I was tasked on making simple i-Prepaid Reload programming.So far, I have problem with validations not working on reload.php
page. As if there were no validations set at all and it went to result.php
after pressing Buy
button. I couldn’t figure it out what’s the cause of this error.
There should be some errors appear is I put alphabets or less than 10 numbers or ignore all of those options in reload.php
.
login.php
form action="" method="post" name="Login_Form"> <table width="400" border="0" align="center" cellpadding="5" cellspacing="1" class="Table"> <?php if(isset($msg)){?> <tr> <td colspan ="2" align="center" valign="top"><?php echo $msg;?></td> </tr> <?php } ?> <tr> <td colspan="2" align="left" valign="top"><h3>Login</h3></td> </tr> <tr> <td align="right" valign="top">Username</td> <td><input name="Username" type="text" class="Input"><td> </tr> <tr> <td align="right">Password</td> <td><input name="Password" type="password" class="Input"></td> </tr> <tr> <td> </td> <td><input name="Submit" type="submit" value="Login" class="Button3"></td> </tr> </table> </form> <?php session_start(); if(isset($_POST['Submit'])) { $logins = array( ['username' =>'Fadzli', 'password' => '11111'], ['username' =>'user2', 'password' => '22222'], ['username' =>'user3', 'password' => '33333'], ['username' =>'user4', 'password' => '44444'], ); $log_username = isset($_POST['Username']) ? $_POST['Username'] :''; $log_password = isset($_POST['Password']) ? $_POST['Password'] :''; $key = FALSE; $key = array_search($log_username, array_column($logins, 'username')); $password = ''; echo $key; var_dump($key); if(!is_bool($key)){ $password = $logins[$key]['password']; } if($log_password == $password){ $_SESSION['Userdata'] = ['username' => $log_username]; header("location:reload.php"); exit; }else{ $msg="<span style='color:red'>Invalid Login Information</span>"; } } ?>
reload.php
<?php session_start(); $phonenumber = $Telco = $Reload =''; $numberError = $telcoError = $ReloadError = ''; if(isset($_POST['Submit'])) { $phonenumber=$_POST['phonenumber']; if(array_key_exists('phonenumber',$_POST) && trim($_POST['phonenumber']) === '') { $numberError = "Error, insert phone number"; } else { if(!preg_match('/^([0-9]*)$/', $phonenumber)) { $numberError = "Numbers only"; } elseif(strlen($phonenumber)<10) { $numberError = "Numbers have to be 10 or longer"; } } $Telco=$_POST['Telco']; if(array_key_exists('Telco',$_POST) && trim($_POST['Telco']) == "") { $telcoError = "Error! Select your telco!"; } $Reload=$_POST['ReloadCredit']; if(array_key_exists('ReloadCredit',$_POST) && trim($_POST['ReloadCredit']) == "") { $ReloadError = "Error! Select the amount you wish to reload!"; } } function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; if($numberError=="" && $telcoError=="" && $ReloadError=="") { $_SESSION['data'] = ['phonenumber' => $_POST['phonenumber'] , 'Telco' => $_POST['Telco'] , 'ReloadCredit' => $_POST['ReloadCredit'] ]; } } ?> <?php $title = "i-PREPAID RELOAD"; ?> <html> <style> .topup_form{ max-width: 700px; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; margin-right:auto; margin-left:auto; } .topup_form label{ display:block; margin-bottom: 10px; text-align:left; } .note1{ margin-top:5px; font-size: 17px; } .topup_form label > span{ float: left; width: 170px; color: #F072A9; font-weight: bold; font-size: 17px; text-shadow: 1px 1px 1px #fff; } .topup_form fieldset{ border-radius: 10px; -webkit-border-radius: 10px; -moz-border-radius: 10px; margin: 0px 0px 10px 0px; border: 1px solid #FFD2D2; padding: 20px; background: #FFF4F4; box-shadow: inset 0px 0px 15px #FFE5E5; -moz-box-shadow: inset 0px 0px 15px #FFE5E5; -webkit-box-shadow: inset 0px 0px 15px #FFE5E5; } .topup_form fieldset legend{ color: #FFA0C9; border-top: 1px solid #FFD2D2; border-left: 1px solid #FFD2D2; border-right: 1px solid #FFD2D2; border-radius: 5px 5px 0px 0px; -webkit-border-radius: 5px 5px 0px 0px; -moz-border-radius: 5px 5px 0px 0px; background: #FFF4F4; padding: 0px 8px 3px 8px; box-shadow: -0px -1px 2px #F1F1F1; -moz-box-shadow:-0px -1px 2px #F1F1F1; -webkit-box-shadow:-0px -1px 2px #F1F1F1; font-weight: normal; font-size: 25px; } .topup_form button, .topup_form input[type=reset], .topup_form input[type=button]{ background: #EB3B88; border: 1px solid #C94A81; padding: 5px 15px 5px 15px; color: #FFCBE2; box-shadow: inset -1px -1px 3px #FF62A7; -moz-box-shadow: inset -1px -1px 3px #FF62A7; -webkit-box-shadow: inset -1px -1px 3px #FF62A7; border-radius: 3px; border-radius: 3px; -webkit-border-radius: 3px; -moz-border-radius: 3px; font-weight: bold; } .Button { width: 170px; margin-right:auto; margin-left:auto; } #warning{text-align:left;} </style> <div class="topup_form"> <form name="Topup" action="result.php" method="post" onsubmit="return confirm('Are you sure?')" > <fieldset><legend><?php echo $title ?></legend> Welcome <?php echo $_SESSION['Userdata']['username'];?> <label for="phonenumber"><span>Phone Number <span>*</span></span><input type="text" name="phonenumber"/></label> <div id = "warning" style="color: red;"><?php echo $numberError ?? '';?></div><br> <label for="Telco"><span>Telco</span><select name="Telco"> <option value=""></option> <option value="Maxis">Maxis</option> <option value="Celcom">Celcom</option> <option value="Digi">Digi</option> <option value="TuneTalk">TuneTalk</option> <option value="Unifi">Unifi</option> </select></label> <span class="note1">(Example:Maxis, Celcom, Digi)</span> <div id = "warning" style="color: red;"><?php echo $telcoError ?? '';?></div><br> <label for="Reload"><span>Reload Credit </span><select name="ReloadCredit"> <option value=""></option> <option value="5">RM5</option> <option value="10">RM10</option> <option value="20">RM20</option> <option value="30">RM30</option> <option value="50">RM50</option> </select></label> <span class="note1">(Example:RM5,RM10,RM20)</span> <div id = "warning" style="color: red;"><?php echo $ReloadError ?? '';?></div><br> </fieldset> <fieldset class="Button"> <button type="submit" value="Submit" name='Submit' >Buy</button> <input type="reset" value="Reset" /> </fieldset> </form> </html>
‘result.php’
<html> <?php session_start()?> <form name="result" action=""> Hi <?php echo $_SESSION['Userdata']['username'];?> <br> <p>Successfully reloaded</p> <label for="phonenumber"><span>Phone Number : </span><?php echo $_POST['phonenumber']?></label><br> <label for="telco"><span>Telco : </span><?php echo $_POST['Telco'] ?><br> <label for="reloadcredit"><span>Reload Credit : RM </span><?php echo $_POST['ReloadCredit']?> <p>Thank you for using i-Prepaid Reload</p> </form> </html>
Advertisement
Answer
Please note that array_search, if fails to find any record, will return false in normal circumstances.
However, array_search may return Boolean false, but may also return a non-Boolean value which evaluates to false (See official documentation: https://www.php.net/manual/en/function.array-search.php)
On the other hand, if the match is on the 1st record, the return result will be 0 (1st record matches).
Hence, to cover all the cases, you may change your login.php to :
login.php
<?php session_start(); if(isset($_POST['Submit'])) { $logins = array( ['username' =>'Fadzli', 'password' => '11111'], ['username' =>'user2', 'password' => '22222'], ['username' =>'user3', 'password' => '33333'], ['username' =>'user4', 'password' => '44444'], ); $log_username = isset($_POST['Username']) ? $_POST['Username'] :''; $log_password = isset($_POST['Password']) ? $_POST['Password'] :''; $key= ""; $key = array_search($log_username, array_column($logins, 'username')); if(trim($key) !=""){ $password = $logins[$key]['password']; } if (trim($key)!=""){ if($log_password == $password){ $_SESSION['Userdata'] = ['username' => $log_username]; header("location:reload.php"); exit; }else{ $msg="<span style='color:red'>Invalid Login Information</span>"; } }else { $msg="<span style='color:red'>Please input login username and password</span>"; } } ?> <form action="#" method="post" name="Login_Form"> <table width="400" border="0" align="center" cellpadding="5" cellspacing="1" class="Table"> <?php if(isset($msg)){?> <tr> <td colspan ="2" align="center" valign="top"><?php echo $msg;?></td> </tr> <?php } ?> <tr> <td colspan="2" align="left" valign="top"><h3>Login</h3></td> </tr> <tr> <td align="right" valign="top">Username</td> <td><input name="Username" type="text" class="Input"><td> </tr> <tr> <td align="right">Password</td> <td><input name="Password" type="password" class="Input"></td> </tr> <tr> <td> </td> <td><input name="Submit" type="submit" value="Login" class="Button3"></td> </tr> </table> </form>
For reload.php, please
- amend your original code so that the submit it to itself (otherwise the validation will never happen)
- If all data are validated to be correct, store the submitted data as session variable (namely $_SESSION[‘phonenumber’], $_SESSION[‘Telco’] and $_SESSION[‘ReloadCredit’]), then redirect to result.php
reload.php
<?php session_start(); $phonenumber = $Telco = $Reload =''; $numberError = $telcoError = $ReloadError = ''; $_SESSION['phonenumber']=""; $_SESSION['Telco']=""; $_SESSION['ReloadCredit']=""; if(isset($_POST['Submit'])) { $phonenumber=$_POST['phonenumber']; if(array_key_exists('phonenumber',$_POST) && trim($_POST['phonenumber']) === '') { $numberError = "Error, insert phone number"; } else { if(!preg_match('/^([0-9]*)$/', $phonenumber)) { $numberError = "Numbers only"; } elseif(strlen($phonenumber)<10) { $numberError = "Numbers have to be 10 or longer"; } } $Telco=$_POST['Telco']; if(array_key_exists('Telco',$_POST) && trim($_POST['Telco']) == "") { $telcoError = "Error! Select your telco!"; } $Reload=$_POST['ReloadCredit']; if(array_key_exists('ReloadCredit',$_POST) && trim($_POST['ReloadCredit']) == "") { $ReloadError = "Error! Select the amount you wish to reload!"; } if ($ReloadError=="" && $telcoError=="" && $numberError=="") { $_SESSION['phonenumber']=$_POST['phonenumber']; $_SESSION['Telco']=$_POST['Telco']; $_SESSION['ReloadCredit']=$_POST['ReloadCredit']; header("location:result.php"); exit; } } function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; if($numberError=="" && $telcoError=="" && $ReloadError=="") { $_SESSION['data'] = ['phonenumber' => $_POST['phonenumber'] , 'Telco' => $_POST['Telco'] , 'ReloadCredit' => $_POST['ReloadCredit'] ]; } } ?> <?php $title = "i-PREPAID RELOAD"; ?> <html> <style> .topup_form{ max-width: 700px; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; margin-right:auto; margin-left:auto; } .topup_form label{ display:block; margin-bottom: 10px; text-align:left; } .note1{ margin-top:5px; font-size: 17px; } .topup_form label > span{ float: left; width: 170px; color: #F072A9; font-weight: bold; font-size: 17px; text-shadow: 1px 1px 1px #fff; } .topup_form fieldset{ border-radius: 10px; -webkit-border-radius: 10px; -moz-border-radius: 10px; margin: 0px 0px 10px 0px; border: 1px solid #FFD2D2; padding: 20px; background: #FFF4F4; box-shadow: inset 0px 0px 15px #FFE5E5; -moz-box-shadow: inset 0px 0px 15px #FFE5E5; -webkit-box-shadow: inset 0px 0px 15px #FFE5E5; } .topup_form fieldset legend{ color: #FFA0C9; border-top: 1px solid #FFD2D2; border-left: 1px solid #FFD2D2; border-right: 1px solid #FFD2D2; border-radius: 5px 5px 0px 0px; -webkit-border-radius: 5px 5px 0px 0px; -moz-border-radius: 5px 5px 0px 0px; background: #FFF4F4; padding: 0px 8px 3px 8px; box-shadow: -0px -1px 2px #F1F1F1; -moz-box-shadow:-0px -1px 2px #F1F1F1; -webkit-box-shadow:-0px -1px 2px #F1F1F1; font-weight: normal; font-size: 25px; } .topup_form button, .topup_form input[type=reset], .topup_form input[type=button]{ background: #EB3B88; border: 1px solid #C94A81; padding: 5px 15px 5px 15px; color: #FFCBE2; box-shadow: inset -1px -1px 3px #FF62A7; -moz-box-shadow: inset -1px -1px 3px #FF62A7; -webkit-box-shadow: inset -1px -1px 3px #FF62A7; border-radius: 3px; border-radius: 3px; -webkit-border-radius: 3px; -moz-border-radius: 3px; font-weight: bold; } .Button { width: 170px; margin-right:auto; margin-left:auto; } #warning{text-align:left;} </style> <div class="topup_form"> <form name="Topup" action="#" method="post" onsubmit="return confirm('Are you sure?')" > <fieldset><legend><?php echo $title ?></legend> Welcome <?php echo $_SESSION['Userdata']['username'];?> <label for="phonenumber"><span>Phone Number <span>*</span></span><input type="text" name="phonenumber"/></label> <div id = "warning" style="color: red;"><?php echo $numberError ?? '';?></div><br> <label for="Telco"><span>Telco</span><select name="Telco"> <option value=""></option> <option value="Maxis">Maxis</option> <option value="Celcom">Celcom</option> <option value="Digi">Digi</option> <option value="TuneTalk">TuneTalk</option> <option value="Unifi">Unifi</option> </select></label> <span class="note1">(Example:Maxis, Celcom, Digi)</span> <div id = "warning" style="color: red;"><?php echo $telcoError ?? '';?></div><br> <label for="Reload"><span>Reload Credit </span><select name="ReloadCredit"> <option value=""></option> <option value="5">RM5</option> <option value="10">RM10</option> <option value="20">RM20</option> <option value="30">RM30</option> <option value="50">RM50</option> </select></label> <span class="note1">(Example:RM5,RM10,RM20)</span> <div id = "warning" style="color: red;"><?php echo $ReloadError ?? '';?></div><br> </fieldset> <fieldset class="Button"> <button type="submit" value="Submit" name='Submit' >Buy</button> <input type="reset" value="Reset" /> </fieldset> </form> </html>
For result.php, just display the submitted data thru the session variables:
result.php
<html> <?php session_start()?> <form name="result" action=""> Hi <?php echo $_SESSION['Userdata']['username'];?> <br> <p>Successfully reloaded</p> <label for="phonenumber"><span>Phone Number : </span><?php echo $_SESSION['phonenumber']?></label><br> <label for="telco"><span>Telco : </span><?php echo $_SESSION['Telco'] ?><br> <label for="reloadcredit"><span>Reload Credit : RM </span><?php echo $_SESSION['ReloadCredit']?> <p>Thank you for using i-Prepaid Reload</p> </form> </html>
However, in future, please consider using a database approach to manage the users’ credentials. Otherwise you need to update the PHP array list everytime you have new / changed username and/or passwords.