Because modern websites and web applications need to store a lot of data, they usually interact with databases on the back-end. A common type of custom validation involves comparing user input against information in the database. In this exercise, we’ll practice validating against back-end data using PHP arrays to stand in for complicated databases.
An important application of this kind of validation is handling the creation of a user’s account. Before creating the account, it is very important to check that a submitted username isn’t already being used by someone else! In order to do this, we’ll need to check the database for that username.
In the example below, we model the database of users with the associative array $users
, which contains keys in the format "username" => "password"
.
$users = ["coolBro123" => "password123!", "coderKid" => "pa55w0rd*", "dogWalker" => "ais1eofdog$"]; function isUsernameAvailable ($username){ global $users; if (isset($users[$username])){ echo "That username is already taken."; } else { echo "${username} is available."; } } isUsernameAvailable("coolBro123"); // Prints: That username is already taken. isUsernameAvailable("aisleOfPHP"); // Prints: aisleOfPHP is available.
The above function isUsernameAvailable
uses the built-in function isset()
to check if a given $username
exists in the $users
array. In production, this check would be done by querying the database.
Instructions
Take a minute to familiarize yourself with the provided code. This PHP serves a log in page to users. We declared five variables at the top of the PHP:
$users
is an associative array with usernames and passwords as key=>value pairs. In production, this type of information would likely be stored in a database.$feedback
is the text we’ll show to the user depending on whether or not they were able to successfully log in.$message
is the message we’ll provide as feedback if log-in was successful.$validation_error
is the error we’ll provide as feedback if their username or password is incorrect.
Once you have a handle on the provided code, run the program and test the form to see how it currently works.
If the form has not been submitted, your PHP code shouldn’t do anything.
Write an if
statement that checks the form has been submitted by checking the value of the "REQUEST_METHOD"
key on the $_SERVER
array.
Within the if
block, reassign the $username
variable to the value of the "username"
key on the $_POST
array.
Declare a new variable $password
and assign to it the value of the "password"
key on the $_POST
array.
If a form has been submitted (after $username
and $password
have been assigned), you’ll need to take two additional steps to validate the user’s login.
- First you’ll need to check that the username exists in the “database”. A username is considered valid if it exists as a key within our
$users
array. - You’ll also need to check that the password provided by the user equals the value of that username key in the
$users
array.
If both of those criteria are met, you should consider the login successful and assign $feedback
the value of $message
. Otherwise, you should assign $feedback
the value of $validation_error
.
Awesome! Your code should be working properly. Test it with valid and invalid logins to make sure.
Did you notice we did a couple things differently in this form?
- We didn’t assign the
value
attribute of the"password"
input to the user’s password submission. - We didn’t give specific feedback about whether it was an invalid username or a bad password that caused the login to fail.
Why do you think we did those things? Check out the hint for an explanation.