PHP form going to a blank page

Question

I am trying to have my form perform validation on the input fields and show where there are errors. Instead, the page refreshes to a blank page. Any help would be appreciated.

NOTE: these are in the same file (registration.php)

Here is my code (PHP):

//DB information
require("config.php");

//define error variables
$usernameValidation = $passwordValidation = $emailValidation = $fNameValidation = $lNameValidation = $usernameTaken = "";

if(isset($_POST['submitSignUp']))
{
    function validateSignUp()
    {
        $username = $_POST['userSignUp'];
        $password = $_POST['passSignUp'];
        $confPassword = $_POST['confPassSignUp'];
        $email = $_POST['emailSignUp'];
        $fName = $_POST['fName'];
        $lName = $_POST['lName'];

        $username = mysqli_real_escape_string($con, $_POST['userSignUp']);
        $password = mysqli_real_escape_string($con, $_POST['passSignUp']);
        $email = mysqli_real_escape_string($con, $_POST['emailSignUp']);
        $fName = mysqli_real_escape_string($con, $_POST['fName']);
        $lName = mysqli_real_escape_string($con, $_POST['lName']);

        $errors = array();
        //Validation on form
        if(empty($username) || strlen($username) > 20){
            $usernameValidation = "errorInput";
            array_push($errors, "errorUsername");
        }

        if(empty($fName) || strlen($fName) > 20 || !preg_match("/^[a-zA-Z ]*$/",$fName)){
            $fNameValidation = "errorInput";
            array_push($errors, "errorFName");
        }

        if(empty($lName) || strlen($lName) > 30 || !preg_match("/^[a-zA-Z ]*$/",$lName)){
            $lNameValidation = "errorInput";
            array_push($errors, "errorLName");
        }

        if(empty($password) || empty($confPassword) || strlen($password) > 20 || strlen($confPassword) > 20 || $password != $confPassword){
            $passwordValidation = "errorInput";
            array_push($errors, "errorPassword");
        }

        if(empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)){
            $emailValidation = "errorInput";
            array_push($errors, "errorEmail");
        }

        //check if username is already taken
        $sql = mysqli_query($con, "SELECT * FROM users WHERE username = '$username'");

        $numRows = mysqli_num_rows($sql);

        if($numRows > 0)
        {
            //username already exists
            $usernameTaken =  "That username is already taken";
            array_push($errors, "errorUsernameTaken");
        }

        if(count($errors) > 0){
            return false;
        }
        else{
            //encrypt password
            $password = md5($password);
            //store info in DB
            $result = mysqli_query($con, "INSERT INTO users (username, password, email, firstName, lastName) VALUES ('$username', '$password', '$email', '$fName', '$lName')");
            //redirect to main page
            header('Location: index.php');
        }
    }
}
else if(isset($_POST['submitSignIn']))
{
    function validateSignIn()
    {
        $username = $_POST['userSignIn'];
        $password = $_POST['passSignIn'];

        $errors = array();

        if(empty($username)){
            $usernameValidation = "errorInput";
            array_push($errors, "error");
        }

        if(empty($password)){
            $passwordValidation = "errorInput";
            array_push($errors, "error");
        }

        if(count($errors) > 0){
            return false;
        }

        else{
            $username = mysqli_real_escape_string($con, $_POST['userSignIn']);
            $password = mysqli_real_escape_string($con, $_POST['passSignIn']);

            $password = md5($password);

            $sql = mysqli_query($con, "SELECT * FROM users WHERE username = '$username' AND 'password' = '$password'");

            $result = mysqli_num_rows($sql);

            if($result > 0)
            {
                //correct information, log them in
                header('Location: index.php');
            }
            else
            {
                //incorrect info
                return false;
            }
        }
    }   
}

Here is my code(HTML):

<body>
<div class="login-wrap">
<div class="login-html">
    <input id="tab-1" type="radio" name="tab" class="sign-in" checked><label for="tab-1" class="tab">Sign In</label>
    <input id="tab-2" type="radio" name="tab" class="sign-up"><label for="tab-2" class="tab">Sign Up</label>
    <div class="login-form">
        <div class="sign-in-htm">
            <form action="" method="POST">
                <div class="group">
                    <label for="user" class="label">Username</label>
                    <input id="userSignIn" name="userSignIn" type="text" class="input <?php if(isset($_POST['userSignIn'])){ echo ($usernameValidation);}?>" value="<?php if(isset($_POST['userSignIn'])){ echo htmlentities($username);}?>">
                </div>
                <div class="group">
                    <label for="pass" class="label">Password</label>
                    <input id="passSignIn" name="passSignIn" type="password" class="input <?php if(isset($_POST['passSignIn'])){ echo ($passwordValidation);}?>" data-type="password">
                </div>
                <div class="group">
                    <input id="check" type="checkbox" class="check" checked>
                    <label for="check"><span class="icon"></span> Keep me Signed in</label>
                </div>
                <div class="group">
                    <input type="submit" name="submitSignIn" class="button" value="Sign In" onsubmit="return validateSignIn()">
                </div>
                <div class="hr"></div>
                <div class="foot-lnk">
                    <a href="#forgot">Forgot Password?</a>
                </div>
            </form>
        </div>
        <div class="sign-up-htm">
            <form action="" method="POST">
                <div class="group">
                    <label for="fName" class="label">First Name</label>
                    <input id="fName" type="text" name ="fName" class="input <?php if(isset($_POST['fName'])){ echo ($fNameValidation);}?>" value="<?php if(isset($_POST['fName'])){ echo htmlentities($fName);}?>">
                </div>
                <div class="group">
                    <label for="lName" class="label">Last Name</label>
                    <input id="lName" type="text" name ="lName" class="input <?php if(isset($_POST['lName'])){ echo ($lNameValidation);}?>" value="<?php if(isset($_POST['lName'])){ echo htmlentities($lName);}?>">
                </div>
                <div class="group">
                    <label for="user" class="label">Username</label>
                    <input id="userSignUp" type="text" name ="userSignUp" class="input <?php if(isset($_POST['userSignUp'])){ echo ($usernameValidation);}?>" value="<?php if(isset($_POST['userSignUp'])){ echo htmlentities($username);}?>">
                    <span class="error"><?php echo $usernameTaken ?></span>
                </div>
                <div class="group">
                    <label for="pass" class="label">Password</label>
                    <input id="passSignUp" name="passSignUp" type="password" class="input <?php if(isset($_POST['passSignUp'])){ echo ($passwordValidation);}?>" data-type="password">
                </div>
                <div class="group">
                    <label for="pass" class="label">Confirm Password</label>
                    <input id="confPassSignUp" name="confPassSignUp" type="password" class="input <?php if(isset($_POST['passSignUp'])){ echo ($passwordValidation);}?>" data-type="password">
                </div>
                <div class="group">
                    <label for="pass" class="label">Email Address</label>
                    <input id="emailSignUp" name="emailSignUp" type="text" class="input <?php if(isset($_POST['emailSignUp'])){ echo ($emailValidation);}?>" value="<?php if(isset($_POST['emailSignUp'])){ echo htmlentities($email);}?>">
                </div>
                <div class="group">
                    <input type="submit" name="submitSignUp" class="button" value="Sign Up" onsubmit="return validateSignUp()">
                </div>
                <div class="hr"></div>
                <div class="foot-lnk">
                    <label for="tab-1">Already Member?</a>
                </div>
            </form>
        </div>
    </div>
</div>

Thank you in advance!!

*blank page* means something is broken. Add these lines `ini_set('display_errors', 1); error_reporting(E_ALL);` at the very top of your PHP scripts and see if it yields any error or not. — Rajdeep Paul, Dec 24 '16 at 22:02
also those `return`'s could be playing tricks on you. Return makes it "stop" execution. http://php.net/manual/en/function.return.php *"If called from within a function, the return statement immediately **ends execution** of the current function, and returns its argument as the value of the function call. return also ends the execution of an eval() statement or script file."* — Funk Forty Niner, Dec 24 '16 at 22:10
@Fred-ii- is right. There are two things I noticed regarding `return` and function. 1) Return should be used inside a function, and in this code block `if(isset($_POST['submitSignUp'])){...}` you used `return` in a casual way, without any function 2) In this code block `if(isset($_POST['submitSignIn'])){...}` even though you defined `validateSignIn()` function but you never called this function. — Rajdeep Paul, Dec 24 '16 at 22:20
Instead of using return, store the value in a variable and refer to that variable when generating your HTML. — BizzyBob, Dec 24 '16 at 22:20
@RajdeepPaul I made a change to have a function "validateSignUp" to check when the second form in my HTML is submitted and have the function "validateSignIn" being used in my first form. This now works because it is not going to a blank page, but the page is refreshing. Is there a way to have it submit and not refresh the page? — mikepsb, Dec 24 '16 at 22:32
@mikepsb Once you hit *Sigh In* or *Sign Up* button, the page will refresh, that's the default behavior. However, if you want to submit the form without the page being refreshed then use AJAX. Also, put `exit();` after `header(...);` statement as `header(...)` statement itself is not sufficient to redirect the user to a different page. — Rajdeep Paul, Dec 24 '16 at 22:39
@RajdeepPaul Thank you, i added the 'exit();' after my header. How would I go about doing an AJAX call, where exactly do i place it? — mikepsb, Dec 24 '16 at 22:42
@mikepsb I've seen this exact code quite a few times and it shouldn't be used. I wouldn't waste too much time with this if I were you, since you're using MD5 for passwords and is no longer safe to use. You're best to find something much more safer using `password_hash()` and prepared statements. Even `real_escape_string()` is open to an sql injection, believe it or not. There are a lot of good scripts already out there that will do all this and safely. — Funk Forty Niner, Dec 24 '16 at 22:46
@mikepsb There are plenty of tutorials available online, do a little search on how to use AJAX. I believe this will get you started, [https://developer.mozilla.org/en-US/docs/AJAX/Getting_Started](https://developer.mozilla.org/en-US/docs/AJAX/Getting_Started). later, you should jump to [jQuery AJAX](http://api.jquery.com/jquery.ajax/), as it's quite simple and efficient way to handle elements, events etc. — Rajdeep Paul, Dec 24 '16 at 22:48
@RajdeepPaul just a last quick question, using jQuery and AJAX calls, is it safe? by this i mean, are users able to easily bypass this or is an AJAx call done server-side? — mikepsb, Dec 24 '16 at 22:50
@mikepsb That *getting started* link has all your answers, like *what is AJAX*, *How it works* etc. It is safe(not 100% like any other system or technology) as long as you use it in conjunction with [prepared statement](https://en.wikipedia.org/wiki/Prepared_statement), as it prevents any kind of SQL injection attacks. Here's the SO wiki thread on this, [http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Rajdeep Paul, Dec 24 '16 at 22:56
Again; don't use this code if you want your **site to be hacked** and it will happen at some point in time if you decide to go live with this. You and your potential users stand at not being very happy campers. — Funk Forty Niner, Dec 24 '16 at 23:08

score 0 · Answer 1 · answered Dec 24 '16 at 22:58

The problem is, you are not calling either of the functions

validateSignUp() or validateSignUp()

Your code is like...

if(isset($_POST['submitSignUp']))
{
  function validateSignUp()
  {
    // ....
  }
} else if(isset($_POST['submitSignIn'])) {
  function validateSignIn()
  {
    // ....
  }
}

Instead.... It should be like...

if(isset($_POST['submitSignUp']))
{
  function validateSignUp()
  {
    // ....
  }

  validateSignUp();  //  <--- Notice
} else if(isset($_POST['submitSignIn'])) {
  function validateSignIn()
  {
    // ....
  }

  validateSignIn();  //  <--- Notice
}

To be frank, I'd ask you to remove both the functions from there if you are going to use them only once in your whole code... Functions are meant to be made for multiple use cases and login/signup is single case only...

PHP form going to a blank page

1 Answers1