I was tasked on making simple i-Prepaid Reload programming.So far, I have problem with validations not working on reload.php page. As if there were no validations set at all and it went to result.php after pressing Buy button. I couldn’t figure it out what’s the cause of this error.
There should be some errors appear is I put alphabets or less than 10 numbers or ignore all of those options in reload.php.
login.php
form action="" method="post" name="Login_Form">
<table width="400" border="0" align="center" cellpadding="5" cellspacing="1" class="Table">
<?php if(isset($msg)){?>
<tr>
<td colspan ="2" align="center" valign="top"><?php echo $msg;?></td>
</tr>
<?php } ?>
<tr>
<td colspan="2" align="left" valign="top"><h3>Login</h3></td>
</tr>
<tr>
<td align="right" valign="top">Username</td>
<td><input name="Username" type="text" class="Input"><td>
</tr>
<tr>
<td align="right">Password</td>
<td><input name="Password" type="password" class="Input"></td>
</tr>
<tr>
<td> </td>
<td><input name="Submit" type="submit" value="Login" class="Button3"></td>
</tr>
</table>
</form>
<?php session_start();
if(isset($_POST['Submit']))
{
$logins = array(
['username' =>'Fadzli', 'password' => '11111'],
['username' =>'user2', 'password' => '22222'],
['username' =>'user3', 'password' => '33333'],
['username' =>'user4', 'password' => '44444'],
);
$log_username = isset($_POST['Username']) ? $_POST['Username'] :'';
$log_password = isset($_POST['Password']) ? $_POST['Password'] :'';
$key = FALSE;
$key = array_search($log_username, array_column($logins, 'username'));
$password = '';
echo $key;
var_dump($key);
if(!is_bool($key)){
$password = $logins[$key]['password'];
}
if($log_password == $password){
$_SESSION['Userdata'] = ['username' => $log_username];
header("location:reload.php");
exit;
}else{
$msg="<span style='color:red'>Invalid Login Information</span>";
}
}
?>
reload.php
<?php session_start();
$phonenumber = $Telco = $Reload ='';
$numberError = $telcoError = $ReloadError = '';
if(isset($_POST['Submit']))
{
$phonenumber=$_POST['phonenumber'];
if(array_key_exists('phonenumber',$_POST) && trim($_POST['phonenumber']) === '')
{
$numberError = "Error, insert phone number";
}
else
{
if(!preg_match('/^([0-9]*)$/', $phonenumber))
{
$numberError = "Numbers only";
}
elseif(strlen($phonenumber)<10)
{
$numberError = "Numbers have to be 10 or longer";
}
}
$Telco=$_POST['Telco'];
if(array_key_exists('Telco',$_POST) && trim($_POST['Telco']) == "")
{
$telcoError = "Error! Select your telco!";
}
$Reload=$_POST['ReloadCredit'];
if(array_key_exists('ReloadCredit',$_POST) && trim($_POST['ReloadCredit']) == "")
{
$ReloadError = "Error! Select the amount you wish to reload!";
}
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
if($numberError=="" && $telcoError=="" && $ReloadError=="")
{
$_SESSION['data'] = ['phonenumber' => $_POST['phonenumber'] ,
'Telco' => $_POST['Telco'] ,
'ReloadCredit' => $_POST['ReloadCredit'] ];
}
}
?>
<?php
$title = "i-PREPAID RELOAD";
?>
<html>
<style>
.topup_form{
max-width: 700px;
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
margin-right:auto;
margin-left:auto;
}
.topup_form label{
display:block;
margin-bottom: 10px;
text-align:left;
}
.note1{
margin-top:5px;
font-size: 17px;
}
.topup_form label > span{
float: left;
width: 170px;
color: #F072A9;
font-weight: bold;
font-size: 17px;
text-shadow: 1px 1px 1px #fff;
}
.topup_form fieldset{
border-radius: 10px;
-webkit-border-radius: 10px;
-moz-border-radius: 10px;
margin: 0px 0px 10px 0px;
border: 1px solid #FFD2D2;
padding: 20px;
background: #FFF4F4;
box-shadow: inset 0px 0px 15px #FFE5E5;
-moz-box-shadow: inset 0px 0px 15px #FFE5E5;
-webkit-box-shadow: inset 0px 0px 15px #FFE5E5;
}
.topup_form fieldset legend{
color: #FFA0C9;
border-top: 1px solid #FFD2D2;
border-left: 1px solid #FFD2D2;
border-right: 1px solid #FFD2D2;
border-radius: 5px 5px 0px 0px;
-webkit-border-radius: 5px 5px 0px 0px;
-moz-border-radius: 5px 5px 0px 0px;
background: #FFF4F4;
padding: 0px 8px 3px 8px;
box-shadow: -0px -1px 2px #F1F1F1;
-moz-box-shadow:-0px -1px 2px #F1F1F1;
-webkit-box-shadow:-0px -1px 2px #F1F1F1;
font-weight: normal;
font-size: 25px;
}
.topup_form button,
.topup_form input[type=reset],
.topup_form input[type=button]{
background: #EB3B88;
border: 1px solid #C94A81;
padding: 5px 15px 5px 15px;
color: #FFCBE2;
box-shadow: inset -1px -1px 3px #FF62A7;
-moz-box-shadow: inset -1px -1px 3px #FF62A7;
-webkit-box-shadow: inset -1px -1px 3px #FF62A7;
border-radius: 3px;
border-radius: 3px;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
font-weight: bold;
}
.Button
{
width: 170px;
margin-right:auto;
margin-left:auto;
}
#warning{text-align:left;}
</style>
<div class="topup_form">
<form name="Topup" action="result.php" method="post" onsubmit="return confirm('Are you sure?')" >
<fieldset><legend><?php echo $title ?></legend>
Welcome <?php echo $_SESSION['Userdata']['username'];?>
<label for="phonenumber"><span>Phone Number <span>*</span></span><input type="text" name="phonenumber"/></label>
<div id = "warning" style="color: red;"><?php echo $numberError ?? '';?></div><br>
<label for="Telco"><span>Telco</span><select name="Telco">
<option value=""></option>
<option value="Maxis">Maxis</option>
<option value="Celcom">Celcom</option>
<option value="Digi">Digi</option>
<option value="TuneTalk">TuneTalk</option>
<option value="Unifi">Unifi</option>
</select></label>
<span class="note1">(Example:Maxis, Celcom, Digi)</span>
<div id = "warning" style="color: red;"><?php echo $telcoError ?? '';?></div><br>
<label for="Reload"><span>Reload Credit </span><select name="ReloadCredit">
<option value=""></option>
<option value="5">RM5</option>
<option value="10">RM10</option>
<option value="20">RM20</option>
<option value="30">RM30</option>
<option value="50">RM50</option>
</select></label>
<span class="note1">(Example:RM5,RM10,RM20)</span>
<div id = "warning" style="color: red;"><?php echo $ReloadError ?? '';?></div><br>
</fieldset>
<fieldset class="Button">
<button type="submit" value="Submit" name='Submit' >Buy</button>
<input type="reset" value="Reset" />
</fieldset>
</form>
</html>
‘result.php’
<html> <?php session_start()?> <form name="result" action=""> Hi <?php echo $_SESSION['Userdata']['username'];?> <br> <p>Successfully reloaded</p> <label for="phonenumber"><span>Phone Number : </span><?php echo $_POST['phonenumber']?></label><br> <label for="telco"><span>Telco : </span><?php echo $_POST['Telco'] ?><br> <label for="reloadcredit"><span>Reload Credit : RM </span><?php echo $_POST['ReloadCredit']?> <p>Thank you for using i-Prepaid Reload</p> </form> </html>
Advertisement
Answer
Please note that array_search, if fails to find any record, will return false in normal circumstances.
However, array_search may return Boolean false, but may also return a non-Boolean value which evaluates to false (See official documentation: https://www.php.net/manual/en/function.array-search.php)
On the other hand, if the match is on the 1st record, the return result will be 0 (1st record matches).
Hence, to cover all the cases, you may change your login.php to :
login.php
<?php session_start();
if(isset($_POST['Submit']))
{
$logins = array(
['username' =>'Fadzli', 'password' => '11111'],
['username' =>'user2', 'password' => '22222'],
['username' =>'user3', 'password' => '33333'],
['username' =>'user4', 'password' => '44444'],
);
$log_username = isset($_POST['Username']) ? $_POST['Username'] :'';
$log_password = isset($_POST['Password']) ? $_POST['Password'] :'';
$key= "";
$key = array_search($log_username, array_column($logins, 'username'));
if(trim($key) !=""){
$password = $logins[$key]['password'];
}
if (trim($key)!=""){
if($log_password == $password){
$_SESSION['Userdata'] = ['username' => $log_username];
header("location:reload.php");
exit;
}else{
$msg="<span style='color:red'>Invalid Login Information</span>";
}
}else
{
$msg="<span style='color:red'>Please input login username and password</span>";
}
}
?>
<form action="#" method="post" name="Login_Form">
<table width="400" border="0" align="center" cellpadding="5" cellspacing="1" class="Table">
<?php if(isset($msg)){?>
<tr>
<td colspan ="2" align="center" valign="top"><?php echo $msg;?></td>
</tr>
<?php } ?>
<tr>
<td colspan="2" align="left" valign="top"><h3>Login</h3></td>
</tr>
<tr>
<td align="right" valign="top">Username</td>
<td><input name="Username" type="text" class="Input"><td>
</tr>
<tr>
<td align="right">Password</td>
<td><input name="Password" type="password" class="Input"></td>
</tr>
<tr>
<td> </td>
<td><input name="Submit" type="submit" value="Login" class="Button3"></td>
</tr>
</table>
</form>
For reload.php, please
- amend your original code so that the submit it to itself (otherwise the validation will never happen)
- If all data are validated to be correct, store the submitted data as session variable (namely $_SESSION[‘phonenumber’], $_SESSION[‘Telco’] and $_SESSION[‘ReloadCredit’]), then redirect to result.php
reload.php
<?php session_start();
$phonenumber = $Telco = $Reload ='';
$numberError = $telcoError = $ReloadError = '';
$_SESSION['phonenumber']="";
$_SESSION['Telco']="";
$_SESSION['ReloadCredit']="";
if(isset($_POST['Submit']))
{
$phonenumber=$_POST['phonenumber'];
if(array_key_exists('phonenumber',$_POST) && trim($_POST['phonenumber']) === '')
{
$numberError = "Error, insert phone number";
}
else
{
if(!preg_match('/^([0-9]*)$/', $phonenumber))
{
$numberError = "Numbers only";
}
elseif(strlen($phonenumber)<10)
{
$numberError = "Numbers have to be 10 or longer";
}
}
$Telco=$_POST['Telco'];
if(array_key_exists('Telco',$_POST) && trim($_POST['Telco']) == "")
{
$telcoError = "Error! Select your telco!";
}
$Reload=$_POST['ReloadCredit'];
if(array_key_exists('ReloadCredit',$_POST) && trim($_POST['ReloadCredit']) == "")
{
$ReloadError = "Error! Select the amount you wish to reload!";
}
if ($ReloadError=="" && $telcoError=="" && $numberError=="")
{
$_SESSION['phonenumber']=$_POST['phonenumber'];
$_SESSION['Telco']=$_POST['Telco'];
$_SESSION['ReloadCredit']=$_POST['ReloadCredit'];
header("location:result.php");
exit;
}
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
if($numberError=="" && $telcoError=="" && $ReloadError=="")
{
$_SESSION['data'] = ['phonenumber' => $_POST['phonenumber'] ,
'Telco' => $_POST['Telco'] ,
'ReloadCredit' => $_POST['ReloadCredit'] ];
}
}
?>
<?php
$title = "i-PREPAID RELOAD";
?>
<html>
<style>
.topup_form{
max-width: 700px;
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
margin-right:auto;
margin-left:auto;
}
.topup_form label{
display:block;
margin-bottom: 10px;
text-align:left;
}
.note1{
margin-top:5px;
font-size: 17px;
}
.topup_form label > span{
float: left;
width: 170px;
color: #F072A9;
font-weight: bold;
font-size: 17px;
text-shadow: 1px 1px 1px #fff;
}
.topup_form fieldset{
border-radius: 10px;
-webkit-border-radius: 10px;
-moz-border-radius: 10px;
margin: 0px 0px 10px 0px;
border: 1px solid #FFD2D2;
padding: 20px;
background: #FFF4F4;
box-shadow: inset 0px 0px 15px #FFE5E5;
-moz-box-shadow: inset 0px 0px 15px #FFE5E5;
-webkit-box-shadow: inset 0px 0px 15px #FFE5E5;
}
.topup_form fieldset legend{
color: #FFA0C9;
border-top: 1px solid #FFD2D2;
border-left: 1px solid #FFD2D2;
border-right: 1px solid #FFD2D2;
border-radius: 5px 5px 0px 0px;
-webkit-border-radius: 5px 5px 0px 0px;
-moz-border-radius: 5px 5px 0px 0px;
background: #FFF4F4;
padding: 0px 8px 3px 8px;
box-shadow: -0px -1px 2px #F1F1F1;
-moz-box-shadow:-0px -1px 2px #F1F1F1;
-webkit-box-shadow:-0px -1px 2px #F1F1F1;
font-weight: normal;
font-size: 25px;
}
.topup_form button,
.topup_form input[type=reset],
.topup_form input[type=button]{
background: #EB3B88;
border: 1px solid #C94A81;
padding: 5px 15px 5px 15px;
color: #FFCBE2;
box-shadow: inset -1px -1px 3px #FF62A7;
-moz-box-shadow: inset -1px -1px 3px #FF62A7;
-webkit-box-shadow: inset -1px -1px 3px #FF62A7;
border-radius: 3px;
border-radius: 3px;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
font-weight: bold;
}
.Button
{
width: 170px;
margin-right:auto;
margin-left:auto;
}
#warning{text-align:left;}
</style>
<div class="topup_form">
<form name="Topup" action="#" method="post" onsubmit="return confirm('Are you sure?')" >
<fieldset><legend><?php echo $title ?></legend>
Welcome <?php echo $_SESSION['Userdata']['username'];?>
<label for="phonenumber"><span>Phone Number <span>*</span></span><input type="text" name="phonenumber"/></label>
<div id = "warning" style="color: red;"><?php echo $numberError ?? '';?></div><br>
<label for="Telco"><span>Telco</span><select name="Telco">
<option value=""></option>
<option value="Maxis">Maxis</option>
<option value="Celcom">Celcom</option>
<option value="Digi">Digi</option>
<option value="TuneTalk">TuneTalk</option>
<option value="Unifi">Unifi</option>
</select></label>
<span class="note1">(Example:Maxis, Celcom, Digi)</span>
<div id = "warning" style="color: red;"><?php echo $telcoError ?? '';?></div><br>
<label for="Reload"><span>Reload Credit </span><select name="ReloadCredit">
<option value=""></option>
<option value="5">RM5</option>
<option value="10">RM10</option>
<option value="20">RM20</option>
<option value="30">RM30</option>
<option value="50">RM50</option>
</select></label>
<span class="note1">(Example:RM5,RM10,RM20)</span>
<div id = "warning" style="color: red;"><?php echo $ReloadError ?? '';?></div><br>
</fieldset>
<fieldset class="Button">
<button type="submit" value="Submit" name='Submit' >Buy</button>
<input type="reset" value="Reset" />
</fieldset>
</form>
</html>
For result.php, just display the submitted data thru the session variables:
result.php
<html> <?php session_start()?> <form name="result" action=""> Hi <?php echo $_SESSION['Userdata']['username'];?> <br> <p>Successfully reloaded</p> <label for="phonenumber"><span>Phone Number : </span><?php echo $_SESSION['phonenumber']?></label><br> <label for="telco"><span>Telco : </span><?php echo $_SESSION['Telco'] ?><br> <label for="reloadcredit"><span>Reload Credit : RM </span><?php echo $_SESSION['ReloadCredit']?> <p>Thank you for using i-Prepaid Reload</p> </form> </html>
However, in future, please consider using a database approach to manage the users’ credentials. Otherwise you need to update the PHP array list everytime you have new / changed username and/or passwords.