
echo '<div class="alert alert-danger" role="alert">
<h4>There were errors in Your input:</h4>';
foreach ($_SESSION['errorArray'] as $item) {
echo $item . '<br>';
}
}
$_SESSION['post'] = null;
$_SESSION['errorArray'] = null;
}
?>
This part of a code is executed later in register.php but it doesen't gives me the result I want. Somehow the variables are sett to null before the loop above is executed (??!). I have found a solution with get method that includes microtime in url passed to header , but it seams to me that there is more elegant solution that does not every time adds new values to a session variable.
Is there some way around this?
edit :
<?php
session_start();
if ($_SERVER['REQUEST_METHOD'] == "POST") {
// array to hold all the errors of input
$errorArray = [];
$emailRegex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
$nameRegex = '/^[a-z0-9][a-z0-9_]*[a-z0-9]$/';
$passwordRegex = '/^[a-z0-9][-a-z0-9_!@#$?]*[a-z0-9]$/';
$email = $_POST['email'];
if (empty($email)) {
array_push($errorArray, "E-mail field required");
} else {
if (!preg_match($emailRegex, $email)) array_push($errorArray, 'Invalid email');
}
$name = $_POST['name'];
if (empty($name)) {
array_push($errorArray, "Name field required");
} else {
if (!preg_match($nameRegex, $name)) array_push($errorArray, 'Invalid name');
}
$password = $_POST['password'];
$passwordR = $_POST['passwordR'];
if (empty($passwordR) || empty($password)) {
array_push($errorArray, 'Password fields required');
} else if (!preg_match($passwordRegex, $password)) {
array_push($errorArray, 'Invalid password');
} else {
if ($password !== $passwordR) {
array_push($errorArray, 'Password inputs are not the same');
}
}
if (sizeof($errorArray) == 0) {
// redirecting to avoid form resubmission
$_SESSION['registered'] = true;
header('location: success.php', true, 303);
} else {
$_SESSION['post']['email'] = $_POST['email'];
$_SESSION['post']['name'] = $_POST['name'];
$_SESSION['errorArray'] = $errorArray;
header('location: register.php', true, 303);
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Log</title>
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css">
<link rel="stylesheet" href="css/maincss.css" type="text/css">
<meta name="viewport" content="width = device-width, initial-scale = 1, user - scalable = no">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="js/bootstrap.min.js"></script>
</head>
<body>
<nav class="navbar navbar-default navbar-fixed">
<div class="container">
<a href="index.php" class="navbar-brand col-xs-5">Home</a>
<ul class="navbar-brand col-xs-5"><?= (isset($username)) ? 'Welcome ' . $username : ''; ?></ul>
<a href="login.php" class="navbar-brand col-xs-1">Login</a>
<a href="register.php" class="navbar-brand col-xs-1">Register</a>
</div>
</nav>
<div class="container">
<form class="form-signin" action="register.php" method="post">
<h2 class="form-signin-heading text-center text-capitalize">Registration form</h2>
<!-- I have purposely excluded required attribute from inputs and set type="text"
for an email so all the checks could be done on server side -->
<div class="row center-block">
<div class="col-xs-4"></div>
<div class="col-xs-4">
<label for="email" class="sr-only">Email address</label>
<input type="text" id="email" name="email" class="form-control" placeholder="Email address"
value="<?= (isset($_SESSION['post']['email'])) ? $_SESSION['post']['email'] : ''; ?>" autofocus>
</div>
<div class="col-xs-4"></div>
</div>
<br>
<div class="row center-block">
<div class="col-xs-4"></div>
<div class="col-xs-4">
<label for="name" class="sr-only">Name</label>
<input type="text" id="name" name="name" class="form-control" placeholder="Name"
value="<?= (isset($_SESSION['post']['name'])) ? $_SESSION['post']['name'] : ''; ?>" autofocus>
</div>
<div class="col-xs-4"></div>
</div>
<br>
<div class="row center-block">
<div class="col-xs-4"></div>
<div class="col-xs-4">
<label for="password" class="sr-only">Password</label>
<input type="password" id="password" name="password" class="form-control" placeholder="Password">
</div>
<div class="col-xs-4"></div>
</div>
<br>
<div class="row center-block">
<div class="col-xs-4"></div>
<div class="col-xs-4">
<label for="passwordR" class="sr-only">Repeat Password</label>
<input type="password" id="passwordR" name="passwordR" class="form-control"
placeholder="Repeat Password">
</div>
<div class="col-xs-4"></div>
</div>
<br>
<div class="row">
<div class="col-xs-4"></div>
<div class="col-xs-4 center-block">
<button class="btn btn-lg btn-primary btn-block" type="submit">Submit</button>
</div>
<div class="col-xs-4"></div>
</div>
<br>
<div>
<?php
if (isset($_SESSION['errorArray'])) {
if (sizeof($_SESSION['errorArray']) != 0) {
echo '<div class="alert alert-danger" role="alert">
<h4>There were errors in Your input:</h4>';
foreach ($_SESSION['errorArray'] as $item) {
echo $item . '<br>';
}
}
// $_SESSION['post'] = null;
// $_SESSION['errorArray'] = null;
}
?>
</div>
</form>
</body>
</html>
