Skip to content

Problems with php validations not working

I was tasked on making simple i-Prepaid Reload programming.So far, I have problem with validations not working on reload.php page. As if there were no validations set at all and it went to result.php after pressing Buy button. I couldn’t figure it out what’s the cause of this error. There should be some errors appear is I put alphabets or less than 10 numbers or ignore all of those options in reload.php.

login.php

form action="" method="post"  name="Login_Form">
    <table width="400" border="0" align="center" cellpadding="5" cellspacing="1" class="Table">
        <?php if(isset($msg)){?>
        <tr>
            <td colspan ="2" align="center" valign="top"><?php echo $msg;?></td>
        </tr>
    <?php } ?>
    <tr>
        <td colspan="2" align="left" valign="top"><h3>Login</h3></td>
    </tr>
    <tr>
        <td align="right" valign="top">Username</td>
        <td><input name="Username" type="text" class="Input"><td>
    </tr>
    <tr>
        <td align="right">Password</td>
        <td><input name="Password" type="password" class="Input"></td>
    </tr>
    <tr>
        <td> </td>
        <td><input name="Submit" type="submit" value="Login" class="Button3"></td>
    </tr>
    </table>
</form>

<?php session_start();

if(isset($_POST['Submit']))
{
    $logins = array(
            ['username' =>'Fadzli', 'password' => '11111'],
            ['username' =>'user2', 'password' => '22222'],
            ['username' =>'user3', 'password' => '33333'],
            ['username' =>'user4', 'password' => '44444'],
    );

    $log_username = isset($_POST['Username']) ? $_POST['Username'] :'';
    $log_password = isset($_POST['Password']) ? $_POST['Password'] :'';

    $key = FALSE;
    $key = array_search($log_username, array_column($logins, 'username'));
    $password = '';
    echo $key;
    var_dump($key);
    if(!is_bool($key)){
        $password = $logins[$key]['password'];
    }

    if($log_password == $password){
        $_SESSION['Userdata'] = ['username' => $log_username];
        header("location:reload.php");
        exit;
    }else{
        $msg="<span style='color:red'>Invalid Login Information</span>";
    }
}
?>

reload.php

<?php session_start(); 


$phonenumber = $Telco = $Reload ='';
$numberError = $telcoError = $ReloadError = '';


if(isset($_POST['Submit']))
{
    $phonenumber=$_POST['phonenumber'];
    if(array_key_exists('phonenumber',$_POST) && trim($_POST['phonenumber']) === '')
    {
        $numberError = "Error, insert phone number";    
    }
else 
    {
        if(!preg_match('/^([0-9]*)$/', $phonenumber))
        {
            $numberError = "Numbers only";      
        }
        elseif(strlen($phonenumber)<10)
        {
            $numberError = "Numbers have to be 10 or longer";
        }
        
    }

    $Telco=$_POST['Telco'];
    if(array_key_exists('Telco',$_POST) && trim($_POST['Telco']) == "")
    {
        $telcoError = "Error! Select your telco!";  
    }

    $Reload=$_POST['ReloadCredit'];
    if(array_key_exists('ReloadCredit',$_POST) && trim($_POST['ReloadCredit']) == "")
    {
        $ReloadError = "Error! Select the amount you wish to reload!";
    }
}


function test_input($data)
    {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
    

    if($numberError=="" && $telcoError=="" && $ReloadError=="")
    {
        $_SESSION['data'] = ['phonenumber'  => $_POST['phonenumber'] , 
                             'Telco'        => $_POST['Telco'] ,
                             'ReloadCredit' => $_POST['ReloadCredit'] ];
        
            
    }
    }
?>


<?php 
$title = "i-PREPAID RELOAD";
?>

<html>
    
<style>
.topup_form{
    max-width: 700px;
    font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
    margin-right:auto;
    margin-left:auto;
}
.topup_form label{
    display:block;
    margin-bottom: 10px;
    text-align:left;
}
.note1{
    margin-top:5px;
    font-size: 17px;
}

.topup_form label > span{
    float: left;
    width: 170px;
    color: #F072A9;
    font-weight: bold;
    font-size: 17px;
    text-shadow: 1px 1px 1px #fff;
}
.topup_form fieldset{
    border-radius: 10px;
    -webkit-border-radius: 10px;
    -moz-border-radius: 10px;
    margin: 0px 0px 10px 0px;
    border: 1px solid #FFD2D2;
    padding: 20px;
    background: #FFF4F4;
    box-shadow: inset 0px 0px 15px #FFE5E5;
    -moz-box-shadow: inset 0px 0px 15px #FFE5E5;
    -webkit-box-shadow: inset 0px 0px 15px #FFE5E5;
}
.topup_form fieldset legend{
    color: #FFA0C9;
    border-top: 1px solid #FFD2D2;
    border-left: 1px solid #FFD2D2;
    border-right: 1px solid #FFD2D2;
    border-radius: 5px 5px 0px 0px;
    -webkit-border-radius: 5px 5px 0px 0px;
    -moz-border-radius: 5px 5px 0px 0px;
    background: #FFF4F4;
    padding: 0px 8px 3px 8px;
    box-shadow: -0px -1px 2px #F1F1F1;
    -moz-box-shadow:-0px -1px 2px #F1F1F1;
    -webkit-box-shadow:-0px -1px 2px #F1F1F1;
    font-weight: normal;
    font-size: 25px;
}

.topup_form  button,
.topup_form  input[type=reset],
.topup_form  input[type=button]{
    background: #EB3B88;
    border: 1px solid #C94A81;
    padding: 5px 15px 5px 15px;
    color: #FFCBE2;
    box-shadow: inset -1px -1px 3px #FF62A7;
    -moz-box-shadow: inset -1px -1px 3px #FF62A7;
    -webkit-box-shadow: inset -1px -1px 3px #FF62A7;
    border-radius: 3px;
    border-radius: 3px;
    -webkit-border-radius: 3px;
    -moz-border-radius: 3px;    
    font-weight: bold;    
}

.Button
{
    width: 170px;
    margin-right:auto;
    margin-left:auto;
}

#warning{text-align:left;}
</style>

<div class="topup_form">

<form name="Topup" action="result.php" method="post" onsubmit="return confirm('Are you sure?')" >

<fieldset><legend><?php echo $title ?></legend>

    Welcome <?php echo $_SESSION['Userdata']['username'];?>

    <label for="phonenumber"><span>Phone Number <span>*</span></span><input type="text" name="phonenumber"/></label>
    <div id = "warning" style="color: red;"><?php echo $numberError ?? '';?></div><br>

    <label for="Telco"><span>Telco</span><select name="Telco">
    <option value=""></option>
    <option value="Maxis">Maxis</option>
    <option value="Celcom">Celcom</option>
    <option value="Digi">Digi</option>
    <option value="TuneTalk">TuneTalk</option>
    <option value="Unifi">Unifi</option>
    </select></label>
    <span class="note1">(Example:Maxis, Celcom, Digi)</span>
    <div id = "warning" style="color: red;"><?php echo $telcoError ?? '';?></div><br>

    <label for="Reload"><span>Reload Credit </span><select name="ReloadCredit">
    <option value=""></option>
    <option value="5">RM5</option>
    <option value="10">RM10</option>
    <option value="20">RM20</option>
    <option value="30">RM30</option>
    <option value="50">RM50</option>
    </select></label>
    <span class="note1">(Example:RM5,RM10,RM20)</span>
    <div id = "warning" style="color: red;"><?php echo $ReloadError ?? '';?></div><br>    
</fieldset>
<fieldset class="Button">
<button  type="submit" value="Submit" name='Submit' >Buy</button>
<input type="reset" value="Reset" />
</fieldset>
</form>


</html>

‘result.php’

<html>
<?php session_start()?>



<form name="result" action="">

Hi <?php echo $_SESSION['Userdata']['username'];?>
<br>

<p>Successfully reloaded</p>

<label for="phonenumber"><span>Phone Number : </span><?php echo $_POST['phonenumber']?></label><br>
<label for="telco"><span>Telco : </span><?php echo $_POST['Telco'] ?><br>
<label for="reloadcredit"><span>Reload Credit : RM </span><?php echo $_POST['ReloadCredit']?>
<p>Thank you for using i-Prepaid Reload</p>
</form>


</html>

Answer

Please note that array_search, if fails to find any record, will return false in normal circumstances.

However, array_search may return Boolean false, but may also return a non-Boolean value which evaluates to false (See official documentation: https://www.php.net/manual/en/function.array-search.php)

On the other hand, if the match is on the 1st record, the return result will be 0 (1st record matches).

Hence, to cover all the cases, you may change your login.php to :

login.php

<?php session_start();

if(isset($_POST['Submit']))
{
    $logins = array(
            ['username' =>'Fadzli', 'password' => '11111'],
            ['username' =>'user2', 'password' => '22222'],
            ['username' =>'user3', 'password' => '33333'],
            ['username' =>'user4', 'password' => '44444'],
    );

    $log_username = isset($_POST['Username']) ? $_POST['Username'] :'';
    $log_password = isset($_POST['Password']) ? $_POST['Password'] :'';

    $key= "";     

    $key = array_search($log_username, array_column($logins, 'username'));
    
    if(trim($key) !=""){
        $password = $logins[$key]['password'];
    }

if (trim($key)!=""){

 if($log_password == $password){
        $_SESSION['Userdata'] = ['username' => $log_username];
        header("location:reload.php");
        exit;
    }else{
        $msg="<span style='color:red'>Invalid Login Information</span>";
    }


}else
{
        $msg="<span style='color:red'>Please input login username and password</span>";
    }


}

?>


<form action="#" method="post"  name="Login_Form">
    <table width="400" border="0" align="center" cellpadding="5" cellspacing="1" class="Table">
        <?php if(isset($msg)){?>
        <tr>
            <td colspan ="2" align="center" valign="top"><?php echo $msg;?></td>
        </tr>
    <?php } ?>
    <tr>
        <td colspan="2" align="left" valign="top"><h3>Login</h3></td>
    </tr>
    <tr>
        <td align="right" valign="top">Username</td>
        <td><input name="Username" type="text" class="Input"><td>
    </tr>
    <tr>
        <td align="right">Password</td>
        <td><input name="Password" type="password" class="Input"></td>
    </tr>
    <tr>
        <td> </td>
        <td><input name="Submit" type="submit" value="Login" class="Button3"></td>
    </tr>
    </table>
</form>

For reload.php, please

  1. amend your original code so that the submit it to itself (otherwise the validation will never happen)
  2. If all data are validated to be correct, store the submitted data as session variable (namely $_SESSION[‘phonenumber’], $_SESSION[‘Telco’] and $_SESSION[‘ReloadCredit’]), then redirect to result.php

reload.php

<?php session_start(); 


$phonenumber = $Telco = $Reload ='';
$numberError = $telcoError = $ReloadError = '';


$_SESSION['phonenumber']="";
$_SESSION['Telco']="";
$_SESSION['ReloadCredit']="";



if(isset($_POST['Submit']))
{
    $phonenumber=$_POST['phonenumber'];
    if(array_key_exists('phonenumber',$_POST) && trim($_POST['phonenumber']) === '')
    {
        $numberError = "Error, insert phone number";    
    }
else 
    {
        if(!preg_match('/^([0-9]*)$/', $phonenumber))
        {
            $numberError = "Numbers only";      
        }
        elseif(strlen($phonenumber)<10)
        {
            $numberError = "Numbers have to be 10 or longer";
        }
        
    }

    $Telco=$_POST['Telco'];
    if(array_key_exists('Telco',$_POST) && trim($_POST['Telco']) == "")
    {
        $telcoError = "Error! Select your telco!";  
    }

    $Reload=$_POST['ReloadCredit'];
    if(array_key_exists('ReloadCredit',$_POST) && trim($_POST['ReloadCredit']) == "")
    {
        $ReloadError = "Error! Select the amount you wish to reload!";
    }

    if ($ReloadError=="" && $telcoError=="" && $numberError=="")
    {

$_SESSION['phonenumber']=$_POST['phonenumber'];
$_SESSION['Telco']=$_POST['Telco'];
$_SESSION['ReloadCredit']=$_POST['ReloadCredit'];


 header("location:result.php");
        exit;
    }


}


function test_input($data)
    {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
    

    if($numberError=="" && $telcoError=="" && $ReloadError=="")
    {
        $_SESSION['data'] = ['phonenumber'  => $_POST['phonenumber'] , 
                             'Telco'        => $_POST['Telco'] ,
                             'ReloadCredit' => $_POST['ReloadCredit'] ];
        
    

    }

    }
?>


<?php 
$title = "i-PREPAID RELOAD";
?>

<html>
    
<style>
.topup_form{
    max-width: 700px;
    font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
    margin-right:auto;
    margin-left:auto;
}
.topup_form label{
    display:block;
    margin-bottom: 10px;
    text-align:left;
}
.note1{
    margin-top:5px;
    font-size: 17px;
}

.topup_form label > span{
    float: left;
    width: 170px;
    color: #F072A9;
    font-weight: bold;
    font-size: 17px;
    text-shadow: 1px 1px 1px #fff;
}
.topup_form fieldset{
    border-radius: 10px;
    -webkit-border-radius: 10px;
    -moz-border-radius: 10px;
    margin: 0px 0px 10px 0px;
    border: 1px solid #FFD2D2;
    padding: 20px;
    background: #FFF4F4;
    box-shadow: inset 0px 0px 15px #FFE5E5;
    -moz-box-shadow: inset 0px 0px 15px #FFE5E5;
    -webkit-box-shadow: inset 0px 0px 15px #FFE5E5;
}
.topup_form fieldset legend{
    color: #FFA0C9;
    border-top: 1px solid #FFD2D2;
    border-left: 1px solid #FFD2D2;
    border-right: 1px solid #FFD2D2;
    border-radius: 5px 5px 0px 0px;
    -webkit-border-radius: 5px 5px 0px 0px;
    -moz-border-radius: 5px 5px 0px 0px;
    background: #FFF4F4;
    padding: 0px 8px 3px 8px;
    box-shadow: -0px -1px 2px #F1F1F1;
    -moz-box-shadow:-0px -1px 2px #F1F1F1;
    -webkit-box-shadow:-0px -1px 2px #F1F1F1;
    font-weight: normal;
    font-size: 25px;
}

.topup_form  button,
.topup_form  input[type=reset],
.topup_form  input[type=button]{
    background: #EB3B88;
    border: 1px solid #C94A81;
    padding: 5px 15px 5px 15px;
    color: #FFCBE2;
    box-shadow: inset -1px -1px 3px #FF62A7;
    -moz-box-shadow: inset -1px -1px 3px #FF62A7;
    -webkit-box-shadow: inset -1px -1px 3px #FF62A7;
    border-radius: 3px;
    border-radius: 3px;
    -webkit-border-radius: 3px;
    -moz-border-radius: 3px;    
    font-weight: bold;    
}

.Button
{
    width: 170px;
    margin-right:auto;
    margin-left:auto;
}

#warning{text-align:left;}
</style>

<div class="topup_form">

<form name="Topup" action="#" method="post" onsubmit="return confirm('Are you sure?')" >

<fieldset><legend><?php echo $title ?></legend>

    Welcome <?php echo $_SESSION['Userdata']['username'];?>

    <label for="phonenumber"><span>Phone Number <span>*</span></span><input type="text" name="phonenumber"/></label>
    <div id = "warning" style="color: red;"><?php echo $numberError ?? '';?></div><br>

    <label for="Telco"><span>Telco</span><select name="Telco">
    <option value=""></option>
    <option value="Maxis">Maxis</option>
    <option value="Celcom">Celcom</option>
    <option value="Digi">Digi</option>
    <option value="TuneTalk">TuneTalk</option>
    <option value="Unifi">Unifi</option>
    </select></label>
    <span class="note1">(Example:Maxis, Celcom, Digi)</span>
    <div id = "warning" style="color: red;"><?php echo $telcoError ?? '';?></div><br>

    <label for="Reload"><span>Reload Credit </span><select name="ReloadCredit">
    <option value=""></option>
    <option value="5">RM5</option>
    <option value="10">RM10</option>
    <option value="20">RM20</option>
    <option value="30">RM30</option>
    <option value="50">RM50</option>
    </select></label>
    <span class="note1">(Example:RM5,RM10,RM20)</span>
    <div id = "warning" style="color: red;"><?php echo $ReloadError ?? '';?></div><br>    
</fieldset>
<fieldset class="Button">
<button  type="submit" value="Submit" name='Submit' >Buy</button>
<input type="reset" value="Reset" />
</fieldset>
</form>


</html>

For result.php, just display the submitted data thru the session variables:

result.php

<html>
<?php session_start()?>



<form name="result" action="">

Hi <?php echo $_SESSION['Userdata']['username'];?>
<br>

<p>Successfully reloaded</p>

<label for="phonenumber"><span>Phone Number : </span><?php echo $_SESSION['phonenumber']?></label><br>
<label for="telco"><span>Telco : </span><?php echo $_SESSION['Telco'] ?><br>
<label for="reloadcredit"><span>Reload Credit : RM </span><?php echo $_SESSION['ReloadCredit']?>
<p>Thank you for using i-Prepaid Reload</p>
</form>


</html>

However, in future, please consider using a database approach to manage the users’ credentials. Otherwise you need to update the PHP array list everytime you have new / changed username and/or passwords.