PHP form validation using regex

Question

Need some assistance with PHP form validation that uses regular expressions. If they inputs are not valid, the user should be redirected back to the html form. My regex statements checkout when entered into ( https://regex101.com/ ), but the program is redirecting to the html form no matter the input. Here is my work so far:

<?php

$data = $_POST;

if (trim($data['username'] == '') ||
    empty($data['password']) ||
    empty($data['verify_password']) ||
    empty($data['email'])) {
    
    echo "Please fill all required fields!";
    header("Location:index.html");
    exit;
}

if($data['password'] !== $data['verify_password']) {
  echo "Passwords do not match!";
  header("Location:index.html");
  exit;
}

// username must be at least 8 characters long, start with a letter, end in a number, and have no special symbols.
if (!preg_match('^(?=.*[A-Za-z])[A-Za-z\d]{8,}?[0-9]+$', $username)) {
  header("Location:index.html");
  exit;
}

// password must be at least 8 characters long, contain at least one lower case letter, one upper case letter,
// one number, and at least one special character ( . , / ? * ! ).
if (!preg_match('^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[.,\/?*!])[A-Za-z\d.,\/?*!]{8,}$', $password)) {
  header("Location:index.html");
  exit;  
}

// email must be at least 15 characters long, contain only one ( @ ) symbol, be a domain of gmail.com or bcit.ca, 
// user portion must start with a letter, can end in a number or letter, can contain a ( . ) or ( + ), not feature any 
// other special characters, and is case-insensitive.
if (!preg_match('^[a-zA-Z0-9_.+-]+@(?:(?:[a-zA-Z0-9-]+\.)?[a-zA-Z0-9]+\.)?(gmail|bcit)\.(com|ca)$', $email)) {
  header("Location:index.html");
  exit;  
}

?>
<html>
    <div>
        <span>Welcome, </span><span><?php echo $data['username']; ?></span>
    </div>
</html>

Answer 1

You have syntax errors. if (trim($data['username'] == '') is missing a closing bracket and should if (trim($data['username']) == '')

First error I saw. There may be more. Turn on error reporting in your php.ini and you should see where the errors are moving forward.

Answer 2

You should not echo anything before header sent if there are no buffering.

This shall not be working:

echo "Something";
header("Location:index.html");

Instead, you should do sth like that:

header("Location:index.html");
echo "Something";

Answer 3

First $username,$email,$password veriables are not defined as you're using them. Secondly Your regex must have ending parameter(^) as you have in the start. see the complete solution blow.

<?php

  $data = $_POST;
 $username = $data['username']; 
 $password = $data['password']; 
 $email = $data['email']; 
if (trim($data['username'] == '') ||
empty($data['password']) ||
empty($data['verify_password']) ||
empty($data['email'])) {
echo "Please fill all required fields!";
header("Location:index.html");
exit;
}
if($data['password'] !== $data['verify_password']) {

echo "Passwords do not match!";
header("Location:index.html");
exit;
}
// username must be at least 8 characters long, start with a letter, end in a 
   number, and have no special symbols.
 if (!preg_match('^(?=.*[A-Za-z])[A-Za-z\d]{8,}?[0-9]+$^', $username)) {
 header("Location:index.html");
 exit;
 } 
 // password must be at least 8 characters long, contain at least one lower case 
   letter, one upper case letter,
 // one number, and at least one special character ( . , / ? * ! ).
  if (!preg_match('^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[.,\/?*!])[A-Za-z\d.,\/? 
  *!] {8,}$^', $password)) {
    header("Location:index.html");
   exit;  
  }
 // email must be at least 15 characters long, contain only one ( @ ) symbol, be 
   a domain of gmail.com or bcit.ca, 
 // user portion must start with a letter, can end in a number or letter, can 
 contain a ( . ) or ( + ), not feature any 
 // other special characters, and is case-insensitive.
if (!preg_match('^[a-zA-Z0-9_.+-]+@(?:(?:[a-zA-Z0-9-]+\.)?[a-zA-Z0-9]+\.)? 
 (gmail|bcit)\.(com|ca)$^', $email)) {

 header("Location:index.html");
 exit;  
}

?>
  <html>
  <div>
    <span>Welcome, </span><span><?php echo $data['username']; ?></span>
  </div>
  </html>