0

I'm trying to create a php file (login.php) that can check the login field and validate the username and password. At the moment, it's just checking username using regex. Below is my code. I can't trigger the second else clause, it seems that isset and !empty are always true, even when I can see that they're visually empty, like immediately after refreshing the page.

<?php 
if (isset($_POST['login']) && !empty($_POST['login'])) {
    if (preg_match('/^[a-z0-9]{6,15}$/i', $_POST['username'])) {
        echo 'set';          
    }
    else {
        echo 'wrong';
    }
} else {
    echo 'required field';
}   
?>

<div id="login"> <!-- Login field with link to registration -->
    <form method="POST" action="login.php">
    <Legend>Login</Legend>
    Username <input type="text" name="username"/>
    Password <input type="password" name="password"/>
    <input type="submit" name="login">
        <div id="register">
            <a href="registration.html">Not a member? Click here to register!</a>
        </div>
    </form>     
</div>
Nicholas Hassan
  • 949
  • 2
  • 10
  • 27
  • And `var_dump($_POST['login'])` shows what? – u_mulder Nov 30 '16 at 21:01
  • 1
    `isset` and `empty` is kind of overkill [see the manual](http://php.net/manual/en/function.empty.php) – RiggsFolly Nov 30 '16 at 21:01
  • It looks like you are resubmitting the form. – Nandan Bhat Nov 30 '16 at 21:05
  • @RiggsFolly I just did it at the suggestion of this thread. http://stackoverflow.com/questions/13045279/if-isset-post. But I did start with just isset – Nicholas Hassan Nov 30 '16 at 21:06
  • @Nandan Is that a problem? How would I normally organize this? – Nicholas Hassan Nov 30 '16 at 21:06
  • 3
    You know you're checking the value of your input button, right? – Don't Panic Nov 30 '16 at 21:06
  • Let's say for the first time you click on login and now the POST data is set. Now if you re-submit the form (using Ctr+Shift+R) it will refresh retaining the form data. I suspect it's what happening. You can give a try by clearing browser data from your browser – Nandan Bhat Nov 30 '16 at 21:08
  • Try adding a `value="something"` in `` as the button never has a value it will always be considered empty – RiggsFolly Nov 30 '16 at 21:11
  • @Don'tPanic WOW I can't believe I did that. In my mind I was checking the form. If I name the form "login", can I check both the Username and Password at thge same time? – Nicholas Hassan Nov 30 '16 at 21:11
  • You probably want to be checking if `$_POST['username']` and `$_POST['password']` are empty, not `$_POST['login']` – cck Nov 30 '16 at 21:12

2 Answers2

1

I would suggest something more like this. First, check if $_POST['login'] is set first, so that you won't check anything else if the submit button hasn't been clicked yet. Then inside that, verify that username and password have been entered. If they have, go on with however you're going to validate them.

if (isset($_POST['login'])) {
    if (empty($_POST['username']) || empty($_POST['password'])) {
        echo 'required field';
    } else {
        if (preg_match('/^[a-z0-9]{6,15}$/i', $_POST['username'])) {
            echo 'set';
        }
        else {
            echo 'wrong';
        }
    }
}
Don't Panic
  • 41,125
  • 10
  • 61
  • 80
0

Try this. Just check if any POST request are made,

if (!empty($_POST)) 
{
  // Your code...
}
Nandan Bhat
  • 1,573
  • 2
  • 9
  • 21