Incoherent return message after username check - php

I'm new here so I hope I do this right.
I am having some problems with sending the right message from my php to my
html.
Here you can see the php part that sould give a message back if the username isn't valid(if is uses #$%^& etc.)
$validUsername = $CurrentUser->ValidateUsername($username);
//if the input isn't filled send a message back
if(!$validUsername)
{
$messageError = "Please fill in a valid username";
header("location: ../public/index.php?messageError=$messageError");
}
and another one that should check if the username is unique
$uniqueUsername = $CurrentUser->CheckAvailableUsername($validUsername);
if (!$uniqueUsername)
{
$messageError = "Please fill in a unique username";
header("location: ../public/index.php?messageError=$messageError");
}
now the weird thing is if use #$%^&etc. as a username it will give me back a please fill in a unique username instead of please fill in a valid username and I can't find out why.
oh btw I made a class named User with these methods Ill show them below here.
public function ValidateUsername($username)
{
if (!empty($username))
{
if (isset($username))
{
if (!preg_match("/^[a-zA-Z ]*$/", $username))
{
return false;
}
return $this->username = $username;
}
return false;
}
return false;
}
And the other one.
public function CheckAvailableUsername($username)
{
$sql = "SELECT * FROM `tbl_todolist`
WHERE `username` = '$username';";
$result = $this->dataBase->query($sql)->rowCount();
if ($result == 1)
{
return false;
}
return $this->username = $username;
}
I really hope you guys can help me with this.

After header(...); you need to throw in a return; or exit; to exit right there, otherwise it continues beyond that header.
Additional Notes
You are open to SQL injection in CheckAvailableUsername, you need to sanitize the value before you get to that function and also escape/bind the value to your query instead. It looks like you are using PDO already.

Related

What Can I Do Instead Of Multiple If Statements? PHP Register Script

As you can see in the script below, I use multiple if statements when checking registration inputs. Is there an easier, less spaghetti?
The script works as is, but i would like it to be neater.
<?php
if (isset($_POST['register'])) {
$uname = trim($_POST['uName']);
$email = trim($_POST['email']);
$pass = trim($_POST['pass']);
$passCon = trim($_POST['passCon']);
$uname = strip_tags($uname);
$email = strip_tags($email);
$pass = strip_tags($pass);
$passCon = strip_tags($passCon);
if (!empty($pass)) {
if (!empty($email)) {
if (!empty($uname)) {
if ($pass == $passCon) {
$query = "SELECT username FROM users WHERE username='$uname'";
$result = mysqli_query($conn, $query);
$checkUsername = mysqli_num_rows($result);
if ($checkUsername == 0) {
$query = "SELECT email FROM users WHERE email='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
if ($count == 0) {
$password = hash('sha256', $pass);
$queryInsert = "INSERT INTO users(id, username, email, password, date) VALUES('', '$uname', '$email', '$password', '" . time() . "')";
$res = mysqli_query($conn, $queryInsert);
if ($res) {
$errTyp = "success";
$errMsg = "successfully registered, you may login now";
}
} else {
$errTyp = "warning";
$errMsg = "Sorry Email already in use";
}
} else {
$errTyp = "warning";
$errMsg = "Sorry Username already in use";
}
} else {
$errTyp = "warning";
$errMsg = "Passwords didn't match";
}
} else {
$errTyp = "warning";
$errMsg = "You didn't enter a Username";
}
} else {
$errTyp = "warning";
$errMsg = "You didn't enter an email address";
}
} else {
$errTyp = "warning";
$errMsg = "You didn't enter a password";
}
}
Thank you,
Jay
The problem you are facing is not at all uncommon. Many programmers have faced this issue. Let me help you along the way restructuring your script.
First of all, let's get rid of the nested if-else statements. They confuse and obfuscate what is really going on.
Version 1:
if (!isset($_POST['register']))
redirect('register.php'); // Let's assume that redirect() redirects the user to a different web page and exit()s the script.
$uname = $_POST['uName'];
$email = $_POST['email'];
$pass = $_POST['pass'];
$passRepeat = $_POST['passRepeat'];
if (empty($pass)) {
$errorMessage = "You didn't enter a password";
}
if (empty($email)) {
$errorMessage = "You didn't enter an email address";
}
if (empty($uname)) {
$errorMessage = "You didn't enter a Username";
}
if ($pass !== $passRepeat) {
$errMsg = "Passwords didn't match";
}
$query = "SELECT username FROM users WHERE username='$uname'";
$result = mysqli_query($conn, $query);
$checkUsername = mysqli_num_rows($result);
if ($checkUsername !== 0) {
$errMsg = 'Sorry Username already in use';
}
$query = "SELECT email FROM users WHERE email='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
if ($count !== 0) {
$errMsg = 'Sorry Email already in use';
}
$password = hash('sha256', $pass);
$queryInsert = "INSERT INTO users(id, username, email, password, date) VALUES('', '$uname', '$email', '$password', '" . time() . "')";
$res = mysqli_query($conn, $queryInsert);
Note that although this avoids the nested if statements, this is not the same as the original code, because the errors will fall through. Let's fix that. While we are at it, why would we want to return after the first error occurs? Let's return all the errors at once!
Version 2:
$errors = array();
if (empty($pass)) {
$errors[] = "You didn't enter a password";
}
if (empty($email)) {
$errors[] = "You didn't enter an email address";
}
if (empty($uname)) {
$errors[] = "You didn't enter a username";
}
if ($pass !== $passRepeat) {
$errors[] = "Passwords didn't match";
}
$query = "SELECT username FROM users WHERE username='$uname'";
$result = mysqli_query($conn, $query);
$usernameExists = mysqli_num_rows($result) > 0;
if ($usernameExists) {
$errors[] = 'Sorry Username already in use';
}
$query = "SELECT email FROM users WHERE email='$email'";
$result = mysqli_query($conn, $query);
$emailExists = mysqli_num_rows($result) > 0;
if ($emailExists) {
$errors[] = 'Sorry Email already in use';
}
if (count($errors) === 0) {
$password = hash('sha256', $pass);
$queryInsert = "INSERT INTO users(id, username, email, password, date) VALUES('', '$uname', '$email', '$password', '" . time() . "')";
$res = mysqli_query($conn, $queryInsert);
redirect('register_success.php');
} else {
render_errors($errors);
}
Pretty clean so far! Note that we could replace the if (empty($var)) statements with a for-loop. However, I think that is overkill in this situation.
As a side note, please remember that this code is vulnerable to SQL injection. Fixing that issue is beyond the scope of the question.
Less spaghetti? Start with functional decomposition, then work towards separating the task of sanitation from that of validation. I will leave out many steps that I take (such as verifying the form / $_POST / filter_input_array() has the correct number of inputs, and the correct keys are in the $_POST superglobal / INPUT_POST, etc, you might want to think about that.). Alter some of my techniques for your exact needs. Your program should be less spaghetti afterwards. :-)
Sanitize then validate. You have to keep them separated, so to speak. ;-)
Sanitizing with Functional Decomposition
Make a single task its own block of code.
If all of your sanitization steps (trim(), strip_tags(), etc.) are the same for all of your form fields, then make a sanitizer function to do that work. Note, that the one-time way you are trimming and stripping tags can be improved upon simply by using a loop. Save the original value in a variable, then trim(), strip_tags(), etc within a while loop. Compare the results to the original. If they are the same, break. If they differ, save the current value of the form field in your variable again and let the loop run again.
function sanitize($formValue)
{
$oldValue = $formValue;
do
{
$formValue = trim($formValue);
$formValue = strip_tags($formValue);
//Anything else you want to do.
$formValue = trim($formValue);
if($formValue === $oldValue)
{
break;
}
$oldValue = $formValue;
}
while(1); //Infinite loop
return $formValue;
}
Then, simply run this function in a loop.
$sanitized = [];
foreach($_POST as $key => $value)
{
$sanitized[$key] = sanitize($value);
}
/* You can keep track your variable anyway you want.*/
Looking further down the road, it is times like this where devising an input source ($_POST, $_GET, $_SESSION, $_FILES, $_COOKIE, etc..) based sanitizing, class hierarcy really comes in handy. Moreover, basing that class hierarchy on the use of filter_input_array() really puts you a head of the game. What about validation?
Validating with Functional Decomposition
You could look at each form field as needing its own validating function. Then, only the logic required to check one form field will be contained within the block. The key, retain your Boolean logic by having the validator functions return the results of a test (true / false).
function uname($uname, &$error)
{
if(! /* Some test */)
{
$error = 'Totally wrong!'
}
elseif(! /* Another test */)
{
$error = 'Incredibly wrong!'
}
else
{
$error = NULL;
}
return !isset($error) //If error is set, then the test has failed.
}
function email($email, &$error)
{
if(! /* Some test */)
{
$error = 'Totally wrong!'
}
elseif(! /* Another test */)
{
$error = 'Incredibly wrong!'
}
else
{
$error = NULL;
}
return !isset($error) //If error is set, then the test has failed.
}
function pass($pass, &$error)
{
if(! /* Some test */)
{
$error = 'Totally wrong!'
}
elseif(! /* Another test */)
{
$error = 'Incredibly wrong!'
}
else
{
$error = NULL;
}
return !isset($error) //If error is set, then the test has failed.
}
function passCon($passCon, &$error)
{
if(! /* Some test */)
{
$error = 'Totally wrong!'
}
elseif(! /* Another test */)
{
$error = 'Incredibly wrong!'
}
else
{
$error = NULL;
}
return !isset($error) //If error is set, then the test has failed.
}
In PHP, you can use variable functions to name your function the same as the fields they are checking. So, to execute these validators, simply do this.
$errorMsgs = [];
foreach($sanitized as $key => $value)
{
$key($value, $errorMsgs[$key])
}
Then, generally speaking, you just need to see if there are any errors in the $errorMsgs array. Do this by processing the $errorMsgs array
$error = false;
foreach($errorMsgs as $key => $value)
{
if(isset($value))
{
//There is an error in the $key field
$error = true;
}
}
..and then.
if($error === true)
{
//Prompt user in some way and terminate processing.
}
// Send email, login, etc ....
Taken further, you could create a generic, Validator, super class.
All this being said. I do all of my sanitization and validation in an object oriented way to reduce code duplication. The Sanitizer super class has children (PostSanitizer, GetSanitizer, ....). The Validator super class has all the test one might perform on a string, integer, or float. Children of the Validator superclass are page/form specific. But, when something like a form token is needed, it's validating method is found in the Validator super-class because it can be used on any form.
A good validation routine keeps track of:
1) Input values in an associative array..
2) Test results (Booleans) in an associative array. Test results (true/false) can be converted to CSS classes or a JSON string of '1's and '0's.
3) Error messages in an associative array.
..then makes final decisions about what to do with the input values and/or error messages based on the test results (by key). If there are errors (false values in the a hypothetical test results array), use the error messages that have the corresponding key.
My previous example condenses the final error checking and error message data structures with one array, but using separate data structures allows more flexibility (decouples error messages from the detected errors). Simply store the results of each validating variable function into a $testResults array like this.
function sanitize($formValue)
{
$oldValue = $formValue;
do
{
$formValue = trim($formValue);
$formValue = strip_tags($formValue);
//Anything else you want to do.
$formValue = trim($formValue);
if($formValue === $oldValue)
{
break;
}
$oldValue = $formValue;
}
while(1); //Infinite loop
return $formValue;
}
$sanitized = [];
foreach($_POST as $key => $value)
{
$sanitized[$key] = sanitize($value);
}
$testResults = [];
$errorMsgs = [];
foreach($sanitized as $key => $value)
{
$testResults[$key] = $key($value, $errorMsgs[$key])
}
if(!in_array(false, $testResults, true))
{
return true //Assuming that, ultimately, you need to know if everything worked or not, and will take action on this elsewhere. It's up to you to make the correct functions/methods, but this general foundation can get you going.
}
return false; //Obviously. Do not submit the form. Show the errors (CSS and error messages).
Then, simply check for the existence of false in the $testResults array. Get the corresponding error message from $errorMsgs using the appropriate $key. Using this generic, final stub, you can create a powerful santization and validation routine, especially if you go object oriented.
Eventually, you will begin to see that the same kinds of test are being repeated among the various validation variable functions: data type, length, regular expression, exact matches, must be a value within a set, etc. Thus, the primary difference between the validating variable functions will be the minimum and maximum string lengths, regex patterns, etc... If you are savvy, you can create an associative array that is used to "program" each variable function with its set of validation parameters. That's getting a bit beyond the scope, but that is what I do.
Thus, all my variable functions perform the same basic tests via factored out logic using a method of class Validator called validateInput(). This method receives the following arguments
1) The value to be tested.
2) An associative array of the test parameters (which can specify datatype)
3) An array element, passed in as a variable (by reference), that corresponds the field being tested that will hold the error message, if any.
What's funny, is that I use a two step sanitization and a two step validation. I use a custom filter algorithm using PHP functions, then I use the PECL filter functions (filter_input_array()). If anything fails during these steps, I throw a SecurityException (because I extend RuntimeException).
Only after these filters pass do I attempt to use the PHP/PECL filter valiation functions. Then, I run my own validation routine using validating, variable functions. Yes, these only run if the previous test passed as true (to avoid overwriting previous failures and corresponding error message).
This is entirely object oriented.
Hope I helped.

smarter php login form validation

I've started learning PHP and MySQL for a while but I still consider myself a beginner!
I created a simple register form and I also wrote PHP code to validate it...
I want to know if there is a better and smarter way to accomplish my goal.
My form is based on 5 inputs: username, password, repeat password, email, repeat email and it sends through POST, their content and a button's value. It must check these conditions when a submit is performed:
show error "All fields empty" if all inputs are empty
show error "Some fields empty" if one or more inputs, but not all, are empty
username length must be up to 20 chars
password and repeat password must be equal
passwords must be between 8 and 20 chars
email and repeat email must be valid emails and must be equal
show an error message of what went wrong
I wrote this function (it's inside a class) which does everything I said above but can I improve it to reduce repetitive code? Are there other PHP functions which can be used for this? And finally, how secure is my code?
Here is it!
public function processRegisterInfo($POSTArray = array())
{
if (count(array_filter($POSTArray)) > 1) // button don't have to be counted
{
if (count(array_filter($POSTArray)) < 6)
{
$this->errorMsg = "Some fields are empty";
return FALSE;
}
else
{
$username = $POSTArray["username"];
$password = $POSTArray["password"];
$repPassword = $POSTArray["repPassword"];
$email = $POSTArray["email"];
$repEmail = $POSTArray["repEmail"];
$isValid = TRUE;
// Checking username length
if (strlen($username) > 20)
{
$this->errorMsg .= " Username too long.";
$isValid = FALSE;
}
// Checking password length and equality
if (strcmp($password, $repPassword) == 0)
{
if (strlen($password) < 8)
{
$this->errorMsg .= " Password must be at least 8 characters.";
$isValid = FALSE;
}
else if (strlen($password) > 20)
{
$this->errorMsg .= " Password must be max 20 characters long.";
$isValid = FALSE;
}
}
else
{
$this->errorMsg .= " Passwords don't match.";
$isValid = FALSE;
}
// Checking email validation and equality
if (strcmp($email, $repEmail) == 0)
{
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$this->errorMsg .= " Email provided is not valid.";
$isValid = FALSE;
}
}
else
{
$this->errorMsg .= " Emails don't match.";
$isValid = FALSE;
}
if (isset($this->errorMsg) && !empty($this->errorMsg))
$this->errorMsg = substr($this->errorMsg, 1);
return $isValid;
}
}
else
{
$this->errorMsg = "All fields are empty";
return FALSE;
}
}
Thank you so much for your help! :)
If you are only able to use php it's as good as it's going to get i think.
These check can be performed by Jquery(javasript) to.
The pros of using jquery are, you don't have to submit it first and you can easily mark which field has a wrong value.

Log in field with a specific input

I'd like to make a registration input field that only accepts certain types of email addresses (e.g., one that only accepts email addresses that end with #yahoo.com) so that I can provide some security in terms of who can access my website (e.g., I want to only accept email addresses that are from students from my school, i.e., they must end in #school.edu).
Here's what i have so far, but this does not discriminate for a specific type of email:
<?php
// configuration
require("../includes/config.php");
// if form was submitted
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
// validate inputs
if (empty($_POST["username"]))
{
apologize("You must provide a username.");
}
else if (empty($_POST["password"]))
{
apologize("You must provide a password.");
}
else if (empty($_POST["confirmation"]) || $_POST["password"] != $_POST["confirmation"])
{
apologize("Those passwords did not match.");
}
// try to register user
$results = query("INSERT INTO users (username, hash, cash) VALUES(?, ?, 10000.0000)",
$_POST["username"], crypt($_POST["password"])
);
if ($results === false)
{
apologize("That username appears to be taken.");
}
// get new user's ID
$rows = query("SELECT LAST_INSERT_ID() AS id");
if ($rows === false)
{
apologize("Can't find your ID.");
}
$id = $rows[0]["id"];
// log user in
$_SESSION["id"] = $id;
// redirect to portfolio
redirect("/");
}
else
{
// else render form
render("register_form.php", ["title" => "Register"]);
}
?>
You can use the substr() function combined with the strrpos() to get the last part of the email:
if(substr($email, strrpos($email, "#")) == "#school.edu") {
//all good
}
Once you have done that, you can email them a confirmation link to the email provided to make sure it's not a bogus one.
You can also use simple regex to verify user's email
if(preg_match('#^(.*)\#school\.edu$#', $_POST['email'])) {
echo 'email is valid';
} else {
echo 'this is not valid email!';
}

PHP and AJAX Log in validation

I need some help troubleshooting my code that's used for Log In validation. It's a combo of AJAX and PHP.
Here's the AJAX code that's directly in the login page.
<script language="javascript">
$(document).ready(function()
{
$("#login_form").submit(function()
{
$("#msgbox").removeClass().addClass('messagebox').text('Validating....').fadeIn(1000);
$.post("/ajax_login.php",{ user_name:$('#username').val(),password:$('#password').val()
,rand:Math.random() } ,function(data)
{
if (data=='no')
{
$("#msgbox").fadeTo
(200,0.1,function()
{
$(this).html('Incorrect Username or Password.')
.addClass('messageboxerror').fadeTo(900,1);
}
);
}
else if(data=='yes')
{
$("#msgbox").fadeTo
(200,0.1,function()
{
$(this).html('Logging in.....').addClass('messageboxok').fadeTo
(900,1, function()
{
document.location='/mainpage.php';
}
);
}
);
}
else
{
$("#msgbox").fadeTo
(200,0.1,function()
{
$(this).html('User is already logged in.').
addClass('messageboxerror').fadeTo(900,1);
}
);
}
});
return false;
});
$("#password").blur(function()
{
$("#login_form").trigger('submit');
});
});
</script>
PHP CODE:
<?
//Log In credentials
if ($rehash==$dboPW && $user_name == $dboUN && $logged=='Y'){echo "alreadyLogged"; exit;}
if ($rehash==$dboPW && $user_name == $dboUN && $logged=='N')
{
echo "yes";
$_SESSION['login'] = $username;
$_SESSION['password'] = $rehash;
$loggedUpdate=mysql_query("UPDATE Users SET LOGGED='Y' WHERE username='$user_name'");
exit;
}
else
{echo "no";}
?>
To summarize this process, someone logs in and the PHP script checks
if the username and password is valid AND that the person is NOT logged in already - returns value of 'yes'
if the username and password is valid AND that the person IS logged in already - returns value of 'alreadyLogged'
Invalid username or password - returns value of 'no'
This gets passed to AJAX, which SHOULD display the correct messages based on the return values from the php script. For reference (using the above summary):
AJAX should return: Logging in...
AJAX should return: User is already logged in.
AJAX should return: Invalid Username or Password.
The problem is this: If someone logs in correctly and IS NOT already logged in, message 2 appears instead of message 1. (I think that message 1 may appear but it disappears so fast).
I think the culprit is AJAX but unfortunately I'm not as familiar with it as I am with PHP.
I think the problem is with your php code.Your ajax code looks fine
try this
if ($rehash==$dboPW && $user_name == $dboUN && $logged=='Y')
{
echo "alreadyLogged"; exit;
}
elseif ($rehash==$dboPW && $user_name == $dboUN && $logged=='N')
{
}
I think it is the php problem,it occur an error and return the error message. if ajax_login.php does not return "yes" or "no" it will show the second message, whatever it returns.
Just need modify your PHP. try this :
//Log In credentials
// check if post if (isset($_POST)) {
// must initially to use check if on loggin
session_start();
// set variable post
$username = $_POST['user_name'];
$password = $_POST['password']; // change if use sha1 or md5
$rand = $_POST['rand'];
// check query database
$query = mysql_query("SELECT * FROM Users WHERE username='$username' AND password='$password'");
$user = mysql_fetch_array($query);
$row = mysql_num_rows($query);
if ($row > 0) {
if ($user['LOGGED'] == 'Y') {
echo "yes";
$_SESSION['login'] = $username;
$_SESSION['password'] = $rehash;
$loggedUpdate = mysql_query("UPDATE Users SET LOGGED='Y' WHERE username='$user_name'");
exit;
} elseif ($user['LOGGED'] == 'N') { // you can use 'else'
echo "alreadyLogged";
exit;
}
} else {
// invalid value password and username
echo "no";
exit;
} }

PHP and Function Errors

I was looking to see what would be the best way to handle errors from functions. Is the "DIE" method appropriate?
ie. php function calls another, for example:
function login(){
$result = verifyDetails("bob", "password123");
if($result == "accepted"){
echo "Welcome bob";
}else{
echo "Error!! \n";
echo $result;
}
}
function verifyDetails($user, $pass){
if(empty($user) || empty($pass)){
die("cannot be empty");
}
if($user == "bob" && $pass == "password"){
return "accepted";
}else{
die("username or password incorrect");
}
}
does the "DIE" method return the message or does everything come to a standstill?
thanks in advance
UPDATE
what if the output is not known?
for example. in the above example I have placed "accepted" as the only correct answer.
What if the return is a name or id number.. then you cant really separate the error and correct returns.
thanks again.
UPDATE / Possible Solution
function login(){
$result = verifyDetails("bob", "password123");
if($result[0] == "SUCCESS"){
echo "Welcome bob";
}else if($result[0] == "ERROR"){
echo "Error!! \n";
echo $result;
}else{
echo "Unknown Error!!";
}
}
function verifyDetails($user, $pass){
$msg = array();
if(empty($user) || empty($pass)){
$msg[0] = "ERROR";
$msg[1] = "cannot be empty"
return $msg;
}
if($user == "bob" && $pass == "password"){
//say $customerID is extracted from a db
$msg[0] = "SUCCESS";
$msg[1] = $customerID
return $msg;
}else{
$msg[0] = "ERROR";
$msg[1] = "username or password incorrect"
return $msg;
}
}
ideas & suggestions on the above "possible" solution are welcome
UPDATE
Check Shikiryu update 2 answer below for a cleaner version using arrays
die() just echo your message and stop the script because die() is an alias of exit().
In your case, since the password isn't password but password123, the script will stop just displaying "username or password incorrect".
But as I can see here, you want a return "cannot be empty";, so that it'll display :
Error!!
username or password incorrect
(and optionally the rest of the html which die() won't)
Update 2 (ugly way) :
function login(){
$result = verifyDetails("bob", "password123");
if(isset($result['success']){ // verifyDetails return true?
echo $result['success'];
}else{
echo "Error!! \n";
echo $result['error']; // Display the error verifyDetails throws
// You may want to check if $result['error'] exists.
}
}
function verifyDetails($user, $pass){
if(empty($user) || empty($pass)){
return array('error'=>"cannot be empty");
}
if($user == "bob" && $pass == "password"){
return array('success'=>"Welcome bob");
}else{
return array('error'=>"username or password incorrect");
}
}
die terminates the execution of the PHP script at the line it is called. Therefore, your message would no be returned.
You might want to simply use return instead of die;
Yes, you could use die() to debug.
does the "DIE" method return the message or does everything come to a standstill?
Yes, it returns the error message and yes, the script will stop continuing.
Well the only acceptable way in your case is return FALSE
if these functions are really methods of some class, use class variable to store actual errors.
if these functions belongs to no class, I wouldn't use them at all, but write it in plain code
if($user == "bob" && $pass = "password"){
echo "Welcome bob";
}else{
echo "incorrect username or password");
}
updated answer
Well there is nothing to invent. Just follow the way PHP goes:
Make your function return either value or FALSE
however, for the validation purpose you have to make it this way:
function validSomething($val){
return (bool)rand(0,1);
}
$err = array();
if (!validSomething($var)) {
$err[] = "Whatever error";
}
i.e. function returns only boolean values and actual error message being added by application logic.
However, in your example user-defined functions are totally misused.

Categories